fix(docker): dev docker compose + kratos configuration (#1429)

* fix(docker): dev docker compose + kratos configuration

* feat: upgrade to alpha 14

---------

Co-authored-by: dragosp1011 <[email protected]>

Author: golobitch

docker/dbinit.sql

@@ -13,3 +13,7 @@ ALTER DATABASE wallet_backend OWNER TO wallet_backend;
 CREATE USER boutique_backend WITH PASSWORD 'boutique_backend';
 CREATE DATABASE boutique_backend;
 ALTER DATABASE boutique_backend OWNER TO boutique_backend;
+
+CREATE USER kratos WITH PASSWORD 'kratos';
+CREATE DATABASE kratos;
+ALTER DATABASE kratos OWNER TO kratos;

docker/dev/docker-compose.yml

@@ -50,7 +50,7 @@ services:
       AUTH_IDENTITY_SERVER_SECRET: ${AUTH_IDENTITY_SERVER_SECRET}
       SENDGRID_API_KEY: ${SENDGRID_API_KEY}
       FROM_EMAIL: ${FROM_EMAIL}
-      SEND_EMAIL: ${SEND_EMAIL}
+      SEND_EMAIL: ${SEND_EMAIL:-false}
       RATE_API_KEY: ${RATE_API_KEY}
       BASE_ASSET_SCALE: 2
       MAX_ASSET_SCALE: 9
@@ -90,7 +90,7 @@ services:
   # Rafiki
   rafiki-auth:
     container_name: rafiki-auth
-    image: ghcr.io/interledger/rafiki-auth:v1.0.0-alpha.13
+    image: ghcr.io/interledger/rafiki-auth:v1.0.0-alpha.14
     restart: always
     networks:
       - testnet
@@ -105,8 +105,8 @@ services:
       AUTH_SERVER_URL: http://localhost:3006
       AUTH_DATABASE_URL: postgresql://rafiki_auth:rafiki_auth@postgres/rafiki_auth
       IDENTITY_SERVER_URL: http://localhost:4003/grant-interactions
-      IDENTITY_SERVER_SECRET: ${AUTH_IDENTITY_SERVER_SECRET}
-      COOKIE_KEY: ${AUTH_COOKIE_KEY}
+      IDENTITY_SERVER_SECRET: ${AUTH_IDENTITY_SERVER_SECRET:-327132b5-99e9-4eb8-8a25-2b7d7738ece1}
+      COOKIE_KEY: ${AUTH_COOKIE_KEY:-8fd398393c47dd27a3167d9c081c094f}
       WAIT_SECONDS: 1
       REDIS_URL: redis://redis:6379/0
     depends_on:
@@ -115,7 +115,7 @@ services:
 
   rafiki-backend:
     container_name: rafiki-backend
-    image: ghcr.io/interledger/rafiki-backend:v1.0.0-alpha.13
+    image: ghcr.io/interledger/rafiki-backend:v1.0.0-alpha.14
     restart: always
     privileged: true
     volumes:
@@ -141,6 +141,7 @@ services:
       AUTH_SERVER_GRANT_URL: http://rafiki-auth:3006
       AUTH_SERVER_INTROSPECTION_URL: http://rafiki-auth:3007
       ILP_ADDRESS: test.net
+      ILP_CONNECTOR_URL: http://127.0.0.1:3002
       STREAM_SECRET: BjPXtnd00G2mRQwP/8ZpwyZASOch5sUXT5o0iR5b5wU=
       ADMIN_KEY: admin
       OPEN_PAYMENTS_URL: http://rafiki-backend
@@ -154,14 +155,15 @@ services:
       AUTO_PEERING_SERVER_PORT: 3005
       INSTANCE_NAME: 'Testnet Wallet'
       SLIPPAGE: 0.01
+      KEY_ID: rafiki
     depends_on:
       - postgres
       - redis
     <<: *logging
 
   rafiki-frontend:
     container_name: rafiki-frontend
-    image: ghcr.io/interledger/rafiki-frontend:v1.0.0-alpha.13
+    image: ghcr.io/interledger/rafiki-frontend:v1.0.0-alpha.14
     depends_on:
       - rafiki-backend
     restart: always
@@ -174,8 +176,28 @@ services:
       PORT: 3012
       GRAPHQL_URL: http://rafiki-backend:3001/graphql
       OPEN_PAYMENTS_URL: https://rafiki-backend/
+      ENABLE_INSECURE_MESSAGE_COOKIE: true
+      KRATOS_CONTAINER_PUBLIC_URL: 'http://kratos:4433'
+      KRATOS_BROWSER_PUBLIC_URL: 'http://localhost:4433'
+      KRATOS_ADMIN_URL: 'http://kratos:4434/admin'
     <<: *logging
 
