fix: using mailpit

.env.example

@@ -38,6 +38,11 @@ NHOST_AUTH_URL=https://auth${BASE_HOSTNAME}/v1
 NHOST_GRAPHQL_URL=https://graphql${BASE_HOSTNAME}/v1
 NHOST_STORAGE_URL=https://storage${BASE_HOSTNAME}/v1
 NHOST_FUNCTIONS_URL=https://functions${BASE_HOSTNAME}/v1
+# we need alias for public urls of nhost-broswer-client
+PUBLIC_NHOST_AUTH_URL=${NHOST_AUTH_URL}
+PUBLIC_NHOST_GRAPHQL_URL=${NHOST_GRAPHQL_URL}
+PUBLIC_NHOST_STORAGE_URL=${NHOST_STORAGE_URL}
+PUBLIC_NHOST_FUNCTIONS_URL=${NHOST_FUNCTIONS_URL}
 
 # Hasura
 HASURA_GRAPHQL_ENDPOINT=https://hasura${BASE_HOSTNAME}

.secrets.example

@@ -16,12 +16,12 @@ AUTH_PROVIDER_GOOGLE_CLIENT_SECRET = 'FIXME'
 AUTH_PROVIDER_GITHUB_CLIENT_ID = 'FIXME'
 AUTH_PROVIDER_GITHUB_CLIENT_SECRET = 'FIXME'
 
-## SMTP (for local development, use `mailhog` server, for prod: set appropriate `AUTH_SMTP_` variables)
-# SMTP host must be `mailhog` for local development, to bypass hasura-auth tls restrictions
-AUTH_SMTP_HOST = 'mailhog'
+## SMTP (for local development, use `mailpit` server, for prod: set appropriate `AUTH_SMTP_` variables)
+# SMTP host must be `mailpit` for local development, to bypass hasura-auth tls restrictions
+AUTH_SMTP_HOST = 'mailpit'
 AUTH_SMTP_PORT = '1025'
 AUTH_SMTP_AUTH_METHOD = 'PLAIN'
-AUTH_SMTP_SECURE = 'false'
+AUTH_SMTP_SECURE = 'true'
 AUTH_SMTP_USER = 'user'
 AUTH_SMTP_PASS = 'password'
 AUTH_SMTP_SENDER = '[email protected]'

apps/console-fb/README.md

@@ -25,7 +25,9 @@ PUBLIC_GRAPHQL_ENDPOINT=api.mycompany.com:443 turbo dev
 Generate `i18n` types, `schema.graphql` etc...
 
 ```shell
-turbo run generate --filter=playground
+turbo run generate --filter=console-fb
+# or from prod
+NODE_ENV=prod turbo run generate --filter=console-fb
 ```
 
 ## Maintenance

apps/console/README.md

@@ -101,7 +101,7 @@ crane export ghcr.io/xmlking/spectacular/console:v0.1.3 - | tar -tvf - | grep -v
 | Auth      | <https://auth.traefik.me/healthz>                 |
 | Storage   | <https://storage.traefik.me/healthz>              |
 | Minio     | <https://minio.traefik.me>                        |
-| Mailhog   | <https://mailhog.traefik.me>                      |
+| Mailpit   | <https://mailpit.traefik.me>                      |
 | Dashboard | <https://dashboard.traefik.me>                    |
 | Tailcall  | <https://gateway.traefik.me>                      |
 

apps/console/package.json

@@ -14,6 +14,7 @@
     "format": "biome check --write",
     "generate": "concurrently pnpm:generate:*",
     "generate:pull-schema": "dotenv-run -f .env -f .secrets -v -- houdini pull-schema",
+    "generate:pull-schema:prod": "NODE_ENV=prod dotenv-run -f .env -f .secrets -v -- houdini pull-schema",
     "generate:svelte": "svelte-kit sync",
     "lang:lint": "pnpm inlang lint --project ./project.inlang",
     "lang:studio": "pnpm inlang open editor",

apps/console/project.inlang/.gitignore

@@ -0,0 +1 @@
+cache

apps/console/src/lib/components/layout/avatar.svelte

@@ -2,6 +2,9 @@
 // Ref: https://github.com/hansaskov/my-skeleton-app/blob/master/src/lib/components/Avatar.svelte
 import { Avatar, popup } from '@skeletonlabs/skeleton';
 import type { PopupSettings } from '@skeletonlabs/skeleton';
+import { Settings } from 'lucide-svelte';
+import { CircleUserRound } from 'lucide-svelte';
+import { LogOut } from 'lucide-svelte';
 
