feat: Extend docker local setups, remove request URL from API composables

deployment/.env.example

@@ -28,6 +28,8 @@ NUXT_OAUTH_KEYCLOAK_CLIENT_ID=legalconsenthub
 NUXT_OAUTH_KEYCLOAK_CLIENT_SECRET=
 NUXT_OAUTH_KEYCLOAK_REALM=legalconsenthub
 NUXT_OAUTH_KEYCLOAK_SERVER_URL=http://keycloak.lugnas.de
+NUXT_OAUTH_KEYCLOAK_SERVER_URL_INTERNAL=http://keycloak.lugnas.de
+# Make sure to add the host to (1) Keycloak valid redirect URIs and (2) web origins!
 NUXT_OAUTH_KEYCLOAK_REDIRECT_URL=https://legal.lugnas.de/auth/keycloak
 
 NUXT_SESSION_PASSWORD=

deployment/docker-compose-dev.yaml

@@ -5,6 +5,8 @@ networks:
     driver: bridge
 
 volumes:
+  legalconsenthub_postgres_data:
+  legalconsenthub_pdf_cache:
   keycloak_postgres_data:
 
 services:
@@ -70,3 +72,55 @@ services:
       - "1025:1025"
     networks:
       - legalconsenthub-net
+
+###############################################
+
+  backend:
+    image: gitea.lugnas.de/denis/legalconsenthub-backend:latest
+    container_name: legalconsenthub-backend-local
+    restart: on-failure:2
+    environment:
+      LEGALCONSENTHUB_DB_URL: jdbc:postgresql://legalconsenthub-db:5432/${LEGALCONSENTHUB_POSTGRES_DB}
+      LEGALCONSENTHUB_DB_APP_USER: ${LEGALCONSENTHUB_POSTGRES_USER}
+      LEGALCONSENTHUB_DB_PASSWORD: ${LEGALCONSENTHUB_POSTGRES_PASSWORD}
+      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: ${KEYCLOAK_ISSUER_URL}/realms/${KEYCLOAK_REALM}
+      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: http://keycloak:8080/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs
+      SERVER_PORT: 8080
+      LEGALCONSENTHUB_PDF_STORAGE_FILESYSTEM_BASE_DIR: /var/lib/legalconsenthub/pdfs
+    ports:
+      - "8081:8080"
+    volumes:
+      - legalconsenthub_pdf_cache:/var/lib/legalconsenthub/pdfs
+    depends_on:
+      legalconsenthub-db:
+        condition: service_started
+    networks:
+      - legalconsenthub-net
+    env_file:
+      - .env.dev
+
+  frontend:
+    image: gitea.lugnas.de/denis/legalconsenthub:latest
+    container_name: legalconsenthub-frontend-local
+    ports:
+      - "3211:3000"
+    networks:
+      - legalconsenthub-net
+    env_file:
+      - .env.dev
+
+  legalconsenthub-db:
+    image: postgres:latest
+    container_name: legalconsenthub-postgres-local
+    environment:
+      POSTGRES_USER: ${LEGALCONSENTHUB_POSTGRES_USER}
+      POSTGRES_PASSWORD: ${LEGALCONSENTHUB_POSTGRES_PASSWORD}
+      POSTGRES_DB: ${LEGALCONSENTHUB_POSTGRES_DB}
+    ports:
+      - "5446:5432"
+    networks:
+      - legalconsenthub-net
+    volumes:
+      - legalconsenthub_postgres_data:/var/lib/postgresql
+    env_file:
+      - .env.dev

deployment/docker-compose-prod.yaml

@@ -5,6 +5,7 @@ networks:
 volumes:
   legalconsenthub_postgres_data:
   keycloak_postgres_data:
+  legalconsenthub_pdf_cache:
 
 services:
   backend:
@@ -18,8 +19,11 @@ services:
       SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: ${KEYCLOAK_ISSUER_URL}/realms/${KEYCLOAK_REALM}
       SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: ${KEYCLOAK_ISSUER_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs
       SERVER_PORT: 8080
+      LEGALCONSENTHUB_PDF_STORAGE_FILESYSTEM_BASE_DIR: /var/lib/legalconsenthub/pdfs
     ports:
       - "8080:8080"
+    volumes:
+      - legalconsenthub_pdf_cache:/var/lib/legalconsenthub/pdfs
     depends_on:
       legalconsenthub-db:
         condition: service_started

legalconsenthub-backend/Dockerfile

@@ -33,12 +33,16 @@ RUN apk add --no-cache \
     texmf-dist-fontsextra
 
 RUN addgroup -S spring && adduser -S spring -G spring
+
+# PDF cache directory must be writable by the non-root user (and ideally mounted as a volume in production)
+RUN mkdir -p /var/lib/legalconsenthub/pdfs && chown -R spring:spring /var/lib/legalconsenthub
 USER spring:spring
 
