- add a local kratos instance and test the application

- Test the github CI to run a local ory kratos instance

.github/workflows/nodejs.yml

@@ -11,8 +11,8 @@ on:
 
 env:
   UMAMI_SITE_ID: ${{ secrets.DEVELOPMENT_UMAMI_SITE_ID }}
-  ORY_SDK_URL: ${{ secrets.DEVELOPMENT_ORY_SDK_URL }}
-  ORY_ACCESS_TOKEN: ${{ secrets.DEVELOPMENT_ORY_ACCESS_TOKEN }}
+  ORY_SDK_URL: http://127.0.0.1:4433 #${{ secrets.DEVELOPMENT_ORY_SDK_URL }}
+  # ORY_ACCESS_TOKEN: ${{ secrets.DEVELOPMENT_ORY_ACCESS_TOKEN }}
   ALETHEIA_SCHEMA_ID: ${{ secrets.DEVELOPMENT_ALETHEIA_SCHEMA_ID }}
   CI_ORY_USERID: ${{ secrets.CI_ORY_USERID }}
   CI_ORY_USER_PASSWORD: ${{ secrets.CI_ORY_USER_PASSWORD }}
@@ -96,8 +96,7 @@ jobs:
       with:
         name: aletheia-dist
         path: dist
-    - name: List contents of aletheia-dist
-      run: ls -lah /home/runner/work/aletheia/aletheia
+    - run:  git submodule update --init --recursive 
     - run: |
         echo '{"CI_ORY_USER_PASSWORD": "${{ env.CI_ORY_USER_PASSWORD }}"}' > ./cypress.env.json
         yarn install

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "ory_infra/kratos"]
+	path = ory_infra/kratos
+	url = https://github.com/ory/kratos.git

