Merge pull request #149 from AppFlowy-IO/admin_creation
fix: restartable server when autoconfirm is true
This commit is contained in:
commit
e3d90d0a43
2
dev.env
2
dev.env
|
|
@ -6,6 +6,8 @@
|
||||||
GOTRUE_JWT_SECRET=hello456
|
GOTRUE_JWT_SECRET=hello456
|
||||||
|
|
||||||
# user sign up will automatically be confirmed if this is set to true
|
# user sign up will automatically be confirmed if this is set to true
|
||||||
|
# if you have OAuth2 set up or smtp configured, you can set this to false
|
||||||
|
# to enforce email confirmation or OAuth2 login instead
|
||||||
GOTRUE_MAILER_AUTOCONFIRM=false
|
GOTRUE_MAILER_AUTOCONFIRM=false
|
||||||
|
|
||||||
# if you enable mail confirmation, you need to set the SMTP configuration below
|
# if you enable mail confirmation, you need to set the SMTP configuration below
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ we recommend using cloud compute services (as your host server) such as
|
||||||
## Software Requirements
|
## Software Requirements
|
||||||
- [docker compose](https://docs.docker.com/compose)
|
- [docker compose](https://docs.docker.com/compose)
|
||||||
This is needed be installed in your host server
|
This is needed be installed in your host server
|
||||||
|
- We recommend using approach as proposed by offical docker website: [Install Docker Engine](https://docs.docker.com/engine/install/)
|
||||||
|
|
||||||
## Steps
|
## Steps
|
||||||
|
|
||||||
|
|
@ -36,11 +37,10 @@ cp dev.env .env
|
||||||
# This is the secret key for authentication, please change this and keep the key safe
|
# This is the secret key for authentication, please change this and keep the key safe
|
||||||
GOTRUE_JWT_SECRET=hello456
|
GOTRUE_JWT_SECRET=hello456
|
||||||
|
|
||||||
# This determine if the user will be user automatically be confirmed when they sign up
|
# This determine if the user will be user automatically be confirmed(verified) when they sign up
|
||||||
# If this is enabled, it requires a clicking a confirmation link in the email which user
|
# If this is enabled, it requires a clicking a confirmation link in the email after a user signs up.
|
||||||
# use for sign up.
|
# If you do not have SMTP service set up, or any other OAuth2 method, you should set this to true,
|
||||||
# Pre-requisite if you enable: you need to have your SMTP Service set up,
|
# or else no user will be able to be authenticated
|
||||||
# which you can then fill in the details below
|
|
||||||
GOTRUE_MAILER_AUTOCONFIRM=true
|
GOTRUE_MAILER_AUTOCONFIRM=true
|
||||||
|
|
||||||
# if you enable mail confirmation, you need to set the SMTP configuration below
|
# if you enable mail confirmation, you need to set the SMTP configuration below
|
||||||
|
|
|
||||||
|
|
@ -21,11 +21,17 @@ Exiting: error loading config file: config file ("filebeat.yml") can only be wri
|
||||||
- Solution: remove write permission on the file: `chmod -w docker/filebeat/filebeat.yml`
|
- Solution: remove write permission on the file: `chmod -w docker/filebeat/filebeat.yml`
|
||||||
|
|
||||||
### No Logs
|
### No Logs
|
||||||
|
- Observation: There are no logs in OpenSearch Dashboard
|
||||||
|
- Possibe Diagnostic: No read permission for `*.log` files in `/var/lib/docker/containers`
|
||||||
|
|
||||||
|
- One Time Solution: give read permission to docker logs
|
||||||
```
|
```
|
||||||
$ docker logs appflowy-cloud-filebeat-1
|
chmod -R a+r /var/lib/docker/containers
|
||||||
...Non-zero metrics in the last 30s...
|
|
||||||
```
|
```
|
||||||
- Solution: give read permission to docker logs: `chmod -R a+r /var/lib/docker/containers`
|
- Permanent Solution: give read permission to docker logs every time there's a modification
|
||||||
|
In the project root directory: `sudo ./docker/filebeat/grant_container_logs_permissions.sh`
|
||||||
|
- Caveat: Only work on unix like operating system, requires `inotifywait`(`inotify-tools`) to be installed.
