From 7ea4de689251c0a2b1a07156084dcc764dbeaa10 Mon Sep 17 00:00:00 2001
From: DingYongliang <1521323439@qq.com>
Date: Thu, 28 Nov 2024 14:53:58 +0800
Subject: [PATCH] update: modify docker relevant files

---
 Dockerfile          |  2 +-
 cfg-docker.json     |  8 +++----
 cfg.json.example    |  2 +-
 docker-build.sh     | 17 ++++++++++---
 docker-compose.yaml | 58 +++++++++++++++++++++++++--------------------
 start-services.sh   | 40 ++++++++++++++++++++++++++++++-
 6 files changed, 91 insertions(+), 36 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 721ac39..c1c3cfa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,7 +28,7 @@ RUN CGO_ENABLED=0 go build -o oauth2playground .
 
 
 # 阶段2：运行
-FROM alpine:3.18
+FROM alpine:latest
 
 # 设置工作目录并复制二进制文件
 WORKDIR /app
diff --git a/cfg-docker.json b/cfg-docker.json
index f4e067a..8732ff6 100644
--- a/cfg-docker.json
+++ b/cfg-docker.json
@@ -6,9 +6,9 @@
   },
   "endpoints": {
     "authorization": "http://localhost:8081/oauth2/authorize",
-    "device_authorization": "http://oauth-server-lite:8081/oauth2/device/authorize",
-    "token": "http://oauth-server-lite:8081/oauth2/token",
-    "userinfo": "http://oauth-server-lite:8081/oauth2/userinfo"
+    "device_authorization": "http://localhost:8081/oauth2/device/authorize",
+    "token": "http://localhost:8081/oauth2/token",
+    "userinfo": "http://localhost:8081/oauth2/userinfo"
   },
   "iplimit": {
     "enable": false,
@@ -20,7 +20,7 @@
     "cors": ["localhost", "127.0.0.1"],
     "listen": "0.0.0.0:80"
   },
-  "trust_domain": ["localhost", "oauth-server-lite:8081"],
+  "trust_domain": ["localhost", "localhost:8081"],
   "default_scope": "Basic",
   "timeout": 10
 }
\ No newline at end of file
diff --git a/cfg.json.example b/cfg.json.example
index 1529be0..18e9deb 100644
--- a/cfg.json.example
+++ b/cfg.json.example
@@ -20,7 +20,7 @@
 		"cors": ["localhost", "127.0.0.1"],
 		"listen": "0.0.0.0:80"
 	},
-	"trust_domain": ["oauth.example.org", "localhost:8081"],
+	"trust_domain": ["localhost", "oauth.example.org"],
 	"default_scope": "Basic",
 	"timeout": 10
 }
\ No newline at end of file
diff --git a/docker-build.sh b/docker-build.sh
index aec38e2..0bed369 100644
--- a/docker-build.sh
+++ b/docker-build.sh
@@ -1,5 +1,8 @@
 #!/bin/bash
 
+# 构建方式: 本地构建 or 多平台构建打包上传镜像
+BUILD_MODE="local"  # local / remote
+
 # DockerHub 用户名、镜像名称和版本号
 USERNAME="ecnunic"
 IMAGE_NAME="open-oauth2playground"
@@ -13,8 +16,16 @@ FULL_TAG="${USERNAME}/${IMAGE_NAME}:${VERSION}"
 
 echo "Building ${FULL_TAG} for platforms ${PLATFORMS}..."
 
-# 推送到远程镜像仓库
-docker buildx build \
+if [ "${BUILD_MODE}" == "remote" ]; then
+  # 推送到远程镜像仓库
+  docker buildx build \
     --platform "${PLATFORMS}" \
     -t "${FULL_TAG}" \
-    --push .
\ No newline at end of file
+    --push .
+elif [ "${BUILD_MODE}" == "local" ]; then
+  # 本地构建
+  docker build --no-cache --load -t "${FULL_TAG}" .
+else
+  # Unknown $BUILD_MODE
+  echo "BUILD_MODE must be \`local\` or \`remote\`, but got \`${BUILD_MODE}\`"
+fi
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
index c073c19..efe3584 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,31 +1,41 @@
-# docker-compose -p oauth-server-lite up -d
+# 启动命令: docker-compose -p open-oauth2playground up -d
+# -p [service name] 其中 server_name 可以替换为任意的服务名称
 
-services:
+# container model: 容器模式。由 open-oauth2playground 容器网络统一暴露端口
+# container 模式下的容器无法暴露自身端口
 
