Compare commits
45 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 43fc67ded6 | |||
| 8e7781a346 | |||
| 68dd90048f | |||
| 7bf54bbd8c | |||
| 9fa5818860 | |||
| 77859b3d94 | |||
| 9e26479f67 | |||
| 000797f930 | |||
| 1e8e06738b | |||
| 28dbf76789 | |||
| 93aa1ebd3b | |||
| bf13344cbe | |||
| 62358e100c | |||
| 7ee1cd94dc | |||
| 893aa4db51 | |||
| 6b9da9dc15 | |||
| 44e08b62fd | |||
| 3feb35ea7b | |||
| 849fec6f01 | |||
| d27ee1202b | |||
| 32ac21afd2 | |||
| 39959f041d | |||
| 124d702ec4 | |||
| 2587483733 | |||
| 575ec574dd | |||
| 815cf96374 | |||
| 2b6c24bc86 | |||
| 632774d051 | |||
| 1d6b419a15 | |||
| 2da7526265 | |||
| 92877b669e | |||
| 10168843e1 | |||
| 0889f9c7b1 | |||
| 084010e38c | |||
| 8158c195f5 | |||
| 174d15de5b | |||
| 56523795d5 | |||
| 32bdb3d709 | |||
| b30d14af9a | |||
| 1220a37b60 | |||
| a3e008c317 | |||
| 58498c87af | |||
| fd9abb948a | |||
| 2b07f74cc1 | |||
| ee4d2984dd |
@ -12,8 +12,8 @@ jobs:
|
||||
name: check
|
||||
runs-on: ubuntu-latest
|
||||
if: |
|
||||
contains(github.event.head_commit.message, 'bump:') == false &&
|
||||
contains(github.event.head_commit.message, 'Merge pull request') == false
|
||||
contains(gitea.event.head_commit.message, 'bump:') == false &&
|
||||
contains(gitea.event.head_commit.message, 'Merge pull request') == false
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
@ -65,14 +65,20 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
needs: release # Wait for binary cache to propagate
|
||||
steps:
|
||||
- name: Get domain
|
||||
id: get_domain
|
||||
run: |
|
||||
DOMAIN=$(basename ${{ gitea.server_url }})
|
||||
echo $DOMAIN
|
||||
echo "domain=$DOMAIN" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Docker meta
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
# list of Docker images to use as base name for tags
|
||||
images: |
|
||||
${{ github.repository }}
|
||||
ghcr.io/${{ github.repository }}
|
||||
${{ steps.get_domain.outputs.domain }}/${{ gitea.repository }}
|
||||
# generate Docker tags based on the following events/attributes
|
||||
tags: |
|
||||
type=ref,event=branch
|
||||
@ -81,9 +87,9 @@ jobs:
|
||||
- name: Login to Gitea Container Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ vars.URL }}
|
||||
username: ${{ vars.USERNAME }}
|
||||
password: ${{ secrets.PASSWORD }}
|
||||
registry: ${{ gitea.server_url }}
|
||||
username: ${{ gitea.actor }}
|
||||
password: ${{ secrets.PAT }}
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
|
||||
@ -11,6 +11,8 @@ jobs:
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v31
|
||||
@ -28,12 +30,33 @@ jobs:
|
||||
run: |
|
||||
git config user.name "github-actions[bot]"
|
||||
