mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2026-02-17 13:52:14 +01:00
00136f9e20
# Description of Changes When password login is disabled UI changes to have central style SSO button <img width="2057" height="1369" alt="image" src="https://github.com/user-attachments/assets/8f65f778-0809-4c54-a9c4-acf3a67cfa63" /> Auto SSO login functionality Massively increases auth debugging visibility: verbose console logging in ErrorBoundary, AuthProvider, Landing, AuthCallback. Improves OAuth/SAML testability: adds Keycloak docker-compose setups + realm JSON exports + start/validate scripts for OAuth and SAML environments. Hardens license upload path handling: better logs + safer directory traversal protection by normalizing absolute paths before startsWith check. UI polish for SSO-only login: new “single provider” centered layout + updated button styles (pill buttons, variants, icon wrapper, arrow). <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
128 lines
4.2 KiB
YAML
128 lines
4.2 KiB
YAML
services:
|
|
keycloak-oauth-db:
|
|
container_name: stirling-keycloak-oauth-db
|
|
image: postgres:16-alpine
|
|
environment:
|
|
POSTGRES_DB: keycloak
|
|
POSTGRES_USER: keycloak
|
|
POSTGRES_PASSWORD: keycloak
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U keycloak"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 10
|
|
networks:
|
|
- stirling-oauth-test
|
|
|
|
keycloak-oauth:
|
|
container_name: stirling-keycloak-oauth
|
|
image: quay.io/keycloak/keycloak:24.0
|
|
command:
|
|
- start-dev
|
|
- --import-realm
|
|
environment:
|
|
KC_DB: postgres
|
|
KC_DB_URL: jdbc:postgresql://keycloak-oauth-db:5432/keycloak
|
|
KC_DB_USERNAME: keycloak
|
|
KC_DB_PASSWORD: keycloak
|
|
KEYCLOAK_ADMIN: admin
|
|
KEYCLOAK_ADMIN_PASSWORD: admin
|
|
# Use a consistent hostname for browser + containers (configure in hosts file)
|
|
KC_HOSTNAME: "${KEYCLOAK_HOST:-kubernetes.docker.internal}"
|
|
KC_HOSTNAME_PORT: 9080
|
|
KC_HOSTNAME_STRICT: "false"
|
|
KC_HTTP_ENABLED: "true"
|
|
ports:
|
|
- "9080:8080"
|
|
volumes:
|
|
- ./keycloak-realm-oauth.json:/opt/keycloak/data/import/realm-export.json:ro
|
|
depends_on:
|
|
keycloak-oauth-db:
|
|
condition: service_healthy
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/8080 && echo -e 'GET /realms/stirling-oauth HTTP/1.1\\nHost: localhost\\nConnection: close\\n\\n' >&3 && timeout 2 cat <&3 | head -n 1 | grep -q '200'"]
|
|
interval: 10s
|
|
timeout: 10s
|
|
retries: 30
|
|
start_period: 60s
|
|
networks:
|
|
- stirling-oauth-test
|
|
|
|
stirling-pdf-oauth:
|
|
container_name: stirling-pdf-oauth-test
|
|
image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest
|
|
build:
|
|
context: ../..
|
|
dockerfile: docker/embedded/Dockerfile
|
|
extra_hosts:
|
|
- "localhost:host-gateway"
|
|
- "${KEYCLOAK_HOST:-kubernetes.docker.internal}:host-gateway"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -f http://localhost:8080/api/v1/info/status | grep -q 'UP'"]
|
|
interval: 5s
|
|
timeout: 10s
|
|
retries: 30
|
|
ports:
|
|
- "8080:8080"
|
|
volumes:
|
|
- ../../../stirling/keycloak-oauth-test/data:/usr/share/tessdata:rw
|
|
- ../../../stirling/keycloak-oauth-test/config:/configs:rw
|
|
- ../../../stirling/keycloak-oauth-test/logs:/logs:rw
|
|
environment:
|
|
# Basic settings
|
|
DOCKER_ENABLE_SECURITY: "true"
|
|
SECURITY_ENABLELOGIN: "true"
|
|
SECURITY_LOGINMETHOD: "${SECURITY_LOGINMETHOD:-all}"
|
|
SYSTEM_DEFAULTLOCALE: en-US
|
|
SYSTEM_BACKENDURL: "http://localhost:8080"
|
|
PREMIUM_KEY: "${PREMIUM_KEY:-00000000-0000-0000-0000-000000000000}"
|
|
PREMIUM_ENABLED: "true"
|
|
PREMIUM_PROFEATURES_SSOAUTOLOGIN: "${PREMIUM_PROFEATURES_SSOAUTOLOGIN:-false}"
|
|
UI_APPNAME: Stirling-PDF OAuth Test
|
|
UI_HOMEDESCRIPTION: Keycloak OAuth2/OIDC Test Instance
|
|
UI_APPNAMENAVBAR: Stirling-PDF OAuth
|
|
SYSTEM_MAXFILESIZE: "100"
|
|
|
|
# OAuth2 Configuration (Keycloak-specific path)
|
|
SECURITY_OAUTH2_ENABLED: "true"
|
|
SECURITY_OAUTH2_AUTOCREATEUSER: "true"
|
|
# Must match Keycloak's advertised issuer
|
|
SECURITY_OAUTH2_CLIENT_KEYCLOAK_ISSUER: "http://${KEYCLOAK_HOST:-kubernetes.docker.internal}:9080/realms/stirling-oauth"
|
|
SECURITY_OAUTH2_CLIENT_KEYCLOAK_CLIENTID: "stirling-pdf-client"
|
|
SECURITY_OAUTH2_CLIENT_KEYCLOAK_CLIENTSECRET: "test-client-secret-change-in-production"
|
|
SECURITY_OAUTH2_CLIENT_KEYCLOAK_USEASUSERNAME: "email"
|
|
SECURITY_OAUTH2_CLIENT_KEYCLOAK_SCOPES: "openid,profile,email"
|
|
|
|
# Disable SAML (OAuth only)
|
|
SECURITY_SAML2_ENABLED: "false"
|
|
|
|
# Debug Logging
|
|
LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_SECURITY_OAUTH2: DEBUG
|
|
LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_SECURITY: DEBUG
|
|
|
|
# LibreOffice settings
|
|
PROCESS_EXECUTOR_AUTO_UNO_SERVER: "true"
|
|
PROCESS_EXECUTOR_SESSION_LIMIT_LIBRE_OFFICE_SESSION_LIMIT: "1"
|
|
|
|
# Permissions
|
|
PUID: 1002
|
|
PGID: 1002
|
|
UMASK: "022"
|
|
|
|
# Features
|
|
DISABLE_ADDITIONAL_FEATURES: "false"
|
|
METRICS_ENABLED: "true"
|
|
SYSTEM_GOOGLEVISIBILITY: "false"
|
|
SHOW_SURVEY: "false"
|
|
|
|
depends_on:
|
|
keycloak-oauth:
|
|
condition: service_healthy
|
|
networks:
|
|
- stirling-oauth-test
|
|
restart: on-failure:5
|
|
|
|
networks:
|
|
stirling-oauth-test:
|
|
driver: bridge
|