Release v0.0.7

Update vessel_role ROLE permissions
Update user_role ROLE permissions
Add Row Level securoty on auth.vessels

README.md

@@ -1,8 +1,8 @@
 # PostgSail
-Effortless cloud based solution for storing and sharing your SignalK data. Allow to effortlessly log your sails and monitor your boat. 
+Effortless cloud based solution for storing and sharing your SignalK data. Allow you to effortlessly log your sails and monitor your boat with historical data.
 
 ### Context
-It is all about SQL, object-relational, time-series, spatial database with a bit python.
+It is all about SQL, object-relational, time-series, spatial databases with a bit of python.
 
 ### Features
 - Automatically log your voyages without manually starting or stopping a trip.
@@ -15,7 +15,7 @@ It is all about SQL, object-relational, time-series, spatial database with a bit
 - Monitor your boat (position, depth, wind, temperature, battery charge status, etc.) remotely.
 - History: view trends.
 - Alert monitoring: get notification on low voltage or low fuel remotely.
-- Notification via email or PushOver.
+- Notification via email or PushOver, Telegram
 
 ### Cloud
 The cloud advantage.
@@ -38,7 +38,7 @@ Then simply excecute:
 $ docker-compose up
 ```
 
-### PostgSail Configuration
+### SQL Configuration
 
 Check and update your postgsail settings via SQL in the table `app_settings`:
 
@@ -58,7 +58,7 @@ Next, to ingest data from signalk, you need to install [signalk-postgsail](https
 
 Also, if you like, you can import saillogger data using the postgsail helpers, [postgsail-helpers](https://github.com/xbgmsharp/postgsail-helpers).
 
-You might want to import your influxdb1 data as weel, [outflux](https://github.com/timescale/outflux).
+You might want to import your influxdb1 data as well, [outflux](https://github.com/timescale/outflux).
 Any taker on influxdb2 to PostgSail? It is definitly possible.
 
 Last, if you like, you can import the sample data from Signalk NMEA Plaka by running the tests.

initdb/02_1_signalk_api.sql

@@ -15,7 +15,7 @@
 -- Always store time in UTC
 ---------------------------------------------------------------------------
 
--- vessels signalk -(POST)-> metadata -> metadata_upsert -(trigger)-> metadata_upsert_fn (INSERT or UPDATE)
+-- vessels signalk -(POST)-> metadata -> metadata_upsert -(trigger)-> metadata_upsert_trigger_fn (INSERT or UPDATE)
 -- vessels signalk -(POST)-> metrics -> metrics -(trigger)-> metrics_fn new log,stay,moorage
 
 ---------------------------------------------------------------------------
@@ -151,6 +151,7 @@ CREATE TABLE IF NOT EXISTS api.logbook(
   --track_geom Geometry(LINESTRING)
   track_geom geometry(LINESTRING,4326) NULL,
   track_geog geography(LINESTRING) NULL,
+  track_geojson JSON NULL,
   _from_time TIMESTAMP WITHOUT TIME ZONE NOT NULL,
   _to_time TIMESTAMP WITHOUT TIME ZONE NULL,
   distance NUMERIC, -- meters?
