Merge pull request #460 from hairmare/feat/12-factor-injectable-sso-config-for-timed

feat(oidc): runtime configurable oidc endpoint and client id

Author: Akanksh Saxena

Dockerfile

@@ -15,7 +15,11 @@ COPY ./contrib/nginx.conf /etc/nginx/conf.d/default.conf
 
 WORKDIR /var/www/html
 
+COPY ./docker-entrypoint.sh /
+ENV TIMED_SSO_CLIENT_HOST https://sso.example.com/auth/realms/example/protocol/openid-connect
+ENV TIMED_SSO_CLIENT_ID timed
+
 EXPOSE 80
 
-ENTRYPOINT []
+ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD ["nginx", "-g", "daemon off;"]

config/environment.js

@@ -102,8 +102,8 @@ module.exports = function(environment) {
 
   // eslint-disable-next-line no-empty
   if (environment === "production") {
-    ENV["ember-simple-auth-oidc"].host =
-      "https://sso.adfinis-sygroup.ch/auth/realms/adsy/protocol/openid-connect";
+    ENV["ember-simple-auth-oidc"].host = "sso-client-host";
+    ENV["ember-simple-auth-oidc"].clientId = "sso-client-id";
   }
 
   return ENV;

docker-entrypoint.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env sh
+
+set -eu
+
+urlencode() {
+    # urlencode <string>
+    # blatantly pinched from https://gist.github.com/cdown/1163649
+
+    local length="${#1}"
+    for i in $(seq 0 $((length-1))); do
+        local c="${1:i:1}"
+        case $c in
+            [a-zA-Z0-9.~_-]) printf "$c" ;;
+            *) printf '%%%02X' "'$c" ;;
+        esac
+    done
+}
+
+sed -i \
+  -e "s/sso-client-id/$(urlencode ${TIMED_SSO_CLIENT_ID})/g" \
+  -e "s/sso-client-host/$(urlencode ${TIMED_SSO_CLIENT_HOST})/g" \
+  /var/www/html/index.html
+
+exec "$@"