 COPY --from=builder /workspace/app/build/libs/*.jar app.jar
 
 ENV SPRING_PROFILES_ACTIVE=prod
 ENV JAVA_OPTS="-Xms256m -Xmx512m"
+ENV LEGALCONSENTHUB_PDF_STORAGE_FILESYSTEM_BASE_DIR=/var/lib/legalconsenthub/pdfs
 
 EXPOSE 8080
 

legalconsenthub/app/composables/applicationForm/useApplicationFormApi.ts

@@ -13,11 +13,7 @@ export function useApplicationFormApi() {
   const { serverApiBasePath, clientProxyBasePath } = useRuntimeConfig().public
 
   const basePath = withoutTrailingSlash(
-    cleanDoubleSlashes(
+    cleanDoubleSlashes(import.meta.client ? appBaseUrl + clientProxyBasePath : clientProxyBasePath + serverApiBasePath)
-      import.meta.client
-        ? appBaseUrl + clientProxyBasePath
-        : useRequestURL().origin + clientProxyBasePath + serverApiBasePath
-    )
   )
 
   const applicationFormApiClient = new ApplicationFormApi(

legalconsenthub/app/composables/applicationFormTemplate/useApplicationFormTemplateApi.ts

@@ -8,11 +8,7 @@ export async function useApplicationFormTemplateApi() {
   const { serverApiBasePath, clientProxyBasePath } = useRuntimeConfig().public
 
   const basePath = withoutTrailingSlash(
-    cleanDoubleSlashes(
+    cleanDoubleSlashes(import.meta.client ? appBaseUrl + clientProxyBasePath : clientProxyBasePath + serverApiBasePath)
-      import.meta.client
-        ? appBaseUrl + clientProxyBasePath
-        : useRequestURL().origin + clientProxyBasePath + serverApiBasePath
-    )
   )
 
   const applicationFormApiClient = new ApplicationFormTemplateApi(

legalconsenthub/app/composables/applicationFormVersion/useApplicationFormVersionApi.ts

@@ -13,11 +13,7 @@ export function useApplicationFormVersionApi() {
   const { serverApiBasePath, clientProxyBasePath } = useRuntimeConfig().public
 
   const basePath = withoutTrailingSlash(
-    cleanDoubleSlashes(
+    cleanDoubleSlashes(import.meta.client ? appBaseUrl + clientProxyBasePath : clientProxyBasePath + serverApiBasePath)
-      import.meta.client
-        ? appBaseUrl + clientProxyBasePath
-        : useRequestURL().origin + clientProxyBasePath + serverApiBasePath
-    )
   )
 
   const versionApiClient = new ApplicationFormVersionApi(

legalconsenthub/app/composables/comment/useCommentApi.ts

@@ -7,11 +7,7 @@ export function useCommentApi() {
   const { serverApiBasePath, clientProxyBasePath } = useRuntimeConfig().public
 
   const basePath = withoutTrailingSlash(
-    cleanDoubleSlashes(
+    cleanDoubleSlashes(import.meta.client ? appBaseUrl + clientProxyBasePath : clientProxyBasePath + serverApiBasePath)
-      import.meta.client
-        ? appBaseUrl + clientProxyBasePath
-        : useRequestURL().origin + clientProxyBasePath + serverApiBasePath
-    )
   )
 
   const commentApiClient = new CommentApi(

legalconsenthub/app/composables/notification/useNotificationApi.ts

@@ -13,11 +13,7 @@ export function useNotificationApi() {
   const { serverApiBasePath, clientProxyBasePath } = useRuntimeConfig().public
 
   const basePath = withoutTrailingSlash(
-    cleanDoubleSlashes(
+    cleanDoubleSlashes(import.meta.client ? appBaseUrl + clientProxyBasePath : clientProxyBasePath + serverApiBasePath)
-      import.meta.client
-        ? appBaseUrl + clientProxyBasePath
-        : useRequestURL().origin + clientProxyBasePath + serverApiBasePath
-    )
   )
 
   const notificationApiClient = new NotificationApi(

legalconsenthub/app/composables/user/useUserApi.ts

@@ -7,11 +7,7 @@ export function useUserApi() {
   const { serverApiBasePath, clientProxyBasePath } = useRuntimeConfig().public
 
   const basePath = withoutTrailingSlash(
-    cleanDoubleSlashes(
+    cleanDoubleSlashes(import.meta.client ? appBaseUrl + clientProxyBasePath : clientProxyBasePath + serverApiBasePath)
-      import.meta.client
-        ? appBaseUrl + clientProxyBasePath
-        : useRequestURL().origin + clientProxyBasePath + serverApiBasePath
-    )
   )
 
   const userApiClient = new UserApi(new Configuration({ basePath, fetchApi: wrappedFetchWrap(useRequestFetch()) }))

legalconsenthub/nuxt.config.ts

@@ -15,6 +15,7 @@ export default defineNuxtConfig({
         clientSecret: 'NOT_SET',
         realm: 'NOT_SET',
         serverUrl: 'NOT_SET',
+        serverUrlInternal: 'NOT_SET',
         redirectURL: 'NOT_SET',
         scope: ['openid', 'organization']
       }