gitadmin/INSIGHT-MVP
1
0
Fork 0
mirror of http://172.20.10.11:3000/gitadmin/INSIGHT-MVP.git synced 2026-06-24 22:46:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
INSIGHT-MVP/.env.example
Thomas Reitz 45cf644f81 feat: add Microsoft Entra ID (Azure AD) SSO integration 
Backend-driven Authorization Code Flow with @azure/msal-node:
- EntraIdService: MSAL ConfidentialClientApplication, auth URL generation, token exchange
- SsoController: /auth/sso/microsoft (initiate) + /auth/sso/microsoft/callback (callback)
- AuthService.loginViaSso(): User provisioning (find by OID, auto-link by email, or create new)
- CSRF protection via state parameter stored in Redis
- SSO status endpoint for frontend feature detection

Frontend:
- "Mit Microsoft anmelden" button on login page (shown only when SSO is configured)
- SsoCallbackPage: handles redirect from backend, sets token, loads user profile
- AuthContext.loginWithToken(): new method for SSO token handling

Configuration:
- AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_REDIRECT_URI env vars
- docker-compose.yml updated to pass Azure vars to core service

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 22:31:34 +01:00

81 lines
2.3 KiB
Text
Raw Blame History

# ============================================================
# INSIGHT MVP - Umgebungsvariablen
# ============================================================
# Kopiere diese Datei nach .env und befuelle die Werte.
# .env wird NIEMALS in Git committed!
# ============================================================
# --- Allgemein ---
NODE_ENV=development
APP_PORT=3000
APP_URL=http://172.20.10.59
FRONTEND_URL=http://172.20.10.59
LOG_LEVEL=info
# --- PostgreSQL ---
DB_HOST=pgbouncer
DB_PORT=5432
DB_USER=insight
DB_PASSWORD= # Sicheres Passwort setzen!
DB_NAME=platform_core
DATABASE_URL=postgresql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}
# Direktverbindung (fuer Prisma Migrate, umgeht PgBouncer)
DB_DIRECT_HOST=postgres
DB_DIRECT_PORT=5432
DATABASE_URL_DIRECT=postgresql://${DB_USER}:${DB_PASSWORD}@${DB_DIRECT_HOST}:${DB_DIRECT_PORT}/${DB_NAME}
# --- Redis ---
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD= # Optional, aber empfohlen
# --- JWT (RS256) ---
JWT_PRIVATE_KEY_PATH=/app/keys/jwt-private.pem
JWT_PUBLIC_KEY_PATH=/app/keys/jwt-public.pem
JWT_ACCESS_TOKEN_EXPIRY=15m
JWT_REFRESH_TOKEN_EXPIRY=7d
JWT_ISSUER=insight-platform
# --- Bcrypt ---
BCRYPT_COST=12
# --- CORS ---
CORS_ORIGINS=http://172.20.10.59
# --- Rate Limiting ---
THROTTLE_TTL=60000
THROTTLE_LIMIT=200
# --- Traefik ---
TRAEFIK_DASHBOARD_USER=admin
TRAEFIK_DASHBOARD_PASSWORD= # htpasswd Hash
# --- step-ca (mTLS) ---
STEP_CA_URL=https://step-ca:9000
STEP_CA_FINGERPRINT= # step-ca Root CA Fingerprint
# --- SMTP (fuer Einladungs-E-Mails) ---
SMTP_HOST=
SMTP_PORT=587
SMTP_USER=
SMTP_PASSWORD=
SMTP_FROM=noreply@xinion.de
# --- Observability ---
GRAFANA_ADMIN_USER=admin
GRAFANA_ADMIN_PASSWORD= # Sicheres Passwort setzen!
# --- Microsoft Entra ID (Azure AD) SSO ---
# Azure App Registration: https://portal.azure.com → App registrations
AZURE_TENANT_ID= # Directory (Tenant) ID
AZURE_CLIENT_ID= # Application (Client) ID
AZURE_CLIENT_SECRET= # Client Secret Value
AZURE_REDIRECT_URI=http://172.20.10.59/api/v1/auth/sso/microsoft/callback
# --- KI-Hilfe-Chat (optional) ---
# ANTHROPIC_API_KEY= # Claude API Key
# AI_CHAT_ENABLED=false
# --- DeepL (optional, fuer Hilfesystem-Uebersetzungen) ---
# DEEPL_API_KEY=
Reference in a new issue View git blame Copy permalink