EExcel 丞燕快速查詢2

EExcel 丞燕快速查詢2
EExcel 丞燕快速查詢2 https://sandk.ffbizs.com/

OpenID hydra docker-compose hydra-login-consent-node mariadb


docker-compose


version: '3.3'

services:
  ory-hydra-postgres:
    image: postgres:9.6
    #restart: always
    environment:
      - POSTGRES_USER=hydra
      - POSTGRES_PASSWORD=secret
      - POSTGRES_DB=hydra
    volumes:
      - hydradata:/var/lib/postgresql/data:rw
    networks:
      - openid
  # 第一次執行postgres要做資料庫格式建立 PS: network依佈屬環境為主 docker network ls 確認
  # docker run -it --rm \
  #   --network openid \
  #   oryd/hydra:latest \
  #   migrate sql --yes postgres://hydra:secret@ory-hydra-postgres:5432/hydra?sslmode=disable
  
  ory-hydra:
    image: oryd/hydra:latest
    restart: unless-stopped
    ports:
      - "9001:4444"
      - "9002:4445"
    environment:
      - SECRETS_SYSTEM=this_needs_to_be_the_same_a
      - DSN=postgres://hydra:secret@ory-hydra-postgres:5432/hydra?sslmode=disable
      - URLS_SELF_ISSUER=https://openid.hydra:9001/
      - URLS_CONSENT=http://192.168.99.100:9020/consent
      - URLS_LOGIN=http://192.168.99.100:9020/login
      - LOG_LEVEL=debug
      - OAUTH2_EXPOSE_INTERNAL_ERRORS=true
      - SERVE_PUBLIC_CORS_ENABLED=true
      - SERVE_PUBLIC_CORS_ALLOWED_METHODS=POST,GET,PUT,DELETE
      - SERVE_ADMIN_CORS_ENABLED=true
      - SERVE_ADMIN_CORS_ALLOWED_METHODS=POST,GET,PUT,DELETE
      - SERVE_TLS_KEY_BASE64=LS0tLS1CRUdJTiBFQyBQQVJBTUVURVJTLS0tLS0KQmdVcmdRUUFJZz09Ci0tLS0tRU5EIEVDIFBBUkFNRVRFUlMtLS0tLQotLS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KTUlHa0FnRUJCRENLbkdnVnFJVzdZaW5iUWV5UEd5UTQ0R3U2VVFEelU5SENLYjMzTWlmeFJYRTBkbnU2KzdadQowdEJUcUhQRHVMeWdCd1lGSzRFRUFDS2haQU5pQUFSbng1Nk9jeGNyRWRsYmU4TXRSdUVxWGV2OEREcmh6ZWJGCjM4NlI4Q2RQWDRlUWI2Zll6ekFUL3V3STBsTDdvRmlEWEM3Q0JLWmZUcTdFSzN4TzNXWlpSSjJrMEQ3TnNLd2cKVEpZenJxT0JpczBNeGtva2FUWVVyemhKMXBKY3lmWT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
      - SERVE_TLS_CERT_BASE64=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNQVENDQWNLZ0F3SUJBZ0lKQU13RjRiVDRvSnh0TUFvR0NDcUdTTTQ5QkFNQ01Gd3hDekFKQmdOVkJBWVQKQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbgphWFJ6SUZCMGVTQk1kR1F4RlRBVEJnTlZCQU1NREc5d1pXNXBaQzVvZVdSeVlUQWVGdzB4T1RBMk1UY3dNVEl4Ck16ZGFGdzB5T1RBMk1UUXdNVEl4TXpkYU1Gd3hDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWwKTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXhGVEFUQmdOVgpCQU1NREc5d1pXNXBaQzVvZVdSeVlUQjJNQkFHQnlxR1NNNDlBZ0VHQlN1QkJBQWlBMklBQkdmSG5vNXpGeXNSCjJWdDd3eTFHNFNwZDYvd01PdUhONXNYZnpwSHdKMDlmaDVCdnA5alBNQlArN0FqU1V2dWdXSU5jTHNJRXBsOU8KcnNRcmZFN2RabGxFbmFUUVBzMndyQ0JNbGpPdW80R0t6UXpHU2lScE5oU3ZPRW5Xa2x6SjlxTlFNRTR3SFFZRApWUjBPQkJZRUZHK3Z6ZkIxYmVnM1VadEpYRXZWOWRNa1hvNmdNQjhHQTFVZEl3UVlNQmFBRkcrdnpmQjFiZWczClVadEpYRXZWOWRNa1hvNmdNQXdHQTFVZEV3UUZNQU1CQWY4d0NnWUlLb1pJemowRUF3SURhUUF3WmdJeEFMUHYKODZFSFRUVElLcEJHdlQrY2NWN3djSC84SFIrc2xhZC9ZUFhLUlZwd2RDbzUyZVRPV3BDS2dGamtHNEJhd1FJeApBTGxGZFgwbEk2ZzhXS3lhRTVmKzJGZEkxYWVqQ0Ftd0xPTTZTRFJhNFVHbitDa2VwOEljeG1CTDIvQmUzSVZ6CjhnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    networks:
      - openid


