4e582fb55d
* fix: Library Header layout shift * Bump Github Actions versions. * Self-Hosting Changes * Fix Minio Environment Variable * Just make pdfs successful, due to lack of PDFHandler * Fix issue where flag was set wrong * Added an NGINX Example file * Add some documentation for self-hosting via Docker Compose * Make some adjustments to Puppeteer due to failing sites. * adjust timings * Add start of Mail Service * Fix Docker Files * More email service stuff * Add Guide to use Zapier for Email-Importing. * Ensure that if no env is provided it uses the old email settings * Add some instructions for self-hosted email * Add SNS Endpoints for Mail Watcher * Add steps and functionality for using SES and SNS for email * Uncomment a few jobs. * Added option for Firefox for parser. Was having issues with Chromium on Docker. * Add missing space. Co-authored-by: Russ Taylor <729694+russtaylor@users.noreply.github.com> * Fix some wording on the Guide * update browser extension to handle self-hosted instances * add slight documentation to options page * Fix MV * Do raw handlers for Medium * Fix images in Medium * Update self-hosting/GUIDE.md Co-authored-by: Mike Baker <1426795+mbaker3@users.noreply.github.com> * Update Guide with other variables * Add The Verge to JS-less handlers * Update regex and image-proxy * Update self-hosting/nginx/nginx.conf Co-authored-by: Mike Baker <1426795+mbaker3@users.noreply.github.com> * Update regex and image-proxy * Update self-hosting/docker-compose/docker-compose.yml Co-authored-by: Mike Baker <1426795+mbaker3@users.noreply.github.com> * Fix Minio for Export * Merge to main * Update GUIDE with newer NGINX * Update nginx config to include api/save route * Enable Native PDF View for PDFS * Enable Native PDF View for PDFS * feat:lover packages test * feat:working build * feat:alpine build * docs:api dockerfile docs * Write a PDF.js wrapper to replace pspdfkit * Revert changes for replication, set settings to have default mode * build folder got removed due to gitignore on pdf * Add Box shadow to pdf pages * Add Toggle for Progress in PDFS, enabled native viewer toggle * Update node version to LTS * Update node version to LTS * Fix Linting issues * Fix Linting issues * Make env variable nullable * Add touchend listener for mobile * Make changes to PDF for mobile * fix(android): change serverUrl to selfhosted first * feat:2 stage alpine content fetch * feat:separated start script * fix:changed to node 22 * Add back youtube functionality and add guide * trigger build * Fix cache issue on YouTube * Allow empty AWS_S3_ENDPOINT * Allow empty AWS_S3_ENDPOINT * Add GCHR for all images * Add GCHR For self hosting. * Add GCHR For self hosting. * Test prebuilt. * Test prebuilt * Test prebuilt... * Fix web image * Remove Web Image (For now) * Move docker-compose to images * Move docker-compose files to correct locations * Remove the need for ARGS * Update packages, and Typescript versions * Fix * Fix issues with build on Web * Correct push * Fix Linting issues * Fix Trace import * Add missing types * Fix Tasks * Add information into guide about self-build * Fix issues with PDF Viewer --------- Co-authored-by: keumky2 <keumky2@woowahan.com> Co-authored-by: William Theaker <wtheaker@nvidia.com> Co-authored-by: Russ Taylor <729694+russtaylor@users.noreply.github.com> Co-authored-by: David Adams <david@dadams2.com> Co-authored-by: Mike Baker <1426795+mbaker3@users.noreply.github.com> Co-authored-by: m1xxos <66390094+m1xxos@users.noreply.github.com> Co-authored-by: Adil <mr.adil777@gmail.com>
Database management
This workspace is used for database schema definitions and migrations.
Project currently uses PostgreSQL 11. Make sure you use the correct version.
Migrations usage
❗ It is important to understand that migrations that had already been performed are locked and are not a subject to change. Therefore for every alteration of schema you need to generate a new migration and perform alterations there.
Never commit changed files for migrations that already had been performed elsewhere, - it will break the migrations.
To migrate to latest version: yarn migrate
To migrate up/down to specific version: yarn migrate <version>
To migrate down to empty state: yarn migrate 0000
To generate new migration: yarn generate
* At the moment, version numbers expect to be padded to 4 digits
Policies and roles
We use Row Level Security when accessing the database from the application. In order to create a correct schema for new tables please study migration files for the schemas of previous tables (including possible later changes).
In order to use Row Level Security every transaction with the database must set the correct role via omnivore.set_claims function.
Current roles
omnivore_user - a user role that is intended for a regular user to access the data. Currently, this is the primary user of the database.
Database users on GCP
postgres - administrator of the database, used for migrations.
app_user - a user that the app uses to login to database.
❗ Do not issue any extra grants to app_user other than that are needed to assume a certain internal role, i.e. GRANT omnivore_user TO app_user
Installing and Using locally
- Install and run the postgresql service on your machine.
Configure access to the database
On some systems, Postgres will only allow the local postgres user to connect to the database. One way around this is to
set the authentication method in your pg_hba.conf file. The trust method allows any user who can connect to
database to make changes. The default is peer which means the user must be logged into the system as the postgres
user. Another option is md5 or password which allows access to the postgres user with a password instead of
needing to be logged in locally as postgres. For simplicity, set the method to trust. You
will need to restart the postgresql service after making this change.
-
Verify you can connect to postgres
psql -U postgres. -
Quit psql (command is
\q) -
Create database using handy CLI tool (which needs the
-U <user>flag for now):$ createdb -U postgres omnivore -
Copy .env.example file to .env file:
cp .env.example .env -
Modify
.envand setPG_USERtopostgres -
Run migration:
yarn migrate
Accessing the database locally
Instead of using the superuser to access, create a user with the omnivore_user role. You can choose your local
username instead of app_user here to avoid needing the -U app_user flag in the psql command below.
- Create a user named
app_userin Postgres - Allow
app_userto assume the roles necessary for the application. Do not manually grant any other role toapp_user
$ psql -U postgres
# CREATE USER app_user WITH ENCRYPTED PASSWORD 'app_pass';
# GRANT omnivore_user to app_user;
-
Update the
PG_USERandPG_PASSWORDvalues in.envfiles (packages/db, pkg/api) toapp_userandapp_pass, respectively -
You can now use psql to login to your database:
psql -U app_user -d omnivore
Gotchas
Postgres Row-Level Security can at times catch us off guard: there are policies limiting select/update operations on
tables based on active user role/ID in a transaction block. So at times, when working on the local database, one must
make sure to login via postgres user to view all rows in the tables or perform updates.