From edd67111768bc36fa0474944f95dbeadef9ed1ba Mon Sep 17 00:00:00 2001 From: ThanatosDi Date: Tue, 22 Oct 2024 16:25:44 +0800 Subject: [PATCH 1/7] feat: ignore .sql migration, change use shell script --- ...l => 20230312043000_supabase_auth.sql.bak} | 0 migrations/before/supabase_auth.sh | 45 +++++++++++++++++++ 2 files changed, 45 insertions(+) rename migrations/before/{20230312043000_supabase_auth.sql => 20230312043000_supabase_auth.sql.bak} (100%) create mode 100755 migrations/before/supabase_auth.sh diff --git a/migrations/before/20230312043000_supabase_auth.sql b/migrations/before/20230312043000_supabase_auth.sql.bak similarity index 100% rename from migrations/before/20230312043000_supabase_auth.sql rename to migrations/before/20230312043000_supabase_auth.sql.bak diff --git a/migrations/before/supabase_auth.sh b/migrations/before/supabase_auth.sh new file mode 100755 index 00000000..76dce9cf --- /dev/null +++ b/migrations/before/supabase_auth.sh @@ -0,0 +1,45 @@ +#!/usr/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + -- Create the anon and authenticated roles if they don't exist + CREATE OR REPLACE FUNCTION create_roles(roles text []) RETURNS void LANGUAGE plpgsql AS \$\$ + DECLARE role_name text; + BEGIN FOREACH role_name IN ARRAY roles LOOP IF NOT EXISTS ( + SELECT 1 + FROM pg_roles + WHERE rolname = role_name + ) THEN EXECUTE 'CREATE ROLE ' || role_name; + END IF; + END LOOP; + END; + \$\$; + SELECT create_roles(ARRAY ['anon', 'authenticated']); + + -- Create supabase_admin user if it does not exist + DO \$\$ BEGIN IF NOT EXISTS ( + SELECT + FROM pg_catalog.pg_roles + WHERE rolname = 'supabase_admin' + ) THEN CREATE USER supabase_admin LOGIN CREATEROLE CREATEDB REPLICATION BYPASSRLS; + END IF; + END \$\$; + + -- Create supabase_auth_admin user if it does not exist + DO \$\$ BEGIN IF NOT EXISTS ( + SELECT + FROM pg_catalog.pg_roles + WHERE rolname = '$SUPABASE_USER' + ) THEN CREATE USER "$SUPABASE_USER" BYPASSRLS NOINHERIT CREATEROLE LOGIN NOREPLICATION PASSWORD '$SUPABASE_PASSWORD'; + END IF; + END \$\$; + + -- Create auth schema if it does not exist + CREATE SCHEMA IF NOT EXISTS auth AUTHORIZATION $SUPABASE_USER; + + -- Grant permissions + GRANT CREATE ON DATABASE postgres TO $SUPABASE_USER; + + -- Set search_path for supabase_auth_admin + ALTER USER $SUPABASE_USER SET search_path = 'auth'; +EOSQL \ No newline at end of file From 3ed976605d03026bfb9c851782a46b424a12f0ec Mon Sep 17 00:00:00 2001 From: ThanatosDi Date: Tue, 22 Oct 2024 16:31:24 +0800 Subject: [PATCH 2/7] feat: postgres service add supabase user and password env --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 45306cd7..18db05e9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -32,6 +32,8 @@ services: - POSTGRES_DB=${POSTGRES_DB:-postgres} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-password} - POSTGRES_HOST=${POSTGRES_HOST:-postgres} + - SUPABASE_USER=${SUPABASE_USER:-supabase_auth_admin} + - SUPABASE_PASSWORD=${SUPABASE_PASSWORD:-root} volumes: - ./migrations/before:/docker-entrypoint-initdb.d - postgres_data:/var/lib/postgresql/data From 8644fdd01bcf88f5166c32ce9e8bbf67c207a628 Mon Sep 17 00:00:00 2001 From: ThanatosDi Date: Tue, 22 Oct 2024 16:34:54 +0800 Subject: [PATCH 3/7] feat: detaching postgres, supabase, redis, gotrue settings --- deploy.env | 44 ++++++++++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 