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
||||
git checkout -B update
|
||||
|
||||
- name: Update
|
||||
run: nix run .#update
|
||||
|
||||
- name: Create Pull Request
|
||||
uses: peter-evans/create-pull-request@v7
|
||||
with:
|
||||
title: update
|
||||
body: automatic update
|
||||
env:
|
||||
PAT: ${{ secrets.PAT }}
|
||||
run: |
|
||||
URL="${{ gitea.server_url }}"
|
||||
REPO_OWNER_SLASH_NAME="${{ gitea.repository }}"
|
||||
|
||||
if ! git ls-remote --exit-code origin update; then
|
||||
git push origin update --force
|
||||
|
||||
PR_RESPONSE=$(curl -s -X POST -H "Authorization: token $PAT" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"title":"update","body":"automatic update","head":"update","base":"main"}' \
|
||||
"https://$URL/api/v1/repos/$REPO_OWNER_SLASH_NAME/pulls")
|
||||
|
||||
PR_NUMBER=$(echo "$PR_RESPONSE" | jq -r '.number')
|
||||
|
||||
curl -s -X POST -H "Authorization: token $PAT" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"Do":"merge","merge_when_checks_succeed":true,"delete_branch_after_merge":true}' \
|
||||
"https://$URL/api/v1/repos/$REPO_OWNER_SLASH_NAME/pulls/$PR_NUMBER/merge"
|
||||
|
||||
else
|
||||
git push origin update --force
|
||||
fi
|
||||
|
||||
130
.github/workflows/release.yaml
vendored
130
.github/workflows/release.yaml
vendored
@ -30,9 +30,45 @@ jobs:
|
||||
- name: Check
|
||||
run: nix flake check
|
||||
|
||||
release:
|
||||
# release:
|
||||
# runs-on: ubuntu-latest
|
||||
# needs: check
|
||||
# steps:
|
||||
# - name: Checkout
|
||||
# uses: actions/checkout@v4
|
||||
|
||||
# - name: Install Nix
|
||||
# uses: cachix/install-nix-action@v31
|
||||
# with:
|
||||
# nix_path: nixpkgs=channel:nixos-unstable
|
||||
|
||||
# - name: Use Cachix
|
||||
# uses: cachix/cachix-action@v16
|
||||
# with:
|
||||
# name: trevstack
|
||||
# authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
|
||||
|
||||
# - name: Build
|
||||
# run: >
|
||||
# nix build
|
||||
# .#trevstack-linux-amd64
|
||||
# .#trevstack-linux-arm64
|
||||
# .#trevstack-linux-arm
|
||||
# .#trevstack-windows-amd64
|
||||
# .#trevstack-darwin-amd64
|
||||
# .#trevstack-darwin-arm64
|
||||
|
||||
# - name: Release
|
||||
# uses: softprops/action-gh-release@v2
|
||||
# with:
|
||||
# generate_release_notes: true
|
||||
# files: |-
|
||||
# result*/bin/*
|
||||
|
||||
# https://docs.docker.com/build/ci/github-actions/manage-tags-labels/
|
||||
package:
|
||||
runs-on: ubuntu-latest
|
||||
needs: check
|
||||
needs: check # Wait for binary cache to propagate
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
@ -48,46 +84,14 @@ jobs:
|
||||
name: trevstack
|
||||
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
|
||||
|
||||
