ory · gopher1990 · Sep 19, 2022 · Oct 27, 2022 · vinckr · Sep 29, 2022
diff --git a/.DS_Store b/.DS_Store
diff --git a/kratos-nextjs-tailwind/.env b/kratos-nextjs-tailwind/.env
@@ -0,0 +1 @@
+NEXT_PUBLIC_API_URL='http://127.0.0.1:4433'
diff --git a/kratos-nextjs-tailwind/.eslintrc.json b/kratos-nextjs-tailwind/.eslintrc.json
@@ -0,0 +1,3 @@
+{
+  "extends": "next/core-web-vitals"
+}
diff --git a/kratos-nextjs-tailwind/.gitignore b/kratos-nextjs-tailwind/.gitignore
@@ -0,0 +1,36 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+
+# testing
+/coverage
+
+# next.js
+/.next/
+/out/
+
+# production
+/build
+
+# misc
+.DS_Store
+*.pem
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.pnpm-debug.log*
+
+# local env files
+.env*.local
+
+# vercel
+.vercel
+
+# typescript
+*.tsbuildinfo
+next-env.d.ts
diff --git a/kratos-nextjs-tailwind/README.md b/kratos-nextjs-tailwind/README.md
@@ -0,0 +1,12 @@
+
+# add the client id and client secret for google,github in kratos.yml file inside the config folder
+
+## npm i 
+
+## npm run dev
+
+## docker-compose up -d
+
+## access the page in localhost:3000
+
+## Please use the incognito mode in the browser to avoid any cache issues
diff --git a/kratos-nextjs-tailwind/config/identity.schema.json b/kratos-nextjs-tailwind/config/identity.schema.json
@@ -0,0 +1,47 @@
+{
+  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Person",
+  "type": "object",
+  "properties": {
+    "traits": {
+      "type": "object",
+      "properties": {
+        "email": {
+          "type": "string",
+          "format": "email",
+          "title": "E-Mail",
+          "minLength": 3,
+          "ory.sh/kratos": {
+            "credentials": {
+              "password": {
+                "identifier": true
+              }
+            },
+            "verification": {
+              "via": "email"
+            },
+            "recovery": {
+              "via": "email"
+            }
+          }
+        },
+        "name": {
+          "type": "object",
+          "properties": {
+            "first": {
+              "title": "First Name",
+              "type": "string"
+            },
+            "last": {
+              "title": "Last Name",
+              "type": "string"
+            }
+          }
+        }
+      },
+      "required": ["email"],
+      "additionalProperties": false
+    }
+  }
+}
diff --git a/kratos-nextjs-tailwind/config/kratos.yml b/kratos-nextjs-tailwind/config/kratos.yml
@@ -0,0 +1,140 @@
+version: v0.7.1-alpha.1
+serve:
+  public:
+    base_url: http://127.0.0.1:4433/
+    cors:
+      allowed_origins:
+        - http://127.0.0.1:3000
+      allowed_methods:
+        - POST
+        - GET
+        - PUT
+        - PATCH
+        - DELETE
+      allowed_headers:
+        - Authorization
+        - Cookie
+        - Content-Type
+        - X-Session-Token
+      exposed_headers:
+        - Content-Type
+        - Set-Cookie
+      allow_credentials: true
+      options_passthrough: true
+      debug: true
+      enabled: true
+  admin:
+    base_url: http://127.0.0.1:4434/
+    host: "0.0.0.0"
+    port: 4434
+
+selfservice:
+  default_browser_return_url: http://127.0.0.1:3000/
+  whitelisted_return_urls:
+    - http://127.0.0.1:3000/
+  methods:
+    oidc:
+      enabled: true
+      config:
+        providers:
+          - id: github
+            provider: github
+            client_id: ... # Add the client ID
+            client_secret: ... # Add the client secret
+            mapper_url: file:///etc/config/kratos/oidc.github.jsonnet
+            scope:
+              - user:email
+          - id: google # this is `<provider-id>` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET!
