thohlt/archtika
1
0
Fork 0
mirror of https://github.com/thiloho/archtika.git synced 2025-11-22 02:41:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #29 from archtika/devel

Browse Source 
Refactoring and small improvements
This commit is contained in:
Thilo Hohlt
2025-01-30 00:36:47 +01:00
committed by GitHub
parent 2757ddb774 c97347e760
commit 33acb2578c
5 changed files with 38 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/test.yml vendored
View File

@@ -23,7 +23,7 @@ jobs:
run: | run: |
wait_for_postgres() { wait_for_postgres() {
echo "Waiting for PostgreSQL to be ready..." echo "Waiting for PostgreSQL to be ready..."
while ! nix shell nixpkgs#postgresql_16 -c pg_isready -h 127.0.0.1 -p 15432 -U postgres; do while ! nix shell nixpkgs#postgresql -c pg_isready -h 127.0.0.1 -p 15432 -U postgres; do
sleep 1 sleep 1
done done
echo "PostgreSQL is ready." echo "PostgreSQL is ready."

2
flake.nix
View File

@@ -36,7 +36,7 @@
''; '';
}; };
web = pkgs.mkShell { web = pkgs.mkShell {
packages = with pkgs; [ nodejs_22 ]; packages = with pkgs; [ nodejs ];
shellHook = '' shellHook = ''
export PLAYWRIGHT_BROWSERS_PATH=${pkgs.playwright-driver.browsers} export PLAYWRIGHT_BROWSERS_PATH=${pkgs.playwright-driver.browsers}
export PLAYWRIGHT_SKIP_VALIDATE_HOST_REQUIREMENTS=true export PLAYWRIGHT_SKIP_VALIDATE_HOST_REQUIREMENTS=true

5
nix/deploy/prod/default.nix
View File

@@ -27,7 +27,10 @@ in
defaults.email = "thilo.hohlt@tutanota.com"; defaults.email = "thilo.hohlt@tutanota.com";
certs."${domain}" = { certs."${domain}" = {
inherit domain; inherit domain;
extraDomainNames = [ "*.${domain}" docsSubdomain ]; extraDomainNames = [
"*.${domain}"
docsSubdomain
];
dnsProvider = "porkbun"; dnsProvider = "porkbun";
environmentFile = /var/lib/porkbun.env; environmentFile = /var/lib/porkbun.env;
group = "nginx"; group = "nginx";