README.md

@@ -38,7 +38,17 @@
 yarn build
 ```
 ## Configuring Ory 
+### Local environment
+Todo:
+- [ ] Incorporate the docker-compose config into the base docker-compose
+- [ ] Document how to run it
+- [ ] Remove the unnecessary docker images from Cypress CI pipeline
 
+```
+git submodules update --init
+```
+
+### Ory Cloud
 #### Taking What You Need:
 - Create an account and a project on https://console.ory.sh/login.
 - Copy the SDK Configuration url and save it.

config.development.yaml

@@ -22,6 +22,8 @@ services:
       authentication_type: ory
       ory:
         url: ORY_SDK_URL
+        admin_url: ORY_SDK_URL
+        admin_endpoint: api/kratos/admin 
         access_token: ORY_ACCESS_TOKEN
         schema_id: ALETHEIA_SCHEMA_ID
       feature_flag:

config.production.yaml

@@ -20,6 +20,8 @@ services:
       authentication_type: ory
       ory:
         url: ORY_SDK_URL
+        admin_url: ORY_SDK_URL
+        admin_endpoint: api/kratos/admin 
         access_token: ORY_ACCESS_TOKEN
         schema_id: ALETHEIA_SCHEMA_ID
       feature_flag:

config.seed.test.ci.yaml

@@ -15,7 +15,7 @@ services:
           password: {env(CI_ORY_USER_PASSWORD)}
           sendAuthDetails: false
           isTestUser: true
-          oryId: {env(CI_ORY_USERID)}
+          # oryId: {env(CI_ORY_USERID)}
           role: {
             main: super-admin
           }
@@ -24,9 +24,12 @@ services:
         limit: 1000
       authentication_type: ory
       ory:
-        url: {env(ORY_SDK_URL)}
-        access_token: {env(ORY_ACCESS_TOKEN)}
-        schema_id: {env(ALETHEIA_SCHEMA_ID)}
+        url: http://localhost:4433
+        admin_url: http://localhost:4434
+        admin_endpoint: admin
+        # url: {env(ORY_SDK_URL)}
+        # access_token: {env(ORY_ACCESS_TOKEN)}
+        # schema_id: {env(ALETHEIA_SCHEMA_ID)}
       feature_flag:
         url: {env(GITLAB_FEATURE_FLAG_URL)}
         appName: Staging

config.test.ci.yaml

@@ -19,9 +19,12 @@ services:
         limit: 1000
       authentication_type: ory
       ory:
-        url: {env(ORY_SDK_URL)}
-        access_token: {env(ORY_ACCESS_TOKEN)}
-        schema_id: {env(ALETHEIA_SCHEMA_ID)}
+        url: http://localhost:4433
+        admin_url: http://localhost:4434
+        admin_endpoint: admin
+        # url: {env(ORY_SDK_URL)}
+        # access_token: {env(ORY_ACCESS_TOKEN)}
+        # schema_id: {env(ALETHEIA_SCHEMA_ID)}
       feature_flag:
         url: {env(GITLAB_FEATURE_FLAG_URL)}
         appName: Staging

ory_infra/README.md

@@ -0,0 +1,6 @@
+# Running Ory Kratos locally for AletheiaFact.org
+
+
+```
+docker-compose -f ./kratos/quickstart.yml -f ./quickstart-aletheiafact.yml up --build --force-recreate
+```

ory_infra/config/identity.schema.json

@@ -0,0 +1,48 @@
+{
+  "$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json",
+  "title": "Person",
+  "type": "object",
+  "properties": {
+    "traits": {
+      "type": "object",
+      "properties": {
+        "email": {
+          "type": "string",
+          "format": "email",
+          "title": "E-Mail",
+          "ory.sh/kratos": {
+            "credentials": {
+              "password": {
+                "identifier": true
+              },
+              "webauthn": {
+                "identifier": true
+              },
+              "totp": {
+                "account_name": true
+              }
+            },
+            "recovery": {
+              "via": "email"
+            },
+            "verification": {
+              "via": "email"
+            }
+          },
+          "maxLength": 320
+        },
+        "user_id": {
+          "type": "string"
+        },
+        "role": {
+          "type": "object"
+        }
+      },
+      "required": [
+        "email",
+        "user_id"
+      ],
+      "additionalProperties": false
+    }
+  }
+}

ory_infra/config/kratos.yml

@@ -0,0 +1,99 @@
+version: v0.13.0
+
+dsn: memory
+
+serve:
+  public:
+    base_url: http://127.0.0.1:4433/
+    cors: 
+      enabled: true
+
+  admin:
+    base_url: http://kratos:4434/
+
+selfservice:
+  default_browser_return_url: http://127.0.0.1:4455/
+  allowed_return_urls:
+    - http://127.0.0.1:4455
+    - http://127.0.0.1:3000
+
+  methods:
+    password:
+      enabled: true
+    totp:
+      config:
+        issuer: Kratos
+      enabled: true
+    lookup_secret:
+      enabled: true
+    link:
+      enabled: true
+    code:
+      enabled: true
+
+  flows:
+    error:
+      ui_url: http://127.0.0.1:4455/error
+
+    settings:
+      ui_url: http://127.0.0.1:4455/settings
+      privileged_session_max_age: 15m
+      required_aal: highest_available
+
+    recovery:
+      enabled: true
+      ui_url: http://127.0.0.1:4455/recovery
+      use: code
+
