chore: update Kratos image and config

getlarge · Jun 12, 2024 · ccbad9d · ccbad9d
1 parent fc224e5
commit ccbad9d
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 13 deletions.
diff --git a/.env.example b/.env.example
@@ -1,28 +1,32 @@
 BACKEND_DOCKER_HOST="http://host.docker.internal:3000"
 BACKEND_HOST="http://127.0.0.1:3000"
+FRONTEND_HOST="http://127.0.0.1:4200"
 KRATOS_PUBLIC_HOST="http://127.0.0.1:4433"
 SELF_SERVICE_UI_HOST="http://127.0.0.1:4455"
 ORY_ACTION_API_KEY="unsecure_api_key"
 ORY_COOKIE_DOMAIN="127.0.0.1"
+KRATOS_BROWSER_URL="${KRATOS_PUBLIC_HOST}"
 
 kratos_log_level="trace"
 kratos_dsn="memory"
 kratos_cookies_domain="${ORY_COOKIE_DOMAIN}"
 kratos_identity_schemas_default="file:///etc/config/kratos/identity.schema.json"
-kratos_selfservice_default_browser_return_url="${BACKEND_HOST}/"
-kratos_selfservice_allowed_return_urls="${BACKEND_HOST}, ${SELF_SERVICE_UI_HOST}"
+kratos_selfservice_default_browser_return_url="${FRONTEND_HOST}/"
+kratos_selfservice_allowed_return_urls="${FRONTEND_HOST}, ${BACKEND_HOST}, ${SELF_SERVICE_UI_HOST}"
 kratos_selfservice_flows_errors_ui_url="${SELF_SERVICE_UI_HOST}/error"
 kratos_selfservice_flows_settings_ui_url="${SELF_SERVICE_UI_HOST}/settings"
 kratos_selfservice_flows_login_ui_url="${SELF_SERVICE_UI_HOST}/login"
 kratos_selfservice_flows_registration_ui_url="${SELF_SERVICE_UI_HOST}/register"
 kratos_selfservice_flows_recovery_ui_url="${SELF_SERVICE_UI_HOST}/recovery"
 kratos_selfservice_flows_verification_ui_url="${SELF_SERVICE_UI_HOST}/verification"
+kratos_selfservice_flows_login_default_browser_return_url="${FRONTEND_HOST}/"
 kratos_selfservice_flows_login_after_hook_config_url="${BACKEND_DOCKER_HOST}/api/users/on-sign-in"
 kratos_selfservice_flows_login_after_hook_config_auth_config_value="${ORY_ACTION_API_KEY}"
 kratos_selfservice_flows_login_after_hook_config_body="file:///etc/config/kratos/after-webhook.jsonnet"
 kratos_selfservice_flows_login_after_hook_config_can_interrupt="true"
 kratos_selfservice_flows_login_after_hook_config_response_ignore="false"
 kratos_selfservice_flows_login_after_hook_config_response_parse="false"
+kratos_selfservice_flows_logout_default_browser_return_url="${FRONTEND_HOST}/"
 kratos_selfservice_flows_registration_after_hook_config_url="${BACKEND_DOCKER_HOST}/api/users/on-sign-up"
 kratos_selfservice_flows_registration_after_hook_config_auth_config_value="${ORY_ACTION_API_KEY}"
 kratos_selfservice_flows_registration_after_hook_config_body="file:///etc/config/kratos/after-webhook.jsonnet"
@@ -39,7 +43,7 @@ kratos_secrets_cipher="32-LONG-SECRET-NOT-SECURE-AT-ALL"
 kratos_serve_admin_base_url="http://kratos:4434/"
 kratos_serve_public_base_url="${KRATOS_PUBLIC_HOST}/"
 kratos_serve_public_cors_enabled="true"
-kratos_serve_public_cors_allowed_origins="${KRATOS_PUBLIC_HOST}, ${SELF_SERVICE_UI_HOST}, ${BACKEND_HOST}"
+kratos_serve_public_cors_allowed_origins="${KRATOS_PUBLIC_HOST}, ${SELF_SERVICE_UI_HOST}, ${FRONTEND_HOST}, ${BACKEND_HOST}"
 kratos_session_cookie_domain="${ORY_COOKIE_DOMAIN}"
 keto_dsn="memory"
 Keto_log_level="trace"

