From 805c66bc4fdde863fd9381ff08e52eb48fb8ecfb Mon Sep 17 00:00:00 2001
From: Denis Lugowski <denis.lugowski@gmail.com>
Date: Tue, 23 Dec 2025 19:20:14 +0100
Subject: [PATCH] feat: Extend docker local setups, remove request URL from API
 composables

---
 deployment/.env.example                       |  2 +
 deployment/docker-compose-dev.yaml            | 54 +++++++++++++++++++
 deployment/docker-compose-prod.yaml           |  4 ++
 legalconsenthub-backend/Dockerfile            |  4 ++
 .../applicationForm/useApplicationFormApi.ts  |  6 +--
 .../useApplicationFormTemplateApi.ts          |  6 +--
 .../useApplicationFormVersionApi.ts           |  6 +--
 .../app/composables/comment/useCommentApi.ts  |  6 +--
 .../notification/useNotificationApi.ts        |  6 +--
 .../app/composables/user/useUserApi.ts        |  6 +--
 legalconsenthub/nuxt.config.ts                |  1 +
 11 files changed, 71 insertions(+), 30 deletions(-)

diff --git a/deployment/.env.example b/deployment/.env.example
index e30579a..a6fd9f6 100755
--- a/deployment/.env.example
+++ b/deployment/.env.example
@@ -28,6 +28,8 @@ NUXT_OAUTH_KEYCLOAK_CLIENT_ID=legalconsenthub
 NUXT_OAUTH_KEYCLOAK_CLIENT_SECRET=
 NUXT_OAUTH_KEYCLOAK_REALM=legalconsenthub
 NUXT_OAUTH_KEYCLOAK_SERVER_URL=http://keycloak.lugnas.de
+NUXT_OAUTH_KEYCLOAK_SERVER_URL_INTERNAL=http://keycloak.lugnas.de
+# Make sure to add the host to (1) Keycloak valid redirect URIs and (2) web origins!
 NUXT_OAUTH_KEYCLOAK_REDIRECT_URL=https://legal.lugnas.de/auth/keycloak
 
 NUXT_SESSION_PASSWORD=
diff --git a/deployment/docker-compose-dev.yaml b/deployment/docker-compose-dev.yaml
index ebe4ebf..4830b4e 100644
--- a/deployment/docker-compose-dev.yaml
+++ b/deployment/docker-compose-dev.yaml
@@ -5,6 +5,8 @@ networks:
     driver: bridge
 
 volumes:
+  legalconsenthub_postgres_data:
+  legalconsenthub_pdf_cache:
   keycloak_postgres_data:
 
 services:
@@ -70,3 +72,55 @@ services:
       - "1025:1025"
     networks:
       - legalconsenthub-net
+
+###############################################
+
+  backend:
+    image: gitea.lugnas.de/denis/legalconsenthub-backend:latest
+    container_name: legalconsenthub-backend-local
+    restart: on-failure:2
+    environment:
+      LEGALCONSENTHUB_DB_URL: jdbc:postgresql://legalconsenthub-db:5432/${LEGALCONSENTHUB_POSTGRES_DB}
+      LEGALCONSENTHUB_DB_APP_USER: ${LEGALCONSENTHUB_POSTGRES_USER}
+      LEGALCONSENTHUB_DB_PASSWORD: ${LEGALCONSENTHUB_POSTGRES_PASSWORD}
+      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: ${KEYCLOAK_ISSUER_URL}/realms/${KEYCLOAK_REALM}
+      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: http://keycloak:8080/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs
+      SERVER_PORT: 8080
+      LEGALCONSENTHUB_PDF_STORAGE_FILESYSTEM_BASE_DIR: /var/lib/legalconsenthub/pdfs
+    ports:
+      - "8081:8080"
+    volumes:
+      - legalconsenthub_pdf_cache:/var/lib/legalconsenthub/pdfs
+    depends_on:
+      legalconsenthub-db:
+        condition: service_started
+    networks:
+      - legalconsenthub-net
+    env_file:
+      - .env.dev
+
+  frontend:
+    image: gitea.lugnas.de/denis/legalconsenthub:latest
+    container_name: legalconsenthub-frontend-local
+    ports:
+      - "3211:3000"
+    networks:
+      - legalconsenthub-net
+    env_file:
+      - .env.dev
+
+  legalconsenthub-db:
+    image: postgres:latest
+    container_name: legalconsenthub-postgres-local
+    environment:
+      POSTGRES_USER: ${LEGALCONSENTHUB_POSTGRES_USER}
+      POSTGRES_PASSWORD: ${LEGALCONSENTHUB_POSTGRES_PASSWORD}
+      POSTGRES_DB: ${LEGALCONSENTHUB_POSTGRES_DB}
+    ports:
+      - "5446:5432"
+    networks:
+      - legalconsenthub-net
+    volumes:
+      - legalconsenthub_postgres_data:/var/lib/postgresql
+    env_file:
+      - .env.dev
diff --git a/deployment/docker-compose-prod.yaml b/deployment/docker-compose-prod.yaml
index 6d51b62..c007a82 100755
--- a/deployment/docker-compose-prod.yaml
+++ b/deployment/docker-compose-prod.yaml
@@ -5,6 +5,7 @@ networks:
 volumes:
   legalconsenthub_postgres_data:
   keycloak_postgres_data:
+  legalconsenthub_pdf_cache:
 