 const popupSettings: PopupSettings = {
   event: 'click',
@@ -31,13 +34,19 @@ export let src: string | undefined = undefined;
 <div class="card w-48 rounded-container-token" data-popup="avatarPopup">
   <div class="w-full">
     <a href="/settings" class="bg-primary-hover-token btn w-full rounded-container-token">
-      <iconify-icon class="w-5 justify-center" icon="lucide:settings" />
+<!--      <iconify-icon class="w-5 justify-center" icon="lucide:settings" />-->
+      <Settings class="w-5 justify-center" />
       <p class="flex-grow text-justify">Settings</p>
     </a>
     <hr />
+    <a href="/profile" class="bg-primary-hover-token btn w-full rounded-container-token">
+      <CircleUserRound class="w-5 justify-center" />
+      <p class="flex-grow text-justify">Profile</p>
+    </a>
+    <hr />
     <form method="POST" action="/signout">
       <button type="submit" class="bg-primary-hover-token btn w-full rounded-container-token">
-        <iconify-icon class="w-5 justify-center" icon="lucide:log-out" />
+        <LogOut class="w-5 justify-center" />
         <p class="flex-grow text-justify">Log out</p>
       </button>
     </form>

apps/console/src/lib/stores/user.ts

@@ -1,4 +1,5 @@
 import { browser } from '$app/environment';
+import { env } from '$env/dynamic/public';
 import { PUBLIC_NHOST_REGION, PUBLIC_NHOST_SUBDOMAIN } from '$env/static/public';
 import { NHOST_SESSION_KEY } from '$lib/constants';
 import type { User } from '@nhost/nhost-js';
@@ -9,8 +10,12 @@ import { readable, writable } from 'svelte/store';
 const log = new Logger('user.store.client');
 
 export const nhost = new NhostClient({
-  subdomain: PUBLIC_NHOST_SUBDOMAIN || 'local',
-  region: PUBLIC_NHOST_REGION,
+  // subdomain: PUBLIC_NHOST_SUBDOMAIN || 'local',
+  // region: PUBLIC_NHOST_REGION,
+  authUrl: env.PUBLIC_NHOST_AUTH_URL,
+  graphqlUrl: env.PUBLIC_NHOST_GRAPHQL_URL,
+  storageUrl: env.PUBLIC_NHOST_STORAGE_URL,
+  functionsUrl: env.PUBLIC_NHOST_FUNCTIONS_URL,
 });
 
 export const user = writable<User | null>(null);

