docs(15-01): complete Logto Docker infrastructure plan
- Create 15-01-SUMMARY.md with execution results - Update STATE.md with phase 15 position and decisions - Update ROADMAP.md with plan progress - Mark AUTH-04 requirement complete
This commit is contained in:
102
.planning/phases/15-external-authentication/15-01-SUMMARY.md
Normal file
102
.planning/phases/15-external-authentication/15-01-SUMMARY.md
Normal file
@@ -0,0 +1,102 @@
|
||||
---
|
||||
phase: 15-external-authentication
|
||||
plan: 01
|
||||
subsystem: infra
|
||||
tags: [logto, oidc, docker-compose, postgres]
|
||||
|
||||
# Dependency graph
|
||||
requires:
|
||||
- phase: 14-postgresql-migration
|
||||
provides: Postgres database and Docker Compose foundation
|
||||
provides:
|
||||
- Logto OIDC provider running as Docker Compose service
|
||||
- Postgres init script for separate Logto database
|
||||
- OIDC environment variable documentation
|
||||
- Schema without users/sessions tables (ready for external auth)
|
||||
affects: [15-02, 15-03, 16-multi-user-data-model]
|
||||
|
||||
# Tech tracking
|
||||
tech-stack:
|
||||
added: [logto (svhd/logto Docker image)]
|
||||
patterns: [multi-database Postgres init via docker-entrypoint-initdb.d, OIDC env var convention]
|
||||
|
||||
key-files:
|
||||
created:
|
||||
- docker-compose.yml
|
||||
- docker-compose.dev.yml
|
||||
- docker/init-logto-db.sql
|
||||
- .env.example
|
||||
modified:
|
||||
- src/db/schema.ts
|
||||
|
||||
key-decisions:
|
||||
- "Logto shares Postgres instance via separate database created by init script"
|
||||
- "OIDC_ISSUER derived from LOGTO_ENDPOINT in docker-compose, not separately configured"
|
||||
|
||||
patterns-established:
|
||||
- "Docker init scripts in docker/ directory mounted to docker-entrypoint-initdb.d"
|
||||
- "OIDC environment variables: LOGTO_ENDPOINT, LOGTO_CLIENT_ID, LOGTO_CLIENT_SECRET, OIDC_AUTH_SECRET"
|
||||
|
||||
requirements-completed: [AUTH-04]
|
||||
|
||||
# Metrics
|
||||
duration: 3min
|
||||
completed: 2026-04-04
|
||||
---
|
||||
|
||||
# Phase 15 Plan 01: Logto Docker Infrastructure and Schema Cleanup Summary
|
||||
|
||||
**Logto OIDC provider added to Docker Compose with Postgres init script, users/sessions tables removed from schema**
|
||||
|
||||
## Performance
|
||||
|
||||
- **Duration:** 3 min
|
||||
- **Started:** 2026-04-04T18:35:52Z
|
||||
- **Completed:** 2026-04-04T18:38:52Z
|
||||
- **Tasks:** 2
|
||||
- **Files modified:** 6
|
||||
|
||||
## Accomplishments
|
||||
- Added Logto as a Docker Compose service in both production and dev configurations with proper health-check dependency on Postgres
|
||||
- Created Postgres init script that automatically creates the logto database on first boot
|
||||
- Removed users and sessions tables from GearBox schema, generated Drizzle migration to drop them
|
||||
- Documented all required OIDC environment variables in .env.example
|
||||
|
||||
## Task Commits
|
||||
|
||||
Each task was committed atomically:
|
||||
|
||||
1. **Task 1: Add Logto service to Docker Compose and create init script** - `625862f` (feat)
|
||||
2. **Task 2: Remove users and sessions tables from schema** - `0fe231f` (feat)
|
||||
|
||||
## Files Created/Modified
|
||||
- `docker-compose.yml` - Production compose with Postgres, Logto, and app services
|
||||
- `docker-compose.dev.yml` - Dev compose with Postgres and Logto for local auth testing
|
||||
- `docker/init-logto-db.sql` - SQL script creating separate logto database on Postgres
|
||||
- `.env.example` - Documents all required environment variables for OIDC configuration
|
||||
- `src/db/schema.ts` - Removed users and sessions table definitions
|
||||
- `drizzle/0010_foamy_marvel_zombies.sql` - Migration to drop users and sessions tables
|
||||
|
||||
## Decisions Made
|
||||
- Logto shares the same Postgres instance but uses a separate database (created by init script), rather than a dedicated Postgres container
|
||||
- OIDC_ISSUER is derived from LOGTO_ENDPOINT in docker-compose.yml rather than being a separate top-level env var, reducing configuration duplication
|
||||
- Dev compose uses hardcoded password for Logto DB connection (matching existing dev Postgres pattern)
|
||||
|
||||
## Deviations from Plan
|
||||
|
||||
None - plan executed exactly as written.
|
||||
|
||||
## Issues Encountered
|
||||
None.
|
||||
|
||||
## User Setup Required
|
||||
None - no external service configuration required. Logto admin console setup (creating OIDC application, obtaining client ID/secret) will be needed before plan 15-02, but is handled as part of the Logto first-boot experience at http://localhost:3002.
|
||||
|
||||
## Next Phase Readiness
|
||||
- Logto infrastructure is ready for plan 15-02 (server-side OIDC integration)
|
||||
- Schema is cleaned of old auth tables, ready for OIDC-based authentication
|
||||
- API keys table preserved for continued programmatic access
|
||||
|
||||
---
|
||||
*Phase: 15-external-authentication*
|
||||
*Completed: 2026-04-04*
|
||||
Reference in New Issue
Block a user