feat: consistent env vars

.env.sample

@@ -1,55 +1,147 @@
-# Tenant Configuration
+#######################################
+# Server
+#######################################
+SERVER_HOST=0.0.0.0
+SERVER_PORT=5000
+SERVER_ADMIN_PORT=5001
+SERVER_KEEP_ALIVE_TIMEOUT=61
+SERVER_HEADERS_TIMEOUT=65
+SERVER_REGION=region-of-where-your-service-is-running
+
+
+#######################################
+# Auth
+#######################################
+AUTH_JWT_SECRET=f023d3db-39dc-4ac9-87b2-b2be72e9162b
+AUTH_JWT_ALGORITHM=HS256
+AUTH_ENCRYPTION_KEY=encryptionkey
+
+
+#######################################
+# Single Tenant
+#######################################
+TENANT_ID=bjhaohmqunupljrqypxz
 ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYW5vbiIsImlhdCI6MTYxMzUzMTk4NSwiZXhwIjoxOTI5MTA3OTg1fQ.mqfi__KnQB4v6PkIjkhzfwWrYyF94MEbSC6LnuvVniE
 SERVICE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaWF0IjoxNjEzNTMxOTg1LCJleHAiOjE5MjkxMDc5ODV9.th84OKK0Iz8QchDyXZRrojmKSEZ-OuitQm_5DvLiSIc
-TENANT_ID=bjhaohmqunupljrqypxz
-PGRST_JWT_SECRET=f023d3db-39dc-4ac9-87b2-b2be72e9162b
 
-# Database configuration
+
+#######################################
+# Multi Tenancy
+# uncomment MULTI_TENANT=true to enable multi tenancy
+# the [Single Tenant] configurations will be ignored
+#######################################
+# MULTI_TENANT=true
+DATABASE_MULTITENANT_URL=postgresql://postgres:[email protected]:5433/postgres
+REQUEST_X_FORWARDED_HOST_REGEXP=
+ADMIN_API_KEYS=apikey
+
+
+#######################################
+# Database
+#######################################
 DATABASE_URL=postgresql://postgres:[email protected]/postgres
 DATABASE_POOL_URL=postgresql://postgres:[email protected]:6453/postgres
+DATABASE_CONNECTION_TIMEOUT=3000
+DATABASE_SEARCH_PATH=
+
+## When DATABASE_POOL_URL is SET the following params are ignored
+DATABASE_MAX_CONNECTIONS=20
+DATABASE_FREE_POOL_AFTER_INACTIVITY=60000
+
+#######################################
+# Database - Migrations
+#######################################
+DB_INSTALL_ROLES=true
+DB_ANON_ROLE=anon
+DB_SERVICE_ROLE=service_role
+DB_AUTHENTICATED_ROLE=authenticated
+DB_SUPER_USER=postgres
+DB_ALLOW_MIGRATION_REFRESH=true
 
-# Upload configuration
-FILE_SIZE_LIMIT=52428800
 
-# Storage
+#######################################
+# Uploads
+#######################################
+UPLOAD_FILE_SIZE_LIMIT=524288000
+UPLOAD_FILE_SIZE_LIMIT_STANDARD=52428800
+UPLOAD_SIGNED_URL_EXPIRATION_TIME=60
+
+TUS_URL_PATH=/upload/resumable
+TUS_URL_EXPIRY_MS=3600000
+
+
+#######################################
+# Storage Backend Driver
+# values: s3 | file
+#######################################
 STORAGE_BACKEND=s3
-GLOBAL_S3_BUCKET=name-of-your-s3-bucket
 
-# S3 Configuration
-REGION=region-of-your-s3-bucket
-GLOBAL_S3_ENDPOINT=http://127.0.0.1:9000
-GLOBAL_S3_PROTOCOL=http
+#######################################
+# S3 Backend
+#######################################
+STORAGE_S3_BUCKET=name-of-your-s3-bucket
+STORAGE_S3_MAX_SOCKETS=200
+STORAGE_S3_ENDPOINT=http://127.0.0.1:9000
+STORAGE_S3_FORCE_PATH_STYLE=true
+STORAGE_S3_REGION=us-east-1
 