- name: Build
|
||||
run: >
|
||||
nix build
|
||||
.#trevstack-linux-amd64
|
||||
.#trevstack-linux-arm64
|
||||
.#trevstack-linux-arm
|
||||
.#trevstack-windows-amd64
|
||||
.#trevstack-darwin-amd64
|
||||
.#trevstack-darwin-arm64
|
||||
- name: Set env
|
||||
run: |
|
||||
TAG=${{ github.ref_name }}
|
||||
VERSION=${TAG#v}
|
||||
REGISTRY="ghcr.io"
|
||||
|
||||
- name: Release
|
||||
uses: softprops/action-gh-release@v2
|
||||
with:
|
||||
generate_release_notes: true
|
||||
files: |-
|
||||
result*/bin/*
|
||||
|
||||
# https://docs.docker.com/build/ci/github-actions/manage-tags-labels/
|
||||
package:
|
||||
runs-on: ubuntu-latest
|
||||
needs: release # Wait for binary cache to propagate
|
||||
steps:
|
||||
- name: Docker meta
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
# list of Docker images to use as base name for tags
|
||||
images: |
|
||||
${{ github.repository }}
|
||||
ghcr.io/${{ github.repository }}
|
||||
# generate Docker tags based on the following events/attributes
|
||||
tags: |
|
||||
type=ref,event=branch
|
||||
type=semver,pattern={{version}}
|
||||
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ vars.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
echo "VERSION=${VERSION}" >> $GITHUB_ENV
|
||||
echo "REGISTRY=${REGISTRY}" >> $GITHUB_ENV
|
||||
|
||||
- name: Login to GitHub Container Registry
|
||||
uses: docker/login-action@v3
|
||||
@ -96,15 +100,39 @@ jobs:
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
- name: Build & Load Images
|
||||
run: |
|
||||
nix build .#trevstack-linux-amd64-image && ./result | docker load
|
||||
nix build .#trevstack-linux-arm64-image && ./result | docker load
|
||||
nix build .#trevstack-linux-arm-image && ./result | docker load
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
- name: Push Images
|
||||
run: |
|
||||
docker image tag trevstack:$VERSION-amd64 $REGISTRY/$GITHUB_REPOSITORY:$VERSION-amd64
|
||||
docker push $REGISTRY/$GITHUB_REPOSITORY:$VERSION-amd64
|
||||
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
push: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
docker image tag trevstack:$VERSION-arm64 $REGISTRY/$GITHUB_REPOSITORY:$VERSION-arm64
|
||||
docker push $REGISTRY/$GITHUB_REPOSITORY:$VERSION-arm64
|
||||
|
||||
docker image tag trevstack:$VERSION-arm $REGISTRY/$GITHUB_REPOSITORY:$VERSION-arm
|
||||
docker push $REGISTRY/$GITHUB_REPOSITORY:$VERSION-arm
|
||||
|
||||
- name: Push Manifest
|
||||
run: |
|
||||
docker manifest create $REGISTRY/$GITHUB_REPOSITORY:$VERSION \
|
||||
$REGISTRY/$GITHUB_REPOSITORY:$VERSION-amd64 \
|
||||
$REGISTRY/$GITHUB_REPOSITORY:$VERSION-arm64 \
|
||||
$REGISTRY/$GITHUB_REPOSITORY:$VERSION-arm
|
||||
