-
Notifications
You must be signed in to change notification settings - Fork 34
WWWallet setup, documentation and docker compose #221
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft
PascalDR
wants to merge
47
commits into
dev
Choose a base branch
from
docs/wwwallet_documentation
base: dev
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from 29 commits
Commits
Show all changes
47 commits
Select commit
Hold shift + click to select a range
7dcd644
feat: wwwallet setup docs
PascalDR 039daf5
chore: updated .gitignore
PascalDR ec89509
feat: initial configuration for wwwallet
PascalDR 7d1ab9c
chore: updated submodules
PascalDR 7ee449c
chore: added submodules
PascalDR 6716b4e
feat: added configuration
PascalDR 750c8d7
feat: updated script
PascalDR c940d6d
fix: script
PascalDR 5e362a8
feat: added conf file
PascalDR 542d710
chore: updated submodule
PascalDR 78f6fe9
feat: updated script
PascalDR ee280fe
chore: update .gitignore
PascalDR d1f7b4f
Merge branch 'dev' of https://github.com/italia/iam-proxy-italia into…
PascalDR 572e01c
fix: config
PascalDR 7d2ced7
fix: updated compose script
PascalDR c289e71
Update Docker-compose/docker-compose.yml
PascalDR eec60b9
fix: updated script
PascalDR babf6f9
Merge branch 'docs/wwwallet_documentation' of https://github.com/ital…
PascalDR 5fe39ea
feat: added mariadb
PascalDR 716abc7
fix: merged nginx
PascalDR 4f3a229
chore: removed file
PascalDR 4a7a0a8
fix: removed unecessary sections
PascalDR eeb6989
fix: docs
PascalDR 9b4060b
fix: support multiple profiles
PascalDR d842f51
fix: use env variables
PascalDR 79a32ab
feat: dynamic config
PascalDR 0d48f11
fix: clean nginx data
PascalDR 4bb8334
feat: updated docs
PascalDR 48f520e
Merge branch 'dev' into docs/wwwallet_documentation
PascalDR f77a40d
Update Docker-compose/docker-compose.yml
PascalDR c01c602
fix: typo
PascalDR 990dfdd
Merge branch 'docs/wwwallet_documentation' of https://github.com/ital…
PascalDR 25024c2
fix: typo
PascalDR a260a13
fix: protocol
PascalDR 36dc974
Merge remote-tracking branch 'origin/dev' into docs/wwwallet_document…
saralongobardiacn bff1674
gitignore: ignore wwwallet files in Docker-compose folder
saralongobardiacn cc9126e
fix: wwwallet, fix startup pipeline and manage run-docker-compose.sh …
saralongobardiacn f7329aa
fix: wwwallet, remove file ignored for fix startup
saralongobardiacn af3f30f
Merge branch 'dev' into docs/wwwallet_documentation
peppelinux 046bca3
Fix merge commit
saralongobardiacn cd50aab
Merge remote-tracking branch 'origin/dev' into docs/wwwallet_document…
saralongobardiacn b1b38b5
fix: *-docker-compose.sh, handle multiple instruction in run and remo…
saralongobardiacn 7cc5205
fix: wwwallet, runtime error for invoke /status endpoint
saralongobardiacn dbc9f63
fix: wwwallet, create custom config for openid4vci_frontend.yml
saralongobardiacn 9ec05d3
fix: openid4vci, handle default_target_authentication_backend
saralongobardiacn b76c72d
rev: openid4vci wwwallet, use SATOSA_BASE_OPENID4VCI env instead same…
saralongobardiacn 5b1fb93
rev: wwwallet, set nginx proxy for use localhost instead satosa-nginx…
saralongobardiacn File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| [submodule "iam-proxy-italia-project/wwwallet/wallet-frontend"] | ||
| path = iam-proxy-italia-project/wwwallet/wallet-frontend | ||
| url = https://github.com/wwWallet/wallet-frontend.git | ||
| [submodule "iam-proxy-italia-project/wwwallet/wallet-backend-server"] | ||
| path = iam-proxy-italia-project/wwwallet/wallet-backend-server | ||
| url = https://github.com/wwWallet/wallet-backend-server | ||
| [submodule "iam-proxy-italia-project/wwwallet/wallet-common"] | ||
| path = iam-proxy-italia-project/wwwallet/wallet-common | ||
| url = https://github.com/wwWallet/wallet-common |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| location /wwwallet-frontend/ { | ||
| rewrite ^/wwwallet-frontend/(.*)$ /$1 break; | ||
| alias /wwwallet-frontend/; | ||
|
|
||
| proxy_pass http://wwwallet-frontend:80/; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_set_header X-Forwarded-Ssl on; # Optional | ||
| proxy_set_header X-Forwarded-Port $server_port; | ||
| } | ||
|
|
||
|
|
||
| location /wwwallet-server/ { | ||
| rewrite ^/wwwallet-server/(.*)$ /$1 break; | ||
| alias /wwwallet-server/; | ||
|
|
||
