Skip to content
This repository has been archived by the owner on Feb 22, 2023. It is now read-only.

Commit

Permalink
feat: add encrypted files support for self-hosting
Browse files Browse the repository at this point in the history
  • Loading branch information
Karol Sójko committed Jun 10, 2022
1 parent 153268c commit 9f290fa
Show file tree
Hide file tree
Showing 7 changed files with 80 additions and 0 deletions.
7 changes: 7 additions & 0 deletions .env.sample
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ VERSION=local
AUTH_JWT_SECRET=auth_jwt_secret

EXPOSED_PORT=3000
EXPOSED_FILES_PORT=3125

DB_HOST=db
DB_REPLICA_HOST=db
Expand Down Expand Up @@ -40,3 +41,9 @@ NEW_RELIC_NO_CONFIG_FILE=true
NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=false
NEW_RELIC_LOG_ENABLED=false
NEW_RELIC_LOG_LEVEL=info

# File upload path (relative to root directory)
FILE_UPLOAD_PATH=data/uploads

# File uploads
VALET_TOKEN_SECRET=change-me-!
5 changes: 5 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,8 @@ data/import/*.sql
auth.env
api-gateway.env
syncing-server.env
files.env

# File Uploads
data/uploads/*
!data/uploads/.gitkeep
Empty file added data/uploads/.gitkeep
View file
Empty file.
24 changes: 24 additions & 0 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,11 @@ services:
PORT: 3000
AUTH_JWT_SECRET: '${AUTH_JWT_SECRET}'
REDIS_URL: '${REDIS_URL}'
FILES_SERVER_URL: 'http://localhost:${EXPOSED_FILES_PORT}'

This comment has been minimized.

Sign in to view

Copy link
@PeterCxy

PeterCxy Jun 11, 2022

Would this actually work? AFAIK the client is supposed to access the files server directly, which means that the files server needs its own public-facing URL, not just localhost. Maybe this should live in the .env file to be manually configured by the user instead?

This comment has been minimized.

Sign in to view

Copy link
@moughxyz

moughxyz Jun 11, 2022

Member

Yeah that's the issue this person had: #73

@karolsojko

This comment has been minimized.

Sign in to view

Copy link
@karolsojko

karolsojko Jun 14, 2022

Member

Fixed in here: fbcef31
entrypoint: [
"./wait-for.sh", "auth", "3000",
"./wait-for.sh", "syncing-server-js", "3000",
"./wait-for.sh", "files", "3000",
"./docker/entrypoint.sh", "start-web"
]
restart: unless-stopped
Expand Down Expand Up @@ -86,6 +88,7 @@ services:
DB_MIGRATIONS_PATH: '${DB_MIGRATIONS_PATH}'
REDIS_URL: '${REDIS_URL}'
AUTH_JWT_SECRET: '${AUTH_JWT_SECRET}'
VALET_TOKEN_SECRET: '${VALET_TOKEN_SECRET}'
restart: unless-stopped
networks:
- standardnotes_standalone
Expand Down Expand Up @@ -116,6 +119,27 @@ services:
DB_MIGRATIONS_PATH: '${DB_MIGRATIONS_PATH}'
REDIS_URL: '${REDIS_URL}'
AUTH_JWT_SECRET: '${AUTH_JWT_SECRET}'
VALET_TOKEN_SECRET: '${VALET_TOKEN_SECRET}'
restart: unless-stopped
networks:
- standardnotes_standalone

files:
image: standardnotes/files:1.9.0
container_name: files-standalone
entrypoint: [
"./wait-for.sh", "db", "3306",
"./wait-for.sh", "cache", "6379",
"./docker/entrypoint.sh", "start-web"
]
ports:
- ${EXPOSED_FILES_PORT}:3000
env_file: docker/files.env
environment:
FILE_UPLOAD_PATH: '${FILE_UPLOAD_PATH}'
VALET_TOKEN_SECRET: '${VALET_TOKEN_SECRET}'
volumes:
- ./${FILE_UPLOAD_PATH}:/var/www/${FILE_UPLOAD_PATH}
restart: unless-stopped
networks:
- standardnotes_standalone
Expand Down
3 changes: 3 additions & 0 deletions docker/auth.env.sample
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,6 @@ EPHEMERAL_SESSION_AGE=259200
ENCRYPTION_SERVER_KEY=server_key

SYNCING_SERVER_URL=http://syncing-server-js:3000

# File Uploads
VALET_TOKEN_TTL=7200
17 changes: 17 additions & 0 deletions docker/files.env.sample
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
LOG_LEVEL=info
NODE_ENV=production
VERSION=local