docker manifest annotate $REGISTRY/$GITHUB_REPOSITORY:$VERSION $REGISTRY/$GITHUB_REPOSITORY:$VERSION-amd64 --arch amd64
|
||||
docker manifest annotate $REGISTRY/$GITHUB_REPOSITORY:$VERSION $REGISTRY/$GITHUB_REPOSITORY:$VERSION-arm64 --arch arm64
|
||||
docker manifest annotate $REGISTRY/$GITHUB_REPOSITORY:$VERSION $REGISTRY/$GITHUB_REPOSITORY:$VERSION-arm --arch arm
|
||||
docker manifest push $REGISTRY/$GITHUB_REPOSITORY:$VERSION
|
||||
|
||||
docker manifest create $REGISTRY/$GITHUB_REPOSITORY:latest \
|
||||
$REGISTRY/$GITHUB_REPOSITORY:$VERSION-amd64 \
|
||||
$REGISTRY/$GITHUB_REPOSITORY:$VERSION-arm64 \
|
||||
$REGISTRY/$GITHUB_REPOSITORY:$VERSION-arm
|
||||
docker manifest annotate $REGISTRY/$GITHUB_REPOSITORY:latest $REGISTRY/$GITHUB_REPOSITORY:$VERSION-amd64 --arch amd64
|
||||
docker manifest annotate $REGISTRY/$GITHUB_REPOSITORY:latest $REGISTRY/$GITHUB_REPOSITORY:$VERSION-arm64 --arch arm64
|
||||
docker manifest annotate $REGISTRY/$GITHUB_REPOSITORY:latest $REGISTRY/$GITHUB_REPOSITORY:$VERSION-arm --arch arm
|
||||
docker manifest push $REGISTRY/$GITHUB_REPOSITORY:latest
|
||||
|
||||
4
.github/workflows/update.yaml
vendored
4
.github/workflows/update.yaml
vendored
@ -37,12 +37,14 @@ jobs:
|
||||
run: nix run .#update
|
||||
|
||||
- name: Create Pull Request
|
||||
id: cpr
|
||||
uses: peter-evans/create-pull-request@v7
|
||||
with:
|
||||
branch: update
|
||||
title: update
|
||||
body: automatic update
|
||||
|
||||
- name: Enable Automerge
|
||||
run: gh pr merge --merge --auto "1"
|
||||
run: gh pr merge --merge --auto "${{ steps.cpr.outputs.pull-request-number }}"
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.PAT }}
|
||||
|
||||
@ -19,7 +19,9 @@ echo "${version} -> ${next_version}"
|
||||
echo "bumping openapi"
|
||||
cd "${git_root}"
|
||||
sed -i -e "s/${version}/${next_version}/g" openapi.yaml
|
||||
sed -i -e "s/${version}/${next_version}/g" client/static/openapi/openapi.yaml
|
||||
git add openapi.yaml
|
||||
git add client/static/openapi/openapi.yaml
|
||||
|
||||
echo "bumping client"
|
||||
cd "${git_root}/client"
|
||||
|
||||
2
.vscode/extensions.json
vendored
2
.vscode/extensions.json
vendored
@ -2,7 +2,7 @@
|
||||
"recommendations": [
|
||||
"golang.go",
|
||||
"dorzey.vscode-sqlfluff",
|
||||
"zxh404.vscode-proto3",
|
||||
"bufbuild.vscode-buf",
|
||||
"dbaeumer.vscode-eslint",
|
||||
"svelte.svelte-vscode",
|
||||
"esbenp.prettier-vscode"
|
||||
|
||||
4
.vscode/settings.json
vendored
4
.vscode/settings.json
vendored
@ -18,8 +18,8 @@
|
||||
},
|
||||
|
||||
// Proto
|
||||
"[proto3]": {
|
||||
"editor.defaultFormatter": "zxh404.vscode-proto3"
|
||||
"[proto]": {
|
||||
"editor.defaultFormatter": "bufbuild.vscode-buf"
