添加 Dex 认证配置和初始化脚本，创建 .env 示例文件，更新 docker-compose 配置以支持 OIDC 认证

.env.example.dex

@@ -0,0 +1,17 @@
+OIDC_ISSUER_URL=http://localhost:5556/.well-known/openid-configuration
+OIDC_CLIENT_ID=excalidraw
+OIDC_CLIENT_SECRET=excalidraw-secret
+OIDC_REDIRECT_URL=http://localhost:3002/auth/oidc/callback
+
+ADMIN_USERNAME=admin
+ADMIN_PASSWORD=your_secure_password
+ADMIN_EMAIL=admin@example.com
+
+JWT_SECRET=your_super_secret_jwt_string
+
+STORAGE_TYPE=sqlite
+DATA_SOURCE_NAME=excalidraw.db
+LOCAL_STORAGE_PATH=./data
+
+OPENAI_API_KEY=sk-your_openai_api_key
+OPENAI_BASE_URL=https://api.openai.com

config/dex.config.yml

@@ -0,0 +1,29 @@
+issuer: http://localhost:5556
+
+storage:
+  type: sqlite3
+  config:
+    file: /var/lib/dex/dex.db
+
+web:
+  http: 0.0.0.0:5556
+  allowedOrigins: ["*"]
+
+logger:
+  level: debug
+  format: text
+
+enablePasswordDB: true
+
+staticClients:
+- id: excalidraw
+  redirectURIs:
+  - http://localhost:3002/auth/oidc/callback
+  name: Excalidraw
+  secret: ${OIDC_CLIENT_SECRET:-excalidraw-secret}
+
+staticPasswords:
+- email: ${ADMIN_EMAIL:-admin@example.com}
+  hash: ${ADMIN_PASSWORD_HASH}
+  username: ${ADMIN_USERNAME:-admin}
+  userID: "admin-001"

docker-compose.dex.yml

@@ -0,0 +1,28 @@
+version: '3.8'
+
+services:
+  dex:
+    image: dexidp/dex:v2.38.0
+    container_name: excalidraw-dex
+    restart: unless-stopped
+    ports:
+      - "5556:5556"
+    volumes:
+      - ./config/dex.config.yml:/etc/dex/config.yml
+      - dex-data:/var/lib/dex
+    environment:
+      - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}
+      - GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}
+      - ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
+      - ADMIN_PASSWORD=${ADMIN_PASSWORD}
+      - ADMIN_EMAIL=${ADMIN_EMAIL:-admin@example.com}
+      - OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET:-excalidraw-secret}
+    networks:
+      - dex-network
+
+volumes:
+  dex-data:
+
+networks:
+  dex-network:
+    driver: bridge

scripts/init-dex-users.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+set -e
+
+# 检查环境变量
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo "错误: 请设置 ADMIN_PASSWORD 环境变量"
+    exit 1
+fi
+
+# 生成密码哈希
+echo "正在生成密码哈希..."
+PASSWORD_HASH=$(docker run --rm dexidp/dex:v2.38.0 hash --password="$ADMIN_PASSWORD")
+
+# 创建临时配置文件
+cat > /tmp/dex-init-config.yml << EOF
+issuer: http://localhost:5556
+
+storage:
+  type: sqlite3
+  config:
+    file: /var/lib/dex/dex.db
+
+web:
+  http: 0.0.0.0:5556
+
+logger:
+  level: info
+
+enablePasswordDB: true
+
+staticPasswords:
+- email: ${ADMIN_EMAIL:-admin@example.com}
+  hash: $PASSWORD_HASH
+  username: ${ADMIN_USERNAME:-admin}
+  userID: "admin-001"
+EOF
+
+# 初始化 Dex 数据库
+echo "正在初始化 Dex 数据库..."
+docker run --rm \
+  -v $(pwd)/config/dex.config.yml:/etc/dex/config.yml \
+  -v dex-data:/var/lib/dex \
+  dexidp/dex:v2.38.0 \
+  serve /etc/dex/config.yml &
+DEX_PID=$!
+
+# 等待 Dex 启动
+echo "等待 Dex 启动..."
+sleep 10
+
+# 停止临时 Dex 进程
+kill $DEX_PID 2>/dev/null || true
+
+echo "Dex 用户初始化完成！"
+echo "管理员账户:"
+echo "  用户名: ${ADMIN_USERNAME:-admin}"
+echo "  邮箱: ${ADMIN_EMAIL:-admin@example.com}"
+echo "  密码: $ADMIN_PASSWORD"
+echo ""
+echo "请使用以下凭据登录:"
+echo "  Dex UI: http://localhost:5556"
+echo "  用户名: ${ADMIN_USERNAME:-admin}"
+echo "  密码: $ADMIN_PASSWORD"

scripts/setup-env.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+# 生成随机密码
+generate_password() {
+    openssl rand -base64 16 | tr -d "=+/" | cut -c1-16
+}
+
+# 生成 JWT 密钥
+generate_jwt_secret() {
+    openssl rand -base64 32 | tr -d "=+/" | cut -c1-32
+}
+
+echo "正在生成环境变量配置..."
+
+# 生成随机密码和密钥
+ADMIN_PASSWORD=$(generate_password)
+JWT_SECRET=$(generate_jwt_secret)
+OIDC_CLIENT_SECRET=$(generate_password)
+
+# 创建 .env 文件
+cat > .env << EOF
+# === 认证配置 ===
+AUTH_TYPE=oidc
+
+# GitHub OAuth 配置 (可选)
+# GITHUB_CLIENT_ID=your_github_client_id
+# GITHUB_CLIENT_SECRET=your_github_client_secret
+# GITHUB_REDIRECT_URL=http://localhost:3002/auth/github/callback
+
+# OIDC 配置
+OIDC_ISSUER_URL=http://localhost:5556/.well-known/openid-configuration
+OIDC_CLIENT_ID=excalidraw
+OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
+OIDC_REDIRECT_URL=http://localhost:3002/auth/oidc/callback
+
+# Dex 配置
+OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
+ADMIN_USERNAME=admin
+ADMIN_PASSWORD=$ADMIN_PASSWORD
+ADMIN_EMAIL=admin@example.com
+
+# === JWT 配置 ===
+JWT_SECRET=$JWT_SECRET
+
+# === 存储配置 ===
+STORAGE_TYPE=sqlite
+DATA_SOURCE_NAME=excalidraw.db
+LOCAL_STORAGE_PATH=./data
+
+# === 应用配置 ===
+LISTEN=:3002
+LOG_LEVEL=info
+
+# === OpenAI 配置 (可选) ===
+# OPENAI_API_KEY=sk-your_openai_api_key
+# OPENAI_BASE_URL=https://api.openai.com
+EOF
+
+echo "环境变量配置已生成到 .env 文件"
+echo ""
+echo "重要信息请保存："
+echo "  管理员密码: $ADMIN_PASSWORD"
+echo "  JWT 密钥: $JWT_SECRET"
+echo "  Dex 客户端密钥: $OIDC_CLIENT_SECRET"
+echo ""
+echo "请运行以下命令启动服务："
+echo "  1. docker-compose -f docker-compose.dex.yml up -d"
+echo "  2. ./scripts/init-dex-users.sh"
+echo "  3. docker-compose up -d"