The 128 grading management and migration website monorepo.
packtrain is software for grading and student extension management.
To setup the development environment with Docker and Docker Compose, first setup the environment file.
Rename .env.sample to .env and generate the following tokens as follows:
echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> .env
echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> .env
echo "AUTHENTIK_BOOTSTRAP_PASSWORD=$(openssl rand -base64 36 | tr -d '\n')" >> .env
echo "AUTHENTIK_BOOTSTRAP_TOKEN=$(openssl rand -base64 36 | tr -d '\n')" >> .env
echo "MINIO_ROOT_PASSWORD=$(openssl rand -base64 36 | tr -d '\n')" >> .env
touch certificates/certs/passwords
echo "CA_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> certificates/certs/passwords
echo "KEY_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> certificates/certs/passwords
Generate certificates before running the full compose (only needs to be done once per setup): docker compose up certificates
Build all services: docker compose build
Run the compose: docker compose up -d
Add localhost.dev 127.0.0.1 to your hosts file.
(the process varies for windows and macos, I would google how to edit the hosts file for your specific platform)
Install JDK 23 and Docker Desktop.
To run the backend on Linux/Mac, enter the grading-admin-service directory and run: ./mvnw spring-boot:run
To run the backend tests, run: ./mvnw test "-Dspring.profiles.active=test"
If you run into an issue building on Windows, make sure that your user has permission to create symlinks. StackOverflow thread about this issue.
Install Node.js and navigate to the grading-admin-web directory.
Run npm i to install all the dependencies.
Run npm run dev to launch the development server.
To rebuild TypeScript types from OpenAPI, run npm run types.
Additionally, copy .env.sample to .env in all of the packtrain-frontend/apps directories.
If authentik doesn't start correctly, follow this guide.
You can sign in at https://localhost.dev/auth/ with the username akadmin and the password that you set in the .env file.
If everything is working, https://localhost.dev/auth/ should be the authentik login URL.
Create a new application, it can be any name, but it must have the slug grading-admin.
Create a new provider called grading-admin with the following settings.
Client type: public
Redirect URIs: regex, https://localhost.dev/.*
strict, https://oauth.pstmn.io/v1/callback
Finally, assign that provider to the application that you just created.
To create a user, copy the user.json.template in authentik-sidecar/src/users to user.json and fill in values.
Recreate authentik and you can now login with the information you provided in that user file.
You can run locally from your IDE (so you can have debugging support) with all the services!
To do this, make sure that you trust the localhost.dev certificate.
This is done with macOS:
keytool -import -alias grading-admin-ca -keystore $(/usr/libexec/java_home)/lib/security/cacerts -file certificates/certs/localhost-root/localhost-root.CA.pemWindows:
keytool -import -alias grading-admin-ca -keystore "C:\Program Files\Java\jdk-23/lib/security/cacerts" -file certificates/certs/localhost-root/localhost-root.CA.pem(If you get an "access denied" error, run this in an admin PowerShell instance.
You also may need to adjust the path to your cacerts file)
And then saying 'yes' to the prompt asking to trust that certificate.
Then make sure to define the PG_PASS env variable in your IDE's run config.
(in Intellij it is under Modify Options -> Environmental Varibles. Then set PG_PASS=<whatever the .env file says>)
Finally, start all the dependencies with
docker compose up localhost.dev-local -dThis starts all the local services and proxies them behind https://localhost.dev.
Then you can start (and restart) the frontend and backend independently of the docker environment.
If you run into issues relating to your DB password not working, ensure that there are no other postgres instances running on your computer.
You can check this on macOS by running
sudo lsof -i tcp:5432Then you can kill those processes by running
sudo kill -9 <pid of process to kill>If you run into issues with Authentik (or we change a config param that requires you to regenerate), you can regenerate the Authentik config by running:
docker compose build authentik-sidecar
docker compose run --rm authentik-sidecar --recreate- Create a new collection (called anything, should do something like
API). - Click the Auth tab and change
Auth TypetoOAuth 2.0. - Name the
Token Nameas anything. - Toggle "Authorize using browser" under
Callback URL. - Set
Auth URLtohttps://localhost.dev/auth/application/o/authorize/. - Set
Access Token URLtohttps://localhost.dev/auth/application/o/token/ - Set
Client IDtograding_admin_provider. - Leave everything else blank and hit Get New Access Token at the bottom of the page.
This is the REST API for the grading admin application.
This is where all the business logic lives.
All requests must be made with Bearer JWTs. These JWTs are validated against Authentik. Importantly, the service does not do any authentication.
This is the web user interface for the grading admin application.
It gets an access key from Authentik via OAuth, then makes authenticated requests against the rest API.
This is the Authentication server / identity broker that manages the integration between all identity providers (like Canvas / Azure). It also is the issuer for all tokens and manages what scopes users have access to.
This is a simple Python script that makes back channel requests against Authentik to configure it.
If it detects that something is already configured, then it does not take any action.
In the future, this will also pre-seed it with users with varying scopes.
This is a simple bash script that creates a self-signed certificate chain for the application.
If it detects that certs have already been generated, then it takes no action.