|
||||
},
|
||||
|
||||
// ESLint
|
||||
|
||||
29
Dockerfile
29
Dockerfile
@ -1,29 +0,0 @@
|
||||
# Nix builder
|
||||
FROM nixos/nix:latest AS builder
|
||||
|
||||
# Copy our source and setup our working dir.
|
||||
COPY . /tmp/build
|
||||
WORKDIR /tmp/build
|
||||
|
||||
# Build our Nix environment
|
||||
RUN nix \
|
||||
--extra-experimental-features "nix-command flakes" \
|
||||
--option filter-syscalls false \
|
||||
--accept-flake-config \
|
||||
build
|
||||
|
||||
# Copy the Nix store closure into a directory. The Nix store closure is the
|
||||
# entire set of Nix store values that we need for our build.
|
||||
RUN mkdir /tmp/nix-store-closure
|
||||
RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
|
||||
|
||||
# Final image is based on scratch. We copy a bunch of Nix dependencies
|
||||
# but they're fully self-contained so we don't need Nix anymore.
|
||||
FROM scratch
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
# Copy /nix/store
|
||||
COPY --from=builder /tmp/nix-store-closure /nix/store
|
||||
COPY --from=builder /tmp/build/result /app
|
||||
CMD ["/app/bin/trevstack"]
|
||||
50
README.md
50
README.md
@ -7,6 +7,7 @@ This is a CRUD app to use as a template for starting projects
|
||||
- **Communicate anywhere**. Define a [protocol buffer](https://protobuf.dev/), and [Connect](https://connectrpc.com/) generates type-safe code to facilitate communication between the server and any client (web, mobile, embedded, etc). The protocol buffers can contain annotations to validate fields on the client and server. For clients that cannot use Connect, an OpenAPI spec is also generated
|
||||
- **Build anywhere**. The dev environment, testing and building is all declared in a single [Nix](https://nixos.org/) flake. Every developer and server can use the same environment
|
||||
- **Deploy anywhere**. CI/CD is already set up using github actions. New versions are automatically released for every major platform, along with a docker image. The binaries created require zero run-time dependencies and are relatively small (this app is 26 MiB)
|
||||
- Can be entirely self-hosted
|
||||
- Authentication is rolled in, including API key, fingerprint & passkey
|
||||
- Automatic database migration on startup
|
||||
- Light & dark modes with the [catppuccin](https://catppuccin.com/palette/) color palette
|
||||
@ -27,7 +28,7 @@ URL=http://localhost:5173
|
||||
DATABASE_URL=sqlite:/home/trev/.config/trevstack/sqlite.db
|
||||
```
|
||||
|
||||
4. Run `treli`
|
||||
4. Run `treli` to start the server & client
|
||||
|
||||
It's that simple. If you're feeling fancy, install [direnv](https://direnv.net/) and the dev environment will load automatically.
|
||||
|
||||
@ -37,11 +38,52 @@ It's that simple. If you're feeling fancy, install [direnv](https://direnv.net/)
|
||||
|
||||
- `nix run #bump [major | minor]`: bumps the current version up one. Defaults to "patch" (0.0.1 -> 0.0.2)
|
||||
|
||||
- `buf lint` & `buf generate`: Lints and generates code from protocol buffers
|
||||
- `nix build [#trevstack-(GOOS)-(GOARCH)]`: builds the application. Defaults to building for your current platform, but can be built to many by specifying the GOOS and GOARCH values
|
||||
|
||||
- `sqlc vet` & `sqlc generate`: Verifies and generates code from SQL files
|
||||
- `nix flake check`: runs all validations
|
||||
|
||||
- `dbmate new` & `dbmate up`: Creates a new migration file and runs pending migrations
|
||||
- `buf lint proto` & `buf generate`: lints and generates code from protocol buffers
|
||||
|
||||
- `sqlc vet` & `sqlc generate`: verifies and generates code from SQL files
|
||||
|
||||
- `dbmate new` & `dbmate up`: creates a new migration file and runs pending migrations
|
||||
|
||||
### Github Actions
|
||||
|
||||