@@ -468,10 +469,13 @@ COMMENT ON TRIGGER
     metrics_trigger ON api.metrics 
     IS  'BEFORE INSERT ON api.metrics run function metrics_trigger_fn';
 
+---------------------------------------------------------------------------
+-- API helper functions
+--
+---------------------------------------------------------------------------
 
 ---------------------------------------------------------------------------
 -- Functions API schema
-
 -- Export a log entry to geojson
 DROP FUNCTION IF EXISTS api.export_logbook_geojson_point_fn;
 CREATE OR REPLACE FUNCTION api.export_logbook_geojson_point_fn(IN _id INTEGER, OUT geojson JSON) RETURNS JSON AS $export_logbook_geojson_point$
@@ -527,7 +531,7 @@ CREATE FUNCTION api.export_logbook_geojson_linestring_fn(IN _id INTEGER) RETURNS
         geojson json;
     BEGIN
         -- If _id is is not NULL and > 0
-        SELECT ST_AsGeoJSON(l.track_geom) INTO geojson
+        SELECT ST_AsGeoJSON(l.*) INTO geojson
             FROM api.logbook l 
             WHERE l.id = _id;
         RETURN geojson;
@@ -538,6 +542,110 @@ COMMENT ON FUNCTION
     api.export_logbook_geojson_linestring_fn
     IS 'Export a log entry to geojson feature linestring';
 
+-- export_logbook_geojson_fn
+DROP FUNCTION IF EXISTS api.export_logbook_geojson_fn;
+CREATE FUNCTION api.export_logbook_geojson_fn(IN _id integer, OUT geojson JSON) RETURNS JSON AS $export_logbook_geojson$
+    DECLARE
+        logbook_rec record;
+        log_geojson jsonb;
+        metrics_geojson jsonb;
+        _map jsonb;
+    BEGIN
+        -- Gather log details
+        -- If _id is is not NULL and > 0
+        SELECT * INTO logbook_rec
+            FROM api.logbook WHERE id = _id;
+		-- GeoJson Feature Logbook linestring
+	    SELECT
+		  ST_AsGeoJSON(l.*) into log_geojson
+		FROM
+		  api.logbook l
+		WHERE l.id = _id;
+		-- GeoJson Feature Metrics point
+		SELECT
+		  json_agg(ST_AsGeoJSON(t.*)::json) into metrics_geojson
+		FROM (
+		  ( SELECT
+                time,
+                courseovergroundtrue,
+                speedoverground,
+                anglespeedapparent,
+                longitude,latitude,
+                st_makepoint(longitude,latitude) AS geo_point
+		    FROM api.metrics m
+		    WHERE m.latitude IS NOT NULL
+		        AND m.longitude IS NOT NULL
+                AND time >= logbook_rec._from_time::TIMESTAMP WITHOUT TIME ZONE
+                AND time <= logbook_rec._to_time::TIMESTAMP WITHOUT TIME ZONE
+		    ORDER BY m.time ASC
+		   )
+		) AS t;
+
+		-- Merge jsonb
+		select log_geojson::jsonb || metrics_geojson::jsonb into _map;
+        -- output
+	    SELECT
+        json_build_object(
+            'type', 'FeatureCollection',
+            'features', _map
+        ) into geojson;
+    END;
+$export_logbook_geojson$ LANGUAGE plpgsql;
+-- Description
+COMMENT ON FUNCTION
+    api.export_logbook_geojson_fn
+    IS 'Export a log entry to geojson feature linestring and multipoint';
+
+-- Generate GPX XML file output
+-- https://opencpn.org/OpenCPN/info/gpxvalidation.html
+--
+DROP FUNCTION IF EXISTS api.export_logbook_gpx_fn;
+CREATE OR REPLACE FUNCTION api.export_logbook_gpx_fn(IN _id INTEGER) RETURNS pg_catalog.xml
+AS $export_logbook_gpx$
+    DECLARE
+        log_rec record;
+    BEGIN
+        -- Gather log details _from_time and _to_time
+        SELECT * into log_rec
+            FROM
+            api.logbook l
+            WHERE l.id = _id;
+        -- Generate XML
+        RETURN xmlelement(name gpx,
+                            xmlattributes(  '1.1' as version,
+                                            'PostgSAIL' as creator,
+                                            'http://www.topografix.com/GPX/1/1' as xmlns,
+                                            'http://www.opencpn.org' as "xmlns:opencpn",
+                                            'http://www.w3.org/2001/XMLSchema-instance' as "xmlns:xsi",
+                                            'http://www.garmin.com/xmlschemas/GpxExtensions/v3' as "xmlns:gpxx",