+            provider: google
+            client_id: ... # Add the client ID
+            client_secret: ... # Add the client secret
+            mapper_url: file:///etc/config/kratos/oidc.google.jsonnet
+            scope:
+              - email
+              - profile
+            requested_claims:
+              id_token:
+                email:
+                  essential: true
+                email_verified:
+                  essential: true
+                given_name:
+                  essential: true
+                family_name: null
+                hd: null # If you want the G Suite domain
+    password:
+      enabled: true
+
+  flows:
+    error:
+      ui_url: http://127.0.0.1:3000/error
+
+    settings:
+      ui_url: http://127.0.0.1:3000/settings
+      privileged_session_max_age: 15m
+      after:
+        default_browser_return_url: http://127.0.0.1:3000/welcome
+
+    recovery:
+      enabled: true
+      ui_url: http://127.0.0.1:3000/recovery
+      after:
+        default_browser_return_url: http://127.0.0.1:3000/welcome
+
+    verification:
+      enabled: true
+      ui_url: http://127.0.0.1:3000/verify
+      after:
+        default_browser_return_url: http://127.0.0.1:3000/welcome
+
+    logout:
+      after:
+        default_browser_return_url: http://127.0.0.1:3000/
+
+    login:
+      ui_url: http://127.0.0.1:3000/
+      lifespan: 10m
+      after:
+        default_browser_return_url: http://127.0.01:3000/welcome
+
+    registration:
+      lifespan: 10m
+      ui_url: http://127.0.0.1:3000/register
+      after:
+        default_browser_return_url: http://127.0.01:3000/welcome
+        password:
+          hooks:
+            - hook: session
+        oidc:
+          hooks:
+            - hook: session
+
+log:
+  level: debug
+  format: text
+  leak_sensitive_values: true
+
+secrets:
+  cookie:
+    - 8432a217-cc13-4ce9-bd7e-3be15a01cd87
+
+hashers:
+  argon2:
+    parallelism: 1
+    memory: 128MB
+    iterations: 2
+    salt_length: 16
+    key_length: 16
+
+identity:
+  default_schema_url: file:///etc/config/kratos/identity.schema.json
+
+session:
+  lifespan: 24h
+  cookie:
+    domain: http://127.0.0.1:3000
+    same_site: Lax
+
+courier:
+  smtp:
+    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true&legacy_ssl=true
diff --git a/kratos-nextjs-tailwind/config/oidc.github.jsonnet b/kratos-nextjs-tailwind/config/oidc.github.jsonnet
@@ -0,0 +1,17 @@
+local claims = {
+  email_verified: false
+} + std.extVar('claims');
+
+{
+  identity: {
+    traits: {
+      // Allowing unverified email addresses enables account
+      // enumeration attacks, especially if the value is used for
+      // e.g. verification or as a password login identifier.
+      //
+      // Therefore we only return the email if it (a) exists and (b) is marked verified
+      // by GitHub.
+      [if "email" in claims && claims.email_verified then "email" else null]: claims.email,
+    },
+  },
+}
diff --git a/kratos-nextjs-tailwind/config/oidc.google.jsonnet b/kratos-nextjs-tailwind/config/oidc.google.jsonnet
@@ -0,0 +1,14 @@
+local claims = {
+  email_verified: true,
+} + std.extVar('claims');
+
+{
+  identity: {
+    traits: {
+      [if 'email' in claims && claims.email_verified then 'email' else null]: claims.email,
+      first_name: claims.given_name,
+      last_name: claims.family_name,
+      [if 'hd' in claims && claims.email_verified then 'hd' else null]: claims.hd,
+    },
+  },
+}
diff --git a/kratos-nextjs-tailwind/docker-compose.yml b/kratos-nextjs-tailwind/docker-compose.yml
@@ -0,0 +1,86 @@
+version: "3.9"
+services:
+  postgres:
+    image: postgres:latest
+    container_name: kratos-postgres
+    restart: "no"
+    working_dir: /application
+    volumes:
+      - postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=core
+      - POSTGRES_DB=core
+      - POSTGRES_USER=core
+    ports:
+      - "5432:5432"
+    networks:
+      - intranet
+
+  pgadmin:
+    image: dpage/pgadmin4
+    container_name: kratos-pgadmin
+    restart: "no"
+    volumes:
+      - pgadmin:/var/lib/pgadmin
+    environment:
+      - [email protected]
+      - PGADMIN_DEFAULT_PASSWORD=core
+    ports:
+      - "5433:80"
+    networks:
+      - intranet
+
+  kratos-migrate:
+    image: oryd/kratos:v0.8.0
+    container_name: kratos-migrate
+    depends_on:
+      - postgres
+    environment:
+      - DSN=postgres://core:core@postgres:5432/core?sslmode=disable&max_conns=20&max_idle_conns=4
+    volumes:
+      - type: bind
+        source: ./config
+        target: /etc/config/kratos
+    command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
+    restart: on-failure
+    networks:
+      - intranet
+
+  kratos:
+    image: oryd/kratos:v0.8.0
+    container_name: kratos
+    depends_on:
+      - kratos-migrate
+    ports:
+      - "4433:4433" # public
+      - "4434:4434" # admin
+    command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
+    restart: "no"
+    environment:
+      - DSN=postgres://core:core@postgres:5432/core?sslmode=disable&max_conns=20&max_idle_conns=4
+      - LOG_LEVEL=trace
+    volumes:
+      - type: bind
+        source: ./config
+        target: /etc/config/kratos
+    networks:
+      - intranet
+
+  mailslurper:
+    image: oryd/mailslurper:latest-smtps
+    container_name: kratos-mailslurper
+    restart: "no"
+    ports:
+      - "4436:4436"
+      - "4437:4437"
+    networks:
+      - intranet
+
+networks:
+  intranet:
+
+volumes:
+  postgres:
+    name: vol-kratos
+  pgadmin:
+    name: vol-pgadmin
diff --git a/kratos-nextjs-tailwind/next.config.js b/kratos-nextjs-tailwind/next.config.js
@@ -0,0 +1,7 @@
+/** @type {import('next').NextConfig} */
+const nextConfig = {
+  reactStrictMode: true,
+  swcMinify: true,
+}
+
+module.exports = nextConfig