To use github actions for CI/CD, you'll need to create a fine-grained personal access token for the repository with the permissions:
|
||||
|
||||
- Contents (read and write)
|
||||
- Pull requests (read and write)
|
||||
|
||||
And change some settings for the repository:
|
||||
|
||||
- General -> Allow auto-merge: true
|
||||
- Rules -> Rulesets -> New ruleset
|
||||
- Branch targeting criteria: Default
|
||||
- Branch rules
|
||||
- Require status checks to pass -> Add checks -> "check"
|
||||
- Actions -> General -> Workflow permissions
|
||||
- Read and write permissions: true
|
||||
- Allow GitHub Actions to create and approve pull requests: true
|
||||
- Secrets and variables -> Actions -> Repository secrets
|
||||
- PAT: (personal access token)
|
||||
|
||||
### Gitea Actions
|
||||
|
||||
To use gitea actions for CI/CD, you'll need to create an [API token](https://docs.gitea.com/development/api-usage) with the scopes:
|
||||
|
||||
- write:repository
|
||||
- write:package
|
||||
|
||||
And change some settings for the repository:
|
||||
|
||||
- Repository -> Delete pull request branch after merge by default: true
|
||||
- Branches -> Add New Rule
|
||||
- Protected Branch Name Pattern: main
|
||||
- Enable Status Check: true
|
||||
- Status check patterns: Check / check\*
|
||||
- Actions -> Secrets
|
||||
- PAT: (API token)
|
||||
|
||||
## Components
|
||||
|
||||
|
||||
@ -1,5 +1,8 @@
|
||||
version: v2
|
||||
clean: true
|
||||
inputs:
|
||||
- directory: proto
|
||||
|
||||
managed:
|
||||
enabled: true
|
||||
override:
|
||||
|
||||
4
client/package-lock.json
generated
4
client/package-lock.json
generated
@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "trevstack",
|
||||
"version": "0.0.28",
|
||||
"version": "0.0.43",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "trevstack",
|
||||
"version": "0.0.28",
|
||||
"version": "0.0.43",
|
||||
"devDependencies": {
|
||||
"@bufbuild/protovalidate": "^0.1.1",
|
||||
"@connectrpc/connect": "^2.0.2",
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "trevstack",
|
||||
"private": true,
|
||||
"version": "0.0.28",
|
||||
"version": "0.0.43",
|
||||
"type": "module",
|
||||
"scripts": {
|
||||
"dev": "vite dev",
|
||||
|
||||
@ -3,8 +3,8 @@ servers:
|
||||
- url: /grpc
|
||||
info:
|
||||
title: Trevstack API
|
||||
version: 1.0.0
|
||||
description: API for trevstack
|
||||
version: 0.0.33
|
||||
description: API for Trevstack
|
||||
contact:
|
||||
name: Trev
|
||||
email: spam@trev.xyz
|
||||
|
||||
6
flake.lock
generated
6
flake.lock
generated
@ -2,11 +2,11 @@
|
||||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1746904237,
|
||||
"narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
|
||||
"lastModified": 1747179050,
|
||||
"narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
|
||||
"rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
39
flake.nix
39
flake.nix
@ -21,7 +21,7 @@
|
||||
...
|
||||
}: let
|
||||
pname = "trevstack";
|
||||
version = "0.0.28";
|
||||
version = "0.0.43";
|
||||
|
||||
build-systems = [
|
||||
"x86_64-linux"
|
||||
@ -83,7 +83,10 @@
|
||||
packages = with pkgs; [
|
||||
treli.packages."${system}".default
|
||||
git
|
||||
|
||||
# Nix
|
||||
nix-update
|
||||
alejandra
|
||||
|
||||
# Server
|
||||
go
|
||||
@ -127,7 +130,7 @@
|
||||
pname = "check-client";
|
||||
inherit version;
|
||||
src = ./client;
|
||||
npmDepsHash = "sha256-BuwxOJZU15lxKMfgrwD5F23ks8A6tWpFwK7KzjrdoRs=";
|
||||
npmDepsHash = "sha256-vgOTish91m4iVNCMuLfFRpTGdyyVr+/g4Ex3PRWqqGI=";
|
||||
dontNpmInstall = true;
|
||||
|
||||
buildPhase = ''
|
||||
@ -190,7 +193,7 @@
|
||||
client = pkgs.buildNpmPackage {
|
||||
inherit pname version;
|
||||
src = ./client;
|
||||
npmDepsHash = "sha256-BuwxOJZU15lxKMfgrwD5F23ks8A6tWpFwK7KzjrdoRs=";
|
||||