# 快速建立 auth-doce-client PS: network依佈屬環境為主 docker network ls 確認
#docker run --rm -it \
#  -e HYDRA_ADMIN_URL=https://ory-hydra:4445 \
#  --network openid \
#  oryd/hydra:latest \
#  clients create --skip-tls-verify \
#    --id auth-code-client \
#    --secret secret \
#    --grant-types authorization_code,refresh_token \
#    --response-types code,id_token,token \
#    --scope openid,offline,photos.read \
#    --callbacks https://t.tt:9010/callback

  ory-hydra-login-consent:
    #image: oryd/hydra-login-consent-node:latest
    build:
      context: hydra-login-consent-node/
    restart: unless-stopped
    ports:
      - "9020:3000"
    environment:
      - HYDRA_ADMIN_URL=https://ory-hydra:4445
      - NODE_TLS_REJECT_UNAUTHORIZED=0
    volumes:
      - hydraloginconsent:/usr/src/app:rw
    depends_on:
      - mariadb
    networks:
      - openid
  
  mariadb:
    image: mariadb:10.4.6
    #restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=secret
      - MYSQL_DATABASE=openid
    command: ['--character-set-server=utf8mb4', '--collation-server=utf8mb4_unicode_ci']
    #第一次使執行db_init_sql.txt
    networks:
      - openid

  adminer:
    image: adminer
    restart: always
    ports:
      - 8080:8080
    depends_on:
      - mariadb
    networks:
      - openid

volumes:  
  hydradata: 
  hydraloginconsent:
    
networks:
  openid:
    driver: bridge


Use adminer test maraidb: http://192.168.99.100:8080 root/secret


mariadb init


DROP DATABASE IF EXISTS `openid`;
CREATE DATABASE `openid` /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */;
USE `openid`;

DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` text COLLATE utf8mb4_unicode_ci NOT NULL,
  `email` text COLLATE utf8mb4_unicode_ci NOT NULL,
  `password` text COLLATE utf8mb4_unicode_ci NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

INSERT INTO `user` (`id`, `name`, `email`, `password`) VALUES
(1, 'foobar', 'foo@bar.com', '3858f62230ac3c915f300c664312c63f');

ory-hydra-login-consent modify package.json add


"md5": "^2.2.1",
"mysql": "^2.17.1"

ory-hydra-login-consent add db/database.js


var mysql = require('mysql');

var pool = mysql.createPool({
  host     : 'mariadb',
  user     : 'root',
  password : 'secret',
  database: 'openid'
});

var query=function(sql,options,callback){  
  pool.getConnection(function(err,conn){  
    pool.query
    if(err){  
      callback(err,null,null);  
    }else{  
      conn.query(sql,options,function(err,results,fields){  
        //释放连接  
        conn.release();  
        //事件驱动回调  
        callback(err,results,fields);  
      });  
    }  
  });  
}; 

module.exports = {query, pool}

ory-hydra-login-consent modify routes/login.js


...

