From 4e0d25b944fd9632e2555c4f6ae01b4728262dfb Mon Sep 17 00:00:00 2001 From: ertopogo Date: Sun, 22 Feb 2026 19:31:53 +0100 Subject: Application:ajout de lucien-sens bon, vikunja, homeassistant --- micro/applications/der_topogo.mmd | 101 +++++++++++++++++++++++++++++++++ micro/applications/homeassistant.mmd | 2 + micro/applications/lucien_sens_bon.mmd | 97 +++++++++++++++++++++++++++++++ micro/applications/vikunja.mmd | 2 + micro/iam/chiruca_auth.mmd | 6 ++ micro/reseau/caddy_reverse_proxy.mmd | 10 +++- 6 files changed, 216 insertions(+), 2 deletions(-) create mode 100644 micro/applications/der_topogo.mmd create mode 100644 micro/applications/lucien_sens_bon.mmd (limited to 'micro') diff --git a/micro/applications/der_topogo.mmd b/micro/applications/der_topogo.mmd new file mode 100644 index 0000000..edace84 --- /dev/null +++ b/micro/applications/der_topogo.mmd @@ -0,0 +1,101 @@ +%% Source projet : E:\Dev\Web-Works\Der-topogo +%% Auth active : Payload CMS natif (email/password, RBAC admin/editor/viewer) +%% Auth planifiee : Auth.js v5 + Keycloak OIDC (client dertopogo) +%%{init: {'theme': 'base', 'flowchart': {'nodeSpacing': 40, 'rankSpacing': 50}}}%% +flowchart TB + subgraph huitral_docker ["huitral 192.168.99.22 - Docker"] + direction TB + + subgraph dt_app ["der-topogo - Next.js 16 + Payload CMS v3"] + direction TB + nextjs["Next.js standalone
Port: 3000
App Router + TypeScript"] + payload["Payload CMS v3
Admin: /admin
REST API + GraphQL"] + middleware["Middleware Next.js
CSP headers
connect-src: kc.arauco.online"] + end + end + + subgraph pg_ext ["PostgreSQL externe"] + pg["PostgreSQL
@payloadcms/db-postgres"] + end + + subgraph auth_payload ["AuthN Active - Payload CMS natif"] + direction TB + pay_login["1. Login /admin
email + password"] + pay_session["2. Session Payload
PAYLOAD_SECRET"] + pay_access["3. Acces admin
Controle par collection"] + pay_login --> pay_session --> pay_access + end + + subgraph rbac_payload ["AuthZ - RBAC Payload"] + direction TB + role_admin["admin
CRUD toutes collections
gestion utilisateurs"] + role_editor["editor
Lecture + ecriture articles
upload media"] + role_viewer["viewer
Lecture seule"] + end + + subgraph auth_oidc_planned ["AuthN Planifiee - Auth.js v5 + Keycloak"] + direction TB + oidc_step1["1. Login SSO
Auth.js provider Keycloak"] + oidc_step2["2. Redirect OIDC
kc.arauco.online
/realms/chiruca"] + oidc_step3["3. Callback
/api/auth/callback/keycloak"] + oidc_step4["4. Session Auth.js
AUTH_SECRET"] + oidc_step1 -.-> oidc_step2 -.-> oidc_step3 -.-> oidc_step4 + end + + subgraph keycloak_ext ["Keycloak - npagnun .35"] + direction TB + kc["Realm chiruca
Client: dertopogo
Type: confidential"] + google["-> Google IdP"] + kc --> google + end + + subgraph caddy_ext ["Caddy - araucaria .50"] + direction TB + caddy_pub["dt.arauco.online
HTTPS -> :3000
HSTS, X-Frame-Options: DENY
X-Content-Type-Options: nosniff"] + caddy_lan["dt.huitral.ruka.lan
