61 lines
1.5 KiB
Markdown
61 lines
1.5 KiB
Markdown
# memberapi.ose.tw backend
|
|
|
|
## Quick start
|
|
|
|
```bash
|
|
cd backend
|
|
python -m venv .venv
|
|
source .venv/bin/activate
|
|
pip install -e .
|
|
cp .env.example .env
|
|
psql "$DATABASE_URL" -f scripts/init_schema.sql
|
|
./scripts/start_dev.sh
|
|
```
|
|
|
|
## Keycloak env
|
|
|
|
- Required:
|
|
- `KEYCLOAK_BASE_URL`
|
|
- `KEYCLOAK_REALM`
|
|
- `KEYCLOAK_CLIENT_ID`
|
|
- `KEYCLOAK_CLIENT_SECRET`
|
|
- `KEYCLOAK_ADMIN_CLIENT_ID`
|
|
- `KEYCLOAK_ADMIN_CLIENT_SECRET`
|
|
- Optional:
|
|
- `KEYCLOAK_ADMIN_REALM` (default = `KEYCLOAK_REALM`)
|
|
- `KEYCLOAK_ISSUER`
|
|
- `KEYCLOAK_JWKS_URL`
|
|
- `KEYCLOAK_TOKEN_ENDPOINT`
|
|
- `KEYCLOAK_USERINFO_ENDPOINT`
|
|
- `KEYCLOAK_AUDIENCE`
|
|
- `KEYCLOAK_VERIFY_TLS`
|
|
|
|
## Main APIs
|
|
|
|
- `GET /healthz`
|
|
- `GET /auth/oidc/url`
|
|
- `POST /auth/oidc/exchange`
|
|
- `GET /me` (Bearer token required)
|
|
- `GET /me/permissions/snapshot` (Bearer token required)
|
|
|
|
### Admin APIs (Bearer + admin group required)
|
|
- `GET/POST/PATCH/DELETE /admin/companies`
|
|
- `GET/POST/PATCH/DELETE /admin/sites`
|
|
- `GET/POST/PATCH/DELETE /admin/systems`
|
|
- `GET/POST/PATCH/DELETE /admin/roles`
|
|
- `GET/POST/PATCH/DELETE /admin/members`
|
|
- `PUT /admin/sites/{site_key}/roles`
|
|
- `PUT /admin/members/{user_sub}/sites`
|
|
- `GET /admin/members/{user_sub}/roles`
|
|
- `GET/POST/PATCH/DELETE /admin/api-clients`
|
|
|
|
### Internal APIs (`X-Client-Key` + `X-API-Key`)
|
|
- `GET /internal/companies`
|
|
- `GET /internal/sites`
|
|
- `GET /internal/systems`
|
|
- `GET /internal/roles`
|
|
- `GET /internal/members`
|
|
- `POST /internal/users/upsert-by-sub`
|
|
- `GET /internal/users/{user_sub}/roles`
|
|
- `POST /internal/idp/users/ensure`
|