Ronni Baslund
adfd9baafe
Brings up Dezky's local development environment end-to-end: Infrastructure (docker-compose): - Traefik v3.7 reverse proxy with mkcert TLS (v3.2 couldn't speak Docker API 1.54) - Postgres + Mongo + Redis with healthchecks and init script for per-service users - Authentik 2025.10 (server + worker) as OIDC IdP - Stalwart v0.16 mail server (image renamed from stalwartlabs/mail-server) - OCIS 7.0 with PROXY_TLS=false and OCIS_CONFIG_DIR=/etc/ocis so init writes where the server reads - Collabora office, plus the portal + provisioning service stubs - Docker network aliases on Traefik so containers resolve auth.dezky.local etc. through the network (not host /etc/hosts) - Docker socket mount parameterized for macOS Docker Desktop symlink path Authentik provisioning (done via API after stack boot): - ocis-provider (public client) + OCIS Files application - dezky-portal provider (confidential) + Dezky Portal application - Admin API token bound to akadmin manually since 2025.10's AUTHENTIK_BOOTSTRAP_TOKEN env var doesn't auto-materialize a token row Portal (apps/portal): - Nuxt 3 with nuxt-oidc-auth 1.0.0-beta.11 against generic 'oidc' preset - Global auth middleware; login at /auth/oidc/login redirects to Authentik - Visual implementation of Claude Design 'Auth' canvas: AuthShell, NodeMark, Auth* sub-components, design tokens as CSS custom properties - Pages: auth/login, auth/expired, auth/disabled, index (post-login landing) - mkcert root CA mounted into the portal so Node fetch trusts Authentik's self-signed cert (NODE_EXTRA_CA_CERTS) — dev only Docs: - AUTHENTIK-SETUP.md updated with manual token bind + portal provider scripted alternative - NEXT-STEPS.md: Phase 1 and Phase 2 marked done with file locations and dev-mode caveats Dev-mode shortcuts that need to be revisited before prod: - skipAccessTokenParsing on the OIDC config - NODE_EXTRA_CA_CERTS mkcert mount - Bootstrap password still the generated value in .env - Authentik admin token (dezky-bootstrap-token) is non-expiring
50 lines
1.1 KiB
Vue
50 lines
1.1 KiB
Vue
<script setup lang="ts">
|
|
definePageMeta({ auth: false })
|
|
|
|
async function signInAgain() {
|
|
await navigateTo('/auth/oidc/login', { external: true })
|
|
}
|
|
</script>
|
|
|
|
<template>
|
|
<AuthShell
|
|
status="Some services degraded · authentik"
|
|
status-tone="warn"
|
|
>
|
|
<div class="badge" data-tone="warn">
|
|
<UiIcon name="shield" :size="28" />
|
|
</div>
|
|
<AuthHeading
|
|
eyebrow="Session ended"
|
|
title="You were signed out"
|
|
body="For your security we ended your idle session. Sign in to pick up where you left off."
|
|
/>
|
|
<AuthButton variant="primary" @click="signInAgain">Sign in again</AuthButton>
|
|
<AuthFooterLink>
|
|
not you? <span class="sep">·</span> <NuxtLink to="/auth/login">use a different account</NuxtLink>
|
|
</AuthFooterLink>
|
|
</AuthShell>
|
|
</template>
|
|
|
|
<style scoped>
|
|
.badge {
|
|
width: 56px;
|
|
height: 56px;
|
|
border-radius: 14px;
|
|
display: inline-flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
margin: 0 0 18px 0;
|
|
}
|
|
|
|
.badge[data-tone='warn'] {
|
|
background: rgba(232, 154, 31, 0.12);
|
|
color: var(--warn);
|
|
}
|
|
|
|
.sep {
|
|
color: var(--text-dim);
|
|
padding: 0 6px;
|
|
}
|
|
</style>
|