+                                            'http://www.topografix.com/GPX/1/1 http://www.topografix.com/GPX/1/1/gpx.xsd http://www.garmin.com/xmlschemas/GpxExtensions/v3 http://www8.garmin.com/xmlschemas/GpxExtensionsv3.xsd' as "xsi:schemaLocation"),
+                xmlelement(name trk,
+                    xmlelement(name name, 'Track Name'),
+                    xmlelement(name desc, 'Track Description'),
+                    xmlelement(name link, xmlattributes('https://openplotter.cloud/log/{_id}' as href),
+                                                xmlelement(name text, 'Link name')),
+                    xmlelement(name extensions, xmlelement(name "opencpn:guid", uuid_generate_v4()),
+                                                xmlelement(name "opencpn:viz", '1'),
+                                                xmlelement(name "opencpn:start", log_rec._from_time),
+                                                xmlelement(name "opencpn:end", log_rec._to_time)
+                                                ),
+                    xmlelement(name trkseg, xmlagg(
+                                                xmlelement(name trkpt,
+                                                    xmlattributes(latitude  as lat, longitude as lon),
+                                                        xmlelement(name time, time)
+                                                )))))::pg_catalog.xml
+            FROM api.metrics m
+            WHERE m.latitude IS NOT null
+                AND m.longitude IS NOT null
+                AND m.time >= log_rec._from_time::TIMESTAMP WITHOUT TIME ZONE
+                AND m.time <= log_rec._to_time::TIMESTAMP WITHOUT TIME ZONE;
+    END;
+$export_logbook_gpx$ LANGUAGE plpgsql;
+-- Description
+COMMENT ON FUNCTION
+    api.export_logbook_gpx_fn
+    IS 'Export a log entry to GPX XML format';
+
 -- Find all log from and to moorage geopoint within 100m
 DROP FUNCTION IF EXISTS api.find_log_from_moorage_fn;
 CREATE FUNCTION api.find_log_from_moorage_fn(IN _id INTEGER) RETURNS void AS $find_log_from_moorage$
@@ -603,8 +711,16 @@ COMMENT ON FUNCTION
     IS 'Find all stay within 100m of moorage geopoint';
 
 ---------------------------------------------------------------------------
--- Views
+-- API helper view
 --
+---------------------------------------------------------------------------
+
+---------------------------------------------------------------------------
+-- Views
+-- Views are invoked with the privileges of the view owner,
+-- make the user_role the view’s owner.
+---------------------------------------------------------------------------
+
 CREATE VIEW first_metric AS
     SELECT * 
         FROM api.metrics
@@ -628,16 +744,46 @@ CREATE VIEW stay_in_progress AS
 -- TODO: Use materialized views instead as it is not live data
 -- Logs web view
 DROP VIEW IF EXISTS api.logs_view;
-CREATE VIEW api.logs_view AS
-    SELECT id,name,_from,_to,_from_time,_to_time,distance,duration
-    FROM api.logbook
-    WHERE _to_time IS NOT NULL
-    ORDER BY _from_time DESC;
+CREATE OR REPLACE VIEW api.logs_view AS
+    SELECT id,
+            name as "Name",
+            _from as "From",
+            _from_time as "Started",
+            _to as "To",
+            _to_time as "Ended",
+            distance as "Distance",
+            duration as "Duration"
+        FROM api.logbook l
+        WHERE _to_time IS NOT NULL
+        ORDER BY _from_time DESC;
 -- Description
 COMMENT ON VIEW
     api.logs_view
     IS 'Logs web view';
 
+DROP VIEW IF EXISTS api.log_view;
+CREATE OR REPLACE VIEW api.log_view AS
+    SELECT id,
+            name as "Name",
+            _from as "From",
+            _from_time as "Started",
+            _to as "To",
+            _to_time as "Ended",
+            distance as "Distance",
+            duration as "Duration",
+            notes as "Notes",
+            track_geojson as geojson,
+            avg_speed as avg_speed,
+            max_speed as max_speed,
+            max_wind_speed as max_wind_speed