14 deletions(-) diff --git a/deploy.env b/deploy.env index b9278181..c7251cd4 100644 --- a/deploy.env +++ b/deploy.env @@ -1,23 +1,39 @@ # This file is a template for docker compose deployment # Copy this file to .env and change the values as needed -# PostgreSQL default user password -POSTGRES_PASSWORD="changepassword" +# PostgreSQL Settings +POSTGRES_HOST=postgres +POSTGRES_USER=postgres +POSTGRES_PASSWORD=changepassword +POSTGRES_PORT=5432 +POSTGRES_DB=postgres + +# Supabase user settings +SUPABASE_USER=supabase_auth_admin +SUPABASE_PASSWORD=root + +# Redis Settings +REDIS_HOST=redis +REDIS_PORT=6379 + +# Gotrue Settings +GOTRUE_HOST=gotrue +GOTRUE_PORT=9999 # AppFlowy Cloud ## URL that connects to the gotrue docker container -APPFLOWY_GOTRUE_BASE_URL=http://gotrue:9999 +APPFLOWY_GOTRUE_BASE_URL=http://${GOTRUE_HOST}:${GOTRUE_PORT} ## URL that connects to the postgres docker container -APPFLOWY_DATABASE_URL=postgres://postgres:${POSTGRES_PASSWORD}@postgres:5432/postgres +APPFLOWY_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} APPFLOWY_ACCESS_CONTROL=true APPFLOWY_WEBSOCKET_MAILBOX_SIZE=6000 APPFLOWY_DATABASE_MAX_CONNECTIONS=40 # admin frontend ## URL that connects to redis docker container -ADMIN_FRONTEND_REDIS_URL=redis://redis:6379 +ADMIN_FRONTEND_REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT} ## URL that connects to gotrue docker container -ADMIN_FRONTEND_GOTRUE_URL=http://gotrue:9999 +ADMIN_FRONTEND_GOTRUE_URL=http://${GOTRUE_HOST}:${GOTRUE_PORT} # authentication key, change this and keep the key safe and secret # self defined key, you can use any string @@ -56,7 +72,7 @@ API_EXTERNAL_URL=http://your-host # In docker environment, `postgres` is the hostname of the postgres service # GoTrue connect to postgres using this url -GOTRUE_DATABASE_URL=postgres://supabase_auth_admin:root@postgres:5432/postgres +GOTRUE_DATABASE_URL=postgres://${SUPABASE_USER}:${SUPABASE_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} # Refer to this for details: https://github.com/AppFlowy-IO/AppFlowy-Cloud/blob/main/doc/AUTHENTICATION.md # Google OAuth2 @@ -130,26 +146,26 @@ NGINX_TLS_PORT=443 APPFLOWY_AI_OPENAI_API_KEY= APPFLOWY_AI_SERVER_PORT=5001 APPFLOWY_AI_SERVER_HOST=ai -APPFLOWY_AI_DATABASE_URL=postgresql+psycopg://postgres:${POSTGRES_PASSWORD}@postgres:5432/postgres +APPFLOWY_AI_DATABASE_URL=postgresql+psycopg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} APPFLOWY_LOCAL_AI_TEST_ENABLED=false # AppFlowy History APPFLOWY_GRPC_HISTORY_ADDRS=http://localhost:50051 -APPFLOWY_HISTORY_REDIS_URL=redis://redis:6379 -APPFLOWY_HISTORY_DATABASE_URL=postgres://postgres:${POSTGRES_PASSWORD}@postgres:5432/postgres +APPFLOWY_HISTORY_REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT} +APPFLOWY_HISTORY_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} # AppFlowy Indexer APPFLOWY_INDEXER_ENABLED=true -APPFLOWY_INDEXER_DATABASE_URL=postgres://postgres:${POSTGRES_PASSWORD}@postgres:5432/postgres -APPFLOWY_INDEXER_REDIS_URL=redis://redis:6379 +APPFLOWY_INDEXER_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} +APPFLOWY_INDEXER_REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT} # AppFlowy Collaborate APPFLOWY_COLLABORATE_MULTI_THREAD=false APPFLOWY_COLLABORATE_REMOVE_BATCH_SIZE=100 # AppFlowy Worker -APPFLOWY_WORKER_REDIS_URL=redis://redis:6379 -APPFLOWY_WORKER_DATABASE_URL=postgres://postgres:${POSTGRES_PASSWORD}@postgres:5432/postgres +APPFLOWY_WORKER_REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT} +APPFLOWY_WORKER_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} # AppFlowy Web APPFLOWY_WEB_URL=http://localhost:3000 From e07f658e9cfa7d1f6b560770f4f614e8000ccf8c Mon Sep 17 00:00:00 2001 From: ThanatosDi Date: Wed, 23 Oct 2024 10:29:01 +0800 Subject: [PATCH 4/7] feat: reuse API_EXTERNAL_URL variable for gotrue redirect URI --- deploy.env | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/deploy.env b/deploy.env index c7251cd4..d4f8e911 100644 --- a/deploy.env +++ b/deploy.env @@ -68,6 +68,7 @@ GOTRUE_ADMIN_PASSWORD=password # Change this to your own domain where you host the docker-compose or gotrue # If you are using a different domain, you need to change the redirect_uri in the OAuth2 configuration # Make sure that this domain is accessible to the user +# Make sure no endswith / API_EXTERNAL_URL=http://your-host # In docker environment, `postgres` is the hostname of the postgres service @@ -79,22 +80,22 @@ GOTRUE_DATABASE_URL=postgres://${SUPABASE_USER}:${SUPABASE_PASSWORD}@${POSTGRES_ GOTRUE_EXTERNAL_GOOGLE_ENABLED=false GOTRUE_EXTERNAL_GOOGLE_CLIENT_ID= GOTRUE_EXTERNAL_GOOGLE_SECRET= -GOTRUE_EXTERNAL_GOOGLE_REDIRECT_URI=http://your-host/gotrue/callback +GOTRUE_EXTERNAL_GOOGLE_REDIRECT_URI=${API_EXTERNAL_URL}/gotrue/callback # GitHub OAuth2 GOTRUE_EXTERNAL_GITHUB_ENABLED=false GOTRUE_EXTERNAL_GITHUB_CLIENT_ID= GOTRUE_EXTERNAL_GITHUB_SECRET= -GOTRUE_EXTERNAL_GITHUB_REDIRECT_URI=http://your-host/gotrue/callback +GOTRUE_EXTERNAL_GITHUB_REDIRECT_URI=${API_EXTERNAL_URL}/gotrue/callback # Discord OAuth2 GOTRUE_EXTERNAL_DISCORD_ENABLED=false GOTRUE_EXTERNAL_DISCORD_CLIENT_ID= GOTRUE_EXTERNAL_DISCORD_SECRET= -GOTRUE_EXTERNAL_DISCORD_REDIRECT_URI=http://your-host/gotrue/callback +GOTRUE_EXTERNAL_DISCORD_REDIRECT_URI=${API_EXTERNAL_URL}/gotrue/callback # Apple OAuth2 GOTRUE_EXTERNAL_APPLE_ENABLED=false GOTRUE_EXTERNAL_APPLE_CLIENT_ID= GOTRUE_EXTERNAL_APPLE_SECRET= -GOTRUE_EXTERNAL_APPLE_REDIRECT_URI=http://your-host/gotrue/callback +GOTRUE_EXTERNAL_APPLE_REDIRECT_URI=${API_EXTERNAL_URL}/gotrue/callback # File Storage # Create the bucket if not exists on AppFlowy Cloud start up. From 2daaf18b02c0f238bde5a5d64048457392a68eea Mon Sep 17 00:00:00 2001 From: ThanatosDi Date: Wed, 23 Oct 2024 17:13:12 +0800 Subject: [PATCH 5/7] revert: revert gotrue URI setting to origin --- deploy.env | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/deploy.env b/deploy.env index d4f8e911..e3f5156b 100644 --- a/deploy.env +++ b/deploy.env @@ -16,13 +16,9 @@ SUPABASE_PASSWORD=root REDIS_HOST=redis REDIS_PORT=6379 -# Gotrue Settings -GOTRUE_HOST=gotrue -GOTRUE_PORT=9999 - # AppFlowy Cloud ## URL that connects to the gotrue docker container -APPFLOWY_GOTRUE_BASE_URL=http://${GOTRUE_HOST}:${GOTRUE_PORT} +APPFLOWY_GOTRUE_BASE_URL=http://gotrue:9999 ## URL that connects to the postgres docker container APPFLOWY_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} APPFLOWY_ACCESS_CONTROL=true @@ -33,7 +29,7 @@ APPFLOWY_DATABASE_MAX_CONNECTIONS=40 ## URL that connects to redis docker container ADMIN_FRONTEND_REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT} ## URL that connects to gotrue docker container -ADMIN_FRONTEND_GOTRUE_URL=http://${GOTRUE_HOST}:${GOTRUE_PORT} +ADMIN_FRONTEND_GOTRUE_URL=http://gotrue:9999 # authentication key, change this and keep the key safe and secret # self defined key, you can use any string From 9830dbfb9a7b6fb9ec308af1a1b69e32e594fa58 Mon Sep 17 00:00:00 2001 From: ThanatosDi Date: Wed, 23 Oct 2024 17:16:34 +0800 Subject: [PATCH 6/7] feat: set the APPFLOWY_REDIS_URI variable from .env and reuse redis settings --- deploy.env | 2 ++ docker-compose.