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -43,7 +43,7 @@ services:
       - POSTGRES_DB=appdb
 
   kratos-migrate:
-    image: oryd/kratos:v1.1.0
+    image: oryd/kratos:v1.2.0
     volumes:
       - ./infra/ory-kratos:/etc/config/kratos:ro
     command: -c /etc/config/kratos/kratos.yaml migrate sql -e --yes
@@ -54,7 +54,7 @@ services:
   kratos:
     depends_on:
       - kratos-migrate
-    image: oryd/kratos:v1.1.0
+    image: oryd/kratos:v1.2.0
     ports:
       - '4433:4433' # public
       - '4434:4434' # admin
@@ -65,7 +65,7 @@ services:
     networks:
       - ory
     extra_hosts:
-      - "host.docker.internal:host-gateway"
+      - 'host.docker.internal:host-gateway'
 
   kratos-postgres:
     image: postgres:16
@@ -80,10 +80,13 @@ services:
       - ory
 
   kratos-selfservice-ui-node:
-    image: oryd/kratos-selfservice-ui-node:v1.0.0
+    image: oryd/kratos-selfservice-ui-node:v1.2.0
     environment:
       - KRATOS_PUBLIC_URL=http://kratos:4433
       - KRATOS_BROWSER_URL=${KRATOS_BROWSER_URL:-http://127.0.0.1:4433}
+      - COOKIE_SECRET=${COOKIE_SECRET:-cookie_secret_not_good_not_secure}
+      - CSRF_COOKIE_NAME=${CSRF_COOKIE_NAME:-csrf_token_local}
+      - CSRF_COOKIE_SECRET=${CSRF_COOKIE_SECRET:-csrf_cookie_secret_not_good_not_secure}
       - PORT=4455
     ports:
       - '4455:4455'

diff --git a/infra/ory-kratos/kratos-template.yaml b/infra/ory-kratos/kratos-template.yaml
@@ -53,6 +53,7 @@ selfservice:
       after:
         code:
           hooks: []
+        default_browser_return_url: '##kratos_selfservice_flows_login_default_browser_return_url##'
         hooks: []
         lookup_secret:
           hooks: []
@@ -88,7 +89,7 @@ selfservice:
 
     logout:
       after:
-        default_browser_return_url: '##kratos_selfservice_default_browser_return_url##'
+        default_browser_return_url: '##kratos_selfservice_flows_logout_default_browser_return_url##'
 
     recovery:
       after:
@@ -102,7 +103,6 @@ selfservice:
       use: code
 
     registration:
-
       after:
         code:
           hooks: []
@@ -155,6 +155,7 @@ selfservice:
       lifespan: 30m0s
       login_hints: true
       ui_url: '##kratos_selfservice_flows_registration_ui_url##'
+      enable_legacy_one_step: false
 
     settings:
       after:
@@ -289,4 +290,4 @@ session:
     tokenizer:
       templates: {}
 
-version: v1.1.0
+version: v1.2.0
diff --git a/tools/ory/helpers.ts b/tools/ory/helpers.ts
@@ -87,9 +87,8 @@ function getOryMappings<T extends KeywordMappings>(
   cls: ClassConstructor<T>,
   envFilePath: string
 ): T {
-  const processEnv: Record<string, string> = {};
-  const { parsed } = dotenv.config({ path: envFilePath, processEnv });
-  const result = expand({ parsed, ignoreProcessEnv: true });
+  const { parsed } = dotenv.config({ path: envFilePath });
+  const result = expand({ parsed, ignoreProcessEnv: false });
   return validateMappings(cls, result.parsed);
 }
 

diff --git a/tools/ory/mappings.ts b/tools/ory/mappings.ts
@@ -102,6 +102,12 @@ export class KratosMappings extends KeywordMappings {
   @IsUrl(isUrlOptions)
   kratos_selfservice_flows_login_ui_url?: string = `${DEFAULT_SELF_SERVICE_UI_URL}/login`;
 
+  @Expose()
+  @IsOptional()
+  @IsUrl(isUrlOptions)
+  kratos_selfservice_flows_login_default_browser_return_url?: string =
+    DEFAULT_SELF_SERVICE_UI_URL;
+
   @Expose()
   @Transform(({ obj, key }) => strToBool(obj[key]), {
     toClassOnly: true,
@@ -129,6 +135,12 @@ export class KratosMappings extends KeywordMappings {
   kratos_selfservice_flows_login_after_hook_config_response_parse?: boolean =
     false;
 
+  @Expose()
+  @IsOptional()
+  @IsUrl(isUrlOptions)
+  kratos_selfservice_flows_logout_default_browser_return_url?: string =
+    DEFAULT_SELF_SERVICE_UI_URL;
+
   @Expose()
   @IsOptional()
   @IsUrl(isUrlOptions)