Merge pull request #149 from AppFlowy-IO/admin_creation

fix: restartable server when autoconfirm is true
2023-11-08 11:19:18 +08:00 · 2023-11-08 11:19:18 +08:00 · e3d90d0a43
parent eb4814738b 91bc8568ae
commit e3d90d0a43
6 changed files with 73 additions and 28 deletions
--- a/dev.env
+++ b/dev.env
@ -6,6 +6,8 @@
 GOTRUE_JWT_SECRET=hello456

 # user sign up will automatically be confirmed if this is set to true
+# if you have OAuth2 set up or smtp configured, you can set this to false
+# to enforce email confirmation or OAuth2 login instead
 GOTRUE_MAILER_AUTOCONFIRM=false

 # if you enable mail confirmation, you need to set the SMTP configuration below
--- a/doc/deployment.md
+++ b/doc/deployment.md
@ -13,6 +13,7 @@ we recommend using cloud compute services (as your host server) such as
 ## Software Requirements
 - [docker compose](https://docs.docker.com/compose)
 This is needed be installed in your host server
+- We recommend using approach as proposed by offical docker website: [Install Docker Engine](https://docs.docker.com/engine/install/)

 ## Steps

@ -36,11 +37,10 @@ cp dev.env .env
 # This is the secret key for authentication, please change this and keep the key safe
 GOTRUE_JWT_SECRET=hello456

-# This determine if the user will be user automatically be confirmed when they sign up
-# If this is enabled, it requires a clicking a confirmation link in the email which user
-# use for sign up.
-# Pre-requisite if you enable: you need to have your SMTP Service set up,
-# which you can then fill in the details below
+# This determine if the user will be user automatically be confirmed(verified) when they sign up
+# If this is enabled, it requires a clicking a confirmation link in the email after a user signs up.
+# If you do not have SMTP service set up, or any other OAuth2 method, you should set this to true,
+# or else no user will be able to be authenticated
 GOTRUE_MAILER_AUTOCONFIRM=true

 # if you enable mail confirmation, you need to set the SMTP configuration below
--- a/doc/logging.md
+++ b/doc/logging.md
@ -21,11 +21,17 @@ Exiting: error loading config file: config file ("filebeat.yml") can only be wri
 - Solution: remove write permission on the file: `chmod -w docker/filebeat/filebeat.yml`

 ### No Logs
+- Observation: There are no logs in OpenSearch Dashboard
+- Possibe Diagnostic: No read permission for `*.log` files in `/var/lib/docker/containers`
+
+- One Time Solution: give read permission to docker logs
 ```
-$ docker logs appflowy-cloud-filebeat-1
-...Non-zero metrics in the last 30s...
+chmod -R a+r /var/lib/docker/containers
 ```
- Solution: give read permission to docker logs: `chmod -R a+r /var/lib/docker/containers`
+- Permanent Solution: give read permission to docker logs every time there's a modification
+In the project root directory: `sudo ./docker/filebeat/grant_container_logs_permissions.sh`
+  - Caveat: Only work on unix like operating system, requires `inotifywait`(`inotify-tools`) to be installed.
+  MacOS alternative: `fswatch`

 ## Credentials
 - After deployment, when you go to localhost:5601, both username and password will be `admin`
--- a/docker/filebeat/grant_container_logs_permissions.sh
+++ b/docker/filebeat/grant_container_logs_permissions.sh
@ -0,0 +1,8 @@
+#! /usr/bin/env bash
+
+while true
+do
+	inotifywait /var/lib/docker/containers
+	sleep 1
+	sudo chmod -R a+r /var/lib/docker/containers
+done
--- a/libs/gotrue-entity/src/dto.rs
+++ b/libs/gotrue-entity/src/dto.rs
@ -197,7 +197,7 @@ impl OAuthProvider {
 pub struct OAuthURL {
  pub url: String,
 }
-#[derive(Serialize, Deserialize)]
+#[derive(Serialize, Deserialize, Debug)]
 #[serde(untagged)]
 pub enum SignUpResponse {
  Authenticated(GotrueTokenResponse),
--- a/src/application.rs
+++ b/src/application.rs
@ -213,26 +213,55 @@ async fn setup_admin_account(
 ) -> Result<(), Error> {
  let admin_email = gotrue_setting.admin_email.as_str();
  let password = gotrue_setting.admin_password.as_str();
-  gotrue_client
-    .sign_up(admin_email, password)
-    .await
-    .context("failed to sign-up for admin user")?;
+  let res_resp = gotrue_client.sign_up(admin_email, password).await;
+  match res_resp {
+    Err(err) => {
+      if let app_error::gotrue::GoTrueError::Internal(err) = err {
+        match (err.code, err.msg.as_str()) {
+          (400, "User already registered") => {
+            tracing::info!("Admin user already registered");
+            Ok(())
+          },
+          _ => Err(err.into()),
+        }
+      } else {
+        Err(err.into())
+      }
+    },
+    Ok(resp) => {
+      let admin_user = {
+        match resp {
+          gotrue_entity::dto::SignUpResponse::Authenticated(resp) => resp.user,
+          gotrue_entity::dto::SignUpResponse::NotAuthenticated(user) => user,
+        }
+      };
+      match admin_user.role.as_str() {
+        "supabase_admin" => {
+          tracing::info!("Admin user already created and set role to supabase_admin");
+          Ok(())
+        },
+        _ => {
+          let user_id = admin_user.id.parse::<uuid::Uuid>()?;
+          let result = sqlx::query(
+            r#"
+            UPDATE auth.users
+            SET role = 'supabase_admin', email_confirmed_at = NOW()
+            WHERE id = $1
+            "#,
+          )
+          .bind(user_id)
+          .execute(pg_pool)
+          .await
+          .context("failed to update the admin user")?;

-  // Unable to use query! macro here instead
-  // because of the auth is a not default schema
-  // hopefully this will be fixed in the future
-  sqlx::query(
-    r#"
-      UPDATE auth.users
-      SET role = 'supabase_admin', email_confirmed_at = NOW()
-      WHERE email = $1
-        "#,
-  )
-  .bind(admin_email)
-  .execute(pg_pool)
-  .await
-  .context("failed to update the admin user")?;
-  Ok(())
+          assert_eq!(result.rows_affected(), 1);
+          tracing::info!("Admin user created and set role to supabase_admin");
+
+          Ok(())
+        },
+      }
+    },
+  }
 }

 async fn get_redis_client(redis_uri: &str) -> Result<redis::aio::ConnectionManager, Error> {