daddy/backend/config/dev.yml

226 lines
5.6 KiB
YAML

app_name: "Daddy Dev"
host_port: 0.0.0.0:8080
web_ui: true
# debug, error, warn, info
log_level: debug
# enable or disable http compression (uses gzip)
http_compress: true
# When production mode is 'true' only queries
# from the allow list are permitted.
# When it's 'false' all queries are saved to the
# the allow list in ./config/allow.list
production: false
# Throw a 401 on auth failure for queries that need auth
auth_fail_block: true
# Latency tracing for database queries and remote joins
# the resulting latency information is returned with the
# response
enable_tracing: true
# Watch the config folder and reload Super Graph
# with the new configs when a change is detected
reload_on_config_change: true
# File that points to the database seeding script
# seed_file: seed.js
# Path pointing to where the migrations can be found
# this must be a relative path under the config path
migrations_path: ./migrations
# Secret key for general encryption operations like
# encrypting the cursor data
secret_key: supercalifajalistics
# CORS: A list of origins a cross-domain request can be executed from.
# If the special * value is present in the list, all origins will be allowed.
# An origin may contain a wildcard (*) to replace 0 or more
# characters (i.e.: http://*.domain.com).
cors_allowed_origins: ["*"]
# Debug Cross Origin Resource Sharing requests
cors_debug: false
# Postgres related environment Variables
# SG_DATABASE_HOST
# SG_DATABASE_PORT
# SG_DATABASE_USER
# SG_DATABASE_PASSWORD
# Auth related environment Variables
# SG_AUTH_RAILS_COOKIE_SECRET_KEY_BASE
# SG_AUTH_RAILS_REDIS_URL
# SG_AUTH_RAILS_REDIS_PASSWORD
# SG_AUTH_JWT_PUBLIC_KEY_FILE
# inflections:
# person: people
# sheep: sheep
auth:
# Can be 'rails', 'jwt' or 'header'
type: jwt
#cookie: _supergraph_session
# Comment this out if you want to disable setting
# the user_id via a header for testing.
# Disable in production
#creds_in_header: false
jwt:
provider: hydra
jwks_url: http://hydra:4444/.well-known/jwks.json
# header:
# name: dnt
# exists: true
# value: localhost:8080
# You can add additional named auths to use with actions
# In this example actions using this auth can only be
# called from the Google Appengine Cron service that
# sets a special header to all it's requests
# auths:
# - name: from_taskqueue
# type: header
# header:
# name: X-Appengine-Cron
# exists: true
database:
type: postgres
host: localhost
port: 5432
dbname: daddy
user: daddy
password: daddy
#schema: "public"
#pool_size: 10
#max_retries: 0
log_level: "debug"
# Set session variable "user.id" to the user id
# Enable this if you need the user id in triggers, etc
set_user_id: true
# database ping timeout is used for db health checking
ping_timeout: 1m
# Define additional variables here to be used with filters
variables:
# admin_account_id: "5"
# admin_account_id: "sql:select id from users where admin = true limit 1"
# Field and table names that you wish to block
blocklist:
- ar_internal_metadata
- schema_migrations
- secret
- password
- encrypted
- token
# Create custom actions with their own api endpoints
# For example the below action will be available at /api/v1/actions/refresh_leaderboard_users
# A request to this url will execute the configured SQL query
# which in this case refreshes a materialized view in the database.
# The auth_name is from one of the configured auths
actions:
# - name: refresh_leaderboard_users
# sql: REFRESH MATERIALIZED VIEW CONCURRENTLY "leaderboard_users"
# auth_name: from_taskqueue
tables:
# - name: customers
# remotes:
# - name: payments
# id: stripe_id
# url: http://rails_app:3000/stripe/$id
# path: data
# # debug: true
# pass_headers:
# - cookie
# set_headers:
# - name: Host
# value: 0.0.0.0
# - name: Authorization
# value: Bearer <stripe_api_key>
# - # You can create new fields that have a
# # real db table backing them
# name: me
# table: users
roles_query: "select * from users where users.email = $user_id"
roles:
# Rôle par défaut si l'utilisateur n'existe pas dans la table `users`
- name: anon
tables:
# - name: users
# insert:
# block: true
# query:
# block: true
# update:
# block: true
# delete:
# block: true
# Rôle par défaut si l'utilisateur existe dans la table `users`
# mais que la valeur de la colonne `role` n'est pas définie
- name: user
tables:
- name: users
insert:
block: true
query:
filters: ["{ email: { _eq: $user_id } }"]
update:
columns:
- full_name
filters: ["{ email: { _eq: $user_id } }"]
delete:
block: true
- name: admin
match: role = 'admin'
tables:
- name: users
query:
filters: []
# - name: products
# query:
# limit: 50
# filters: ["{ user_id: { eq: $user_id } }"]
# disable_functions: false
# insert:
# filters: ["{ user_id: { eq: $user_id } }"]
# presets:
# - user_id: "$user_id"
# - created_at: "now"
# update:
# filters: ["{ user_id: { eq: $user_id } }"]
# presets:
# - updated_at: "now"
# delete:
# block: true
# - name: admin
# match: id = 1000
# tables:
# - name: users
# filters: []