+        FROM api.logbook l
+        WHERE _to_time IS NOT NULL
+        ORDER BY _from_time DESC;
+-- Description
+COMMENT ON VIEW
+    api.logs_view
+    IS 'Log web view';
+
 -- Stays web view
 -- TODO group by month
 DROP VIEW IF EXISTS api.stays_view;
@@ -841,56 +987,3 @@ CREATE VIEW api.voltage AS
         cast(metrics-> 'electrical.batteries.victronDevice.voltage' AS numeric) AS victronDeviceVoltage
     FROM api.metrics m 
     ORDER BY time DESC LIMIT 1;
-
----------------------------------------------------------------------------
--- API helper functions
---
-
-DROP FUNCTION IF EXISTS api.export_logbook_gpx_py_fn;
-CREATE OR REPLACE FUNCTION api.export_logbook_gpx_py_fn(IN _id INTEGER) RETURNS XML
-AS $export_logbook_gpx_py$
-    import uuid
-
-    # BEGIN GPX XML format
-    gpx_data = f"""<?xml version="1.0"?>
-    <gpx version="1.1" creator="PostgSAIL" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.topografix.com/GPX/1/1" xmlns:gpxx="http://www.garmin.com/xmlschemas/GpxExtensions/v3" xsi:schemaLocation="http://www.topografix.com/GPX/1/1 http://www.topografix.com/GPX/1/1/gpx.xsd" xmlns:opencpn="http://www.opencpn.org">
-    <trk>
-        <link href="https://openplotter.cloud/log/{_id}">
-        <text>openplotter trip log todo</text>
-        </link>
-        <extensions>
-        <opencpn:guid>{uuid.uuid4()}</opencpn:guid>
-        <opencpn:viz>1</opencpn:viz>
-        <opencpn:start>{mytrack[0]['time']}</opencpn:start>
-        <opencpn:end>{mytrack[-1]['time']}</opencpn:end>
-        </extensions>
-        <trkseg>\n""";
-    ##print(gpx_data)
-    # LOOP through log entry 
-    for entry in mytrack:
-        ##print(entry['time'])
-        gpx_data += f"""        <trkpt lat="{entry['lat']}" lon="{entry['lng']}">
-    <time>{entry['time']}</time>
-</trkpt>\n""";
-
-    # END GPX XML format
-    gpx_data += """    </trkseg>
-    </trk>
-    </gpx>""";
-
-    return gpx_data
-$export_logbook_gpx_py$ LANGUAGE plpython3u;
--- Description
-COMMENT ON FUNCTION
-    api.export_logbook_gpx_py_fn
-    IS 'TODO, Export a log entry to GPX XML format using plpython3u';
-
---DROP FUNCTION IF EXISTS api.export_logbook_csv_fn;
---CREATE OR REPLACE FUNCTION api.export_logbook_csv_fn(IN _id INTEGER) RETURNS void
---AS $export_logbook_csv$
- -- TODO
---$export_logbook_csv$ language plpgsql;
--- Description
---COMMENT ON FUNCTION
---    api.export_logbook_csv_fn
---    IS 'TODO, ...';

initdb/02_3_signalk_public.sql

@@ -85,9 +85,9 @@ COMMENT ON TABLE
 INSERT INTO email_templates VALUES
 ('logbook',
     'New Logbook Entry',
-    E'Hello __RECIPIENT__,\n\nWe just wanted to let you know that you have a new entry on openplotter.cloud: "__LOGBOOK_NAME__"\r\n\r\nSee more details at __LOGBOOK_LINK__\n\nHappy sailing!\nThe Saillogger Team',
+    E'Hello __RECIPIENT__,\n\nWe just wanted to let you know that you have a new entry on openplotter.cloud: "__LOGBOOK_NAME__"\r\n\r\nSee more details at https://beta.openplotter.cloud/log/__LOGBOOK_LINK__\n\nHappy sailing!\nThe PostgSail Team',
     'New Logbook Entry',
-    E'We just wanted to let you know that you have a new entry on openplotter.cloud: "__LOGBOOK_NAME__"\r\n\r\nSee more details at __LOGBOOK_LINK__\n\nHappy sailing!\nThe Saillogger Team'),
+    E'We just wanted to let you know that you have a new entry on openplotter.cloud: "__LOGBOOK_NAME__"\r\n\r\nSee more details at https://beta.openplotter.cloud/log/__LOGBOOK_LINK__\n\nHappy sailing!\nThe PostgSail Team'),
 ('user',
     'Welcome',
     E'Hello __RECIPIENT__,\nCongratulations!\nYou successfully created an account.\nKeep in mind to register your vessel.\nHappy sailing!',
@@ -100,19 +100,19 @@ INSERT INTO email_templates VALUES
     E'Hi!\nHow are you?\n__BOAT__ is now linked to your account.'),
 ('monitor_offline',
     'Offline',
-    E'__BOAT__ has been offline for more than an hour\r\nFind more details at https://openplotter.cloud/boats/\n',
+    E'__BOAT__ has been offline for more than an hour\r\nFind more details at https://beta.openplotter.cloud/boats/\n',
