diff --git a/.gitignore b/.gitignore index 7cb1081..78f84f2 100644 --- a/.gitignore +++ b/.gitignore @@ -78,5 +78,7 @@ data/example data/token-claim tmp -# DB is not committed -postgres \ No newline at end of file +# DB Files are not committed +postgres +db_password.txt + diff --git a/packages/claim-backend/.env.example b/packages/claim-backend/.env.example index ca8bd9a..4369205 100644 --- a/packages/claim-backend/.env.example +++ b/packages/claim-backend/.env.example @@ -4,7 +4,7 @@ DB_PORT=5432 DB_HOST=127.0.0.1 DB_DATABASE=claim-backend DB_USERNAME=claim-backend -DB_PASSWORD=passwd +DB_PASSWORD_PATH=./db_password.txt DB_SSLMODE=true DB_LOGGING=true CORS_ORIGIN=* diff --git a/packages/claim-backend/README.md b/packages/claim-backend/README.md index c51c57c..7c0efeb 100644 --- a/packages/claim-backend/README.md +++ b/packages/claim-backend/README.md @@ -11,28 +11,43 @@ Apart from Node version 18, Claim Backend also requires: ## .env Params -| param | Description | Required | -| ---------------- | ---------------------------------------------------------- | -------- | -| BACKEND_HOST | IP used by backend (Default: 127.0.0.1) | false | -| BACKEND_PORT | Port used by backend (Default: 3000) | false | -| DB_PORT | Port used by PostgreSQL DB (Default: 5432) | false | -| DB_HOST | Host used by PostgreSQL DB (Default: 127.0.0.1) | false | -| DB_DATABASE | Name of Database of PostgreSQL DB (Default: claim-backend) | false | -| DB_USERNAME | Username of PostgreSQL DB (Default: claim-backend) | false | -| DB_PASSWORD | Password of Database of PostgreSQL DB (Default: passwd) | false | -| DB_SSLMODE | A flag to turn on SSL Connection on DB (Default: false) | false | -| DB_LOGGING | A flag to turn on verbose logging of DB (Default: true) | false | -| CORS_ORIGIN | Accepted Origin, can be string or Regex (Default: \*) | false | -| MERKLE_TREE_PATH | Path merkle-tree-details.json, generated by Tree Builder | true | +| param | Description | Required | +| ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | +| BACKEND_HOST | IP used by backend (Default: 127.0.0.1) | false | +| BACKEND_PORT | Port used by backend (Default: 3000) | false | +| DB_PORT | Port used by PostgreSQL DB (Default: 5432) | false | +| DB_HOST | Host used by PostgreSQL DB (Default: 127.0.0.1) | false | +| DB_DATABASE | Name of Database of PostgreSQL DB (Default: claim-backend) | false | +| DB_USERNAME | Username of PostgreSQL DB (Default: claim-backend) | false | +| DB_PASSWORD_PATH | Absolute file path or file path relative to `docker-compose.yaml` that stores the password of database of PostgreSQL DB (Default: ./db_password.txt) | false | +| DB_SSLMODE | A flag to turn on SSL Connection on DB (Default: false) | false | +| DB_LOGGING | A flag to turn on verbose logging of DB (Default: true) | false | +| CORS_ORIGIN | Accepted Origin, can be string or Regex (Default: \*) | false | +| MERKLE_TREE_PATH | Path merkle-tree-details.json, generated by Tree Builder | true | ## Run ``` -$ cd packages/claim-backend -$ cp .env.example .env -$ < Edit .env regarding to ".env Params" > -$ docker-compose up -d -$ yarn server +# Enter claim-backend package +cd packages/claim-backend + +# Install dependencies +yarn + +# Make a copy of .env.example +cp .env.example .env + +# Edit .env regarding to ".env Params" +(nano|vim|emacs) .env + +# Create secret for Docker DB Password +echo -n $(openssl rand -hex 16) > db_password.txt + +# Start postgres locally +docker-compose up -d + +# Start Claim Backend +yarn server ``` ## Endpoints diff --git a/packages/claim-backend/docker-compose.yml b/packages/claim-backend/docker-compose.yml index 9d23e89..9495dc8 100644 --- a/packages/claim-backend/docker-compose.yml +++ b/packages/claim-backend/docker-compose.yml @@ -8,7 +8,13 @@ services: command: ['postgres', '-cshared_preload_libraries=pg_stat_statements'] environment: POSTGRES_USER: claim-backend - POSTGRES_PASSWORD: passwd + POSTGRES_PASSWORD_FILE: /run/secrets/db_password POSTGRES_DB: claim-backend volumes: - ./postgres:/var/lib/postgresql/data + secrets: + - db_password + +secrets: + db_password: + file: ${DB_PASSWORD_PATH:-./db_password.txt} diff --git a/packages/claim-backend/src/db.ts b/packages/claim-backend/src/db.ts index 6d8f6c6..a33982e 100644 --- a/packages/claim-backend/src/db.ts +++ b/packages/claim-backend/src/db.ts @@ -1,3 +1,5 @@ +import * as fs from 'fs'; + import { Sequelize } from 'sequelize-typescript'; import Signature from './models/signature.model'; @@ -12,7 +14,7 @@ export class DB { host: process.env.DB_HOST || '127.0.0.1', database: process.env.DB_DATABASE || 'claim-backend', username: process.env.DB_USERNAME || 'claim-backend', - password: process.env.DB_PASSWORD || 'passwd', + password: fs.readFileSync(process.env.DB_PASSWORD_PATH || 'db_password.txt', 'utf-8'), models: [__dirname + '/models/*.model.ts'], port: Number(process.env.DB_PORT) || 5432, logging: process.env.DB_LOGGING !== 'false',