 services:
   backend:
@@ -18,8 +19,11 @@ services:
       SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: ${KEYCLOAK_ISSUER_URL}/realms/${KEYCLOAK_REALM}
       SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: ${KEYCLOAK_ISSUER_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs
       SERVER_PORT: 8080
+      LEGALCONSENTHUB_PDF_STORAGE_FILESYSTEM_BASE_DIR: /var/lib/legalconsenthub/pdfs
     ports:
       - "8080:8080"
+    volumes:
+      - legalconsenthub_pdf_cache:/var/lib/legalconsenthub/pdfs
     depends_on:
       legalconsenthub-db:
         condition: service_started
diff --git a/legalconsenthub-backend/Dockerfile b/legalconsenthub-backend/Dockerfile
index c7c8065..a5d37ce 100644
--- a/legalconsenthub-backend/Dockerfile
+++ b/legalconsenthub-backend/Dockerfile
@@ -33,12 +33,16 @@ RUN apk add --no-cache \
     texmf-dist-fontsextra
 
 RUN addgroup -S spring && adduser -S spring -G spring
+
+# PDF cache directory must be writable by the non-root user (and ideally mounted as a volume in production)
+RUN mkdir -p /var/lib/legalconsenthub/pdfs && chown -R spring:spring /var/lib/legalconsenthub
 USER spring:spring
 
 COPY --from=builder /workspace/app/build/libs/*.jar app.jar
 
 ENV SPRING_PROFILES_ACTIVE=prod
 ENV JAVA_OPTS="-Xms256m -Xmx512m"
+ENV LEGALCONSENTHUB_PDF_STORAGE_FILESYSTEM_BASE_DIR=/var/lib/legalconsenthub/pdfs
 
 EXPOSE 8080
 
diff --git a/legalconsenthub/app/composables/applicationForm/useApplicationFormApi.ts b/legalconsenthub/app/composables/applicationForm/useApplicationFormApi.ts
index bc47b4d..d0918c7 100644
--- a/legalconsenthub/app/composables/applicationForm/useApplicationFormApi.ts
+++ b/legalconsenthub/app/composables/applicationForm/useApplicationFormApi.ts
@@ -13,11 +13,7 @@ export function useApplicationFormApi() {
   const { serverApiBasePath, clientProxyBasePath } = useRuntimeConfig().public
 
   const basePath = withoutTrailingSlash(
-    cleanDoubleSlashes(
-      import.meta.client
-        ? appBaseUrl + clientProxyBasePath
-        : useRequestURL().origin + clientProxyBasePath + serverApiBasePath
-    )
+    cleanDoubleSlashes(import.meta.client ? appBaseUrl + clientProxyBasePath : clientProxyBasePath + serverApiBasePath)
   )
 
   const applicationFormApiClient = new ApplicationFormApi(
diff --git a/legalconsenthub/app/composables/applicationFormTemplate/useApplicationFormTemplateApi.ts b/legalconsenthub/app/composables/applicationFormTemplate/useApplicationFormTemplateApi.ts
index 8b97797..8c037a6 100644
--- a/legalconsenthub/app/composables/applicationFormTemplate/useApplicationFormTemplateApi.ts
+++ b/legalconsenthub/app/composables/applicationFormTemplate/useApplicationFormTemplateApi.ts
@@ -8,11 +8,7 @@ export async function useApplicationFormTemplateApi() {
   const { serverApiBasePath, clientProxyBasePath } = useRuntimeConfig().public
 
   const basePath = withoutTrailingSlash(
-    cleanDoubleSlashes(
-      import.meta.client
-        ? appBaseUrl + clientProxyBasePath
-        : useRequestURL().origin + clientProxyBasePath + serverApiBasePath
-    )
+    cleanDoubleSlashes(import.meta.client ? appBaseUrl + clientProxyBasePath : clientProxyBasePath + serverApiBasePath)
   )
 