     'Offline',
-    E'__BOAT__ has been offline for more than an hour\r\nFind more details at https://openplotter.cloud/boats/\n'),
+    E'__BOAT__ has been offline for more than an hour\r\nFind more details at https://beta.openplotter.cloud/boats/\n'),
 ('monitor_online',
     'Online',
-    E'__BOAT__ just came online\nFind more details at https://openplotter.cloud/boats/\n',
+    E'__BOAT__ just came online\nFind more details at https://beta.openplotter.cloud/boats/\n',
     'Online',
-    E'__BOAT__ just came online\nFind more details at https://openplotter.cloud/boats/\n'),
+    E'__BOAT__ just came online\nFind more details at https://beta.openplotter.cloud/boats/\n'),
 ('badge',
     'New Badge!',
-    E'Hello __RECIPIENT__,\nCongratulations! You have just unlocked a new badge: __BADGE_NAME__\nSee more details at https://openplotter.cloud/badges\nHappy sailing!\nThe Saillogger Team',
+    E'Hello __RECIPIENT__,\nCongratulations! You have just unlocked a new badge: __BADGE_NAME__\nSee more details at https://beta.openplotter.cloud/badges\nHappy sailing!\nThe PostgSail Team',
     'New Badge!',
-    E'Congratulations!\nYou have just unlocked a new badge: __BADGE_NAME__\nSee more details at https://openplotter.cloud/badges\nHappy sailing!\nThe Saillogger Team');
+    E'Congratulations!\nYou have just unlocked a new badge: __BADGE_NAME__\nSee more details at https://beta.openplotter.cloud/badges\nHappy sailing!\nThe PostgSail Team');
 
 ---------------------------------------------------------------------------
 -- python send email
@@ -150,6 +150,8 @@ AS $send_email_py$
         return None
     if 'logbook_name' in _user and _user['logbook_name']:
         email_content = email_content.replace('__LOGBOOK_NAME__', _user['logbook_name'])
+    if 'logbook_link' in _user and _user['logbook_link']:
+        email_content = email_content.replace('__LOGBOOK_LINK__', str(_user['logbook_link']))
     if 'recipient' in _user and _user['recipient']:
         email_content = email_content.replace('__RECIPIENT__', _user['recipient'])
     if 'boat' in _user and _user['boat']:
@@ -235,6 +237,8 @@ AS $send_pushover_py$
     # Replace fields using input jsonb obj
     if 'logbook_name' in _user and _user['logbook_name']:
         pushover_message = pushover_message.replace('__LOGBOOK_NAME__', _user['logbook_name'])
+    if 'logbook_link' in _user and _user['logbook_link']:
+        pushover_message = pushover_message.replace('__LOGBOOK_LINK__', str(_user['logbook_link']))
     if 'recipient' in _user and _user['recipient']:
         pushover_message = pushover_message.replace('__RECIPIENT__', _user['recipient'])
     if 'boat' in _user and _user['boat']:
@@ -338,6 +342,57 @@ COMMENT ON FUNCTION
     public.logbook_update_geom_distance_fn
     IS 'Update logbook details with geometry data an distance, ST_Length';
 
+-- Create GeoJSON for api consum.
+CREATE FUNCTION logbook_update_geojson_fn(IN _id integer, IN _start text, IN _end text,
+    OUT _track_geojson JSON
+ ) AS $logbook_geojson$
+    declare
+     log_geojson jsonb;
+     metrics_geojson jsonb;
+     _map jsonb;
+    begin
+		-- GeoJson Feature Logbook linestring
+	    SELECT
+		  ST_AsGeoJSON(l.*) into log_geojson
+		FROM
+		  api.logbook l
+		WHERE l.id = _id;
+		-- GeoJson Feature Metrics point
+		SELECT
+		  json_agg(ST_AsGeoJSON(t.*)::json) into metrics_geojson
+		FROM (
+		  ( select
+		  	time,
+		  	courseovergroundtrue,
+		    speedoverground,
+		    anglespeedapparent,
+		    longitude,latitude,
+		    st_makepoint(longitude,latitude) AS geo_point
+		    FROM api.metrics m
+		    WHERE m.latitude IS NOT NULL
+		        AND m.longitude IS NOT NULL
+                AND time >= _start::TIMESTAMP WITHOUT TIME ZONE
+                AND time <= _end::TIMESTAMP WITHOUT TIME ZONE
+		    ORDER BY m.time asc
+		   )  
+		) AS t;
+
+		-- Merge jsonb
+		select log_geojson::jsonb || metrics_geojson::jsonb into _map;
+        -- output
+	    SELECT
+        json_build_object(
