From d85edd949ccb858b5423d39ca6976e52c68d49cc Mon Sep 17 00:00:00 2001 From: William Petit Date: Sun, 21 Jun 2020 14:22:06 +0200 Subject: [PATCH] =?UTF-8?q?Configuration=20basique=20des=20r=C3=B4les=20en?= =?UTF-8?q?=20mode=20'dev'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/config/dev.yml | 146 ++++++++++++++++++++++++----------------- 1 file changed, 84 insertions(+), 62 deletions(-) diff --git a/backend/config/dev.yml b/backend/config/dev.yml index 185f4ce..bca6371 100644 --- a/backend/config/dev.yml +++ b/backend/config/dev.yml @@ -1,9 +1,9 @@ -app_name: "Test Development" +app_name: "Daddy Dev" host_port: 0.0.0.0:8080 web_ui: true # debug, error, warn, info -log_level: "info" +log_level: debug # enable or disable http compression (uses gzip) http_compress: true @@ -15,7 +15,7 @@ http_compress: true production: false # Throw a 401 on auth failure for queries that need auth -auth_fail_block: false +auth_fail_block: true # Latency tracing for database queries and remote joins # the resulting latency information is returned with the @@ -65,18 +65,16 @@ cors_debug: false auth: # Can be 'rails', 'jwt' or 'header' type: jwt - cookie: _supergraph_session + #cookie: _supergraph_session # Comment this out if you want to disable setting # the user_id via a header for testing. # Disable in production - creds_in_header: true + #creds_in_header: false - # jwt: - # provider: auth0 - # secret: abc335bfcfdb04e50db5bb0a4d67ab9 - # public_key_file: /secrets/public_key.pem - # public_key_type: ecdsa #rsa + jwt: + provider: hydra + jwks_url: http://hydra:4444/.well-known/jwks.json # header: # name: dnt @@ -87,16 +85,16 @@ auth: # In this example actions using this auth can only be # called from the Google Appengine Cron service that # sets a special header to all it's requests -auths: - - name: from_taskqueue - type: header - header: - name: X-Appengine-Cron - exists: true +# auths: + # - name: from_taskqueue + # type: header + # header: + # name: X-Appengine-Cron + # exists: true database: type: postgres - host: db + host: localhost port: 5432 dbname: daddy user: daddy @@ -105,19 +103,19 @@ database: #schema: "public" #pool_size: 10 #max_retries: 0 - #log_level: "debug" + log_level: "debug" # Set session variable "user.id" to the user id # Enable this if you need the user id in triggers, etc - set_user_id: false + set_user_id: true # database ping timeout is used for db health checking ping_timeout: 1m # Define additional variables here to be used with filters variables: - #admin_account_id: "5" - admin_account_id: "sql:select id from users where admin = true limit 1" + # admin_account_id: "5" + # admin_account_id: "sql:select id from users where admin = true limit 1" # Field and table names that you wish to block @@ -135,67 +133,91 @@ database: # which in this case refreshes a materialized view in the database. # The auth_name is from one of the configured auths actions: - - name: refresh_leaderboard_users - sql: REFRESH MATERIALIZED VIEW CONCURRENTLY "leaderboard_users" - auth_name: from_taskqueue + # - name: refresh_leaderboard_users + # sql: REFRESH MATERIALIZED VIEW CONCURRENTLY "leaderboard_users" + # auth_name: from_taskqueue tables: - - name: customers - remotes: - - name: payments - id: stripe_id - url: http://rails_app:3000/stripe/$id - path: data - # debug: true - pass_headers: - - cookie - set_headers: - - name: Host - value: 0.0.0.0 + # - name: customers + # remotes: + # - name: payments + # id: stripe_id + # url: http://rails_app:3000/stripe/$id + # path: data + # # debug: true + # pass_headers: + # - cookie + # set_headers: + # - name: Host + # value: 0.0.0.0 # - name: Authorization # value: Bearer - - # You can create new fields that have a - # real db table backing them - name: me - table: users + # - # You can create new fields that have a + # # real db table backing them + # name: me + # table: users -#roles_query: "SELECT * FROM users WHERE id = $user_id" +roles_query: "select * from users where users.email = $user_id" roles: + # Rôle par défaut si l'utilisateur n'existe pas dans la table `users` - name: anon tables: - - name: users - query: - limit: 10 + # - name: users + # insert: + # block: true + # query: + # block: true + # update: + # block: true + # delete: + # block: true + # Rôle par défaut si l'utilisateur existe dans la table `users` + # mais que la valeur de la colonne `role` n'est pas définie - name: user tables: - name: users - query: - filters: ["{ id: { _eq: $user_id } }"] - - - name: products - query: - limit: 50 - filters: ["{ user_id: { eq: $user_id } }"] - disable_functions: false - insert: - filters: ["{ user_id: { eq: $user_id } }"] - presets: - - user_id: "$user_id" - - created_at: "now" - + block: true + query: + filters: ["{ email: { _eq: $user_id } }"] update: - filters: ["{ user_id: { eq: $user_id } }"] - presets: - - updated_at: "now" - + columns: + - full_name + filters: ["{ email: { _eq: $user_id } }"] delete: block: true + - name: admin + match: role = 'admin' + tables: + - name: users + query: + filters: [] + + # - name: products + # query: + # limit: 50 + # filters: ["{ user_id: { eq: $user_id } }"] + # disable_functions: false + + # insert: + # filters: ["{ user_id: { eq: $user_id } }"] + # presets: + # - user_id: "$user_id" + # - created_at: "now" + + # update: + # filters: ["{ user_id: { eq: $user_id } }"] + # presets: + # - updated_at: "now" + + # delete: + # block: true + # - name: admin # match: id = 1000 # tables: