diff --git a/dev.env b/dev.env index eaa905f8..6dcd3b16 100644 --- a/dev.env +++ b/dev.env @@ -6,6 +6,8 @@ GOTRUE_JWT_SECRET=hello456 # user sign up will automatically be confirmed if this is set to true +# if you have OAuth2 set up or smtp configured, you can set this to false +# to enforce email confirmation or OAuth2 login instead GOTRUE_MAILER_AUTOCONFIRM=false # if you enable mail confirmation, you need to set the SMTP configuration below diff --git a/doc/deployment.md b/doc/deployment.md index a9cd989c..10c62920 100644 --- a/doc/deployment.md +++ b/doc/deployment.md @@ -13,6 +13,7 @@ we recommend using cloud compute services (as your host server) such as ## Software Requirements - [docker compose](https://docs.docker.com/compose) This is needed be installed in your host server +- We recommend using approach as proposed by offical docker website: [Install Docker Engine](https://docs.docker.com/engine/install/) ## Steps @@ -36,11 +37,10 @@ cp dev.env .env # This is the secret key for authentication, please change this and keep the key safe GOTRUE_JWT_SECRET=hello456 -# This determine if the user will be user automatically be confirmed when they sign up -# If this is enabled, it requires a clicking a confirmation link in the email which user -# use for sign up. -# Pre-requisite if you enable: you need to have your SMTP Service set up, -# which you can then fill in the details below +# This determine if the user will be user automatically be confirmed(verified) when they sign up +# If this is enabled, it requires a clicking a confirmation link in the email after a user signs up. +# If you do not have SMTP service set up, or any other OAuth2 method, you should set this to true, +# or else no user will be able to be authenticated GOTRUE_MAILER_AUTOCONFIRM=true # if you enable mail confirmation, you need to set the SMTP configuration below diff --git a/doc/logging.md b/doc/logging.md index eb60d40a..d9203397 100644 --- a/doc/logging.md +++ b/doc/logging.md @@ -21,11 +21,17 @@ Exiting: error loading config file: config file ("filebeat.yml") can only be wri - Solution: remove write permission on the file: `chmod -w docker/filebeat/filebeat.yml` ### No Logs +- Observation: There are no logs in OpenSearch Dashboard +- Possibe Diagnostic: No read permission for `*.log` files in `/var/lib/docker/containers` + +- One Time Solution: give read permission to docker logs ``` -$ docker logs appflowy-cloud-filebeat-1 -...Non-zero metrics in the last 30s... +chmod -R a+r /var/lib/docker/containers ``` -- Solution: give read permission to docker logs: `chmod -R a+r /var/lib/docker/containers` +- Permanent Solution: give read permission to docker logs every time there's a modification +In the project root directory: `sudo ./docker/filebeat/grant_container_logs_permissions.sh` + - Caveat: Only work on unix like operating system, requires `inotifywait`(`inotify-tools`) to be installed. + MacOS alternative: `fswatch` ## Credentials - After deployment, when you go to localhost:5601, both username and password will be `admin` diff --git a/docker/filebeat/grant_container_logs_permissions.sh b/docker/filebeat/grant_container_logs_permissions.sh new file mode 100755 index 00000000..89eb7455 --- /dev/null +++ b/docker/filebeat/grant_container_logs_permissions.sh @@ -0,0 +1,8 @@ +#! /usr/bin/env bash + +while true +do + inotifywait /var/lib/docker/containers + sleep 1 + sudo chmod -R a+r /var/lib/docker/containers +done diff --git a/libs/gotrue-entity/src/dto.rs b/libs/gotrue-entity/src/dto.rs index 319e0d96..89d9992f 100644 --- a/libs/gotrue-entity/src/dto.rs +++ b/libs/gotrue-entity/src/dto.rs @@ -197,7 +197,7 @@ impl OAuthProvider { pub struct OAuthURL { pub url: String, } -#[derive(Serialize, Deserialize)] +#[derive(Serialize, Deserialize, Debug)] #[serde(untagged)] pub enum SignUpResponse { Authenticated(GotrueTokenResponse), diff --git a/src/application.rs b/src/application.rs index 1265b345..c7639463 100644 --- a/src/application.rs +++ b/src/application.rs @@ -213,26 +213,55 @@ async fn setup_admin_account( ) -> Result<(), Error> { let admin_email = gotrue_setting.admin_email.as_str(); let password = gotrue_setting.admin_password.as_str(); - gotrue_client - .sign_up(admin_email, password) - .await - .context("failed to sign-up for admin user")?; + let res_resp = gotrue_client.sign_up(admin_email, password).await; + match res_resp { + Err(err) => { + if let app_error::gotrue::GoTrueError::Internal(err) = err { + match (err.code, err.msg.as_str()) { + (400, "User already registered") => { + tracing::info!("Admin user already registered"); + Ok(()) + }, + _ => Err(err.into()), + } + } else { + Err(err.into()) + } + }, + Ok(resp) => { + let admin_user = { + match resp { + gotrue_entity::dto::SignUpResponse::Authenticated(resp) => resp.user, + gotrue_entity::dto::SignUpResponse::NotAuthenticated(user) => user, + } + }; + match admin_user.role.as_str() { + "supabase_admin" => { + tracing::info!("Admin user already created and set role to supabase_admin"); + Ok(()) + }, + _ => { + let user_id = admin_user.id.parse::()?; + let result = sqlx::query( + r#" + UPDATE auth.users + SET role = 'supabase_admin', email_confirmed_at = NOW() + WHERE id = $1 + "#, + ) + .bind(user_id) + .execute(pg_pool) + .await + .context("failed to update the admin user")?; - // Unable to use query! macro here instead - // because of the auth is a not default schema - // hopefully this will be fixed in the future - sqlx::query( - r#" - UPDATE auth.users - SET role = 'supabase_admin', email_confirmed_at = NOW() - WHERE email = $1 - "#, - ) - .bind(admin_email) - .execute(pg_pool) - .await - .context("failed to update the admin user")?; - Ok(()) + assert_eq!(result.rows_affected(), 1); + tracing::info!("Admin user created and set role to supabase_admin"); + + Ok(()) + }, + } + }, + } } async fn get_redis_client(redis_uri: &str) -> Result {