mikkel/pvm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pvm/docker
History
Mikkel Georgsen ed0578cd07 Address security/tech debt: token refresh, JWKS thundering herd, config safety, jq migration 
- Add token refresh logic in Auth.js JWT callback with 60s expiry buffer
- Fix JWKS cache thundering herd with Mutex + double-checked locking
- Make trustHost conditional (dev-only) via SvelteKit's $app/environment
- Make devMode conditional on ZITADEL_PRODUCTION env var in setup script
- Replace fragile grep/cut JSON parsing with jq in setup-zitadel.sh
- Add OIDC_GRANT_TYPE_REFRESH_TOKEN to Zitadel OIDC app grant types
- Update TODO_SECURITY.md: mark resolved items, add RefreshAccessTokenError frontend handling

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-08 13:17:42 +01:00
..
.env.example Add Zitadel OIDC setup, SMTP config, and security fixes 2026-02-08 12:34:44 +01:00
docker-compose.dev.yml Fix auth flow: federated logout, login page move, and healthcheck 2026-02-08 12:55:35 +01:00
README.md Scaffold base webapp: Rust/Axum API + SvelteKit dashboard + Docker dev env 2026-02-08 03:37:07 +01:00
setup-zitadel.sh Address security/tech debt: token refresh, JWKS thundering herd, config safety, jq migration 2026-02-08 13:17:42 +01:00
zitadel-healthcheck.yaml Fix auth flow: federated logout, login page move, and healthcheck 2026-02-08 12:55:35 +01:00

README.md

PVM Docker Dev Environment

Local development stack with Zitadel auth, PostgreSQL, and DragonflyDB.

Services

Service Description Port
zitadel Zitadel v3 identity provider (OIDC/OAuth2) 8080
zitadel-db PostgreSQL 16 for Zitadel (internal, not exposed)
pvm-db PostgreSQL 16 for PVM application data 5432
dragonfly DragonflyDB (Redis-compatible cache) 6379

Quick Start

# Copy env file and adjust if needed
cp .env.example .env

# Start all services
docker compose -f docker-compose.dev.yml up -d

# Check status
docker compose -f docker-compose.dev.yml ps

# View Zitadel logs (first startup takes ~30-60s)
docker compose -f docker-compose.dev.yml logs -f zitadel

Zitadel Admin Console

Once Zitadel finishes initializing (watch the logs for "server is listening"), open:

First-Time Zitadel Setup

After the first docker compose up, configure Zitadel for PVM:

  1. Log in to the admin console at http://localhost:8080/ui/console
  2. Create a project called "PVM"
  3. Create an application within the project:
    • Name: "PVM Web"
    • Type: Web
    • Auth method: PKCE (recommended for SvelteKit)
    • Redirect URIs: http://localhost:5173/auth/callback/zitadel
    • Post-logout URIs: http://localhost:5173
  4. Note the Client ID — you'll need it for SvelteKit's AUTH_ZITADEL_ID
  5. (Optional) Configure social login providers under Settings > Identity Providers:
    • Google, Apple, Facebook — each requires an OAuth app from the respective developer console

Connecting from the PVM Backend

# PostgreSQL (PVM app database)
DATABASE_URL=postgres://pvm:pvm-dev-password@localhost:5432/pvm

# DragonflyDB (Redis-compatible)
REDIS_URL=redis://localhost:6379

# Zitadel issuer (for OIDC/JWT validation)
ZITADEL_URL=http://localhost:8080

Stopping & Cleanup

# Stop services (data is preserved in volumes)
docker compose -f docker-compose.dev.yml down

# Stop and delete all data (fresh start)
docker compose -f docker-compose.dev.yml down -v