Merge branch 'feature/keycloak-middleware-clean' into enhancement/openremote-client-service-register

Author: dominiquekleeven

docker/Dockerfile

@@ -14,11 +14,13 @@ COPY frontend/ ./
 # Define build arguments
 ARG ML_SERVICE_URL
 ARG ML_WEB_ROOT_PATH
-ARG ML_KEYCLOAK_URL
+ARG ML_OR_KEYCLOAK_URL
+ARG ML_OR_URL
 
 RUN ML_SERVICE_URL=${ML_SERVICE_URL:-/services/ml-forecast} \
     ML_WEB_ROOT_PATH=${ML_WEB_ROOT_PATH:-/services/ml-forecast/ui} \
-    ML_KEYCLOAK_URL=${ML_KEYCLOAK_URL:-/auth} \
+    ML_OR_KEYCLOAK_URL=${ML_OR_KEYCLOAK_URL:-/auth} \
+    ML_OR_URL=${ML_OR_URL:-} \
     npm run build:prod
 
 # --- Python Build Phase -------------------------------------------------------

docker/docker-compose.yml

@@ -6,20 +6,21 @@ services:
       context: ..
       dockerfile: docker/Dockerfile
       args:
-        ML_KEYCLOAK_URL: ${ML_KEYCLOAK_URL:-/auth} # OpenRemote Keycloak URL
-        ML_SERVICE_URL: ${ML_SERVICE_URL:-/services/ml-forecast} # Url to reach the back-end service, should be the same as ML_API_ROOT_PATH
-        ML_WEB_ROOT_PATH: ${ML_WEB_ROOT_PATH:-/services/ml-forecast/ui} # Public path for the front-end (e.g. when behind a reverse proxy)
+        ML_OR_URL: ${ML_OR_URL} # OpenRemote URL
+        ML_OR_KEYCLOAK_URL: ${ML_OR_KEYCLOAK_URL} # OpenRemote Keycloak URL
+        ML_SERVICE_URL: ${ML_SERVICE_URL} # Url to reach the back-end service, should be the same as ML_API_ROOT_PATH
+        ML_WEB_ROOT_PATH: ${ML_WEB_ROOT_PATH} # Public path for the front-end (e.g. when behind a reverse proxy)
     container_name: service-ml-forecast
     ports:
       - "8000:8000"
     environment:
-      - ML_LOG_LEVEL=${ML_LOG_LEVEL:-INFO} # Log level to use
-      - ML_ENVIRONMENT=${ML_ENVIRONMENT:-production} # Environment to run the service in
-      - ML_API_ROOT_PATH=${ML_API_ROOT_PATH:-/services/ml-forecast} # Public path for the back-end (e.g. when behind a reverse proxy)
-      - ML_OR_URL=${ML_OR_URL:-http://host.docker.internal:8080} # OpenRemote URL
-      - ML_OR_KEYCLOAK_URL=${ML_OR_KEYCLOAK_URL:-http://host.docker.internal:8081} # OpenRemote Keycloak URL
-      - ML_OR_SERVICE_USER=${ML_OR_SERVICE_USER:-serviceuser} # OpenRemote service user
-      - ML_OR_SERVICE_USER_SECRET=${ML_OR_SERVICE_USER_SECRET:-secret} # OpenRemote service user secret
+      - ML_LOG_LEVEL=${ML_LOG_LEVEL} # Log level to use
+      - ML_ENVIRONMENT=${ML_ENVIRONMENT} # Environment to run the service in
+      - ML_API_ROOT_PATH=${ML_API_ROOT_PATH} # Public path for the back-end (e.g. when behind a reverse proxy)
+      - ML_OR_URL=${ML_OR_URL} # OpenRemote URL
+      - ML_OR_KEYCLOAK_URL=${ML_OR_KEYCLOAK_URL} # OpenRemote Keycloak URL
+      - ML_OR_SERVICE_USER=${ML_OR_SERVICE_USER} # OpenRemote service user
+      - ML_OR_SERVICE_USER_SECRET=${ML_OR_SERVICE_USER_SECRET} # OpenRemote service user secret
     volumes:
       # Model storage
       - ../deployment/data/models:/app/deployment/data/models