-# Minio Configuration (if using Minio)
-GLOBAL_S3_FORCE_PATH_STYLE=true
 AWS_ACCESS_KEY_ID=supa-storage
 AWS_SECRET_ACCESS_KEY=secret1234
-AWS_DEFAULT_REGION=ap-southeast-1
-
-# Local File Storage Configuration
-FILE_STORAGE_BACKEND_PATH=./data
 
-# Multitenant
-IS_MULTITENANT=false
-MULTITENANT_DATABASE_URL=postgresql://postgres:[email protected]:5433/postgres
-X_FORWARDED_HOST_REGEXP=
-ADMIN_API_KEYS=apikey
-ENCRYPTION_KEY=encryptionkey
+#######################################
+# File Backend
+#######################################
+STORAGE_FILE_BACKEND_PATH=./data
 
-# Logs
-LOGFLARE_ENABLED=false
-LOGFLARE_API_KEY=api_key
-LOGFLARE_SOURCE_TOKEN=source_token
 
+#######################################
 # Image Transformation
-ENABLE_IMAGE_TRANSFORMATION=true
+#######################################
+IMAGE_TRANSFORMATION_ENABLED=true
+IMAGE_TRANSFORMATION_LIMIT_MIN_SIZE=0
+IMAGE_TRANSFORMATION_LIMIT_MAX_SIZE=2000
+
 IMGPROXY_URL=http://localhost:50020
+IMGPROXY_REQUEST_TIMEOUT=15
+IMGPROXY_HTTP_MAX_SOCKETS=500
+
+#######################################
+# Image Transformation - Rate Limiter
+# values: redis | memory
+#######################################
+RATE_LIMITER_ENABLED=false
+RATE_LIMITER_DRIVER=redis
+RATE_LIMITER_REDIS_URL=localhost:6379
+RATE_LIMITER_REDIS_CONNECT_TIMEOUT=5
+RATE_LIMITER_RENDER_PATH_MAX_REQ_SEC=5
+RATE_LIMITER_REDIS_COMMAND_TIMEOUT=2
+
 
+#######################################
 # Queue
+# When PG_QUEUE_CONNECTION_URL is not SET it will use the DATABASE_URL
+# or DB
+#######################################
+PG_QUEUE_ENABLE=false
+PG_QUEUE_DELETE_AFTER_DAYS=2
+PG_QUEUE_ARCHIVE_COMPLETED_AFTER_SECONDS=7200
+PG_QUEUE_RETENTION_DAYS=2
+PG_QUEUE_CONNECTION_URL=
+
+
+#######################################
+# Webhooks
+#######################################
 WEBHOOK_URL=
-ENABLE_QUEUE_EVENTS=false
+WEBHOOK_API_KEY=
 
-# Rate Limiter
-ENABLE_RATE_LIMITER=true
-RATE_LIMITER_DRIVER=redis
-RATE_LIMITER_REDIS_URL=localhost:6379
+
+#######################################
+# Monitoring
+#######################################
+DEFAULT_METRICS_ENABLED=true
+LOG_LEVEL=info
+
+LOGFLARE_ENABLED=false
+LOGFLARE_API_KEY=api_key
+LOGFLARE_SOURCE_TOKEN=source_token

.github/workflows/ci.yml

@@ -13,7 +13,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        platform: [ubuntu-20.04]
+        platform: [ubuntu-23.10]
         node: ['20']
 
     runs-on: ${{ matrix.platform }}

docker-compose-infra.yml

@@ -2,6 +2,7 @@
 
 version: '3'
 services:
+
   tenant_db:
     image: postgres:15
     ports:
@@ -17,46 +18,109 @@ services:
       POSTGRES_PASSWORD: postgres
       POSTGRES_PORT: 5432
 
