[WIP]

.github/dependabot.yml

@@ -1,6 +1,12 @@
+---
 version: 2
+
 updates:
   - package-ecosystem: maven
     directory: "/spring-boot"
     schedule:
       interval: daily
+  - package-ecosystem: npm
+    directory: "oauth2/e2e"
+    schedule:
+      interval: daily

.github/workflows/oauth2.yml

@@ -0,0 +1,36 @@
+---
+name: OAuth2
+permissions: { }
+
+on:
+  push:
+    paths:
+      - 'oauth2/**'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  e2e:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+          cache-dependency-path: oauth2/e2e/package-lock.json
+      - name: Install dependencies
+        run: npm install
+        working-directory: ./oauth2/e2e
+      - name: Start containers
+        run: docker compose up -d
+        working-directory: ./oauth2
+      - name: Run e2e tests
+        run: npm run test
+        working-directory: ./oauth2/e2e
+      - name: Stop containers
+        if: always()
+        run: docker compose down -v
+        working-directory: ./oauth2

oauth2/.gitignore

@@ -0,0 +1,2 @@
+e2e/node_modules
+e2e/*.har

oauth2/compose.yml

@@ -0,0 +1,61 @@
+---
+services:
+  nginx:
+    image: docker.io/library/nginx:1.26.2-alpine3.20
+    volumes:
+      - ./etc/nginx/conf.d:/etc/nginx/conf.d:ro
+    ports:
+      - "8080:80/tcp"
+    restart: unless-stopped
+    depends_on:
+      keycloak:
+        condition: service_healthy
+        restart: true
+      oauth2-proxy:
+        condition: service_started
+        restart: true
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:26.0.6
+    hostname: keycloak.localhost
+    environment:
+      KC_HTTP_PORT: 9080
+      KC_HEALTH_ENABLED: true
+      KC_BOOTSTRAP_ADMIN_USERNAME: admin
+      KC_BOOTSTRAP_ADMIN_PASSWORD: admin
+    ports:
+      - "9080:9080/tcp"
+    command:
+      - start-dev
+      - --import-realm
+    volumes:
+      - ./etc/keycloak:/opt/keycloak/data/import # [email protected], password=password
+    healthcheck:
+      test: [ "CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/9000 && printf >&3 '%s\r\n' 'GET /health/ready HTTP/1.1' 'Host: localhost' 'Connection: close' '' && grep -q 'HTTP/1.1 200 OK' <&3" ]
+      interval: 30s
+      timeout: 5s
+    restart: unless-stopped
+
+  oauth2-proxy:
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
+    environment:
+      # https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#general-provider-options
+      OAUTH2_PROXY_CLIENT_ID: "oauth2-proxy"
+      OAUTH2_PROXY_CLIENT_SECRET: "72341b6d-7065-4518-a0e4-50ee15025608"
+      OAUTH2_PROXY_OIDC_ISSUER_URL: "http://keycloak.localhost:9080/realms/oauth2-proxy"
+      OAUTH2_PROXY_PROVIDER: "oidc"
+      # https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#cookie-options
+      # OAUTH2_PROXY_COOKIE_DOMAINS:
+      OAUTH2_PROXY_COOKIE_SECRET: "wenKY5NUBWSLO8CRh1a81K7I-sqROgoAfEpbXCKhtfI="
+      OAUTH2_PROXY_COOKIE_SECURE: "false"
+      # https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview/#proxy-options
+      OAUTH2_PROXY_EMAIL_DOMAINS: "*"
+      OAUTH2_PROXY_REDIRECT_URL: "http://localhost:8080/oauth2/callback"
+      OAUTH2_PROXY_REVERSE_PROXY: "true"
+      OAUTH2_PROXY_WHITELIST_DOMAINS: "localhost:8080"
+      # https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#server-options
+      OAUTH2_PROXY_HTTP_ADDRESS: "0.0.0.0:4180"
+    restart: unless-stopped
+    depends_on:
+      keycloak:
+        condition: service_healthy

oauth2/e2e/eslint.config.js

@@ -0,0 +1,15 @@
+import js from '@eslint/js'
+import stylistic from '@stylistic/eslint-plugin'
+import vitest from '@vitest/eslint-plugin'
+
+// eslint.config.js
+export default [
+  js.configs.recommended,
+  stylistic.configs['recommended-flat'],
+  vitest.configs.recommended,
+  {
+    rules: {
+      'sort-imports': 'error',
+    },
+  },
+]