|
||||||
|
MacOS alternative: `fswatch`
|
||||||
|
|
||||||
## Credentials
|
## Credentials
|
||||||
- After deployment, when you go to localhost:5601, both username and password will be `admin`
|
- After deployment, when you go to localhost:5601, both username and password will be `admin`
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,8 @@
|
||||||
|
#! /usr/bin/env bash
|
||||||
|
|
||||||
|
while true
|
||||||
|
do
|
||||||
|
inotifywait /var/lib/docker/containers
|
||||||
|
sleep 1
|
||||||
|
sudo chmod -R a+r /var/lib/docker/containers
|
||||||
|
done
|
||||||
|
|
@ -197,7 +197,7 @@ impl OAuthProvider {
|
||||||
pub struct OAuthURL {
|
pub struct OAuthURL {
|
||||||
pub url: String,
|
pub url: String,
|
||||||
}
|
}
|
||||||
#[derive(Serialize, Deserialize)]
|
#[derive(Serialize, Deserialize, Debug)]
|
||||||
#[serde(untagged)]
|
#[serde(untagged)]
|
||||||
pub enum SignUpResponse {
|
pub enum SignUpResponse {
|
||||||
Authenticated(GotrueTokenResponse),
|
Authenticated(GotrueTokenResponse),
|
||||||
|
|
|
||||||
|
|
@ -213,26 +213,55 @@ async fn setup_admin_account(
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
let admin_email = gotrue_setting.admin_email.as_str();
|
let admin_email = gotrue_setting.admin_email.as_str();
|
||||||
let password = gotrue_setting.admin_password.as_str();
|
let password = gotrue_setting.admin_password.as_str();
|
||||||
gotrue_client
|
let res_resp = gotrue_client.sign_up(admin_email, password).await;
|
||||||
.sign_up(admin_email, password)
|
match res_resp {
|
||||||
.await
|
Err(err) => {
|
||||||
.context("failed to sign-up for admin user")?;
|
if let app_error::gotrue::GoTrueError::Internal(err) = err {
|
||||||
|
match (err.code, err.msg.as_str()) {
|
||||||
|
(400, "User already registered") => {
|
||||||
|
tracing::info!("Admin user already registered");
|
||||||
|
Ok(())
|
||||||
|
},
|
||||||
|
_ => Err(err.into()),
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
Err(err.into())
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Ok(resp) => {
|
||||||
|
let admin_user = {
|
||||||
|
match resp {
|
||||||
|
gotrue_entity::dto::SignUpResponse::Authenticated(resp) => resp.user,
|
||||||
|
gotrue_entity::dto::SignUpResponse::NotAuthenticated(user) => user,
|
||||||
|
}
|
||||||
|
};
|
||||||
|
match admin_user.role.as_str() {
|
||||||
|
"supabase_admin" => {
|
||||||
|
tracing::info!("Admin user already created and set role to supabase_admin");
|
||||||
|
Ok(())
|
||||||
|
},
|
||||||
|
_ => {
|
||||||
|
let user_id = admin_user.id.parse::<uuid::Uuid>()?;
|
||||||
|
let result = sqlx::query(
|
||||||
|
r#"
|
||||||
|
UPDATE auth.users
|
||||||
|
SET role = 'supabase_admin', email_confirmed_at = NOW()
|
||||||
|
WHERE id = $1
|
||||||
|
"#,
|
||||||
|
)
|
||||||
|
.bind(user_id)
|
||||||
|
.execute(pg_pool)
|
||||||
|
.await
|
||||||
|
.context("failed to update the admin user")?;
|
||||||
|
|
||||||
// Unable to use query! macro here instead
|
assert_eq!(result.rows_affected(), 1);
|
||||||
// because of the auth is a not default schema
|
tracing::info!("Admin user created and set role to supabase_admin");
|
||||||
// hopefully this will be fixed in the future
|
|
||||||
sqlx::query(
|
Ok(())
|
||||||
r#"
|
},
|
||||||
UPDATE auth.users
|
}
|
||||||
SET role = 'supabase_admin', email_confirmed_at = NOW()
|
},
|
||||||
WHERE email = $1
|
}
|
||||||
"#,
|
|
||||||
)
|
|
||||||
.bind(admin_email)
|
|
||||||
.execute(pg_pool)
|
|
||||||
.await
|
|
||||||
.context("failed to update the admin user")?;
|
|
||||||
Ok(())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn get_redis_client(redis_uri: &str) -> Result<redis::aio::ConnectionManager, Error> {
|
async fn get_redis_client(redis_uri: &str) -> Result<redis::aio::ConnectionManager, Error> {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue