2405fcc2da
- Install knpuniversity/oauth2-client-bundle and stevenmaguire/oauth2-keycloak - Register KnpUOAuth2ClientBundle in bundles.php - Configure Keycloak OIDC client (realm e-cosplay, auth.esy-web.dev) - Add keycloakId field to User entity with migration - Create KeycloakAuthenticator with group-to-role mapping (/superadmin -> ROLE_ROOT) - Create OAuthController with SSO routes (/connection/sso/login, logout, check) - Add custom_authenticator to security firewall with form_login entry point - Add auth.esy-web.dev to nelmio external_redirects whitelist and CSP form-action - Add SSO button and error flash messages to login page - Make navbar active state dynamic based on current route (desktop + mobile) - Add Keycloak env vars to .env, .env.local, and ansible/env.local.j2 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
64 lines
2.0 KiB
Bash
64 lines
2.0 KiB
Bash
# In all environments, the following files are loaded if they exist,
|
|
# the latter taking precedence over the former:
|
|
#
|
|
# * .env contains default values for the environment variables needed by the app
|
|
# * .env.local uncommitted file with local overrides
|
|
# * .env.$APP_ENV committed environment-specific defaults
|
|
# * .env.$APP_ENV.local uncommitted environment-specific overrides
|
|
#
|
|
# Real environment variables win over .env files.
|
|
#
|
|
# DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
|
|
# https://symfony.com/doc/current/configuration/secrets.html
|
|
#
|
|
# Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
|
|
# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
|
|
|
|
###> symfony/framework-bundle ###
|
|
APP_ENV=dev
|
|
APP_SECRET=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
|
|
APP_SHARE_DIR=var/share
|
|
###< symfony/framework-bundle ###
|
|
|
|
###> symfony/routing ###
|
|
DEFAULT_URI=https://esyweb.local
|
|
###< symfony/routing ###
|
|
|
|
###> doctrine/doctrine-bundle ###
|
|
DATABASE_URL="postgresql://app:secret@database:5432/ecosplay?serverVersion=16&charset=utf8"
|
|
###< doctrine/doctrine-bundle ###
|
|
|
|
###> symfony/messenger ###
|
|
MESSENGER_TRANSPORT_DSN=redis://redis:6379/messages
|
|
###< symfony/messenger ###
|
|
|
|
###> symfony/mailer ###
|
|
MAILER_DSN=smtp://mailpit:1025
|
|
###< symfony/mailer ###
|
|
|
|
###> vite ###
|
|
# 0 = dev (HMR via localhost:5173), 1 = prod (manifest build)
|
|
VITE_LOAD=0
|
|
REAL_MAIL=0
|
|
###< vite ###
|
|
STRIPE_PK=
|
|
STRIPE_SK=
|
|
STRIPE_WEBHOOK_SECRET=
|
|
STRIPE_MODE=test
|
|
SMIME_PASSPHRASE='KLreLnyR07x5h#3$AC'
|
|
|
|
###> SSO E-Cosplay (Keycloak OIDC) ###
|
|
OAUTH_KEYCLOAK_CLIENT_ID=e-ticket
|
|
OAUTH_KEYCLOAK_CLIENT_SECRET=changeme
|
|
OAUTH_KEYCLOAK_URL=https://auth.esy-web.dev
|
|
OAUTH_KEYCLOAK_REALM=e-cosplay
|
|
###< SSO E-Cosplay (Keycloak OIDC) ###
|
|
|
|
###> s3/minio ###
|
|
S3_ENDPOINT=http://minio:9000
|
|
S3_ACCESS_KEY=e-ticket
|
|
S3_SECRET_KEY=e-ticket
|
|
S3_BUCKET=e-ticket
|
|
S3_REGION=us-east-1
|
|
###< s3/minio ###
|