+  kratos:
+    image: 'oryd/kratos:v0.13.0'
+    privileged: true
+    depends_on:
+      - postgres
+      - mailslurper
+    ports:
+      - '4433:4433'
+    volumes:
+      - ../entrypoint.sh:/entrypoint.sh
+      - ../identity.schema.json:/etc/config/kratos/identity.schema.json
+      - ./kratos.yml:/etc/config/kratos/kratos.yml
+    entrypoint: ['/entrypoint.sh']
+    networks:
+      - testnet
+
   tigerbeetle:
     image: ghcr.io/tigerbeetle/tigerbeetle:0.15.3
     privileged: true
@@ -208,6 +230,14 @@ services:
     networks:
       - testnet
 
+  mailslurper:
+    image: oryd/mailslurper:latest-smtps
+    ports:
+      - '4436:4436'
+      - '4437:4437'
+    networks:
+      - testnet
+
 networks:
   testnet:
     driver: bridge

docker/dev/kratos.yml

@@ -0,0 +1,91 @@
+version: v0.13.0
+
+dsn: postgres://cloud_nine_kratos:kratos_password@shared-database:5432/cloud_nine_kratos?sslmode=disable&max_conns=20&max_idle_conns=4
+
+serve:
+  public:
+    base_url: http://localhost:4433/
+    cors:
+      enabled: true
+  admin:
+    base_url: http://kratos:4434/
+
+selfservice:
+  default_browser_return_url: http://localhost:3010/
+  allowed_return_urls:
+    - http://localhost:3010
+
+  methods:
+    link:
+      config:
+        lifespan: 1h
+        base_url: http://localhost:4433
+      enabled: true
+    password:
+      enabled: true
+
+  flows:
+    error:
+      ui_url: http://localhost:3010/error
+
+    settings:
+      ui_url: http://localhost:3010/settings
+      privileged_session_max_age: 15m
+      required_aal: highest_available
+
+    recovery:
+      enabled: true
+      ui_url: http://localhost:3010/auth/recovery
+      use: link
+      after:
+        hooks:
+          - hook: revoke_active_sessions
+
+    verification:
+      enabled: false
+
+    logout:
+      after:
+        default_browser_return_url: http://localhost:3010/auth
+
+    login:
+      ui_url: http://localhost:3010/auth/login
+      lifespan: 10m
+
+    registration:
+      enabled: false
+
+log:
+  level: debug
+  format: json
+  leak_sensitive_values: true
+
+secrets:
+  cookie:
+    - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
+  cipher:
+    - 32-LONG-SECRET-NOT-SECURE-AT-ALL
+
+ciphers:
+  algorithm: xchacha20-poly1305
+
+hashers:
+  algorithm: bcrypt
+  bcrypt:
+    cost: 8
+
+identity:
+  schemas:
+    - id: default
+      url: file:///etc/config/kratos/identity.schema.json
+
+courier:
+  smtp:
+    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true
+
+session:
+  lifespan: 1h
+  cookie:
+    persistent: false
+    same_site: Strict
+    path: /

docker/prod/entrypoint.sh renamed to docker/entrypoint.sh

@@ -119,7 +119,7 @@ services:
     <<: *logging
 
   rafiki-auth:
-    image: ghcr.io/interledger/rafiki-auth:v1.0.0-alpha.13
+    image: ghcr.io/interledger/rafiki-auth:v1.0.0-alpha.14
     container_name: rafiki-auth
     environment:
       NODE_ENV: ${NODE_ENV}
@@ -145,7 +145,7 @@ services:
     <<: *logging
 
   rafiki-backend:
-    image: ghcr.io/interledger/rafiki-backend:v1.0.0-alpha.13
+    image: ghcr.io/interledger/rafiki-backend:v1.0.0-alpha.14
     container_name: rafiki-backend
     depends_on:
       - postgres
@@ -214,7 +214,7 @@ services:
     <<: *logging
 
   rafiki-frontend:
-    image: ghcr.io/interledger/rafiki-frontend:v1.0.0-alpha.13
+    image: ghcr.io/interledger/rafiki-frontend:v1.0.0-alpha.14
     container_name: rafiki-frontend
     depends_on:
       - rafiki-backend
@@ -271,8 +271,8 @@ services:
     ports:
       - '4433:4433'
     volumes:
-      - ./entrypoint.sh:/entrypoint.sh
-      - ./identity.schema.json:/etc/config/kratos/identity.schema.json
+      - ../entrypoint.sh:/entrypoint.sh
+      - ../identity.schema.json:/etc/config/kratos/identity.schema.json
       - ./kratos.yml:/etc/config/kratos/kratos.yml
     entrypoint: ['/entrypoint.sh']
     networks:

docker/prod/identity.schema.json renamed to docker/identity.schema.json

@@ -114,7 +114,7 @@ export async function createContainer(
     authGraphQLClient: asFunction(createAuthGraphQLClient).singleton(),
     rapydClient: asClassSingletonWithLogger(RapydClient, logger),
     rapydService: asClass(RapydService).singleton(),
-    rafikiClient: asClassSingletonWithLogger(RafikiClient, logger).singleton(),
+    rafikiClient: asClass(RafikiClient).singleton(),
     rafikiAuthService: asClass(RafikiAuthService).singleton(),
     accountService: asClass(AccountService).singleton(),
     ratesService: asClass(RatesService).singleton(),