router.post('/', csrfProtection, function (req, res, next) {
  // The challenge is now a hidden input field, so let's take it from the request body instead
  var challenge = req.body.challenge;

  var sql = "select count(*) as count from user where email = ? and password = ?"
  var params = [req.body.email, md5(req.body.password)]
  //db.get(sql, params, (err, row) => {
  pool.query(sql, params, (err, row) => {
    if (err) {
      res.status(400).json({"db error":err.message});
      return;
    }

    if(!(row.count==1)){ //找不到
      res.render('login', {
        csrfToken: req.csrfToken(),
  
        challenge: challenge,
  
        error: 'The username / password combination is not correct'
      });
      return;
    }

    hydra.acceptLoginRequest(challenge, {
      // Subject is an alias for user ID. A subject can be a random string, a UUID, an email address, ....
      subject: req.body.email,
  
      // This tells hydra to remember the browser and automatically authenticate the user in future requests. This will
      // set the "skip" parameter in the other route to true on subsequent requests!
      remember: Boolean(req.body.remember),
  
      // When the session expires, in seconds. Set this to 0 so it will never expire.
      remember_for: 3600,
  
      // Sets which "level" (e.g. 2-factor authentication) of authentication the user has. The value is really arbitrary
      // and optional. In the context of OpenID Connect, a value of 0 indicates the lowest authorization level.
      // acr: '0',
    })
    .then(function (response) {
      // All we need to do now is to redirect the user back to hydra!
      res.redirect(response.redirect_to);
    })
    // This will handle any error that happens when making HTTP calls to hydra
    .catch(function (error) {
      next(error);
    });

  });

  // Let's check if the user provided valid credentials. Of course, you'd use a database or some third-party service
  // for this!
  // if (!(req.body.email === 'foo@bar.com' && req.body.password === 'foobar')) {
  //   // Looks like the user provided invalid credentials, let's show the ui again...

  //   res.render('login', {
  //     csrfToken: req.csrfToken(),

  //     challenge: challenge,

  //     error: 'The username / password combination is not correct'
  //   });
  //   return;
  // }

  // Seems like the user authenticated! Let's tell hydra...
  // hydra.acceptLoginRequest(challenge, {
  //   // Subject is an alias for user ID. A subject can be a random string, a UUID, an email address, ....
  //   subject: 'foo@bar.com',

  //   // This tells hydra to remember the browser and automatically authenticate the user in future requests. This will
  //   // set the "skip" parameter in the other route to true on subsequent requests!
  //   remember: Boolean(req.body.remember),

  //   // When the session expires, in seconds. Set this to 0 so it will never expire.
  //   remember_for: 3600,

  //   // Sets which "level" (e.g. 2-factor authentication) of authentication the user has. The value is really arbitrary
  //   // and optional. In the context of OpenID Connect, a value of 0 indicates the lowest authorization level.
  //   // acr: '0',
  // })
  //   .then(function (response) {
  //     // All we need to do now is to redirect the user back to hydra!
  //     res.redirect(response.redirect_to);
  //   })
  //   // This will handle any error that happens when making HTTP calls to hydra
  //   .catch(function (error) {
  //     next(error);
  //   });

  // You could also deny the login request which tells hydra that no one authenticated!
  // hydra.rejectLoginRequest(challenge, {
  //   error: 'invalid_request',
  //   error_description: 'The user did something stupid...'
  // })
  //   .then(function (response) {
  //     // All we need to do now is to redirect the browser back to hydra!
  //     res.redirect(response.redirect_to);
  //   })
  //   // This will handle any error that happens when making HTTP calls to hydra
  //   .catch(function (error) {
  //     next(error);
  //   });
});

https://t.tt:9010 When login id/pwd, can use adminer change database user email/password.