| proxy_http_version 1.1; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection "upgrade"; | ||
|
|
||
| proxy_pass http://wwwallet-server:8002/; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_set_header X-Forwarded-Ssl on; # Optional | ||
| proxy_set_header X-Forwarded-Port $server_port; | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| [mysqld] | ||
| default-authentication-plugin=mysql_native_password |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
|
|
||
| # Setup Instructions | ||
|
|
||
| ## Prerequisites | ||
| Before you begin, ensure you have the following installed: | ||
| - Docker | ||
| - Docker Compose | ||
| - Git | ||
|
|
||
| ### WWWAllet Backend Setup | ||
| Every aspect of backend configuration is managed through `iam-proxy-italia-project/wwwallet/configs/config.template.ts` file and if you need to customize it, like changing the database connection details or enabling/disabling certain features, you can do so by editing this file. | ||
| Note that you will need to set: | ||
| - the host and port where the backend will be running. | ||
| - the database connection details to connect to your Mysql instance. | ||
| - and the notification system need to be disabled if no firebase subscription is available. | ||
|
|
||
| ### WWWAllet Frontend Setup | ||
| The frontend configuration is managed through the `iam-proxy-italia-project/wwwallet/configs/.env.prod` file. | ||
| You can customize it by editing this file. | ||
| Note that you will need to set: | ||
| - the backend url to connect to the backend instance. | ||
| - the firebase configuration if you want to enable the notification system. | ||
|
|
||
| ### Nginx Custom Configuration | ||
| The Nginx configuration for wwwallet is managed through the `iam-proxy-italia-project/wwwallet/configs/wwwallet.conf` file. | ||
| If you change the backend or frontend host and port, you will need to update this file accordingly. | ||
|
|
||
| ## Installation Steps | ||
|
|
||
| ### Automated Setup with Docker-Compose | ||
| The installation process is completely automated by the script `run-docker-compose.sh` located in the `Docker-compose` folder. | ||
| You can set the variable `COMPOSE_PROFILES` to the value `wwwallet` into the script and run it with the command: | ||
| ```bash | ||
| ./run-docker-compose.sh | ||
| ``` | ||
|
|
||
| ### Trusted Issuer Configuration | ||
| After the backend initialization, you must add the instance of the OpenID4VCI frontend, distributed in iam-proxy-italia using [pyeudiw](https://github.com/italia/eudi-wallet-it-python), as trusted issuer. | ||
| We therefore need to configure the enabled credential issuer by adding an entry in the table `credential_issuer` of the Mysql database used by wwwallet backend. | ||
| You can do this with any MariaDB client or using the MariaDB command line. | ||
| Note that the url must point to the OpenID4VCI Frontend to work properly. | ||
| An example of the SQL command to be executed is the following: | ||
| ```sql | ||
| INSERT INTO wwwalletdb.credential_issuer (credentialIssuerIdentifier,clientId,visible) | ||
| VALUES ('Satosa OpenID4VCI','https://localhost/OpenID4VCI',1); | ||
| ``` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| HOST='0.0.0.0' | ||
| PORT=3000 | ||
| VITE_WS_URL=ws://${SATOSA_HOSTNAME}/wwwallet-server/ | ||
|
PascalDR marked this conversation as resolved.
Outdated
|
||
| VITE_WALLET_BACKEND_URL=https://${SATOSA_HOSTNAME}/wwwallet-server/ | ||
| VITE_LOGIN_WITH_PASSWORD=true | ||
| VITE_FIREBASE_ENABLED=false | ||
| VITE_FIREBASE_VAPIDKEY=<Your_Vapid_Key> | ||
| VITE_FIREBASE_API_KEY=<Your_Firebase_API_Key> | ||
| VITE_FIREBASE_AUTH_DOMAIN=<Your_Firebase_Auth_Domain> | ||
| VITE_FIREBASE_PROJECT_ID=<Your_Firebase_Project_ID> | ||
| VITE_FIREBASE_STORAGE_BUCKET=<Your_Firebase_Storage_Bucket> | ||
| VITE_FIREBASE_MESSAGING_SENDER_ID=<Your_Firebase_Messaging_Sender_ID> | ||
| VITE_FIREBASE_APP_ID=<Your_Firebase_App_ID> | ||
| VITE_FIREBASE_MEASUREMENT_ID=<Your_Firebase_Measurement_ID> | ||
| VITE_DID_KEY_VERSION=jwk_jcs-pub | ||
| VITE_APP_VERSION=$npm_package_version | ||
| VITE_GENERATE_SOURCEMAP=false | ||
| VITE_DISPLAY_CONSOLE=true | ||
| VITE_WEBAUTHN_RPID=${SATOSA_HOSTNAME} | ||
| VITE_OPENID4VCI_REDIRECT_URI=http://${SATOSA_HOSTNAME}/wallet-frontend | ||
|
PascalDR marked this conversation as resolved.
