add dotenv loader

felixevers · felixevers · commit c90f4bfa47b8 · 2025-12-01T15:51:34.000+01:00
diff --git a/README.md b/README.md
@@ -14,7 +14,7 @@ If you simply want to test the application without modifying code, use the produ
     ```
 
 2.  **Access the App**
-    * **App URL:** `http://localhost:80`
+    * **App URL:** [`http://localhost:80`](http://localhost:80)
     * **User:** `test` / `test`
 
 ---
@@ -28,9 +28,9 @@ This section covers setting up the local environment for coding. You need **Post
 The application relies on the following services. Ensure your environment variables are set (or use the provided `.env.example`):
 
 ```bash
-export DATABASE_URL="postgresql+asyncpg://postgres:password@localhost:5432/postgres"
-export REDIS_URL="redis://localhost:6379"
-export ENV=development
+DATABASE_URL="postgresql+asyncpg://postgres:password@localhost:5432/postgres"
+REDIS_URL="redis://localhost:6379"
+ENV=development
 ```
 
 ### Option A: Manual Setup (Docker Compose)
@@ -82,14 +82,14 @@ Once the development environment is running:
 
 | Service | URL | Description |
 | :--- | :--- | :--- |
-| **Web Frontend** | `http://localhost:3000` | The user interface (Next.js/React). |
-| **Backend API** | `http://localhost:8000/graphql` | The GraphQL Playground (Strawberry). |
-| **Keycloak** | `http://localhost:8080` | Identity Provider. |
+| **Web Frontend** | [`http://localhost:3000`](http://localhost:3000) | The user interface (Next.js/React). |
+| **Backend API** | [`http://localhost:8000/graphql`](http://localhost:8000/graphql) | The GraphQL Playground (Strawberry). |
+| **Keycloak** | [`http://localhost:8080`](http://localhost:8080) | Identity Provider. |
 
 **Keycloak Realms & Users:**
-* **User Realm:** `http://localhost:8080/realms/tasks` (Redirects automatically from app login)
+* **tasks Realm:** `http://localhost:8080/realms/tasks` (Redirects automatically from app login)
     * User: `test`
     * Password: `test`
-* **Admin Console:** `http://localhost:8080/admin`
+* **master Realm (Admin Console):** [`http://localhost:8080/admin`](http://localhost:8080/admin)
     * User: `admin`
     * Password: `admin`
diff --git a/backend/.dockerignore b/backend/.dockerignore
@@ -0,0 +1,2 @@
+Dockerfile
+.env*
diff --git a/backend/.env.example b/backend/.env.example
@@ -0,0 +1,14 @@
+DATABASE_HOSTNAME="postgres"
+DATABASE_NAME="postgres"
+DATABASE_USERNAME="postgres"
+DATABASE_PASSWORD="password"
+
+REDIS_HOSTNAME="redis"
+REDIS_PASSWORD="password"
+
+ISSUER_URI="http://keycloak:8080/realms/tasks"
+PUBLIC_ISSUER_URI="http://localhost:8080/realms/tasks"
+CLIENT_ID="tasks"
+CLIENT_SECRET="tasks-secret"
+
+ENV="development"
diff --git a/backend/config.py b/backend/config.py
@@ -1,5 +1,9 @@
 import os
 
+from dotenv import load_dotenv
+
+load_dotenv()
+
 _db_hostname = os.getenv("DATABASE_HOSTNAME", "postgres")
 _db_name = os.getenv("DATABASE_NAME", "postgres")
 _db_username = os.getenv("DATABASE_USERNAME", "postgres")
diff --git a/backend/main.py b/backend/main.py
@@ -1,10 +1,14 @@
 import logging
 
 import requests
-from starlette.status import HTTP_400_BAD_REQUEST
 from api.context import Context
 from api.resolvers import Mutation, Query, Subscription
-from auth import UnauthenticatedRedirect, authenticate_connection, get_token_source, unauthenticated_redirect_handler, verify_token
+from auth import (
+    UnauthenticatedRedirect,
+    authenticate_connection,
+    get_token_source,
+    unauthenticated_redirect_handler,
+)
 from config import (
     CLIENT_ID,
     CLIENT_SECRET,
@@ -18,6 +22,7 @@
 from fastapi.responses import RedirectResponse
 from sqlalchemy import select
 from starlette.requests import HTTPConnection
+from starlette.status import HTTP_400_BAD_REQUEST
 from strawberry import Schema
 from strawberry.fastapi import GraphQLRouter
 