PORT=3000

S3_BUCKET_NAME=
S3_AWS_REGION=
SNS_TOPIC_ARN=
SNS_AWS_REGION=

REDIS_URL=redis://cache
REDIS_EVENTS_CHANNEL=events

MAX_CHUNK_BYTES=100000000

NEW_RELIC_ENABLED=false
24 changes: 24 additions & 0 deletions server.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ checkConfigFiles() {
if [ ! -f ".env" ]; then echo "Could not find syncing-server environment file. Please run the './server.sh setup' command and try again." && exit 1; fi
if [ ! -f "docker/api-gateway.env" ]; then echo "Could not find api-gateway environment file. Please run the './server.sh setup' command and try again." && exit 1; fi
if [ ! -f "docker/auth.env" ]; then echo "Could not find auth environment file. Please run the './server.sh setup' command and try again." && exit 1; fi
if [ ! -f "docker/files.env" ]; then echo "Could not find file service environment file. Please run the './server.sh setup' command and try again." && exit 1; fi
}

checkForConfigFileChanges() {
Expand All @@ -36,6 +37,10 @@ compareLineCount() {
AUTH_ENV_FILE_SAMPLE_LINES=$(wc -l docker/auth.env.sample | awk '{ print $1 }')
AUTH_ENV_FILE_LINES=$(wc -l docker/auth.env | awk '{ print $1 }')
if [ "$AUTH_ENV_FILE_SAMPLE_LINES" -ne "$AUTH_ENV_FILE_LINES" ]; then echo "The docker/auth.env file contains different amount of lines than docker/auth.env.sample. This may be caused by the fact that there is a new environment variable to configure. Please update your environment file and try again." && exit 1; fi

FILES_ENV_FILE_SAMPLE_LINES=$(wc -l docker/files.env.sample | awk '{ print $1 }')
FILES_ENV_FILE_LINES=$(wc -l docker/files.env | awk '{ print $1 }')
if [ "$FILES_ENV_FILE_SAMPLE_LINES" -ne "$FILES_ENV_FILE_LINES" ]; then echo "The docker/files.env file contains different amount of lines than docker/files.env.sample. This may be caused by the fact that there is a new environment variable to configure. Please update your environment file and try again." && exit 1; fi
}

COMMAND=$1 && shift 1
Expand All @@ -46,6 +51,7 @@ case "$COMMAND" in
if [ ! -f ".env" ]; then cp .env.sample .env; fi
if [ ! -f "docker/api-gateway.env" ]; then cp docker/api-gateway.env.sample docker/api-gateway.env; fi
if [ ! -f "docker/auth.env" ]; then cp docker/auth.env.sample docker/auth.env; fi
if [ ! -f "docker/files.env" ]; then cp docker/files.env.sample docker/files.env; fi
echo "Default configuration files created as .env and docker/*.env files. Feel free to modify values if needed."
;;
'start' )
Expand Down Expand Up @@ -74,6 +80,24 @@ case "$COMMAND" in
$DOCKER_COMPOSE_COMMAND up -d
echo "Infrastructure started. Give it a moment to warm up. If you wish please run the './server.sh logs' command to see details."
;;
'create-subscription' )
EMAIL=$1
if [[ "$EMAIL" = "" ]]; then
echo "Please provide an email for the subscription."
exit 1
fi
shift 1

$DOCKER_COMPOSE_COMMAND exec db sh -c "MYSQL_PWD=\$MYSQL_ROOT_PASSWORD mysql \$MYSQL_DATABASE -e \
'INSERT INTO user_roles (role_uuid , user_uuid) VALUES ((SELECT uuid FROM roles WHERE name=\"PRO_USER\" ORDER BY version DESC limit 1) ,(SELECT uuid FROM users WHERE email=\"$EMAIL\")) ON DUPLICATE KEY UPDATE role_uuid = VALUES(role_uuid);' \
"

$DOCKER_COMPOSE_COMMAND exec db sh -c "MYSQL_PWD=\$MYSQL_ROOT_PASSWORD mysql \$MYSQL_DATABASE -e \
'INSERT INTO user_subscriptions SET uuid=UUID(), plan_name=\"PRO_PLAN\", ends_at=8640000000000000, created_at=0, updated_at=0, user_uuid=(SELECT uuid FROM users WHERE email=\"$EMAIL\"), subscription_id=1, subscription_type=\"regular\";' \
"

echo "Subscription successfully created. Please consider donating if you do not plan on purchasing a subscription."
;;
'stop' )
echo "Stopping all service"
$DOCKER_COMPOSE_COMMAND kill
Expand Down

0 comments on commit 9f290fa

Please sign in to comment.