+            'type', 'FeatureCollection',
+            'features', _map
+        ) into _track_geojson;
+    END;
+$logbook_geojson$ LANGUAGE plpgsql;
+-- Description
+COMMENT ON FUNCTION
+    public.logbook_update_geojson_fn
+    IS 'Update log details with geojson';
+
+
 -- Update pending new logbook from process queue
 DROP FUNCTION IF EXISTS process_logbook_queue_fn;
 CREATE OR REPLACE FUNCTION process_logbook_queue_fn(IN _id integer) RETURNS void AS $process_logbook_queue$
@@ -350,8 +405,12 @@ CREATE OR REPLACE FUNCTION process_logbook_queue_fn(IN _id integer) RETURNS void
         geo_rec record;
         user_settings jsonb;
         app_settings jsonb;
+        geojson jsonb;
     BEGIN
         -- If _id is not NULL
+        IF _id IS NULL OR _id < 1 THEN
+            RAISE WARNING '-> process_logbook_queue_fn invalid input %', _id;
+        END IF;
         SELECT * INTO logbook_rec
             FROM api.logbook
             WHERE active IS false
@@ -368,10 +427,11 @@ CREATE OR REPLACE FUNCTION process_logbook_queue_fn(IN _id integer) RETURNS void
         -- Update logbook entry with the latest metric data and calculate data
         avg_rec := logbook_update_avg_fn(logbook_rec.id, logbook_rec._from_time::TEXT, logbook_rec._to_time::TEXT);
         geo_rec := logbook_update_geom_distance_fn(logbook_rec.id, logbook_rec._from_time::TEXT, logbook_rec._to_time::TEXT);
+        --geojson := logbook_update_geojson_fn(logbook_rec.id, logbook_rec._from_time::TEXT, logbook_rec._to_time::TEXT);
         -- todo check on time start vs end
         RAISE NOTICE 'Updating logbook entry [%] [%] [%]', logbook_rec.id, logbook_rec._from_time, logbook_rec._to_time;
-        UPDATE api.logbook 
-            SET 
+        UPDATE api.logbook
+            SET
                 duration = (logbook_rec._to_time::timestamp without time zone - logbook_rec._from_time::timestamp without time zone),
                 avg_speed = avg_rec.avg_speed,
                 max_speed = avg_rec.max_speed,
@@ -382,6 +442,13 @@ CREATE OR REPLACE FUNCTION process_logbook_queue_fn(IN _id integer) RETURNS void
                 track_geom = geo_rec._track_geom,
                 distance = geo_rec._track_distance
             WHERE id = logbook_rec.id;
+
+        -- GeoJSON
+        geojson := logbook_update_geojson_fn(logbook_rec.id, logbook_rec._from_time::TEXT, logbook_rec._to_time::TEXT);
+        UPDATE api.logbook
+            SET
+               track_geojson = geojson
+            WHERE id = logbook_rec.id;
         -- Gather email and pushover app settings
         app_settings := get_app_settings_fn();
         -- Gather user settings
@@ -406,10 +473,11 @@ CREATE OR REPLACE FUNCTION process_stay_queue_fn(IN _id integer) RETURNS void AS
         stay_rec record;
         _name varchar;
     BEGIN
-        RAISE WARNING 'process_stay_queue_fn';
-        RAISE WARNING 'jwt %', current_setting('request.jwt.claims', true);
-        RAISE WARNING 'cur_user %', current_user;
+        RAISE NOTICE 'process_stay_queue_fn';
         -- If _id is not NULL
+        IF _id IS NULL OR _id < 1 THEN
+            RAISE WARNING '-> process_stay_queue_fn invalid input %', _id;
+        END IF;
         SELECT * INTO stay_rec
             FROM api.stays
             WHERE id = _id;
@@ -442,7 +510,11 @@ CREATE OR REPLACE FUNCTION process_moorage_queue_fn(IN _id integer) RETURNS void
        	stay_rec record;
         moorage_rec record;
     BEGIN
+        RAISE NOTICE 'process_moorage_queue_fn';
         -- If _id is not NULL
+        IF _id IS NULL OR _id < 1 THEN
+            RAISE WARNING '-> process_moorage_queue_fn invalid input %', _id;
+        END IF;
         SELECT * INTO stay_rec
             FROM api.stays
             WHERE active IS false 
@@ -602,10 +674,11 @@ AS $get_user_settings_from_log$
                     'boat' , v.name,
                     'recipient', a.first,
                     'email', v.owner_email,
-                    'logbook_name', l.name) INTO user_settings
