lionsdev/unionflow-server-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add production Dockerfiles and Keycloak realm configuration

Browse Source 
- Add Dockerfile.prod for unionflow-server (backend) with production settings
- Add Dockerfile.prod for unionflow-client (frontend) with production settings
- Add unionflow-realm-production.json with SUPER_ADMIN role and unionflow-client
- Configure for deployment on https://unionflow.lions.dev

Database: unionflow on postgresql.postgresql.svc.cluster.local
Keycloak: https://security.lions.dev/realms/unionflow
Backend: Port 8085, https://api.lions.dev/unionflow
Frontend: Port 8086, https://unionflow.lions.dev
This commit is contained in:
dahoud
2025-12-07 14:46:11 +00:00
parent 35ddcb1d2d
commit 00d3906fd2
3 changed files with 367 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

185
unionflow-realm-production.json Normal file
View File

@@ -0,0 +1,185 @@
{
"realm": "unionflow",
"displayName": "UnionFlow",
"displayNameHtml": "<div class=\"kc-logo-text\"><span>UnionFlow</span></div>",
"enabled": true,
"sslRequired": "external",
"registrationAllowed": false,
"registrationEmailAsUsername": true,
"rememberMe": true,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": true,
"editUsernameAllowed": false,
"bruteForceProtected": true,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 5,
"defaultRoles": ["offline_access", "uma_authorization", "default-roles-unionflow"],
"requiredCredentials": ["password"],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"supportedLocales": ["fr", "en"],
"defaultLocale": "fr",
"internationalizationEnabled": true,
"clients": [
{
"clientId": "unionflow-server",
"name": "UnionFlow Server API",
"description": "Client pour l'API serveur UnionFlow (Backend)",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "unionflow-server-secret-2025",
"serviceAccountsEnabled": true,
"directAccessGrantsEnabled": true,
"publicClient": false,
"redirectUris": ["https://api.lions.dev/unionflow/*"],
"webOrigins": ["https://api.lions.dev", "https://unionflow.lions.dev", "https://security.lions.dev"],
"protocol": "openid-connect",
"fullScopeAllowed": true,
"defaultClientScopes": ["web-origins", "role_list", "profile", "roles", "email"],
"optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
},
{
"clientId": "unionflow-client",
"name": "UnionFlow Web Client",
"description": "Client pour l'application web UnionFlow (Frontend)",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "unionflow-client-secret-2025",
"publicClient": false,
"directAccessGrantsEnabled": true,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"redirectUris": [
"https://unionflow.lions.dev/*",
"https://unionflow.lions.dev/auth/callback"
],
"webOrigins": ["https://unionflow.lions.dev", "https://api.lions.dev", "https://security.lions.dev"],
"protocol": "openid-connect",
"fullScopeAllowed": true,
"defaultClientScopes": ["web-origins", "role_list", "profile", "roles", "email"],
"optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
}
],
"roles": {
"realm": [
{
"name": "SUPER_ADMIN",
"description": "Super Administrateur avec tous les droits sur toutes les organisations",
"composite": false,
"clientRole": false,
"containerId": "unionflow"
},
{
"name": "ADMIN",
"description": "Administrateur d'organisation avec tous les droits sur son organisation",
"composite": false,
"clientRole": false,
"containerId": "unionflow"
},
{
"name": "PRESIDENT",
"description": "Président de l'organisation avec droits de gestion complète",
"composite": false,
"clientRole": false,
"containerId": "unionflow"
},
{
"name": "SECRETAIRE",
"description": "Secrétaire avec droits de gestion des membres et événements",
"composite": false,
"clientRole": false,
"containerId": "unionflow"
},
{
"name": "TRESORIER",
"description": "Trésorier avec droits de gestion financière",
"composite": false,
"clientRole": false,
"containerId": "unionflow"
},
{
"name": "GESTIONNAIRE_MEMBRE",
"description": "Gestionnaire des membres avec droits de CRUD sur les membres",
"composite": false,
"clientRole": false,
"containerId": "unionflow"
},
{
"name": "ORGANISATEUR_EVENEMENT",
"description": "Organisateur d'événements avec droits de gestion des événements",
"composite": false,
"clientRole": false,
"containerId": "unionflow"
},
{
"name": "MEMBRE",
"description": "Membre standard avec droits de consultation",
"composite": false,
"clientRole": false,
"containerId": "unionflow"
}
]
},
"users": [
{
"username": "superadmin",
"enabled": true,
"emailVerified": true,
"firstName": "Super",
"lastName": "Administrateur",
"email": "gbanedahoud@gmail.com",
"credentials": [
{
"type": "password",
"value": "SuperAdmin2025!",
"temporary": false
}
],
"realmRoles": ["SUPER_ADMIN", "ADMIN", "PRESIDENT", "MEMBRE"],
"clientRoles": {}
}
],
"groups": [
{
"name": "SuperAdministration",
"path": "/SuperAdministration",
"realmRoles": ["SUPER_ADMIN"],
"subGroups": []
},
{
"name": "Administration",
"path": "/Administration",
"realmRoles": ["ADMIN"],
"subGroups": []
},
{
"name": "Bureau",
"path": "/Bureau",
"realmRoles": ["PRESIDENT", "SECRETAIRE", "TRESORIER"],
"subGroups": []
},
{
"name": "Gestionnaires",
"path": "/Gestionnaires",
"realmRoles": ["GESTIONNAIRE_MEMBRE", "ORGANISATEUR_EVENEMENT"],
"subGroups": []
},
{
"name": "Membres",
"path": "/Membres",
"realmRoles": ["MEMBRE"],
"subGroups": []
}
]
}