+  multitenant_db:
+    image: postgres:15
+    ports:
+      - '5433:5432'
+    configs:
+      - source: init.sql
+        target: /docker-entrypoint-initdb.d/init.sql
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready", "-d", "postgres" ]
+      interval: 50s
+      timeout: 60s
+      retries: 5
+    environment:
+      POSTGRES_DB: postgres
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+
   pg_bouncer:
     image: bitnami/pgbouncer:latest
     ports:
-      - '6453:6432'
+      - 6453:6432
     environment:
       POSTGRESQL_USERNAME: postgres
       POSTGRESQL_HOST: tenant_db
       POSTGRESQL_PASSWORD: postgres
       PGBOUNCER_POOL_MODE: transaction
       PGBOUNCER_IGNORE_STARTUP_PARAMETERS: "extra_float_digits, options"
       PGBOUNCER_STATS_USERS: postgres
+
+  supavisor:
+    image: supabase/supavisor:1.1.6
     depends_on:
+      multitenant_db:
+        condition: service_healthy
       tenant_db:
         condition: service_healthy
-
-  multitenant_db:
-    image: postgres:15
     ports:
-      - '5433:5432'
+      - 4000:4000
+      - 5452:5452
+      - 6543:6543
     healthcheck:
-      test: [ "CMD-SHELL", "pg_isready", "-d", "postgres" ]
-      interval: 50s
-      timeout: 60s
+      test: ["CMD", "curl", "-f", "http://localhost:4000/api/health"]
+      interval: 2s
+      timeout: 10s
       retries: 5
     environment:
-      POSTGRES_DB: postgres
-      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD: postgres
+      PORT: 4000
+      PROXY_PORT_SESSION: 5452
+      PROXY_PORT_TRANSACTION: 6543
+      DATABASE_URL: "ecto://postgres:postgres@multitenant_db:5432/postgres"
+      CLUSTER_POSTGRES: "true"
+      SECRET_KEY_BASE: "12345678901234567890121234567890123456789012345678903212345678901234567890123456789032123456789012345678901234567890323456789032"
+      VAULT_ENC_KEY: "12345678901234567890123456789032"
+      API_JWT_SECRET: "dev"
+      METRICS_JWT_SECRET: "dev"
+      REGION: "local"
+      ERL_AFLAGS: -proto_dist inet_tcp
+    command: sh -c "/app/bin/migrate && /app/bin/server"
 
-  redis:
-    image: redis:6.2-alpine
-    restart: always
-    ports:
-      - '6379:6379'
+  supavisor_setup:
+    image: supabase/supavisor:1.1.6
+    command: |
+      curl -X PUT \
+        "http://supavisor:4000/api/tenants/bjhaohmqunupljrqypxz" \
+        --header "Accept: application/json" \
+        --header "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJvbGUiOiJhbm9uIiwiaWF0IjoxNjQ1MTkyODI0LCJleHAiOjE5NjA3Njg4MjR9.M9jrxyvPLkUxWgOYSf5dNdJ8v_eRrq810ShFRT8N-6M" \
+        --header "Content-Type: application/json" \
+        --data-raw "{
+          \"tenant\": {
+            \"db_host\": \"tenant_db\",
+            \"db_port\": 5432,
+            \"db_database\": \"postgres\",
+            \"ip_version\": \"auto\",
+            \"require_user\": true,
+            \"upstream_ssl\": false,
+            \"enforce_ssl\": false,
+            \"default_max_clients\": 200,
+            \"default_pool_size\": 15,
+            \"users\": [
+              {
+                \"db_user\": \"postgres\",
+                \"db_password\": \"postgres\",
+                \"mode_type\": \"transaction\",
+                \"pool_size\": 15,
+                \"pool_checkout_timeout\": 100
+              }
+            ]
+          }
+        }"
+    depends_on:
+      supavisor:
+        condition: service_healthy
 
   minio:
     image: minio/minio
     ports:
       - '9000:9000'
       - '9001:9001'
+    healthcheck:
+      test: timeout 5s bash -c ':> /dev/tcp/127.0.0.1/9000' || exit 1
+      interval: 10s
+      timeout: 5s
+      retries: 2
     environment:
       MINIO_ROOT_USER: supa-storage
       MINIO_ROOT_PASSWORD: secret1234
@@ -65,7 +129,8 @@ services:
   minio_setup:
     image: minio/mc
     depends_on:
-      - minio
+      minio:
+        condition: service_healthy
     entrypoint: >
       /bin/sh -c "
       /usr/bin/mc alias set supa-minio http://minio:9000 supa-storage secret1234;
@@ -86,3 +151,15 @@ services:
       - IMGPROXY_LOCAL_FILESYSTEM_ROOT=/images
       - IMGPROXY_USE_ETAG=true
       - IMGPROXY_ENABLE_WEBP_DETECTION=true
+
+  # Optional for rate-limiting
+  redis:
+    image: redis:6.2-alpine
+    restart: always
+    ports:
+      - '6379:6379'
+
+configs:
+  init.sql:
+    content: |
+      CREATE SCHEMA IF NOT EXISTS _supavisor;