search

fief-dev / fief

Users and authentication management SaaS
https://www.fief.dev
Other
486 stars 42 forks source link

workspace get_by_domain isn't compatible with docker-compose networking #249

Closed dearlordylord closed 10 months ago

dearlordylord commented 10 months ago

Describe the bug

https://github.com/fief-dev/fief/blob/6df2773358d536c5385dc89bc0e2741b403675a3/fief/repositories/workspace.py#L24

admin api call cannot identify any domain except the given with ROOT_DOMAIN/FIEF_DOMAIN on setup (i.e. localhost is recognized, but inner docker-compose domains are not)

To Reproduce

docker-compose.yml: (note: env secrets are generated for testing and are not my production secrets)

version: '2'

services:
  fief: # generate from the above ^
    image: ghcr.io/fief-dev/fief:latest
    ports:
      - '8000:8000'
    environment:
      - SECRET=XXX
      - FIEF_CLIENT_ID=XXX
      - FIEF_CLIENT_SECRET=XXX
      - ENCRYPTION_KEY=XXX=
      - FIEF_MAIN_ADMIN_API_KEY=ACAB
      - PORT=8000
      - ROOT_DOMAIN=localhost:8000
      - FIEF_DOMAIN=localhost:8000
      - FIEF_MAIN_USER_EMAIL=admin@popug.io
      - FIEF_MAIN_USER_PASSWORD=admin@popug.io
      - CSRF_COOKIE_SECURE=False
      - SESSION_DATA_COOKIE_SECURE=False
      - USER_LOCALE_COOKIE_SECURE=False
      - LOGIN_HINT_COOKIE_SECURE=False
      - LOGIN_SESSION_COOKIE_SECURE=False
      - REGISTRATION_SESSION_COOKIE_SECURE=False
      - SESSION_COOKIE_SECURE=False
      - FIEF_ADMIN_SESSION_COOKIE_SECURE=False

  fiefsetup:
    image: curlimages/curl:latest
    depends_on:
      - fief
    restart: "no"
    environment:
      FIEF_API_KEY: "ACAB"
    entrypoint:
      - "/bin/sh"
      - "-c"
      - |
        curl \
        -X GET \
        -H "Authorization: Bearer ${FIEF_API_KEY}" \
        http://fief:8000/admin/api/users/ && echo "\n"

-> run -> get CANT_DETERMINE_VALID_WORKSPACE error

however, run the same curl command from the host machine with http://localhost:8000/admin/api/users/ and it finds the workspace

Expected behavior

I expect it to understand default workspace with whatever root domain it's accessed from

Configuration

self-hosted, as per https://docs.fief.dev/self-hosting/quickstart/ but FIEF_MAIN_ADMIN_API_KEY=ACAB added

Additional context

For context, the main point of why I'm doing this call from inside docker-compose is that I'd like to setup some default schema, namely a field for users, that I'd like to do through admin API automatically on docker setup

fief-bailiff[bot] commented 10 months ago

Hail, @Firfi 👋

I've noticed you shared secret values: SECRET, FIEF_CLIENT_ID, FIEF_CLIENT_SECRET, ENCRYPTION_KEY. Those are highly sensitive and you should keep them secret.

For your security, I've taken the liberty to replace them with dummy values.

fief-bailiff[bot] commented 10 months ago

Hail, @Firfi 👋 Welcome to Fief's kingdom!

Our team will get back to you very soon to help.

In the meantime, take a minute to star our repository ⭐️

star-fief

Farewell!

dearlordylord commented 10 months ago

Hail, @Firfi 👋

I've noticed you shared secret values: SECRET, FIEF_CLIENT_ID, FIEF_CLIENT_SECRET, ENCRYPTION_KEY. Those are highly sensitive and you should keep them secret.

For your security, I've taken the liberty to replace them with dummy values.

they were really all right to share and I was aware, but all right.

dearlordylord commented 10 months ago

network_mode: host solves the issue but isn't desirable