Archery 部署使用命令--(外置mysql和redis)-OIDC认证

原创

已于 2024-10-29 18:46:13 修改 · 1.2k 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#mysql

于 2022-10-25 16:25:01 首次发布

按照最新v1.11.1版本安装的：有的老的版本自行修改

1. 确保本地的mysql和redis的绑定ip不是127.0.0.1 ，修改配置到0.0.0.0

2. cd 到 ../src/docker-compose/文件夹下有个. env文件

修改.env文件为自己的mysql和redis链接信息。

NGINX_PORT=9123

# https://django-environ.readthedocs.io/en/latest/quickstart.html#usage
# https://docs.djangoproject.com/zh-hans/4.1/ref/settings/
DEBUG=false
DATABASE_URL=mysql://username:pwd@IP:3306/archery
CACHE_URL=redis://IP:6379/0?PASSWORD=xxx

修改docker-compose.yml里的挂载，个人觉得需要把.env也挂载到容器里。

version: '3'

services:
goinception:
image: hanchuanchuan/goinception
container_name: goinception
restart: always
ports:
- "4000:4000"
volumes:
- "./inception/config.toml:/etc/config.toml"

archery:
# 下方的镜像地址仅为示例, 请前往以下地址确认你需要的版本:
# dockerhub https://hub.docker.com/r/hhyo/archery
# github packages https://github.com/hhyo/Archery/pkgs/container/archery
# 如有需要, 也可以自行build docker 镜像, 替换为自己的镜像
image: /hhyo/archery:v1.11.1
container_name: archery
restart: always
volumes:
- "./archery/settings.py:/opt/archery/local_settings.py"
- "./archery/soar.yaml:/etc/soar.yaml"
- "./archery/docs.md:/opt/archery/docs/docs.md"
- "./archery/downloads:/opt/archery/downloads"
- "./archery/sql/migrations:/opt/archery/sql/migrations"
- "./archery/logs:/opt/archery/logs"
- "./archery/keys:/opt/archery/keys"
- "./.env:/opt/archery/.env"
entrypoint: "bash /opt/archery/src/docker/startup.sh"
env_file:
- .env

3. 修改解压后文件夹的archery文件下的settings.py

我的是/data/soft/archery-1.11.1/archery/settings.py

++++++++++++++++++++++++++++++++++++++++++++++++

DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'archery',
'USER': 'archery_admin',
'PASSWORD': 'xxxx',
'HOST': 'xxx',
'PORT': '3306',
'OPTIONS': {
'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
'charset': 'utf8mb4'
},
'TEST': {
'NAME': 'test_archery',
'CHARSET': 'utf8mb4',
},
}
}

# 缓存配置

CACHES = {
"default": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": "redis://xxx:6379/0",
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
"PASSWORD": "xxxx"
}
},
"dingding": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": "redis://xxxx:6379/0",
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
"PASSWORD": "xxx"
}
}
}

OIDC改装，oidc.py

from mozilla_django_oidc import auth
from django.core.exceptions import SuspiciousOperation
from common.auth import init_user
import logging
logger = logging.getLogger("default")

class OIDCAuthenticationBackend(auth.OIDCAuthenticationBackend):
def create_user(self, claims):
"""Return object for a newly created user account."""
# email = claims.get("email")
username = claims.get("account")
# display = claims.get("name")
display = claims.get("preferred_username")
email = username + "@xxxx.com"
if not email or not username or not display:
raise SuspiciousOperation(
"email and name and account should not be empty"
)
user = self.UserModel.objects.create_user(
username, email=email, display=display
)
init_user(user)
return user

def describe_user_by_claims(self, claims):
username = claims.get("account")
return "username {}".format(username)

def filter_users_by_claims(self, claims):
"""Return all users matching the username."""