npmDepsHash = "sha256-vgOTish91m4iVNCMuLfFRpTGdyyVr+/g4Ex3PRWqqGI=";
|
||||
|
||||
installPhase = ''
|
||||
cp -r build "$out"
|
||||
@ -208,11 +211,8 @@
|
||||
HOME=$PWD
|
||||
'';
|
||||
};
|
||||
in
|
||||
{
|
||||
default = server;
|
||||
}
|
||||
// builtins.listToAttrs (builtins.map (x: {
|
||||
|
||||
binaries = builtins.listToAttrs (builtins.map (x: {
|
||||
name = "${pname}-${x.GOOS}-${x.GOARCH}";
|
||||
value = server.overrideAttrs {
|
||||
nativeBuildInputs =
|
||||
@ -235,7 +235,28 @@
|
||||
'';
|
||||
};
|
||||
})
|
||||
host-systems)
|
||||
host-systems);
|
||||
|
||||
images = builtins.listToAttrs (builtins.map (x: {
|
||||
name = "${pname}-${x.GOOS}-${x.GOARCH}-image";
|
||||
value = pkgs.dockerTools.streamLayeredImage {
|
||||
name = "${pname}";
|
||||
tag = "${version}-${x.GOARCH}";
|
||||
created = "now";
|
||||
architecture = "${x.GOARCH}";
|
||||
contents = [binaries."${pname}-${x.GOOS}-${x.GOARCH}"];
|
||||
config = {
|
||||
Cmd = ["${binaries."${pname}-${x.GOOS}-${x.GOARCH}"}/bin/${pname}-${x.GOOS}-${x.GOARCH}-${version}"];
|
||||
};
|
||||
};
|
||||
})
|
||||
(builtins.filter (x: x.GOOS == "linux") host-systems));
|
||||
in
|
||||
{
|
||||
default = server;
|
||||
}
|
||||
// binaries
|
||||
// images
|
||||
);
|
||||
};
|
||||
}
|
||||
|
||||
@ -3,7 +3,7 @@ servers:
|
||||
- url: /grpc
|
||||
info:
|
||||
title: Trevstack API
|
||||
version: 0.0.28
|
||||
version: 0.0.43
|
||||
description: API for Trevstack
|
||||
contact:
|
||||
name: Trev
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# For details on buf.yaml configuration, visit https://buf.build/docs/configuration/v2/buf-yaml
|
||||
version: v2
|
||||
modules:
|
||||
- path: proto
|
||||
- path: .
|
||||
deps:
|
||||
- buf.build/bufbuild/protovalidate
|
||||
@ -68,7 +68,7 @@ func main() {
|
||||
// Serve gRPC Handlers
|
||||
api := http.NewServeMux()
|
||||
api.Handle(interceptors.WithCORS(user.NewAuthHandler(vi, sqlc, webAuthn, name, env.Key)))
|
||||
api.Handle(interceptors.WithCORS(user.NewHandler(vi, sqlc, webAuthn, env.Key)))
|
||||
api.Handle(interceptors.WithCORS(user.NewHandler(vi, sqlc, webAuthn, name, env.Key)))
|
||||
api.Handle(interceptors.WithCORS(item.NewHandler(vi, sqlc, env.Key)))
|
||||
|
||||
// Serve web interface
|
||||
|
||||
@ -36,6 +36,7 @@ type Handler struct {
|
||||
db *sqlc.Queries
|
||||
webAuthn *webauthn.WebAuthn
|
||||
key []byte
|
||||
name string
|
||||
|
||||
sessions *map[int64]*webauthn.SessionData
|
||||
mu sync.Mutex
|
||||
@ -132,7 +133,7 @@ func (h *Handler) GetAPIKey(ctx context.Context, req *connect.Request[userv1.Get
|
||||
|
||||
// Generate JWT
|
||||
t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.RegisteredClaims{
|
||||
Issuer: "trevstack",
|
||||
Issuer: h.name,
|
||||
Subject: strconv.FormatInt(user.ID, 10),
|
||||
IssuedAt: &jwt.NumericDate{
|
||||
Time: time.Now(),
|
||||
@ -341,8 +342,8 @@ func transportsToString(transports []protocol.AuthenticatorTransport) string {
|
||||
return s
|
||||
}
|
||||
|
||||
func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.WebAuthn, key string) (string, http.Handler) {
|
||||
interceptors := connect.WithInterceptors(interceptors.NewAuthInterceptor(key), vi)
|
||||
func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.WebAuthn, name string, key string) (string, http.Handler) {
|
||||
interceptors := connect.WithInterceptors(vi, interceptors.NewAuthInterceptor(key))
|
||||
|
||||
sd := map[int64]*webauthn.SessionData{}
|
||||
return userv1connect.NewUserServiceHandler(
|
||||
@ -350,6 +351,7 @@ func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.We
|
||||
db: db,
|
||||
webAuthn: webauth,
|
||||
key: []byte(key),
|
||||
name: name,
|
||||
|
||||
sessions: &sd,
|
||||
mu: sync.Mutex{},
|
||||
|
||||
Reference in New Issue
Block a user