diff --git a/.env.example b/.env.example index 28b89eaa..dfbd0d52 100644 --- a/.env.example +++ b/.env.example @@ -38,6 +38,11 @@ NHOST_AUTH_URL=https://auth${BASE_HOSTNAME}/v1 NHOST_GRAPHQL_URL=https://graphql${BASE_HOSTNAME}/v1 NHOST_STORAGE_URL=https://storage${BASE_HOSTNAME}/v1 NHOST_FUNCTIONS_URL=https://functions${BASE_HOSTNAME}/v1 +# we need alias for public urls of nhost-broswer-client +PUBLIC_NHOST_AUTH_URL=${NHOST_AUTH_URL} +PUBLIC_NHOST_GRAPHQL_URL=${NHOST_GRAPHQL_URL} +PUBLIC_NHOST_STORAGE_URL=${NHOST_STORAGE_URL} +PUBLIC_NHOST_FUNCTIONS_URL=${NHOST_FUNCTIONS_URL} # Hasura HASURA_GRAPHQL_ENDPOINT=https://hasura${BASE_HOSTNAME} diff --git a/.secrets.example b/.secrets.example index 28360234..6134d829 100644 --- a/.secrets.example +++ b/.secrets.example @@ -16,12 +16,12 @@ AUTH_PROVIDER_GOOGLE_CLIENT_SECRET = 'FIXME' AUTH_PROVIDER_GITHUB_CLIENT_ID = 'FIXME' AUTH_PROVIDER_GITHUB_CLIENT_SECRET = 'FIXME' -## SMTP (for local development, use `mailhog` server, for prod: set appropriate `AUTH_SMTP_` variables) -# SMTP host must be `mailhog` for local development, to bypass hasura-auth tls restrictions -AUTH_SMTP_HOST = 'mailhog' +## SMTP (for local development, use `mailpit` server, for prod: set appropriate `AUTH_SMTP_` variables) +# SMTP host must be `mailpit` for local development, to bypass hasura-auth tls restrictions +AUTH_SMTP_HOST = 'mailpit' AUTH_SMTP_PORT = '1025' AUTH_SMTP_AUTH_METHOD = 'PLAIN' -AUTH_SMTP_SECURE = 'false' +AUTH_SMTP_SECURE = 'true' AUTH_SMTP_USER = 'user' AUTH_SMTP_PASS = 'password' AUTH_SMTP_SENDER = 'hasura-auth@example.com' diff --git a/apps/console-fb/README.md b/apps/console-fb/README.md index b9e61a7e..a821de22 100644 --- a/apps/console-fb/README.md +++ b/apps/console-fb/README.md @@ -25,7 +25,9 @@ PUBLIC_GRAPHQL_ENDPOINT=api.mycompany.com:443 turbo dev Generate `i18n` types, `schema.graphql` etc... ```shell -turbo run generate --filter=playground +turbo run generate --filter=console-fb +# or from prod +NODE_ENV=prod turbo run generate --filter=console-fb ``` ## Maintenance diff --git a/apps/console/README.md b/apps/console/README.md index 5cae4948..3f989569 100644 --- a/apps/console/README.md +++ b/apps/console/README.md @@ -101,7 +101,7 @@ crane export ghcr.io/xmlking/spectacular/console:v0.1.3 - | tar -tvf - | grep -v | Auth | | | Storage | | | Minio | | -| Mailhog | | +| Mailpit | | | Dashboard | | | Tailcall | | diff --git a/apps/console/package.json b/apps/console/package.json index bab11ddd..ca6c9a45 100644 --- a/apps/console/package.json +++ b/apps/console/package.json @@ -14,6 +14,7 @@ "format": "biome check --write", "generate": "concurrently pnpm:generate:*", "generate:pull-schema": "dotenv-run -f .env -f .secrets -v -- houdini pull-schema", + "generate:pull-schema:prod": "NODE_ENV=prod dotenv-run -f .env -f .secrets -v -- houdini pull-schema", "generate:svelte": "svelte-kit sync", "lang:lint": "pnpm inlang lint --project ./project.inlang", "lang:studio": "pnpm inlang open editor", diff --git a/apps/console/project.inlang/.gitignore b/apps/console/project.inlang/.gitignore new file mode 100644 index 00000000..5e465967 --- /dev/null +++ b/apps/console/project.inlang/.gitignore @@ -0,0 +1 @@ +cache \ No newline at end of file diff --git a/apps/console/src/lib/components/layout/avatar.svelte b/apps/console/src/lib/components/layout/avatar.svelte index 3ecf253d..4e4d1471 100644 --- a/apps/console/src/lib/components/layout/avatar.svelte +++ b/apps/console/src/lib/components/layout/avatar.svelte @@ -2,6 +2,9 @@ // Ref: https://github.com/hansaskov/my-skeleton-app/blob/master/src/lib/components/Avatar.svelte import { Avatar, popup } from '@skeletonlabs/skeleton'; import type { PopupSettings } from '@skeletonlabs/skeleton'; +import { Settings } from 'lucide-svelte'; +import { CircleUserRound } from 'lucide-svelte'; +import { LogOut } from 'lucide-svelte'; const popupSettings: PopupSettings = { event: 'click', @@ -31,13 +34,19 @@ export let src: string | undefined = undefined;
- + +

Settings
+ + +

Profile

+ +
diff --git a/apps/console/src/lib/stores/user.ts b/apps/console/src/lib/stores/user.ts index 53a6c9a1..63ac522f 100644 --- a/apps/console/src/lib/stores/user.ts +++ b/apps/console/src/lib/stores/user.ts @@ -1,4 +1,5 @@ import { browser } from '$app/environment'; +import { env } from '$env/dynamic/public'; import { PUBLIC_NHOST_REGION, PUBLIC_NHOST_SUBDOMAIN } from '$env/static/public'; import { NHOST_SESSION_KEY } from '$lib/constants'; import type { User } from '@nhost/nhost-js'; @@ -9,8 +10,12 @@ import { readable, writable } from 'svelte/store'; const log = new Logger('user.store.client'); export const nhost = new NhostClient({ - subdomain: PUBLIC_NHOST_SUBDOMAIN || 'local', - region: PUBLIC_NHOST_REGION, + // subdomain: PUBLIC_NHOST_SUBDOMAIN || 'local', + // region: PUBLIC_NHOST_REGION, + authUrl: env.PUBLIC_NHOST_AUTH_URL, + graphqlUrl: env.PUBLIC_NHOST_GRAPHQL_URL, + storageUrl: env.PUBLIC_NHOST_STORAGE_URL, + functionsUrl: env.PUBLIC_NHOST_FUNCTIONS_URL, }); export const user = writable(null); diff --git a/compose.yml b/compose.yml index 81914725..aaafc0e2 100644 --- a/compose.yml +++ b/compose.yml @@ -133,23 +133,36 @@ services: traefik.http.routers.hasura.tls: 'true' traefik.http.services.hasura.loadbalancer.server.port: '8080' ########################################################################### - # mailpit - but named as mailhog + # mailpit - smtp relay and UI + # NOTE: this mailpit use self-signed certs with SAN: mailpit, + # located in ./infra/base/mailpit/certs + # you may have to add its CA cert to hasura-auth system trust store + # e.g. ./infra/components/cacerts/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt ########################################################################### - mailhog: - image: axllent/mailpit:v1.18.3 - hostname: mailhog - container_name: mailhog + mailpit: + image: axllent/mailpit:v1.18.4 + hostname: mailpit + container_name: mailpit restart: unless-stopped environment: - MP_SMTP_AUTH: 'user:password' - # MP_SMTP_AUTH_ACCEPT_ANY: 1 - MP_SMTP_AUTH_ALLOW_INSECURE: 'true' TZ: ${CONTAINER_TIMEZONE:-America/Los_Angeles} + # MP_SMTP_AUTH_ACCEPT_ANY: 1 # (or) use MP_SMTP_AUTH + MP_SMTP_AUTH: 'user:password' + # MP_SMTP_AUTH_ALLOW_INSECURE: 'true' # (or) below 3 lines + MP_SMTP_REQUIRE_TLS: 