app_name: "Daddy Dev"
host_port: 0.0.0.0:8080
web_ui: true

# debug, error, warn, info
log_level: debug

# enable or disable http compression (uses gzip)
http_compress: true

# When production mode is 'true' only queries 
# from the allow list are permitted.
# When it's 'false' all queries are saved to the
# the allow list in ./config/allow.list
production: false

# Throw a 401 on auth failure for queries that need auth
auth_fail_block: true

# Latency tracing for database queries and remote joins
# the resulting latency information is returned with the
# response
enable_tracing: true

# Watch the config folder and reload Super Graph
# with the new configs when a change is detected
reload_on_config_change: true

# File that points to the database seeding script
# seed_file: seed.js

# Path pointing to where the migrations can be found
# this must be a relative path under the config path
migrations_path: ./migrations

# Secret key for general encryption operations like 
# encrypting the cursor data
secret_key: supercalifajalistics

# CORS: A list of origins a cross-domain request can be executed from. 
# If the special * value is present in the list, all origins will be allowed. 
# An origin may contain a wildcard (*) to replace 0 or more 
# characters (i.e.: http://*.domain.com).
cors_allowed_origins: ["*"]
cors_allowed_headers: ["Authorization", "Content-Type", "Mode"]
cors_allowed_methods: ["POST"]

# Debug Cross Origin Resource Sharing requests
cors_debug: false

# Postgres related environment Variables
# SG_DATABASE_HOST
# SG_DATABASE_PORT
# SG_DATABASE_USER
# SG_DATABASE_PASSWORD

# Auth related environment Variables
# SG_AUTH_RAILS_COOKIE_SECRET_KEY_BASE
# SG_AUTH_RAILS_REDIS_URL
# SG_AUTH_RAILS_REDIS_PASSWORD
# SG_AUTH_JWT_PUBLIC_KEY_FILE

# inflections:
#   person: people
#   sheep: sheep

auth:
  # Can be 'rails', 'jwt' or 'header'
  type: jwt
  #cookie: _supergraph_session

  # Comment this out if you want to disable setting
  # the user_id via a header for testing. 
  # Disable in production
  #creds_in_header: false

  jwt:
    provider: hydra
    jwks_url: http://hydra:4444/.well-known/jwks.json

  # header:
  #   name: dnt
  #   exists: true
  #   value: localhost:8080

# You can add additional named auths to use with actions
# In this example actions using this auth can only be
# called from the Google Appengine Cron service that
# sets a special header to all it's requests
# auths:
  # - name: from_taskqueue
  #   type: header
  #   header:
  #     name: X-Appengine-Cron
  #     exists: true

database:
  type: postgres
  host: localhost
  port: 5432
  dbname: daddy
  user: daddy
  password: daddy

  #schema: "public"
  #pool_size: 10
  #max_retries: 0
  log_level: "debug"

  # Set session variable "user.id" to the user id
  # Enable this if you need the user id in triggers, etc
  set_user_id: true

  # database ping timeout is used for db health checking
  ping_timeout: 1m

  # Define additional variables here to be used with filters
  variables:
    # admin_account_id: "5"
    # admin_account_id: "sql:select id from users where admin = true limit 1"


  # Field and table names that you wish to block
  blocklist:
    - ar_internal_metadata
    - schema_migrations
    - secret
    - password
    - encrypted
    - token

# Create custom actions with their own api endpoints
# For example the below action will be available at /api/v1/actions/refresh_leaderboard_users
# A request to this url will execute the configured SQL query
# which in this case refreshes a materialized view in the database.
# The auth_name is from one of the configured auths
actions:
  # - name: refresh_leaderboard_users
  #   sql: REFRESH MATERIALIZED VIEW CONCURRENTLY "leaderboard_users"
  #   auth_name: from_taskqueue

tables:
  # - name: customers
  #   remotes:
  #     - name: payments
  #       id: stripe_id
  #       url: http://rails_app:3000/stripe/$id
  #       path: data
  #       # debug: true
  #       pass_headers: 
  #         - cookie
  #       set_headers:
  #         - name: Host
  #           value: 0.0.0.0
          # - name: Authorization
          #   value: Bearer <stripe_api_key>

  # - # You can create new fields that have a
  #   # real db table backing them
  #   name: me
  #   table: users


roles_query: "select * from users where users.email = $user_id"

roles:
  # Rôle par défaut si l'utilisateur n'existe pas dans la table `users`
  - name: anon
    tables:
      - name: users
        # insert:
        #   block: true
        # query:
        #   block: true
        # update:
        #   block: true
        # delete:
        #   block: true

  # Rôle par défaut si l'utilisateur existe dans la table `users`
  # mais que la valeur de la colonne `role` n'est pas définie
  - name: user
    tables:
      - name: users
        insert:
          block: true
        query:
          filters: ["{ email: { _eq: $user_id } }"]
        update:
          columns:
            - full_name
          filters: ["{ email: { _eq: $user_id } }"]
        delete:
          block: true

  - name: admin
    match: role = 'admin'
    tables:
      - name: users

      # - name: products
      #   query:
      #     limit: 50
      #     filters: ["{ user_id: { eq: $user_id } }"]
      #     disable_functions: false

      #   insert:
      #     filters: ["{ user_id: { eq: $user_id } }"]
      #     presets:
      #       - user_id: "$user_id"
      #       - created_at: "now"
            
      #   update:
      #     filters: ["{ user_id: { eq: $user_id } }"]
      #     presets:
      #       - updated_at: "now"

        # delete:
        #   block: true

  # - name: admin
  #   match: id = 1000
  #   tables:
  #     - name: users
  #       filters: []