HTTPS auto-signe -> :3000"] + end + + subgraph security ["Headers securite"] + direction LR + csp["CSP
connect-src: kc.arauco.online
Exclu pour /admin"] + sec_headers["HSTS 2 ans
X-Frame-Options: DENY
Referrer-Policy: strict-origin
Permissions-Policy: restrict"] + end + + subgraph users ["Utilisateurs"] + direction TB + visitor["Visiteur public
Pages sans auth"] + cms_admin["Admin CMS
Payload /admin"] + sso_user["Utilisateur SSO
Auth.js + Keycloak"] + end + + caddy_pub -->|"HTTP"| nextjs + caddy_lan -->|"HTTP"| nextjs + nextjs --> payload + payload -->|"JDBC"| pg + + auth_payload -.->|"Flux actif"| payload + auth_oidc_planned -.->|"Flux planifie"| kc + + visitor --> caddy_pub + cms_admin --> caddy_pub + sso_user -.->|"Planifie"| caddy_pub + + classDef svcStyle fill:#1e4a2e,stroke:#4a9a6a,color:#a8e0c0 + classDef storStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8 + classDef iamStyle fill:#4a1e3a,stroke:#d94a8a,color:#f0a8c8 + classDef netStyle fill:#1e3a5f,stroke:#4a90d9,color:#a8d0f0 + classDef secStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8 + classDef userStyle fill:#3a1e5f,stroke:#8a6ad9,color:#c8b0f0 + classDef flowStyle fill:#3a2a1e,stroke:#aa7a4a,color:#e8c8a0 + classDef plannedStyle fill:#2a2a2a,stroke:#666,stroke-dasharray: 5 5,color:#999 + + class nextjs,payload,middleware svcStyle + class pg storStyle + class pay_login,pay_session,pay_access flowStyle + class role_admin,role_editor,role_viewer secStyle + class oidc_step1,oidc_step2,oidc_step3,oidc_step4 plannedStyle + class kc,google iamStyle + class caddy_pub,caddy_lan netStyle + class csp,sec_headers secStyle + class visitor,cms_admin userStyle + class sso_user plannedStyle diff --git a/micro/applications/homeassistant.mmd b/micro/applications/homeassistant.mmd index a73084b..577261c 100644 --- a/micro/applications/homeassistant.mmd +++ b/micro/applications/homeassistant.mmd @@ -1,3 +1,5 @@ +%% Source projet : E:\Dev\Chiruca +%% Auth : OIDC Keycloak via HACS (hass-oidc-auth), realm chiruca %%{init: {'theme': 'base', 'flowchart': {'nodeSpacing': 40, 'rankSpacing': 50}}}%% flowchart TB subgraph ha_host ["huitral 192.168.99.22 - network_mode: host"] diff --git a/micro/applications/lucien_sens_bon.mmd b/micro/applications/lucien_sens_bon.mmd new file mode 100644 index 0000000..b98da90 --- /dev/null +++ b/micro/applications/lucien_sens_bon.mmd @@ -0,0 +1,97 @@ +%% Source projet : E:\Dev\Web-Works\Lucien-sens-bon +%% Auth : native MedusaJS (JWT + Cookie session) - PAS de Keycloak/OIDC +%%{init: {'theme': 'base', 'flowchart': {'nodeSpacing': 40, 'rankSpacing': 50}}}%% +flowchart TB + subgraph huitral_docker ["huitral 192.168.99.22 - Docker Compose"] + direction TB + + subgraph lsb_backend ["backend - MedusaJS"] + direction TB + medusa["medusajs/medusa
Port: 9000
API REST + Admin /app"] + admin_ui["Dashboard Admin
/app (Medusa Admin)"] + end + + subgraph lsb_storefront ["storefront - Next.js"] + direction TB + nextjs["node:18-alpine
Port: 8000
Pages: catalogue, panier,
checkout, login, register"] + sdk["Medusa JS SDK
medusaClient"] + end + + subgraph lsb_redis ["Redis"] + redis["redis:alpine
:6379
Cache + Event bus"] + end + end + + subgraph pg_ext ["PostgreSQL - npagnun .35"] + pg["PostgreSQL
:5432
DB: medusa_lsb"] + end + + subgraph auth_client ["AuthN Client (storefront)"] + direction TB + step_c1["1. POST /store/auth
email + password"] + step_c2["2. Response
access_token: JWT"] + step_c3["3. localStorage
lsb_customer_token"] + step_c4["4. Appels API
Authorization: Bearer JWT"] + step_c1 --> step_c2 --> step_c3 --> step_c4 + end + + subgraph auth_admin ["AuthN Admin (dashboard)"] + direction TB + step_a1["1. POST /admin/auth
email + password"] + step_a2["2. Cookie session signe
COOKIE_SECRET"] + step_a3["3. JWT admin
JWT_SECRET"] + step_a4["4. Acces /app
Cookie + CORS verifie"] + step_a1 --> step_a2 --> step_a3 --> step_a4 + end + + subgraph cors_conf ["CORS"] + direction LR + admin_cors["ADMIN_CORS
api-lsb.arauco.online
lsb.arauco.online
domaines LAN"] + store_cors["STORE_CORS
lsb.arauco.online
domaines LAN"] + end + + subgraph caddy_ext ["Caddy - araucaria .50"] + direction TB + caddy_lsb["lsb.arauco.online
HTTPS -> :8000"] + caddy_api["api-lsb.arauco.online
HTTPS -> :9000"] + caddy_lan_lsb["lsb.huitral.ruka.lan
HTTP -> :8000"] + caddy_lan_api["api-lsb.huitral.ruka.lan
HTTP -> :9000"] + end + + subgraph users ["Utilisateurs"] + direction TB + customer["Client e-commerce
JWT Bearer"] + admin["Administrateur
Cookie session"] + end + + caddy_lsb -->|"HTTP"| nextjs + caddy_api -->|"HTTP"| medusa + caddy_lan_lsb -->|"HTTP"| nextjs + caddy_lan_api -->|"HTTP"| medusa + + sdk -->|"API REST"| medusa + medusa --> redis + medusa -->|"JDBC"| pg + + customer --> caddy_lsb + admin --> caddy_api + + auth_client -.->|"Flux"| sdk + auth_admin -.->|"Flux"| admin_ui + + classDef svcStyle fill:#1e4a2e,stroke:#4a9a6a,color:#a8e0c0 + classDef storStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8 + classDef netStyle fill:#1e3a5f,stroke:#4a90d9,color:#a8d0f0 + classDef secStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8 + classDef userStyle fill:#3a1e5f,stroke:#8a6ad9,color:#c8b0f0 + classDef configStyle fill:#2a3a4a,stroke:#6a8aaa,color:#b0d0e8 + classDef flowStyle fill:#3a2a1e,stroke:#aa7a4a,color:#e8c8a0 + + class medusa,admin_ui,nextjs,sdk svcStyle + class redis svcStyle + class pg storStyle + class caddy_lsb,caddy_api,caddy_lan_lsb,caddy_lan_api netStyle + class admin_cors,store_cors configStyle + class step_c1,step_c2,step_c3,step_c4 flowStyle + class step_a1,step_a2,step_a3,step_a4 flowStyle + class customer,admin userStyle diff --git a/micro/applications/vikunja.mmd b/micro/applications/vikunja.mmd index 19195b7..a74ddcb 100644 --- a/micro/applications/vikunja.mmd +++ b/micro/applications/vikunja.mmd @@ -1,3 +1,5 @@ +%% Source projet : E:\Dev\Chiruca +%% Auth : OIDC Keycloak natif, realm chiruca, auto-creation compte %%{init: {'theme': 'base', 'flowchart': {'nodeSpacing': 40, 'rankSpacing': 50}}}%% flowchart LR subgraph vikunja_stack ["huitral 192.168.99.22 - Docker Compose"] diff --git a/micro/iam/chiruca_auth.mmd b/micro/iam/chiruca_auth.mmd index 858a779..04d3f81 100644 --- a/micro/iam/chiruca_auth.mmd +++ b/micro/iam/chiruca_auth.mmd @@ -31,6 +31,7 @@ flowchart LR direction LR c_vikunja["vikunja
redirect: vk.arauco.online
scope: openid email profile"] c_ha["homeassistant
redirect: ha.arauco.online
/auth/oidc/callback"] + c_dt["dertopogo (planifie)
redirect: dt.arauco.online
/api/auth/callback/keycloak
Type: confidential"] end subgraph roles_conf ["Roles"] @@ -38,6 +39,7 @@ flowchart LR realm_roles["Realm roles
admin | user
gestionnaire-taches"] cr_vikunja["Client vikunja
admin | editor | viewer"] cr_ha["Client homeassistant
admin | user"] + cr_dt["Client dertopogo (planifie)
roles a definir"] end subgraph groups_conf ["Groupes"] @@ -65,6 +67,7 @@ flowchart LR direction TB vikunja["Vikunja
vk.arauco.online"] ha["Home Assistant
ha.arauco.online"] + dt["der-topogo (planifie)
dt.arauco.online"] end user -->|"Login request"| apps @@ -78,6 +81,7 @@ flowchart LR vikunja -->|"Token verify"| keycloak ha -->|"Token verify"| keycloak + dt -.->|"Token verify (planifie)"| keycloak groups_conf -.->|"Heritage roles"| roles_conf @@ -88,6 +92,7 @@ flowchart LR classDef extStyle fill:#2a3a4a,stroke:#6a8aaa,color:#b0d0e8 classDef flowStyle fill:#3a2a1e,stroke:#aa7a4a,color:#e8c8a0 classDef groupStyle fill:#3a1e5f,stroke:#8a6ad9,color:#c8b0f0 + classDef plannedStyle fill:#2a2a2a,stroke:#666,stroke-dasharray: 5 5,color:#999 class user,jwt userStyle class goog_oauth,goog_claims extStyle @@ -97,3 +102,4 @@ flowchart LR class g_admins,g_terrain,g_consult groupStyle class pg storStyle class vikunja,ha appStyle + class c_dt,cr_dt,dt plannedStyle diff --git a/micro/reseau/caddy_reverse_proxy.mmd b/micro/reseau/caddy_reverse_proxy.mmd index 3cddb40..92ff28f 100644 --- a/micro/reseau/caddy_reverse_proxy.mmd +++ b/micro/reseau/caddy_reverse_proxy.mmd @@ -30,6 +30,8 @@ flowchart LR r_ha["ha.arauco.online"] r_vk["vk.arauco.online"] r_pm["pm.arauco.online"] + r_lsb["lsb.arauco.online"] + r_api_lsb["api-lsb.arauco.online"] r_redir["arauco.online
-> 301 www.*"] end end @@ -45,6 +47,8 @@ flowchart LR ha["Home Assistant
:8123"] vk["Vikunja
:3456"] pm["Pachamama
:3030"] + lsb_sf["Medusa Storefront
:8000"] + lsb_be["Medusa Backend
:9000"] ws_note["WebSocket HA
read_timeout 0"] end @@ -56,6 +60,8 @@ flowchart LR r_ha -->|"HTTP + WS"| ha r_vk -->|"HTTP"| vk r_pm -->|"HTTP"| pm + r_lsb -->|"HTTP"| lsb_sf + r_api_lsb -->|"HTTP"| lsb_be tls --> routing @@ -69,6 +75,6 @@ flowchart LR class dns_pub,client,gw,nat extStyle class listen,tls netStyle class headers,kc_block secStyle - class r_www,r_kc,r_ha,r_vk,r_pm,r_redir routeStyle + class r_www,r_kc,r_ha,r_vk,r_pm,r_lsb,r_api_lsb,r_redir routeStyle class keycloak iamStyle - class dt,ha,vk,pm,ws_note svcStyle + class dt,ha,vk,pm,lsb_sf,lsb_be,ws_note svcStyle -- cgit v1.2.3