   const applicationFormApiClient = new ApplicationFormTemplateApi(
diff --git a/legalconsenthub/app/composables/applicationFormVersion/useApplicationFormVersionApi.ts b/legalconsenthub/app/composables/applicationFormVersion/useApplicationFormVersionApi.ts
index 884b55b..95b68e0 100644
--- a/legalconsenthub/app/composables/applicationFormVersion/useApplicationFormVersionApi.ts
+++ b/legalconsenthub/app/composables/applicationFormVersion/useApplicationFormVersionApi.ts
@@ -13,11 +13,7 @@ export function useApplicationFormVersionApi() {
   const { serverApiBasePath, clientProxyBasePath } = useRuntimeConfig().public
 
   const basePath = withoutTrailingSlash(
-    cleanDoubleSlashes(
-      import.meta.client
-        ? appBaseUrl + clientProxyBasePath
-        : useRequestURL().origin + clientProxyBasePath + serverApiBasePath
-    )
+    cleanDoubleSlashes(import.meta.client ? appBaseUrl + clientProxyBasePath : clientProxyBasePath + serverApiBasePath)
   )
 
   const versionApiClient = new ApplicationFormVersionApi(
diff --git a/legalconsenthub/app/composables/comment/useCommentApi.ts b/legalconsenthub/app/composables/comment/useCommentApi.ts
index 136877f..444a090 100644
--- a/legalconsenthub/app/composables/comment/useCommentApi.ts
+++ b/legalconsenthub/app/composables/comment/useCommentApi.ts
@@ -7,11 +7,7 @@ export function useCommentApi() {
   const { serverApiBasePath, clientProxyBasePath } = useRuntimeConfig().public
 
   const basePath = withoutTrailingSlash(
-    cleanDoubleSlashes(
-      import.meta.client
-        ? appBaseUrl + clientProxyBasePath
-        : useRequestURL().origin + clientProxyBasePath + serverApiBasePath
-    )
+    cleanDoubleSlashes(import.meta.client ? appBaseUrl + clientProxyBasePath : clientProxyBasePath + serverApiBasePath)
   )
 
   const commentApiClient = new CommentApi(
diff --git a/legalconsenthub/app/composables/notification/useNotificationApi.ts b/legalconsenthub/app/composables/notification/useNotificationApi.ts
index 727efba..27e03e7 100644
--- a/legalconsenthub/app/composables/notification/useNotificationApi.ts
+++ b/legalconsenthub/app/composables/notification/useNotificationApi.ts
@@ -13,11 +13,7 @@ export function useNotificationApi() {
   const { serverApiBasePath, clientProxyBasePath } = useRuntimeConfig().public
 
   const basePath = withoutTrailingSlash(
-    cleanDoubleSlashes(
-      import.meta.client
-        ? appBaseUrl + clientProxyBasePath
-        : useRequestURL().origin + clientProxyBasePath + serverApiBasePath
-    )
+    cleanDoubleSlashes(import.meta.client ? appBaseUrl + clientProxyBasePath : clientProxyBasePath + serverApiBasePath)
   )
 
   const notificationApiClient = new NotificationApi(
diff --git a/legalconsenthub/app/composables/user/useUserApi.ts b/legalconsenthub/app/composables/user/useUserApi.ts
index f5ee2e3..18b91eb 100644
--- a/legalconsenthub/app/composables/user/useUserApi.ts
+++ b/legalconsenthub/app/composables/user/useUserApi.ts
@@ -7,11 +7,7 @@ export function useUserApi() {
   const { serverApiBasePath, clientProxyBasePath } = useRuntimeConfig().public
 
   const basePath = withoutTrailingSlash(
-    cleanDoubleSlashes(
-      import.meta.client
-        ? appBaseUrl + clientProxyBasePath
-        : useRequestURL().origin + clientProxyBasePath + serverApiBasePath
-    )
+    cleanDoubleSlashes(import.meta.client ? appBaseUrl + clientProxyBasePath : clientProxyBasePath + serverApiBasePath)
   )
 
   const userApiClient = new UserApi(new Configuration({ basePath, fetchApi: wrappedFetchWrap(useRequestFetch()) }))
diff --git a/legalconsenthub/nuxt.config.ts b/legalconsenthub/nuxt.config.ts
index b7b17fe..1c04c0b 100644
--- a/legalconsenthub/nuxt.config.ts
+++ b/legalconsenthub/nuxt.config.ts
@@ -15,6 +15,7 @@ export default defineNuxtConfig({
         clientSecret: 'NOT_SET',
         realm: 'NOT_SET',
         serverUrl: 'NOT_SET',
+        serverUrlInternal: 'NOT_SET',
         redirectURL: 'NOT_SET',
         scope: ['openid', 'organization']
       }