'true' + MP_SMTP_TLS_CERT: /certs/tls.crt + MP_SMTP_TLS_KEY: /certs/tls.key + # only enable below 3 lines, if you also want to send email copy via relay + MP_SMTP_RELAY_HOST: smtp.gmail.com + MP_SMTP_RELAY_PORT: 25 + MP_SMTP_RELAY_MATCHING: "@chinthagunta\\.com$" # (or) MP_SMTP_RELAY_ALL: true + # MP_SMTP_RELAY_ALL: true expose: - 1025 # MP_SMTP_BIND_ADDR - 8025 # MP_UI_BIND_ADDR volumes: - - mailhog:/data + - mailpit:/data + - ./infra/base/mailpit/certs:/certs:ro healthcheck: test: ['CMD', 'wget', '--spider', '-S', 'http://localhost:8025/livez'] # for k8 /readyz interval: 60s @@ -162,16 +175,16 @@ services: condition: service_healthy labels: traefik.enable: 'true' - traefik.http.routers.mailhog.entrypoints: websecure - traefik.http.routers.mailhog.rule: Host(`mailhog${BASE_HOSTNAME}`) - traefik.http.routers.mailhog.service: mailhog - traefik.http.routers.mailhog.tls: 'true' - traefik.http.services.mailhog.loadbalancer.server.port: '8025' + traefik.http.routers.mailpit.entrypoints: websecure + traefik.http.routers.mailpit.rule: Host(`mailpit${BASE_HOSTNAME}`) + traefik.http.routers.mailpit.service: mailpit + traefik.http.routers.mailpit.tls: 'true' + traefik.http.services.mailpit.loadbalancer.server.port: '8025' ########################################################################### # hasura auth # Environment Variables: # https://github.com/nhost/hasura-auth/blob/main/docs/environment-variables.md - # If SMTP host bane == "mailhog" || name == "localhost" || name == "127.0.0.1" || name == "::1", non-tls is allowed + # When SMTP host bane == "mailhog" || name == "localhost" || name == "127.0.0.1" || name == "::1", non-tls is allowed ########################################################################### auth: image: nhost/hasura-auth:0.32.0 @@ -224,11 +237,11 @@ services: AUTH_REQUIRE_ELEVATED_CLAIM: recommended # required AUTH_SERVER_URL: https://auth${BASE_HOSTNAME}/v1 AUTH_SMTP_AUTH_METHOD: ${AUTH_SMTP_AUTH_METHOD:-PLAIN} - AUTH_SMTP_HOST: ${AUTH_SMTP_HOST:-mailhog} + AUTH_SMTP_HOST: ${AUTH_SMTP_HOST:-mailpit} AUTH_SMTP_PORT: ${AUTH_SMTP_PORT:-1025} AUTH_SMTP_USER: ${AUTH_SMTP_USER:-user} AUTH_SMTP_PASS: ${AUTH_SMTP_PASS:-password} - AUTH_SMTP_SECURE: ${AUTH_SMTP_SECURE:-false} + AUTH_SMTP_SECURE: ${AUTH_SMTP_SECURE:-true} AUTH_SMTP_SENDER: ${AUTH_SMTP_SENDER:-hasura-auth@example.com} AUTH_USER_DEFAULT_ALLOWED_ROLES: user,me AUTH_USER_DEFAULT_ROLE: user @@ -259,7 +272,7 @@ services: depends_on: traefik: condition: service_healthy - # mailhog: + # mailpit: # condition: service_healthy postgres: condition: service_healthy @@ -532,5 +545,5 @@ services: volumes: certs: {} pg_data: {} - mailhog: {} + mailpit: {} minio: {} diff --git a/docs/hasura.md b/docs/hasura.md index a86d1e3d..f2485815 100644 --- a/docs/hasura.md +++ b/docs/hasura.md @@ -22,7 +22,7 @@ go install github.com/hasura/graphql-engine/cli/cmd/hasura@latest ### Usage -NOTE: You can pass `--endpoint --admin-secret command-line args for all \_Hasura CLI* commands +NOTE: You can pass `--endpoint --admin-secret command-line args for all _Hasura CLI_ commands ```shell # Create a directory to store migrations (with endpoint and admin secret configured):