+                    'logbook_name', l.name,
+                    'logbook_link', l.id) INTO user_settings
             FROM auth.accounts a, auth.vessels v, api.metadata m, api.logbook l 
-            WHERE lower(a.email) = lower(v.owner_email) 
-               -- AND lower(v.name) = lower(m.name) 
+            WHERE lower(a.email) = lower(v.owner_email)
+                AND lower(v.name) = lower(m.name)
                 AND m.client_id = l.client_id 
                 AND l.client_id = logbook_rec.client_id
                 AND l.id = logbook_rec.id;
@@ -691,8 +764,8 @@ AS $get_user_settings_from_clientid$
                     'badges', a.preferences->'badges',
                     'logbook_name', logbook_name ) INTO user_settings
             FROM auth.accounts a, auth.vessels v, api.metadata m
-            WHERE lower(a.email) = lower(v.owner_email) 
-                --AND lower(v.name) = lower(m.name) 
+            WHERE lower(a.email) = lower(v.owner_email)
+                AND lower(v.name) = lower(m.name)
                 AND m.mmsi = v.mmsi
                 AND m.client_id = clientid;
     END;
@@ -851,6 +924,7 @@ DECLARE
   _role name;
   _email name;
   _mmsi name;
+  _path name;
   account_rec record;
   vessel_rec record;
 BEGIN
@@ -867,8 +941,39 @@ BEGIN
         WHERE auth.accounts.email = _email;
     IF account_rec.email IS NULL THEN
         RAISE EXCEPTION 'Invalid user'
-            USING HINT = 'Unkown user';
+            USING HINT = 'Unkown user or password';
     END IF;
+    RAISE WARNING 'req path %', current_setting('request.path', true);
+    -- Function allow without defined vessel
+    -- openapi doc, user settings and vessel registration
+    SELECT current_setting('request.path', true) into _path;
+    IF _path = '/rpc/settings_fn'
+        OR _path = '/rpc/register_vessel'
+        OR _path = '/' THEN
+        RETURN;
+    END IF;
+    -- Check a vessel and user exist
+    SELECT * INTO vessel_rec
+        FROM auth.vessels, auth.accounts
+        WHERE auth.vessels.owner_email = _email
+            AND auth.accounts.email = _email;
+    -- check if boat exist yet?
+    IF vessel_rec.owner_email IS NULL THEN
+        -- Return http status code 551 with message
+		RAISE sqlstate 'PT551' using
+		  message = 'Vessel Required',
+		  detail = 'Invalid vessel',
+		  hint = 'Unkown vessel';
+        --RETURN; -- ignore if not exist
+    END IF;
+    IF vessel_rec.mmsi IS NULL THEN
+        RAISE EXCEPTION 'Invalid vessel'
+            USING HINT = 'Unkown vessel mmsi';
+    END IF;
+    PERFORM set_config('vessel.mmsi', vessel_rec.mmsi, false);
+    PERFORM set_config('vessel.name', vessel_rec.name, false);
+    RAISE WARNING 'public.check_jwt() user_role vessel.mmsi %', current_setting('vessel.mmsi', false);
+    RAISE WARNING 'public.check_jwt() user_role vessel.name %', current_setting('vessel.name', false);
   ELSIF _role = 'vessel_role' THEN
     -- Check the vessel and user exist
     SELECT * INTO vessel_rec
@@ -885,7 +990,8 @@ BEGIN
             USING HINT = 'Unkown vessel mmsi';
     END IF;
     PERFORM set_config('vessel.mmsi', vessel_rec.mmsi, false);
-    RAISE WARNING 'vessel.mmsi %', current_setting('vessel.mmsi', false);
+    --RAISE WARNING 'vessel.mmsi %', current_setting('vessel.mmsi', false);
+    PERFORM set_config('vessel.name', vessel_rec.name, false);
   ELSIF _role <> 'api_anonymous' THEN
     RAISE EXCEPTION 'Invalid role'
       USING HINT = 'Stop being so evil and maybe you can log in';
@@ -899,12 +1005,12 @@ $$ language plpgsql security definer;
 CREATE OR REPLACE FUNCTION api.run_cron_jobs() RETURNS void AS $$
 BEGIN
     -- In correct order
-    perform public.cron_process_new_account_fn();
-    perform public.cron_process_new_vessel_fn();
-    perform public.cron_process_monitor_online_fn();
-    perform public.cron_process_new_logbook_fn();
-    perform public.cron_process_new_stay_fn();
-    perform public.cron_process_new_moorage_fn();
-    perform public.cron_process_monitor_offline_fn();