Outdated
|
||
| VITE_OPENID4VCI_PROOF_TYPE_PRECEDENCE="attestation,jwt" | ||
| VITE_OPENID4VP_SAN_DNS_CHECK=false | ||
| VITE_OPENID4VP_SAN_DNS_CHECK_SSL_CERTS=false | ||
| VITE_VALIDATE_CREDENTIALS_WITH_TRUST_ANCHORS=true | ||
| VITE_MULTI_LANGUAGE_DISPLAY=true | ||
| VITE_STATIC_PUBLIC_URL=https://demo.wwwallet.org | ||
| VITE_STATIC_NAME=wwWallet | ||
| VITE_DISPLAY_ISSUANCE_WARNINGS=false | ||
27 changes: 27 additions & 0 deletions
27
iam-proxy-italia-project/wwwallet/configs/config.template.ts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| export const config = { | ||
| url: "localhost", | ||
| port: "8002", | ||
| appSecret: "SERVICE_SECRET", | ||
| ssl: false, | ||
| db: { | ||
| host: "wwwallet-mariadb", | ||
| port: "3306", | ||
| username: "root", | ||
| password: "changeme", | ||
|
peppelinux marked this conversation as resolved.
peppelinux marked this conversation as resolved.
|
||
| dbname: "wwwalletdb", | ||
| }, | ||
| walletClientUrl: "WALLET_CLIENT_URL", | ||
| webauthn: { | ||
| attestation: "direct", | ||
| origin: "WEBAUTHN_ORIGIN", | ||
| rp: { | ||
| id: "WEBAUTHN_RP_ID", | ||
| name: "wwWallet demo", | ||
| }, | ||
| }, | ||
| alg: "EdDSA", | ||
| notifications: { | ||
| enabled: false, | ||
| serviceAccount: "firebaseConfig.json" | ||
| } | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| import axios from 'axios'; | ||
| import express, { Request, Response, Router } from 'express'; | ||
| import { Agent } from 'node:https'; | ||
| const proxyRouter: Router = express.Router(); | ||
|
|
||
| const agent = new Agent({ | ||
| rejectUnauthorized: false, | ||
| }); | ||
|
|
||
| proxyRouter.post('/', async (req, res) => { | ||
| const { headers, method, url, data } = req.body; | ||
| try { | ||
| const isBinaryRequest = /\.(png|jpe?g|gif|webp|bmp|tiff?|ico)(\?.*)?(#.*)?$/i.test(url); | ||
| console.log("URL = ", url) | ||
| const response = await axios({ | ||
| url: url, | ||
| headers: headers, | ||
| method: method, | ||
| data: data, | ||
| ...(isBinaryRequest && { responseType: 'arraybuffer' }), | ||
| maxRedirects: 0, | ||
| httpsAgent: agent, | ||
| }); | ||
|
|
||
| if (isBinaryRequest) { | ||
| // forward all response headers | ||
| for (const key in response.headers) { | ||
| if (Object.prototype.hasOwnProperty.call(response.headers, key)) { | ||
| const value = response.headers[key]; | ||
| if (value !== undefined) { | ||
| res.setHeader(key, value as string); | ||
| } | ||
| } | ||
| } | ||
| return res.status(response.status).send(response.data); | ||
| } | ||
|
|
||
| // JSON or other text content | ||
| return res.status(response.status).send({ | ||
| status: response.status, | ||
| headers: response.headers, | ||
| data: response.data, | ||
| }); | ||
| } | ||
| catch (err) { | ||
| console.error("Error in proxy request: ", err); | ||
| if (err.response && err.response.data) { | ||
| console.error("Error data = ", err.response.data) | ||
| } | ||
| if (err.response && err.response.status == 302) { | ||
| return res.status(200).send({ status: err.response.status, headers: err.response.headers, data: {} }) | ||
| } | ||
| return res.status(err.response?.status ?? 104).send({ status: err.response?.status ?? 104, data: err.response?.data, headers: err.response?.headers }); | ||
| } | ||
| }) | ||
|
|
||
| export { | ||
| proxyRouter | ||
| } |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.