Compare commits

...

13 commits

Author SHA1 Message Date
d13f30825e fix panel build 2018-10-02 01:58:12 +02:00
29cfe8debc Merge remote-tracking branch 'boyska/master' 2018-10-02 01:38:24 +02:00
0c0158b048 Merge branch 'db-refactoring'
user storage moved to postgresql; a draft of a userpanel is ready,
together with CLI to admin users
2018-09-30 23:20:58 +02:00
f724dddb02 frontend goes to /panel/, which "understand" users 2018-09-30 23:18:55 +02:00
15444cab1a fix DB permissions to apache user 2018-09-30 11:46:55 +02:00
d8d15795b1 panel HTTP server 2018-09-30 11:43:39 +02:00
ecfa79d654 dbprepare: create panel tabels + refactor 2018-09-30 11:42:46 +02:00
b23df82c75 apache authenticates on DB 2018-09-30 00:56:35 +02:00
5cab65d85f (bad) test for panelcli integration 2018-09-30 00:56:35 +02:00
3d257e7581 add panel submodule 2018-09-30 00:55:44 +02:00
c75aede91b postgresql with multiple users 2018-09-25 23:29:22 +02:00
7de48a2e28 Addedd doc for the db. 2018-09-22 16:40:56 +02:00
952e0270cd [BR] patches to fix facebook guid 2018-09-21 16:42:50 +02:00
13 changed files with 124 additions and 27 deletions

3
.gitmodules vendored
View file

@ -5,3 +5,6 @@
[submodule "rss-bridge"] [submodule "rss-bridge"]
path = rss-bridge path = rss-bridge
url = https://git.lattuga.net/blallo/rss-bridge.git url = https://git.lattuga.net/blallo/rss-bridge.git
[submodule "panel"]
path = panel
url = https://git.lattuga.net/blallo/feedpanel

46
doc/DB.rst Normal file
View file

@ -0,0 +1,46 @@
Database(s) structure
=====================
We have a single postgres instance on ``db`` container. ``tt-rss`` has its own
database ``tt-rss`` (?). There will be another one for the app that keeps all
together.
feedati
-------
The db structure is, right now, the following:
======== ======= ======= =========
Schema Name Type Owner
======== ======= ======= =========
public users table postgres
======== ======= ======= =========
The following statements create the db and the table:
.. code:: sql
CREATE DATABASE feedati WITH ENCODING=UTF8 OWNER=postgres;
Then create the table:
.. code:: sql
CREATE EXTENSION IF NOT EXIST "uuid-ossp";
CREATE TABLE users
(
uuid uuid NOT NULL DEFAULT uuid_generate_v1(),
email text NOT NULL,
pass_hash varchar(512) NOT NULL,
CONSTRAINT users_pkey PRIMARY KEY (uuid)
);
Example table content:
====================================== ============= ==============================================================
uuid email pass_hash
====================================== ============= ==============================================================
b0abc42e-be71-11e8-a054-0242ac110002 me@domin.io $2a$10$8z35dF9/U6VJzpwDt2.Hm.QT78izNZI.IYSZFYCFQmBykEwWUNajq
cff36cba-be71-11e8-a054-0242ac110002 luke@dom.it $2a$10$J7slNiXjQexMJXNgaEkeAeUtw7ERwNciM1KVMGwM3X.P/GUk8o7.C
====================================== ============= ==============================================================