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/deploy.env b/deploy.env index e3f5156b..75adfea0 100644 --- a/deploy.env +++ b/deploy.env @@ -24,6 +24,8 @@ APPFLOWY_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRE APPFLOWY_ACCESS_CONTROL=true APPFLOWY_WEBSOCKET_MAILBOX_SIZE=6000 APPFLOWY_DATABASE_MAX_CONNECTIONS=40 +## URL that connects to the redis docker container +APPFLOWY_REDIS_URI=redis://${REDIS_HOST}:${REDIS_PORT} # admin frontend ## URL that connects to redis docker container diff --git a/docker-compose.yml b/docker-compose.yml index 18db05e9..09a4c039 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -93,7 +93,7 @@ services: - RUST_LOG=${RUST_LOG:-info} - APPFLOWY_ENVIRONMENT=production - APPFLOWY_DATABASE_URL=${APPFLOWY_DATABASE_URL} - - APPFLOWY_REDIS_URI=redis://redis:6379 + - APPFLOWY_REDIS_URI=${APPFLOWY_REDIS_URI} - APPFLOWY_GOTRUE_JWT_SECRET=${GOTRUE_JWT_SECRET} - APPFLOWY_GOTRUE_JWT_EXP=${GOTRUE_JWT_EXP} - APPFLOWY_GOTRUE_BASE_URL=${APPFLOWY_GOTRUE_BASE_URL} From f7d139a7df096ccbe867d5b01d6f5e73f607912a Mon Sep 17 00:00:00 2001 From: ThanatosDi Date: Wed, 23 Oct 2024 22:45:22 +0800 Subject: [PATCH 7/7] refactor: delete supabase initialization .sql, replace with a shell script --- .../20230312043000_supabase_auth.sql.bak | 37 ------------------- 1 file changed, 37 deletions(-) delete mode 100644 migrations/before/20230312043000_supabase_auth.sql.bak diff --git a/migrations/before/20230312043000_supabase_auth.sql.bak b/migrations/before/20230312043000_supabase_auth.sql.bak deleted file mode 100644 index 70a44b0e..00000000 --- a/migrations/before/20230312043000_supabase_auth.sql.bak +++ /dev/null @@ -1,37 +0,0 @@ --- Add migration script here --- Create the anon and authenticated roles if they don't exist -CREATE OR REPLACE FUNCTION create_roles(roles text []) RETURNS void LANGUAGE plpgsql AS $$ -DECLARE role_name text; -BEGIN FOREACH role_name IN ARRAY roles LOOP IF NOT EXISTS ( - SELECT 1 - FROM pg_roles - WHERE rolname = role_name -) THEN EXECUTE 'CREATE ROLE ' || role_name; -END IF; -END LOOP; -END; -$$; -SELECT create_roles(ARRAY ['anon', 'authenticated']); - --- Create supabase_admin user if it does not exist -DO $$ BEGIN IF NOT EXISTS ( - SELECT - FROM pg_catalog.pg_roles - WHERE rolname = 'supabase_admin' -) THEN CREATE USER supabase_admin LOGIN CREATEROLE CREATEDB REPLICATION BYPASSRLS; -END IF; -END $$; --- Create supabase_auth_admin user if it does not exist -DO $$ BEGIN IF NOT EXISTS ( - SELECT - FROM pg_catalog.pg_roles - WHERE rolname = 'supabase_auth_admin' -) THEN CREATE USER supabase_auth_admin BYPASSRLS NOINHERIT CREATEROLE LOGIN NOREPLICATION PASSWORD 'root'; -END IF; -END $$; --- Create auth schema if it does not exist -CREATE SCHEMA IF NOT EXISTS auth AUTHORIZATION supabase_auth_admin; --- Grant permissions -GRANT CREATE ON DATABASE postgres TO supabase_auth_admin; --- Set search_path for supabase_auth_admin -ALTER USER supabase_auth_admin SET search_path = 'auth';