scott/crabfit
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: scott:120e9b0b4682649eb6f9129ec8712dc658d9bd4d
Branches Tags
scott:main
scott:prod
..
compare: scott:29d7c283e557c4872a9bba66676beccb75387719
Branches Tags
scott:prod
scott:main

1 commit
120e9b0b46 ... 29d7c283e5

Author SHA1 Message Date
D. Scott Boggs 29d7c283e5 Add ability to read database password from a file
Some checks failed
API Checks / clippy (push) Has been cancelled
Details
Deploy API / Deploy to Fly.io (push) Has been cancelled
Details
2025-05-05 07:35:13 -04:00
5 changed files with 801 additions and 1024 deletions
Show stats Expand all files Collapse all files

1745
api/Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

4
api/Dockerfile
View file

@ -1,8 +1,6 @@
# This dockerfile builds the API and runs it on a minimal container with the Datastore adaptor # This dockerfile builds the API and runs it on a minimal container with the Datastore adaptor
FROM rust:latest as builder FROM rust:latest as builder
ARG adaptor=sql-adaptor
# Install CA Certs for Hyper # Install CA Certs for Hyper
RUN apt-get install -y --no-install-recommends ca-certificates RUN apt-get install -y --no-install-recommends ca-certificates
@ -13,7 +11,7 @@ COPY . .
# Will build and cache the binary and dependent crates in release mode # Will build and cache the binary and dependent crates in release mode
RUN --mount=type=cache,target=/usr/local/cargo,from=rust:latest,source=/usr/local/cargo \ RUN --mount=type=cache,target=/usr/local/cargo,from=rust:latest,source=/usr/local/cargo \
--mount=type=cache,target=target \ --mount=type=cache,target=target \
cargo build --release --features $adaptor && mv ./target/release/crabfit-api ./api cargo build --release --features sql-adaptor && mv ./target/release/crabfit-api ./api
# Runtime image # Runtime image
FROM debian:bullseye-slim FROM debian:bullseye-slim

7
api/adaptors/sql/src/lib.rs
View file

@ -188,12 +188,11 @@ fn get_connection_string() -> String {
if let Some(password_file_location) = env::var_os("DATABASE_PASSWORD_FILE") { if let Some(password_file_location) = env::var_os("DATABASE_PASSWORD_FILE") {
// The password can be left out of the URL, we add it from the specified // The password can be left out of the URL, we add it from the specified
// file (presumably under /run/secrets/) // file (presumably under /run/secrets/)
let password = fs::read(&password_file_location).unwrap_or_else(|err| { let password = fs::read(password_file_location).unwrap_or_else(|| {
panic!("could not read database password from {password_file_location:?}\n\t{err:?}") panic!("could not read database password from {password_file_location:?}")
}); });
let mut url = Url::parse(&connection_string).expect("invalid connection string"); let mut url = Url::parse(&connection_string).expect("invalid connection string");
url.set_password(Some(String::from_utf8_lossy(password.as_slice()).as_ref())) url.set_password(Some(String::from_utf8_lossy(password.as_slice()).as_ref()));
.unwrap_or_else(|_| panic!("invalid database URL: {connection_string:?}"));
url.to_string() url.to_string()
} else { } else {
connection_string connection_string

14
api/src/routes/tasks.rs
View file

@ -1,4 +1,4 @@
use std::{env, fs}; use std::env;
use axum::{extract, http::HeaderMap}; use axum::{extract, http::HeaderMap};
use chrono::{Duration, Utc}; use chrono::{Duration, Utc};
@ -28,17 +28,7 @@ pub async fn cleanup<A: Adaptor>(
.get("X-Cron-Key") .get("X-Cron-Key")
.map(|k| k.to_str().unwrap_or_default().into()) .map(|k| k.to_str().unwrap_or_default().into())
.unwrap_or_default(); .unwrap_or_default();
let env_key = if let Ok(key) = env::var("CRON_KEY") { let env_key = env::var("CRON_KEY").unwrap_or_default();
key
} else if let Some(path) = env::var_os("CRON_KEY_FILE") {
let Ok(key) = fs::read(&path) else {
println!("Error reading CRON_KEY_FILE at {path:?}");
return Err(ApiError::NotAuthorized);
};
String::from_utf8_lossy(key.as_slice()).into()
} else {
Default::default()
};
if !env_key.is_empty() && cron_key_header != env_key { if !env_key.is_empty() && cron_key_header != env_key {
return Err(ApiError::NotAuthorized); return Err(ApiError::NotAuthorized);
} }

55
frontend/Dockerfile
View file

@ -1,55 +0,0 @@
# syntax=docker.io/docker/dockerfile:1
# From https://github.com/vercel/next.js/blob/canary/examples/with-docker/Dockerfile
FROM node:18-alpine AS base
# Install dependencies only when needed
FROM base AS deps
# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
RUN apk add --no-cache libc6-compat
WORKDIR /app
# Install dependencies based on the preferred package manager
COPY package.json yarn.lock ./
RUN yarn --frozen-lockfile
# Rebuild the source code only when needed
FROM base AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
# Next.js collects completely anonymous telemetry data about general usage.
# Learn more here: https://nextjs.org/telemetry
# Uncomment the following line in case you want to disable telemetry during the build.
ENV NEXT_TELEMETRY_DISABLED=1
RUN yarn run build
# Production image, copy all the files and run next
FROM base AS runner
WORKDIR /app
ENV NODE_ENV=production
# Uncomment the following line in case you want to disable telemetry during runtime.
ENV NEXT_TELEMETRY_DISABLED=1
RUN addgroup --system --gid 1000 nodejs
RUN adduser --system --uid 1000 nextjs
COPY --from=builder /app/public ./public
# Automatically leverage output traces to reduce image size
# https://nextjs.org/docs/advanced-features/output-file-tracing
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
USER nextjs
EXPOSE 3000
ENV PORT=3000
# server.js is created by next build from the standalone output
# https://nextjs.org/docs/pages/api-reference/config/next-config-js/output
ENV HOSTNAME="0.0.0.0"
CMD ["node", "server.js"]