View file

@ -2,14 +2,14 @@ version: "3.6"
services: services:
db: db:
image: postgres:10 image: postgres:10-alpine
container_name: feedati_db container_name: feedati_db
volumes: volumes:
- postgres_data:/var/lib/postgresql/data - postgres_data:/var/lib/postgresql/data
environment: environment:
- POSTGRES_USER=ttrss - POSTGRES_USER=superadmin
- POSTGRES_PASSWORD=password-dev - POSTGRES_PASSWORD=superpass
- POSTGRES_DB=ttrss - POSTGRES_DB=feeds
ports: ports:
- 5432:5432 - 5432:5432
@ -37,7 +37,7 @@ services:
environment: environment:
- PHP_DISPLAY_ERRORS=stdout - PHP_DISPLAY_ERRORS=stdout
- PHP_DISPLAY_STARTUP_ERROR=1 - PHP_DISPLAY_STARTUP_ERROR=1
entrypoint: 'wait-db php7 /app/public/tt-rss/update.php --daemon' entrypoint: 'env PGHOST=db PGDATABASE=feeds PGUSER=ttrss PGPASSWORD=ttpass wait-db php7 /app/public/tt-rss/update.php --daemon'
ports: [] ports: []
depends_on: depends_on:
- db - db
@ -56,11 +56,14 @@ services:
- APACHE_SERVER_NAME=rss-bridge - APACHE_SERVER_NAME=rss-bridge
feedati-fe: feedati-fe:
image: httpd:2.4-alpine image: feedati/frontend
build:
context: .
dockerfile: ./docker/Dockerfile-frontend
container_name: feedati_webserver container_name: feedati_webserver
volumes: volumes:
- ./docker/frontend-apache.conf:/usr/local/apache2/conf/httpd.conf:ro - ./docker/frontend-apache.conf:/usr/local/apache2/conf/httpd.conf:ro
- ./docker/frontend-apache/:/etc/apache2/:ro # - ./docker/frontend-apache/:/etc/apache2/:ro
- ./docker/frontend-login/:/var/www/login/:ro - ./docker/frontend-login/:/var/www/login/:ro
ports: ports:
- 80:80 - 80:80
@ -72,5 +75,12 @@ services:
image: jumanjiman/rsyslog:latest image: jumanjiman/rsyslog:latest
container_name: feedati_syslog container_name: feedati_syslog
panel:
image: feedati/feedspanel:latest
build:
context:
./panel/
container_name: feedati_panel
volumes: volumes:
postgres_data: postgres_data:

View file

@ -0,0 +1,5 @@
FROM httpd:2.4-alpine
RUN apk --no-cache add apr-util-dbd_pgsql
# vim: set ft=dockerfile:

6
docker/dbconf-perms.sql Normal file
View file

@ -0,0 +1,6 @@
-- these commands must be given AFTER `panelcli setup` has been run
-- and ttrss has created its tables
-- having a 'ALTER DEFAULT PRIVILEGES IN SCHEMA public' might be a little cleaner than this
GRANT USAGE ON SCHEMA users TO apache;
GRANT SELECT ON TABLE users.users TO apache;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO panel;

6
docker/dbconf.sql Normal file
View file

@ -0,0 +1,6 @@
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
CREATE USER ttrss WITH PASSWORD 'ttpass';
CREATE USER panel WITH PASSWORD 'panelpass';
GRANT CREATE ON DATABASE feeds TO panel;
GRANT CREATE ON DATABASE feeds TO ttrss;
CREATE USER apache WITH PASSWORD 'apachepass';

View file

@ -16,8 +16,8 @@ LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule unixd_module modules/mod_unixd.so LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so #LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so #LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so LoadModule alias_module modules/mod_alias.so
@ -27,8 +27,8 @@ LoadModule session_cookie_module modules/mod_session_cookie.so
LoadModule request_module modules/mod_request.so LoadModule request_module modules/mod_request.so
LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_user_module modules/mod_authz_user.so
LoadModule auth_form_module modules/mod_auth_form.so LoadModule auth_form_module modules/mod_auth_form.so
LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_dbd_module modules/mod_authn_dbd.so
# LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule dbd_module modules/mod_dbd.so
LoadModule macro_module modules/mod_macro.so LoadModule macro_module modules/mod_macro.so
LoadModule rewrite_module modules/mod_rewrite.so LoadModule rewrite_module modules/mod_rewrite.so
@ -50,13 +50,14 @@ ServerAdmin you@example.com
ServerName feedati-fe:80 ServerName feedati-fe:80
DBDriver pgsql
DBDParams "host=db dbname=feeds user=apache password=apachepass"
<Macro Auth> <Macro Auth>
AuthFormLoginRequiredLocation "/login/" AuthFormLoginRequiredLocation "/login/"
AuthFormLoginRequiredLocation "/login/"
AuthFormProvider file
# authn # authn
AuthFormProvider file AuthFormProvider dbd
AuthUserFile /etc/apache2/passwords.txt AuthDBDUserPWQuery "SELECT password FROM users.users WHERE username = %s"
# form # form
AuthType form AuthType form
AuthName "authenticationform" AuthName "authenticationform"
@ -69,7 +70,7 @@ ServerName feedati-fe:80
<Location "/login/do"> <Location "/login/do">
SetHandler form-login-handler SetHandler form-login-handler
Use Auth Use Auth
AuthFormLoginSuccessLocation "/tt-rss/" AuthFormLoginSuccessLocation "/panel/"
</Location> </Location>
<Directory /> <Directory />
@ -209,4 +210,14 @@ ProxyPassReverse http://rss-bridge/
Require all granted Require all granted
</Location> </Location>
<Location /panel/>
ProxyPass http://panel:8000/panel/
ProxyPassReverse http://panel:8000/panel/
Use Auth
Require valid-user
RewriteEngine on
RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER},NS]
RequestHeader set X-Forwarded-User %{RU}e
</Location>
# vim: set ft=apache bkc=yes: # vim: set ft=apache bkc=yes:

View file

@ -1 +0,0 @@
admin:$2y$05$tPaBuT/mWQCvfk1C12PmV.0Dz8kt0cY1jcD53OGCN26Y8dX2kRPs.

