diff --git a/.env.example.dex b/.env.example.dex new file mode 100644 index 0000000..613acc2 --- /dev/null +++ b/.env.example.dex @@ -0,0 +1,17 @@ +OIDC_ISSUER_URL=http://localhost:5556/.well-known/openid-configuration +OIDC_CLIENT_ID=excalidraw +OIDC_CLIENT_SECRET=excalidraw-secret +OIDC_REDIRECT_URL=http://localhost:3002/auth/oidc/callback + +ADMIN_USERNAME=admin +ADMIN_PASSWORD=your_secure_password +ADMIN_EMAIL=admin@example.com + +JWT_SECRET=your_super_secret_jwt_string + +STORAGE_TYPE=sqlite +DATA_SOURCE_NAME=excalidraw.db +LOCAL_STORAGE_PATH=./data + +OPENAI_API_KEY=sk-your_openai_api_key +OPENAI_BASE_URL=https://api.openai.com diff --git a/config/dex.config.yml b/config/dex.config.yml new file mode 100644 index 0000000..c890277 --- /dev/null +++ b/config/dex.config.yml @@ -0,0 +1,29 @@ +issuer: http://localhost:5556 + +storage: + type: sqlite3 + config: + file: /var/lib/dex/dex.db + +web: + http: 0.0.0.0:5556 + allowedOrigins: ["*"] + +logger: + level: debug + format: text + +enablePasswordDB: true + +staticClients: +- id: excalidraw + redirectURIs: + - http://localhost:3002/auth/oidc/callback + name: Excalidraw + secret: ${OIDC_CLIENT_SECRET:-excalidraw-secret} + +staticPasswords: +- email: ${ADMIN_EMAIL:-admin@example.com} + hash: ${ADMIN_PASSWORD_HASH} + username: ${ADMIN_USERNAME:-admin} + userID: "admin-001" \ No newline at end of file diff --git a/docker-compose.dex.yml b/docker-compose.dex.yml new file mode 100644 index 0000000..f28b353 --- /dev/null +++ b/docker-compose.dex.yml @@ -0,0 +1,28 @@ +version: '3.8' + +services: + dex: + image: dexidp/dex:v2.38.0 + container_name: excalidraw-dex + restart: unless-stopped + ports: + - "5556:5556" + volumes: + - ./config/dex.config.yml:/etc/dex/config.yml + - dex-data:/var/lib/dex + environment: + - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID} + - GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET} + - ADMIN_USERNAME=${ADMIN_USERNAME:-admin} + - ADMIN_PASSWORD=${ADMIN_PASSWORD} + - ADMIN_EMAIL=${ADMIN_EMAIL:-admin@example.com} + - OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET:-excalidraw-secret} + networks: + - dex-network + +volumes: + dex-data: + +networks: + dex-network: + driver: bridge diff --git a/scripts/init-dex-users.sh b/scripts/init-dex-users.sh new file mode 100644 index 0000000..4e8b767 --- /dev/null +++ b/scripts/init-dex-users.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +set -e + +# 检查环境变量 +if [ -z "$ADMIN_PASSWORD" ]; then + echo "错误: 请设置 ADMIN_PASSWORD 环境变量" + exit 1 +fi + +# 生成密码哈希 +echo "正在生成密码哈希..." +PASSWORD_HASH=$(docker run --rm dexidp/dex:v2.38.0 hash --password="$ADMIN_PASSWORD") + +# 创建临时配置文件 +cat > /tmp/dex-init-config.yml << EOF +issuer: http://localhost:5556 + +storage: + type: sqlite3 + config: + file: /var/lib/dex/dex.db + +web: + http: 0.0.0.0:5556 + +logger: + level: info + +enablePasswordDB: true + +staticPasswords: +- email: ${ADMIN_EMAIL:-admin@example.com} + hash: $PASSWORD_HASH + username: ${ADMIN_USERNAME:-admin} + userID: "admin-001" +EOF + +# 初始化 Dex 数据库 +echo "正在初始化 Dex 数据库..." +docker run --rm \ + -v $(pwd)/config/dex.config.yml:/etc/dex/config.yml \ + -v dex-data:/var/lib/dex \ + dexidp/dex:v2.38.0 \ + serve /etc/dex/config.yml & +DEX_PID=$! + +# 等待 Dex 启动 +echo "等待 Dex 启动..." +sleep 10 + +# 停止临时 Dex 进程 +kill $DEX_PID 2>/dev/null || true + +echo "Dex 用户初始化完成!" +echo "管理员账户:" +echo " 用户名: ${ADMIN_USERNAME:-admin}" +echo " 邮箱: ${ADMIN_EMAIL:-admin@example.com}" +echo " 密码: $ADMIN_PASSWORD" +echo "" +echo "请使用以下凭据登录:" +echo " Dex UI: http://localhost:5556" +echo " 用户名: ${ADMIN_USERNAME:-admin}" +echo " 密码: $ADMIN_PASSWORD" \ No newline at end of file diff --git a/scripts/setup-env.sh b/scripts/setup-env.sh new file mode 100644 index 0000000..e698721 --- /dev/null +++ b/scripts/setup-env.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +# 生成随机密码 +generate_password() { + openssl rand -base64 16 | tr -d "=+/" | cut -c1-16 +} + +# 生成 JWT 密钥 +generate_jwt_secret() { + openssl rand -base64 32 | tr -d "=+/" | cut -c1-32 +} + +echo "正在生成环境变量配置..." + +# 生成随机密码和密钥 +ADMIN_PASSWORD=$(generate_password) +JWT_SECRET=$(generate_jwt_secret) +OIDC_CLIENT_SECRET=$(generate_password) + +# 创建 .env 文件 +cat > .env << EOF +# === 认证配置 === +AUTH_TYPE=oidc + +# GitHub OAuth 配置 (可选) +# GITHUB_CLIENT_ID=your_github_client_id +# GITHUB_CLIENT_SECRET=your_github_client_secret +# GITHUB_REDIRECT_URL=http://localhost:3002/auth/github/callback + +# OIDC 配置 +OIDC_ISSUER_URL=http://localhost:5556/.well-known/openid-configuration +OIDC_CLIENT_ID=excalidraw +OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET +OIDC_REDIRECT_URL=http://localhost:3002/auth/oidc/callback + +# Dex 配置 +OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET +ADMIN_USERNAME=admin +ADMIN_PASSWORD=$ADMIN_PASSWORD +ADMIN_EMAIL=admin@example.com + +# === JWT 配置 === +JWT_SECRET=$JWT_SECRET + +# === 存储配置 === +STORAGE_TYPE=sqlite +DATA_SOURCE_NAME=excalidraw.db +LOCAL_STORAGE_PATH=./data + +# === 应用配置 === +LISTEN=:3002 +LOG_LEVEL=info + +# === OpenAI 配置 (可选) === +# OPENAI_API_KEY=sk-your_openai_api_key +# OPENAI_BASE_URL=https://api.openai.com +EOF + +echo "环境变量配置已生成到 .env 文件" +echo "" +echo "重要信息请保存:" +echo " 管理员密码: $ADMIN_PASSWORD" +echo " JWT 密钥: $JWT_SECRET" +echo " Dex 客户端密钥: $OIDC_CLIENT_SECRET" +echo "" +echo "请运行以下命令启动服务:" +echo " 1. docker-compose -f docker-compose.dex.yml up -d" +echo " 2. ./scripts/init-dex-users.sh" +echo " 3. docker-compose up -d" \ No newline at end of file