+    verification:
+      enabled: true
+      ui_url: http://127.0.0.1:4455/verification
+      use: code
+      after:
+        default_browser_return_url: http://127.0.0.1:4455/
+
+    logout:
+      after:
+        default_browser_return_url: http://127.0.0.1:3000/login
+
+    login:
+      ui_url: http://127.0.0.1:3000/login
+      lifespan: 10m
+
+    registration:
+      lifespan: 10m
+      ui_url: http://127.0.0.1:3000/sign-up
+      after:
+        password:
+          hooks:
+            - hook: session
+            - hook: show_verification_ui
+
+log:
+  level: debug
+  format: text
+  leak_sensitive_values: true
+
+secrets:
+  cookie:
+    - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
+  cipher:
+    - 32-LONG-SECRET-NOT-SECURE-AT-ALL
+
+ciphers:
+  algorithm: xchacha20-poly1305
+
+hashers:
+  algorithm: bcrypt
+  bcrypt:
+    cost: 8
+
+identity:
+  default_schema_id: default
+  schemas:
+    - id: default
+      url: file:///etc/config/kratos/identity.schema.json
+
+courier:
+  smtp:
+    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true

ory_infra/quickstart-aletheiafact.yml

@@ -0,0 +1,28 @@
+version: '3.7'
+
+services:
+  kratos-migrate:
+    volumes:
+      - type: bind
+        # source: /home/runner/work/aletheia/aletheia/ory_infra/config
+        source: /host_mnt/Users/msantos/workspace/aletheia_fact/aletheia/ory_infra/config
+        target: /etc/config/kratos
+
+  kratos-selfservice-ui-node:
+    ports:
+      - "4455:4455"
+    environment:
+      - PORT=4455
+      - SECURITY_MODE=
+      - KRATOS_BROWSER_URL=http://127.0.0.1:4433/
+
+  kratos:
+    volumes:
+      - type: volume
+        source: kratos-sqlite
+        target: /var/lib/sqlite
+        read_only: false
+      - type: bind
+        # source: /home/runner/work/aletheia/aletheia/ory_infra/config
+        source: /host_mnt/Users/msantos/workspace/aletheia_fact/aletheia/ory_infra/config
+        target: /etc/config/kratos

ory_infra/quickstart.yml

@@ -0,0 +1,49 @@
+version: '3.7'
+services:
+  kratos-migrate:
+    image: oryd/kratos:v0.13.0
+    environment:
+      - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc
+    volumes:
+      - type: volume
+        source: kratos-sqlite
+        target: /var/lib/sqlite
+        read_only: false
+      - type: bind
+        source: ./kratos/contrib/quickstart/kratos/email-password
+        target: /etc/config/kratos
+    command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
+    restart: on-failure
+  kratos-selfservice-ui-node:
+    image: oryd/kratos-selfservice-ui-node:v0.13.0
+    environment:
+      - KRATOS_PUBLIC_URL=http://kratos:4433/
+      - KRATOS_BROWSER_URL=http://127.0.0.1:4433/
+    restart: on-failure
+  kratos:
+    depends_on:
+      - kratos-migrate
+    image: oryd/kratos:v0.13.0
+    ports:
+      - '4433:4433' # public
+      - '4434:4434' # admin
+    restart: unless-stopped
+    environment:
+      - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true
+      - LOG_LEVEL=trace
+    command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
+    volumes:
+      - type: volume
+        source: kratos-sqlite
+        target: /var/lib/sqlite
+        read_only: false
+      - type: bind
+        source: ./kratos/contrib/quickstart/kratos/email-password
+        target: /etc/config/kratos
+  mailslurper:
+    image: oryd/mailslurper:latest-smtps
+    ports:
+      - '4436:4436'
+      - '4437:4437'
+volumes:
+  kratos-sqlite:

package.json

@@ -36,7 +36,8 @@
     "migrate": "env-cmd ts-node node_modules/.bin/migrate-mongo-ts up -f migrate-mongo-config.ts",
     "cypress-open": "cypress open",
     "cypress-run": "cypress run",
-    "test:e2e:cy": "env-cmd --silent concurrently -p \"[{name}]\" -n \"MongoDB,Server\" \"yarn test:e2e:mongo-server\" \"wait-on tcp:127.0.0.1:35025 && yarn test:e2e:app-server\"",
+    "ory-kratos:cy": "docker compose -f ./ory_infra/kratos/quickstart.yml -f ./ory_infra/quickstart-aletheiafact.yml up -d --build --force-recreate",
+    "test:e2e:cy": "env-cmd --silent concurrently -p \"[{name}]\" -n \"MongoDB,Ory,Server\" \"yarn test:e2e:mongo-server\" \"yarn ory-kratos:cy\" \"wait-on tcp:127.0.0.1:35025 tcp:127.0.0.1:4433 tcp:127.0.0.1:4434 && yarn test:e2e:app-server\"",
     "test:e2e:mongo-server": "node dist/server/mongodb.server.js",
     "test:e2e:app-server": "yarn seed:ci && yarn start -c config.test.ci.yaml"
   },
@@ -90,8 +91,8 @@
     "@novu/node": "^0.19.0",
     "@novu/notification-center": "^0.19.0",
     "@ory/cli": "^0.1.24",
-    "@ory/client": "~1.0.0",
-    "@ory/integrations": "^0.2.5",
+    "@ory/client": "1.6.2",
+    "@ory/integrations": "^1.1.5",
     "@remirror/extension-yjs": "^3.0.14",
     "@remirror/pm": "^2.0.0",
     "@remirror/react": "^2.0.12",