From 42273f90139fe58c6a7ee5307cb4025d30bdb929 Mon Sep 17 00:00:00 2001 From: Diogo Biazus Date: Thu, 10 Sep 2020 18:45:32 -0400 Subject: [PATCH 1/3] Allow reading database connection string from file so we can make secret management easier on platforms that drop a secret in the filesystem --- database-uri.txt | 1 + sample-env | 2 +- src/PostgresWebsockets/Config.hs | 10 +++++++++- 3 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 database-uri.txt diff --git a/database-uri.txt b/database-uri.txt new file mode 100644 index 0000000..5439fee --- /dev/null +++ b/database-uri.txt @@ -0,0 +1 @@ +postgres://localhost:5432/postgres diff --git a/sample-env b/sample-env index 6e3c1e6..a1048bd 100644 --- a/sample-env +++ b/sample-env @@ -1,5 +1,5 @@ ## PostgreSQL URI where the server will connect to issue NOTIFY and LISTEN commands -export PGWS_DB_URI="postgres://localhost:5432/postgres" +export PGWS_DB_URI="@./database-uri.txt" ## Size of connection pool used to issue notify commands (LISTEN commands are always issued on the same connection that is not part of the pool). export PGWS_POOL_SIZE=10 diff --git a/src/PostgresWebsockets/Config.hs b/src/PostgresWebsockets/Config.hs index be78033..66df5d6 100644 --- a/src/PostgresWebsockets/Config.hs +++ b/src/PostgresWebsockets/Config.hs @@ -43,7 +43,7 @@ prettyVersion = intercalate "." $ map show $ versionBranch version -- | Load all postgres-websockets config from Environment variables. This can be used to use just the middleware or to feed into warpSettings loadConfig :: IO AppConfig -loadConfig = readOptions >>= loadSecretFile +loadConfig = readOptions >>= loadSecretFile >>= loadDatabaseURIFile -- | Given a shutdown handler and an AppConfig builds a Warp Settings to start a stand-alone server warpSettings :: (IO () -> IO ()) -> AppConfig -> Settings @@ -73,6 +73,14 @@ readOptions = <*> var auto "PGWS_POOL_SIZE" (def 10 <> helpDef show <> help "How many connection to the database should be used by the connection pool") <*> var auto "PGWS_RETRIES" (def 5 <> helpDef show <> help "How many times it should try to connect to the database on startup before exiting with an error") +loadDatabaseURIFile :: AppConfig -> IO AppConfig +loadDatabaseURIFile conf@AppConfig{..} = + case stripPrefix "@" configDatabase of + Nothing -> pure conf + Just filename -> setDatabase . strip <$> readFile (toS filename) + where + setDatabase uri = conf {configDatabase = uri} + loadSecretFile :: AppConfig -> IO AppConfig loadSecretFile conf = extractAndTransform secret where From 89b37b6491c6990926efad0b7b2463258e2241ec Mon Sep 17 00:00:00 2001 From: Diogo Biazus Date: Thu, 10 Sep 2020 18:57:54 -0400 Subject: [PATCH 2/3] Add new database URI from file to changelog and readme --- CHANGELOG.md | 1 + README.md | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0b00729..3e3a0d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## 0.9.0.0 +- Add @filename semantics to PGWS_DB_URI configiration variable to allow secret management to use a file instead of an environment variable. - Add PGWS_RETRIES to limit the amount of times the server tries to open a database connection upon startup (defaults to 5). This breaks backward compatibility if you rely on the behaviour of the server to try infitite times. ## 0.8.0.1 diff --git a/README.md b/README.md index a5d6155..227244b 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,9 @@ source sample-env && ~/.local/bin/postgres-websockets ``` After running the above command, open your browser on http://localhost:3000 to see an example of usage. -The sample config file provided in the [sample.conf](https://github.com/diogob/postgres-websockets/tree/master/sample.conf) file comes with a jwt secret just for testing and is used in the sample client. +The sample config file provided in the [sample-env](https://github.com/diogob/postgres-websockets/tree/master/sample-env) file comes with a jwt secret just for testing and is used in the sample client. +Note that the `sample-env` points to `./database-uri.txt` to load the URI from an external file. This is determined by the use of `@` as a prefix to the value of the variable `PGWS_DB_URI`. +This is entirely optional and the URI could be exported directly as `PGWS_DB_URI` without using the prefix `@`. You will find the complete sources for the example under the folder [client-example](https://github.com/diogob/postgres-websockets/tree/master/client-example). To run the server without giving access to any static files one can unser the variable `PGWS_ROOT_PATH`. From f379abbebe989a0837dd5e5ea497b3ed907a9664 Mon Sep 17 00:00:00 2001 From: Diogo Biazus Date: Thu, 10 Sep 2020 19:00:30 -0400 Subject: [PATCH 3/3] Fix typo in docs --- src/PostgresWebsockets.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PostgresWebsockets.hs b/src/PostgresWebsockets.hs index 21230ec..31af03b 100644 --- a/src/PostgresWebsockets.hs +++ b/src/PostgresWebsockets.hs @@ -2,7 +2,7 @@ Module : PostgresWebsockets Description : PostgresWebsockets main library interface. -These are all function necessary to start a fully functionaing service. +These are all function necessary to configure and start the server. -} module PostgresWebsockets ( prettyVersion