frontend/package.json

@@ -5,7 +5,7 @@
     "type": "module",
     "scripts": {
         "serve": "cross-env rspack serve",
-        "build:prod": "cross-env ML_KEYCLOAK_URL=${ML_KEYCLOAK_URL:-/auth} ML_SERVICE_URL=${ML_SERVICE_URL:-/services/ml-forecast} ML_WEB_ROOT_PATH=${ML_WEB_ROOT_PATH:-/services/ml-forecast/ui} rspack build --mode production",
+        "build:prod": "cross-env ML_OR_KEYCLOAK_URL=${ML_OR_KEYCLOAK_URL:-/auth} ML_OR_URL=${ML_OR_URL} ML_SERVICE_URL=${ML_SERVICE_URL:-/services/ml-forecast} ML_WEB_ROOT_PATH=${ML_WEB_ROOT_PATH:-/services/ml-forecast/ui} rspack build --mode production",
         "build:analyze": "rspack build --mode production --analyze",
         "lint": "eslint && prettier . --check",
         "format": "prettier . --write"

frontend/rspack.config.js

@@ -9,8 +9,8 @@ const __dirname = path.dirname(__filename);
 const isProduction = process.env.NODE_ENV === 'production';
 const rootPath = process.env.ML_WEB_ROOT_PATH;
 const serviceUrl = process.env.ML_SERVICE_URL || 'http://localhost:8000'; // Default to default service backend
-const keycloakUrl = process.env.ML_KEYCLOAK_URL || 'http://localhost:8081/auth'; // Default to openremote keycloak address
-const openremoteUrl = process.env.ML_OR_URL || 'http://localhost:8080';
+const keycloakUrl = process.env.ML_OR_KEYCLOAK_URL || 'http://localhost:8081/auth'; // Default to openremote keycloak address
+const openremoteUrl = process.env.ML_OR_URL !== undefined ? process.env.ML_OR_URL : 'http://localhost:8080'; // Default to openremote url
 
 export default {
     mode: isProduction ? 'production' : 'development',
@@ -67,7 +67,7 @@ export default {
         }),
         new rspack.DefinePlugin({
             'process.env.ML_SERVICE_URL': JSON.stringify(serviceUrl),
-            'process.env.ML_KEYCLOAK_URL': JSON.stringify(keycloakUrl),
+            'process.env.ML_OR_KEYCLOAK_URL': JSON.stringify(keycloakUrl),
             'process.env.ML_OR_URL': JSON.stringify(openremoteUrl)
         })
     ],

frontend/src/services/auth-service.ts

@@ -20,7 +20,7 @@ import { IS_EMBEDDED } from '../common/constants';
 import { manager } from '@openremote/core';
 import { AxiosRequestConfig } from 'axios';
 
-const keycloakUrl: string = (process.env.ML_KEYCLOAK_URL || '').replace(/\/$/, '');
+const keycloakUrl: string = (process.env.ML_OR_KEYCLOAK_URL || '').replace(/\/$/, '');
 
 type AuthChangeListener = () => void;
 

src/service_ml_forecast/middlewares/keycloak_middleware.py

@@ -262,7 +262,7 @@ def _is_excluded_route(path: str, excluded_routes: list[str]) -> bool:
 
 class KeycloakMiddleware(BaseHTTPMiddleware):
     """
-    Middleware that verifies Bearer token against OR_ML_KEYCLOAK_URL's JWKS endpoint.
+    Middleware that verifies Bearer token against ML_OR_KEYCLOAK_URL's JWKS endpoint.
     Routes can be excluded from authentication by providing a list of route paths.
     """