View file

@ -6,8 +6,8 @@
define('DB_TYPE', 'pgsql'); define('DB_TYPE', 'pgsql');
define('DB_HOST', 'db'); define('DB_HOST', 'db');
define('DB_USER', 'ttrss'); define('DB_USER', 'ttrss');
define('DB_NAME', 'ttrss'); define('DB_NAME', 'feeds');
define('DB_PASS', 'password-dev'); define('DB_PASS', 'ttpass');
define('DB_PORT', '5432'); define('DB_PORT', '5432');
define('MYSQL_CHARSET', 'UTF8'); define('MYSQL_CHARSET', 'UTF8');

View file

@ -1,7 +1,9 @@
#!/bin/bash #!/bin/bash
### psql configuration parameters must be received as environ vars
### (PGHOST, PGDATABASE, PGUSER, PGPASSWORD)
timeout=60 timeout=60
for _ in $(seq 1 "$timeout"); do for _ in $(seq 1 "$timeout"); do
if env PGPASSWORD=password-dev psql -h db -U ttrss -w ttrss -c "" -q 2> /dev/null; then if psql -w -c "" -q 2> /dev/null; then
echo "DB ready" echo "DB ready"
exec "$@" exec "$@"
fi fi

20
dodo.py
View file

@ -18,6 +18,7 @@ def task_build():
'uptodate': [up2date_anyimages], 'uptodate': [up2date_anyimages],
'file_dep': ['docker-compose.yml', 'file_dep': ['docker-compose.yml',
'rss-bridge/Dockerfile', 'rss-bridge/Dockerfile',
'panel/Dockerfile',
] + list(scan_dir('docker')), ] + list(scan_dir('docker')),
'actions': [COMPOSE + ' build'], 'actions': [COMPOSE + ' build'],
'clean': [run_task_func(task__build_rm), 'clean': [run_task_func(task__build_rm),
@ -66,17 +67,24 @@ def stop():
def task_dbprepare(): def task_dbprepare():
'''applica il dump sql al container del db''' '''applica il dump sql al container del db'''
panelcli = 'docker-compose -p feedati exec -T panel ./panelcli -db-pass panelpass -db-addr db:5432 '
psql = r'docker exec -i $(docker ps -aqf name=feedati_db) env PGPASSWORD=superpass psql -h 127.0.0.1 -f - -d feeds superadmin '
return { return {
'setup': ['_dbprepare_clean', 'build'], 'setup': ['_dbprepare_clean', 'build'],
'file_dep': ['docker/ttrss.sql'], 'file_dep': list(scan_dir('docker', '*.sql')),
'actions': [ 'actions': [
(COMPOSE + ' up -d db').split(), (COMPOSE + ' up -d db panel').split(),
(wait_net_service, ('localhost', 5432, 300)), (wait_net_service, ('localhost', 5432, 300)),
(wait_pgsql_db, ('feedati_db', 'ttrss', 'ttrss')), (wait_pgsql_db, ('feedati_db', 'feeds', 'superadmin')),
'echo LOADING DB', 'echo LOADING DB',
r'docker exec -i $(docker ps -aqf name=feedati_db) ' # dbconf.sql would be better put in /docker-entrypoint-initdb.d/init-user-db.sh
'psql -h 127.0.0.1 -f - -d ttrss ttrss < docker/ttrss.sql', # (see https://hub.docker.com/r/library/postgres/ )
psql + ' < docker/dbconf.sql',
psql + ' < docker/ttrss.sql',
panelcli + 'setup',
panelcli + 'adduser -password password admin ad@m.in',
psql + ' < docker/dbconf-perms.sql',
'echo DB RESTORED', 'echo DB RESTORED',
], ],
'teardown': [(stop, [])], 'teardown': [(stop, [])],

1
panel Submodule

@ -0,0 +1 @@
Subproject commit 6605001ad948259e55de8e6625b77f6402cfff0a

@ -1 +1 @@
Subproject commit c1494adace180fae50d1476fcdec3648423f8ea2 Subproject commit 3821ca9737eeafe6ef69ab57d980c233e6b2a00c