-  redis:
-    image: redis:alpine
-    container_name: oauth-redis
-    ports:
-      - "6379:6379"
-    networks:
-      - oauth-server-lite
+services:
 
   open-oauth2playground:
     image: ecnunic/open-oauth2playground:v0.2.0
     container_name: open-oauth2playground
     environment:
-      - PLAYGROUND_PORT=80
-      - OAUTH_SERVER_PORT=8081
-      - OAUTH_SERVER_HOST=oauth-server-lite
-      - OAUTH_SERVER_URL=http://oauth-server-lite:8081
-    restart: always
+      - PLAYGROUND_PORT=80                      # oauth2playground 服务端口号
+      - PLAYGROUND_HOST=localhost               # oauth2playground 服务地址/域名 (用于配置域名解析)
+      - CAS_SERVER_HOST=localhost               # apereo-cas 服务地址/域名 (用于配置域名解析)
+      - OAUTH_SERVER_PORT=8081                  # oauth-server-lite 服务端口号
+      - OAUTH_SERVER_HOST=localhost             # oauth-server-lite 服务地址/域名 (用于服务通信 && 配置域名解析)
+      - OAUTH_SERVER_URL=http://localhost:8081  # oauth-server-lite 服务 URL
     ports:
-      - "80:80"
+      - "80:80"       # open-oauth2playground 端口
+      # - "6379:6379"   # redis 端口
+      - "8080:8080"   # apereo-cas 服务占用 1
+      - "8081:8081"   # oauth-server-lite 前端服务
+      - "8444:8444"   # apereo-cas 服务占用 2
     networks:
-      - oauth-server-lite
+      - open-oauth2playground
   #    volumes:
   #      - ./oauth-server-lite/oauth2playground/cfg.json:/app/cfg.json
   #      - ./oauth-server-lite/oauth2playground/logs:/app/logs
+    restart: always
+
+  redis:
+    image: redis:alpine
+    container_name: oauth-redis
+    depends_on:
+      - open-oauth2playground
+    network_mode: container:open-oauth2playground
+    restart: always
 
   oauth-server-lite:
     image: ecnunic/oauth-server-lite:v0.3.0
@@ -35,22 +45,17 @@ services:
       - OAUTH_CLIENT_SECRET=123456            # OAuth2 Client Secret
       - CAS_USERNAME=cas                      # CAS 用户名
       - CAS_PASSWORD=123456                   # CAS 用户密码
-      - OAUTH_SERVER_PORT=8081                # oauth-server-lite 后端服务端口号
+      - OAUTH_SERVER_PORT=8081                # oauth-server-lite 服务端口号
       - CAS_SERVER_PORT=8444                  # apereo-cas 服务端口号
       - CAS_SERVER_HOST=localhost             # apereo-cas 服务地址/域名
       - CAS_SERVER_URL=http://localhost:8444  # apereo-cas 服务 URL
-      - OAUTH_REDIS_DSN=redis:6379            # redis 服务域名
+      - OAUTH_REDIS_DSN=localhost:6379        # redis 服务地址/域名
       - OAUTH_REDIS_PASSWORD=                 # redis 服务连接密码
       - PLAYGROUND_HOST=localhost             # oauth2playground 服务地址/域名
     depends_on:
+      - open-oauth2playground
       - redis
-    restart: always
-    ports:
-      - "8080:8080"   # apereo-cas 服务占用 1
-      - "8081:8081"   # oauth-server-lite 前端服务
-      - "8444:8444"   # apereo-cas 服务占用 2
-    networks:
-      - oauth-server-lite
+    network_mode: container:open-oauth2playground
 #    volumes:
 #      - ./oauth-server-lite/apereo-cas/cas.db:/app/apereo-cas/cas.db                       # apereo-cas 用户信息 sqlite 数据库
 #      - ./oauth-server-lite/apereo-cas/config:/etc/cas/config                              # apereo-cas 配置信息
@@ -58,7 +63,8 @@ services:
 #      - ./oauth-server-lite/oauth-server-lite/sqlite.db:/app/oauth-server-lite/sqlite.db   # oauth-server-lite 认证信息 sqlite 数据库
 #      - ./oauth-server-lite/oauth-server-lite/cfg.json:/app/oauth-server-lite/cfg.json     # oauth-server-lite 配置信息
 #      - ./oauth-server-lite/oauth-server-lite/logs:/app/oauth-server-lite/logs             # oauth-server-lite 日志
+    restart: always
 
 networks:
-  oauth-server-lite:
+  open-oauth2playground:
     driver: bridge
\ No newline at end of file
diff --git a/start-services.sh b/start-services.sh
index 5d5c6e7..568f34d 100644
--- a/start-services.sh
+++ b/start-services.sh
@@ -17,8 +17,10 @@ PLAYGROUND_CONFIG_FILE="${PATH_ROOT}/cfg.json"
 
 # 可对外暴露的环境变量
 PLAYGROUND_PORT=${PLAYGROUND_PORT:-"80"}  # oauth2playground 服务端口号
+PLAYGROUND_HOST=${PLAYGROUND_HOST:-"localhost"}  # oauth2playground 服务地址/域名
+CAS_SERVER_HOST=${CAS_SERVER_HOST:-"localhost"}  # apereo-cas 服务地址/域名
 OAUTH_SERVER_PORT=${OAUTH_SERVER_PORT:-"8081"}  # oauth-server-lite 服务端口号
-OAUTH_SERVER_HOST=${OAUTH_SERVER_HOST:-"oauth-server-lite"}  # oauth-server-lite 服务域名
+OAUTH_SERVER_HOST=${OAUTH_SERVER_HOST:-"localhost"}  # oauth-server-lite 服务地址/域名
 OAUTH_SERVER_URL=${OAUTH_SERVER_URL:-"http://${OAUTH_SERVER_HOST}:${OAUTH_SERVER_PORT}"}  # oauth-server-lite 服务 URL
 
 # ========================
@@ -41,9 +43,44 @@ configure_oauth2_playground() {
     .http.listen = "0.0.0.0:\($port)"
   ' "$PLAYGROUND_CONFIG_FILE" > "$PLAYGROUND_CONFIG_FILE.tmp" && mv "$PLAYGROUND_CONFIG_FILE.tmp" "$PLAYGROUND_CONFIG_FILE"
 
+  # 仅在 trust_domain 中不存在时追加新值
+  jq --arg new_domain "${OAUTH_SERVER_URL}" '
+    if .trust_domain | index($new_domain) == null then
+      .trust_domain += [$new_domain]
+    else
+      .
+    end
+  ' "$PLAYGROUND_CONFIG_FILE" > "$PLAYGROUND_CONFIG_FILE.tmp" && mv "$PLAYGROUND_CONFIG_FILE.tmp" "$PLAYGROUND_CONFIG_FILE"
+
   echo "OAuth2 Playground configured successfully!"
 }
 
+configure_domain_parser() {
+  echo "Configuring domain parser..."
+
+  # 检查并添加 PLAYGROUND_DOMAIN 的解析
+  if [ "${PLAYGROUND_HOST}" != "localhost" ] && [ "${PLAYGROUND_HOST}" != "127.0.0.1" ]; then
+    if ! grep -q "${PLAYGROUND_HOST}" /etc/hosts; then
+      echo "127.0.0.1 ${PLAYGROUND_HOST}" >> /etc/hosts
+      echo "Added DNS resolution for PLAYGROUND_HOST: ${PLAYGROUND_HOST}"
+    else
+      echo "DNS resolution for PLAYGROUND_HOST already exists: ${PLAYGROUND_HOST}"
+    fi
+  fi
+
+  # 检查并添加 OAUTH_SERVER_DOMAIN 的解析
+  if [ "${OAUTH_SERVER_HOST}" != "localhost" ] && [ "${OAUTH_SERVER_HOST}" != "127.0.0.1" ]; then
+    if ! grep -q "${OAUTH_SERVER_HOST}" /etc/hosts; then
+      echo "127.0.0.1 ${OAUTH_SERVER_HOST}" >> /etc/hosts
+      echo "Added DNS resolution for OAUTH_SERVER_HOST: ${OAUTH_SERVER_HOST}"
+    else
+      echo "DNS resolution for OAUTH_SERVER_HOST already exists: ${OAUTH_SERVER_HOST}"
+    fi
+  fi
+
+  echo "Domain parser configuration completed!"
+}
+
 # 启动 OAuth2 Playground 服务
 start_oauth2_playground() {
   echo "Starting OAuth2 Playground..."
@@ -55,6 +92,7 @@ start_oauth2_playground() {
 # 主执行流程
 # ========================
 configure_oauth2_playground
+configure_domain_parser
 start_oauth2_playground
 
 # 保持脚本运行