@@ -32,15 +37,17 @@ async def get_context(
     user_payload = await authenticate_connection(connection, token)
 
     user_id = user_payload.get("sub")
-    username = (
-        user_payload.get("preferred_username")
-        or user_payload.get("name")
+    username = user_payload.get("preferred_username") or user_payload.get(
+        "name",
     )
     firstname = user_payload.get("given_name")
     lastname = user_payload.get("family_name")
 
     if not (user_id and username and firstname and lastname):
-        raise HTTPException(status_code=HTTP_400_BAD_REQUEST, detail="Missing required user details.")
+        raise HTTPException(
+            status_code=HTTP_400_BAD_REQUEST,
+            detail="Missing required user details.",
+        )
 
     result = await session.execute(select(User).where(User.id == user_id))
     db_user = result.scalars().first()
@@ -73,7 +80,7 @@ async def get_context(
 graphql_app = GraphQLRouter(
     schema,
     context_getter=get_context,
-    graphiql=IS_DEV,
+    graphql_ide=IS_DEV,
 )
 
 
diff --git a/backend/requirements.txt b/backend/requirements.txt
@@ -16,8 +16,18 @@ anyio==4.12.0
     #   watchfiles
 asyncpg==0.31.0
     # via -r requirements.in
+certifi==2025.11.12
+    # via requests
+cffi==2.0.0
+    # via cryptography
+charset-normalizer==3.4.4
+    # via requests
 click==8.3.1
     # via uvicorn
+cryptography==46.0.3
+    # via python-jose
+ecdsa==0.19.1
+    # via python-jose
 fastapi==0.123.0
     # via
     #   -r requirements.in
@@ -31,7 +41,9 @@ h11==0.16.0
 httptools==0.7.1
     # via uvicorn
 idna==3.11
-    # via anyio
+    # via
+    #   anyio
+    #   requests
 lia-web==0.2.3
     # via strawberry-graphql
 mako==1.3.10
@@ -40,26 +52,38 @@ markupsafe==3.0.3
     # via mako
 packaging==25.0
     # via strawberry-graphql
-psycopg[binary]==3.2.13
-    # via -r requirements.in
-psycopg-binary==3.2.13
-    # via psycopg
+pyasn1==0.6.1
+    # via
+    #   python-jose
+    #   rsa
+pycparser==2.23
+    # via cffi
 pydantic==2.12.5
     # via fastapi
 pydantic-core==2.41.5
     # via pydantic
 python-dateutil==2.9.0.post0
     # via strawberry-graphql
 python-dotenv==1.2.1
-    # via uvicorn
+    # via
+    #   -r requirements.in
+    #   uvicorn
+python-jose[cryptography]==3.5.0
+    # via -r requirements.in
 python-multipart==0.0.20
     # via strawberry-graphql
 pyyaml==6.0.3
     # via uvicorn
 redis==7.1.0
     # via -r requirements.in
+requests==2.32.5
+    # via -r requirements.in
+rsa==4.9.1
+    # via python-jose
 six==1.17.0
-    # via python-dateutil
+    # via
+    #   ecdsa
+    #   python-dateutil
 sqlalchemy==2.0.44
     # via
     #   -r requirements.in
@@ -80,6 +104,8 @@ typing-extensions==4.15.0
     #   typing-inspection
 typing-inspection==0.4.2
     # via pydantic
+urllib3==2.5.0
+    # via requests
 uvicorn[standard]==0.38.0
     # via -r requirements.in
 uvloop==0.22.1
@@ -88,5 +114,3 @@ watchfiles==1.1.1
     # via uvicorn
 websockets==15.0.1
     # via uvicorn
-python-jose[cryptography]
-requests
diff --git a/keycloak/README.md b/keycloak/README.md
@@ -0,0 +1,5 @@
+# Disclaimer
+
+`tasks.json` is a realm file.
+You can import it into your *development* keycloak.
+This configuration has preset credentials in it. Make sure to *not use it in production*.