compose.yml

@@ -133,23 +133,36 @@ services:
       traefik.http.routers.hasura.tls: 'true'
       traefik.http.services.hasura.loadbalancer.server.port: '8080'
   ###########################################################################
-  # mailpit - but named as mailhog
+  # mailpit - smtp relay and UI
+  # NOTE: this mailpit use self-signed certs with SAN: mailpit,
+  # located in ./infra/base/mailpit/certs
+  # you may have to add its CA cert to hasura-auth system trust store
+  # e.g. ./infra/components/cacerts/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt
   ###########################################################################
-  mailhog:
-    image: axllent/mailpit:v1.18.3
-    hostname: mailhog
-    container_name: mailhog
+  mailpit:
+    image: axllent/mailpit:v1.18.4
+    hostname: mailpit
+    container_name: mailpit
     restart: unless-stopped
     environment:
-      MP_SMTP_AUTH: 'user:password'
-      # MP_SMTP_AUTH_ACCEPT_ANY: 1
-      MP_SMTP_AUTH_ALLOW_INSECURE: 'true'
       TZ: ${CONTAINER_TIMEZONE:-America/Los_Angeles}
+      # MP_SMTP_AUTH_ACCEPT_ANY: 1  # (or) use MP_SMTP_AUTH
+      MP_SMTP_AUTH: 'user:password'
+      # MP_SMTP_AUTH_ALLOW_INSECURE: 'true' # (or) below 3 lines
+      MP_SMTP_REQUIRE_TLS: 'true'
+      MP_SMTP_TLS_CERT: /certs/tls.crt
+      MP_SMTP_TLS_KEY: /certs/tls.key
+      # only enable below 3 lines, if you also want to send email copy via relay
+      MP_SMTP_RELAY_HOST: smtp.gmail.com
+      MP_SMTP_RELAY_PORT: 25
+      MP_SMTP_RELAY_MATCHING: "@chinthagunta\\.com$" # (or) MP_SMTP_RELAY_ALL: true
+      # MP_SMTP_RELAY_ALL: true
     expose:
       - 1025 # MP_SMTP_BIND_ADDR
       - 8025 # MP_UI_BIND_ADDR
     volumes:
-      - mailhog:/data
+      - mailpit:/data
+      - ./infra/base/mailpit/certs:/certs:ro
     healthcheck:
       test: ['CMD', 'wget', '--spider', '-S', 'http://localhost:8025/livez'] # for k8 /readyz
       interval: 60s
@@ -162,16 +175,16 @@ services:
         condition: service_healthy
     labels:
       traefik.enable: 'true'
-      traefik.http.routers.mailhog.entrypoints: websecure
-      traefik.http.routers.mailhog.rule: Host(`mailhog${BASE_HOSTNAME}`)
-      traefik.http.routers.mailhog.service: mailhog
-      traefik.http.routers.mailhog.tls: 'true'
-      traefik.http.services.mailhog.loadbalancer.server.port: '8025'
+      traefik.http.routers.mailpit.entrypoints: websecure
+      traefik.http.routers.mailpit.rule: Host(`mailpit${BASE_HOSTNAME}`)
+      traefik.http.routers.mailpit.service: mailpit
+      traefik.http.routers.mailpit.tls: 'true'
+      traefik.http.services.mailpit.loadbalancer.server.port: '8025'
   ###########################################################################
   # hasura auth
   # Environment Variables:
   # https://github.com/nhost/hasura-auth/blob/main/docs/environment-variables.md
-  # If SMTP host bane == "mailhog" || name == "localhost" || name == "127.0.0.1" || name == "::1", non-tls is allowed
+  # When SMTP host bane == "mailhog" || name == "localhost" || name == "127.0.0.1" || name == "::1", non-tls is allowed
   ###########################################################################
   auth:
     image: nhost/hasura-auth:0.32.0
@@ -224,11 +237,11 @@ services:
       AUTH_REQUIRE_ELEVATED_CLAIM: recommended # required
       AUTH_SERVER_URL: https://auth${BASE_HOSTNAME}/v1
       AUTH_SMTP_AUTH_METHOD: ${AUTH_SMTP_AUTH_METHOD:-PLAIN}
-      AUTH_SMTP_HOST: ${AUTH_SMTP_HOST:-mailhog}
+      AUTH_SMTP_HOST: ${AUTH_SMTP_HOST:-mailpit}
       AUTH_SMTP_PORT: ${AUTH_SMTP_PORT:-1025}
       AUTH_SMTP_USER: ${AUTH_SMTP_USER:-user}
       AUTH_SMTP_PASS: ${AUTH_SMTP_PASS:-password}
-      AUTH_SMTP_SECURE: ${AUTH_SMTP_SECURE:-false}
+      AUTH_SMTP_SECURE: ${AUTH_SMTP_SECURE:-true}
       AUTH_SMTP_SENDER: ${AUTH_SMTP_SENDER:[email protected]}
       AUTH_USER_DEFAULT_ALLOWED_ROLES: user,me
       AUTH_USER_DEFAULT_ROLE: user
@@ -259,7 +272,7 @@ services:
     depends_on:
       traefik:
         condition: service_healthy
-      # mailhog:
+      # mailpit:
       #   condition: service_healthy
       postgres:
         condition: service_healthy
@@ -532,5 +545,5 @@ services:
 volumes:
   certs: {}
   pg_data: {}
-  mailhog: {}
+  mailpit: {}
   minio: {}

docs/hasura.md

@@ -22,7 +22,7 @@ go install github.com/hasura/graphql-engine/cli/cmd/hasura@latest
 
 ### Usage
 
-NOTE: You can pass `--endpoint <hasura-endpoint> --admin-secret <HASURA*GRAPHQL_ADMIN_SECRET> command-line args for all \_Hasura CLI* commands
+NOTE: You can pass `--endpoint <hasura-endpoint> --admin-secret <HASURA_GRAPHQL_ADMIN_SECRET> command-line args for all _Hasura CLI_ commands
 
 ```shell
 # Create a directory to store migrations (with endpoint and admin secret configured):