63
nix/module.nix
View File

@@ -69,7 +69,7 @@ in
disableRegistration = mkOption { disableRegistration = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "By default any user can create an account. That behavior can be disabled by using this option."; description = "By default any user can create an account. That behavior can be disabled with this option.";
}; };
maxUserWebsites = mkOption { maxUserWebsites = mkOption {
type = types.ints.positive; type = types.ints.positive;
@@ -128,21 +128,19 @@ in
]; ];
}; };
systemd.tmpfiles.settings = { systemd.tmpfiles.settings."10-archtika" = {
"10-archtika" = { "/var/www" = {
"/var/www" = { d = {
d = { mode = "0755";
mode = "0755"; user = "root";
user = "root"; group = "root";
group = "root";
};
}; };
"/var/www/archtika-websites" = { };
d = { "/var/www/archtika-websites" = {
mode = "0770"; d = {
user = cfg.user; mode = "0770";
group = cfg.group; user = cfg.user;
}; group = cfg.group;
}; };
}; };
}; };
@@ -171,9 +169,7 @@ in
script = script =
let let
dbUrl = dbUrl = user: "postgres://${user}@/${cfg.databaseName}?host=/var/run/postgresql";
user:
"postgres://${user}@127.0.0.1:${toString config.services.postgresql.settings.port}/${cfg.databaseName}";
in in
'' ''
JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64) JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64)
@@ -183,7 +179,7 @@ in
-c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_storage_size\" TO ${toString cfg.settings.maxWebsiteStorageSize}" \ -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_storage_size\" TO ${toString cfg.settings.maxWebsiteStorageSize}" \
-c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_number_user\" TO ${toString cfg.settings.maxUserWebsites}" -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_number_user\" TO ${toString cfg.settings.maxUserWebsites}"
${pkgs.dbmate}/bin/dbmate --url ${dbUrl "postgres"}?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up ${lib.getExe pkgs.dbmate} --url "${dbUrl "postgres"}&sslmode=disable" --migrations-dir ${cfg.package}/rest-api/db/migrations up
PGRST_SERVER_CORS_ALLOWED_ORIGINS="https://${cfg.domain}" \ PGRST_SERVER_CORS_ALLOWED_ORIGINS="https://${cfg.domain}" \
PGRST_ADMIN_SERVER_PORT=${toString cfg.apiAdminPort} \ PGRST_ADMIN_SERVER_PORT=${toString cfg.apiAdminPort} \
@@ -193,7 +189,7 @@ in
PGRST_OPENAPI_MODE="ignore-privileges" \ PGRST_OPENAPI_MODE="ignore-privileges" \
PGRST_DB_URI=${dbUrl "authenticator"} \ PGRST_DB_URI=${dbUrl "authenticator"} \
PGRST_JWT_SECRET="$JWT_SECRET" \ PGRST_JWT_SECRET="$JWT_SECRET" \
${pkgs.postgrest}/bin/postgrest ${lib.getExe pkgs.postgrest}
''; '';
}; };
@@ -220,24 +216,23 @@ in
PORT = toString cfg.webAppPort; PORT = toString cfg.webAppPort;
}; };
script = "${pkgs.nodejs_22}/bin/node ${cfg.package}/web-app"; script = "${lib.getExe pkgs.nodejs} ${cfg.package}/web-app";
}; };
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = [ cfg.databaseName ]; ensureDatabases = [ cfg.databaseName ];
authentication = lib.mkOverride 51 ''
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
local all all trust
'';
extensions = ps: with ps; [ pgjwt ]; extensions = ps: with ps; [ pgjwt ];
authentication = lib.mkOverride 11 ''
local all all trust
'';
}; };
systemd.services.postgresql = { systemd.services.postgresql = {
path = builtins.attrValues { path = with pkgs; [
inherit (pkgs) gnutar gzip; gnutar
}; gzip
];
serviceConfig = { serviceConfig = {
ReadWritePaths = [ "/var/www/archtika-websites" ]; ReadWritePaths = [ "/var/www/archtika-websites" ];
SystemCallFilter = [ "@system-service" ]; SystemCallFilter = [ "@system-service" ];
@@ -252,13 +247,7 @@ in
recommendedOptimisation = true; recommendedOptimisation = true;
appendHttpConfig = '' appendHttpConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; map $http_cookie $archtika_auth_header {
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "accelerometer=(),autoplay=(),camera=(),cross-origin-isolated=(),display-capture=(),encrypted-media=(),fullscreen=(self),geolocation=(),gyroscope=(),keyboard-map=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(self),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),xr-spatial-tracking=(),clipboard-read=(self),clipboard-write=(self),gamepad=(),hid=(),idle-detection=(),interest-cohort=(),serial=(),unload=()" always;
map $http_cookie $auth_header {
default ""; default "";
"~*session_token=([^;]+)" "Bearer $1"; "~*session_token=([^;]+)" "Bearer $1";
} }
@@ -281,7 +270,7 @@ in
proxyPass = "http://127.0.0.1:${toString cfg.apiPort}/rpc/export_articles_zip"; proxyPass = "http://127.0.0.1:${toString cfg.apiPort}/rpc/export_articles_zip";
extraConfig = '' extraConfig = ''
default_type application/json; default_type application/json;
proxy_set_header Authorization $auth_header; proxy_set_header Authorization $archtika_auth_header;
''; '';
}; };
"/api/" = { "/api/" = {

8
web-app/src/lib/components/WebsiteEditor.svelte
View File

@@ -3,6 +3,7 @@
import { md } from "$lib/utils"; import { md } from "$lib/utils";
import { page } from "$app/stores"; import { page } from "$app/stores";
import { previewContent, textareaScrollTop } from "$lib/runes.svelte"; import { previewContent, textareaScrollTop } from "$lib/runes.svelte";
import { browser } from "$app/environment";
const { const {
id, id,
@@ -57,14 +58,14 @@
<div class="preview" bind:this={previewElement}> <div class="preview" bind:this={previewElement}>
{#if fullPreview} {#if fullPreview}
{#if !iframeLoaded} {#if !iframeLoaded && browser}
<p>Loading preview...</p> <p>Loading preview...</p>
{/if} {/if}
<iframe <iframe
src={previewContent.value} src={previewContent.value}
title="Preview" title="Preview"
onload={() => (iframeLoaded = true)} onload={() => (iframeLoaded = true)}
style:display={iframeLoaded ? "block" : "none"} style:display={!browser || iframeLoaded ? "block" : "none"}
></iframe> ></iframe>
{:else} {:else}
{@html md( {@html md(
@@ -131,6 +132,9 @@
.operations { .operations {
padding-block-start: var(--space-s); padding-block-start: var(--space-s);
resize: horizontal;
min-inline-size: 100%;
max-inline-size: calc(1536px - 320px);
} }
.preview { .preview {