feat: add supertokens

2025-09-24 01:20:09 +02:00
parent 0d70749670
commit 99111b69eb
92 changed files with 1613 additions and 1141 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,17 +1,8 @@
 services:
-  cerbos:
-    container_name: cerbos
-    image: ghcr.io/cerbos/cerbos:latest
-    command: ["server", "--config=/config.yaml"]   # <--- ensure config is used
-    ports:
-      - "3592:3592"
-      - "3593:3593"
-      - "3594:3594"
-    volumes:
-      - ./platform/cerbos/config.yaml:/config.yaml          # <--- mount config
-      - ./platform/cerbos/policies:/data/policies           # <--- mount policies
-    networks:
-      - localdev
+
+  # MongoDB
+  # --------------------------------------------------------------------------------
+  # Used by event store and read store for managing and reading application data. 

  mongo:
    image: mongo:8
@@ -26,6 +17,68 @@ services:
    networks:
      - localdev

+  # Super Tokens Database
+  # --------------------------------------------------------------------------------
+  # Used by supertokens instance to store and manage principals.
+
+  stdb:
+    image: 'postgres:latest'
+    environment:
+      POSTGRES_USER: supertokens_user 
+      POSTGRES_PASSWORD: somePassword 
+      POSTGRES_DB: supertokens
+    ports:
+      - 5432:5432
+    networks:
+      - localdev
+    restart: unless-stopped
+    healthcheck:
+      test: ['CMD', 'pg_isready', '-U', 'supertokens_user', '-d', 'supertokens']
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  # Super Tokens
+  # -------------------------------------------------------------------------------- 
+
+  supertokens:
+    image: registry.supertokens.io/supertokens/supertokens-postgresql:latest
+    depends_on:
+      stdb:
+        condition: service_healthy
+    ports:
+      - 3567:3567
+    environment:
+      POSTGRESQL_CONNECTION_URI: "postgresql://supertokens_user:somePassword@stdb:5432/supertokens"
+    networks:
+      - localdev
+    restart: unless-stopped
+    healthcheck:
+      test: >
+        bash -c 'exec 3<>/dev/tcp/127.0.0.1/3567 && echo -e "GET /hello HTTP/1.1\r\nhost: 127.0.0.1:3567\r\nConnection: close\r\n\r\n" >&3 && cat <&3 | grep "Hello"'
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  # Cerbos
+  # --------------------------------------------------------------------------------
+  # Policy engine for application access control.
+
+  cerbos:
+    container_name: cerbos
+    image: ghcr.io/cerbos/cerbos:latest
+    command: ["server", "--config=/config.yaml"]
+    ports:
+      - "3592:3592"
+      - "3593:3593"
+      - "3594:3594"
+    volumes:
+      - ./cerbos.yaml:/config.yaml
+      - ./modules/identity/cerbos/policies:/data/policies/identity
+      - ./modules/workspace/cerbos/policies:/data/policies/workspace
+    networks:
+      - localdev
+
 networks:
  localdev:
    driver: bridge