+    select public.cron_process_new_account_fn();
+    select public.cron_process_new_vessel_fn();
+    select public.cron_process_monitor_online_fn();
+    select public.cron_process_new_logbook_fn();
+    select public.cron_process_new_stay_fn();
+    select public.cron_process_new_moorage_fn();
+    select public.cron_process_monitor_offline_fn();
 END
 $$ language plpgsql security definer;

initdb/02_4_signalk_auth.sql

@@ -189,7 +189,7 @@ begin
   -- check vessel exist
   SELECT * INTO vessel_rec
     FROM auth.vessels vessel
-    WHERE vessel.owner_email = vessel_email
+    WHERE LOWER(vessel.owner_email) = LOWER(vessel_email)
       AND vessel.mmsi = vessel_mmsi
       AND LOWER(vessel.name) = LOWER(vessel_name);
   if vessel_rec is null then

initdb/02_5_signalk_api_deps.sql

@@ -0,0 +1,129 @@
+---------------------------------------------------------------------------
+-- singalk db permissions
+--
+
+-- List current database
+select current_database();
+
+-- connect to the DB
+\c signalk
+
+-- List vessel
+--TODO add geojson with position
+DROP VIEW IF EXISTS api.vessels_view;
+CREATE OR REPLACE VIEW api.vessels_view AS
+    SELECT
+        v.name as name,
+        v.mmsi as mmsi,
+        v.created_at as created_at,
+        coalesce(m.time, null) as last_contact
+        FROM auth.vessels v, api.metadata m
+        WHERE
+            m.mmsi = current_setting('vessel.mmsi')
+            AND m.mmsi = v.mmsi
+            AND lower(v.owner_email) = lower(current_setting('request.jwt.claims', true)::json->>'email');
+
+DROP VIEW IF EXISTS api.vessel_p_view;
+CREATE OR REPLACE VIEW api.vessel_p_view AS
+    SELECT
+        v.name as name,
+        v.mmsi as mmsi,
+        v.created_at as created_at,
+        null as last_contact
+        FROM auth.vessels v
+        WHERE lower(v.owner_email) = lower(current_setting('request.jwt.claims', true)::json->>'email');
+
+-- Or function?
+DROP FUNCTION IF EXISTS api.vessel_fn;
+CREATE OR REPLACE FUNCTION api.vessel_fn(OUT vessel JSON) RETURNS JSON
+AS $vessel$
+	DECLARE 
+    BEGIN
+        SELECT
+            json_build_object( 
+	            'name', v.name,
+	            'mmsi', v.mmsi,
+	            'created_at', v.created_at,
+	            'last_contact', m.time,
+	            'geojson', ST_AsGeoJSON(geojson_t.*)::json
+            )
+            INTO vessel
+            FROM auth.vessels v, api.metadata m, 
+				(	SELECT
+			            t.*
+			            FROM (
+			                ( select
+                                current_setting('vessel.name') as name,
+			                    time,
+			                    courseovergroundtrue,
+			                    speedoverground,
+			                    anglespeedapparent,
+			                    longitude,latitude,
+			                    st_makepoint(longitude,latitude) AS geo_point
+			                    FROM public.last_metric
+			                    WHERE latitude IS NOT NULL
+			                        AND longitude IS NOT NULL
+			                )
+			            ) AS t
+	            ) AS geojson_t
+            WHERE v.mmsi = current_setting('vessel.mmsi')
+                AND m.mmsi = v.mmsi;
+		--RAISE notice 'api.vessel_fn %', obj;
+    END;
+$vessel$ language plpgsql security definer;
+-- Description
+COMMENT ON FUNCTION
+    api.vessel_fn
+    IS 'Expose vessel details to API';
+
+-- Export user settings
+DROP FUNCTION IF EXISTS api.settings_fn;
+CREATE FUNCTION api.settings_fn(out settings json) RETURNS JSON
+AS $user_settings$
+    BEGIN
+       select row_to_json(row)::json INTO settings
+		from (
+		    select email,first,last,preferences,created_at,
+                INITCAP(CONCAT (LEFT(first, 1), ' ', last)) AS username
+            from auth.accounts
+            where lower(email) = lower(current_setting('request.jwt.claims', true)::json->>'email')
+		) row;
+    END;
+$user_settings$ language plpgsql security definer;
+
+-- Description
+COMMENT ON FUNCTION
+    api.settings_fn
+    IS 'Expose user settings to API';
+
+DROP FUNCTION IF EXISTS api.versions_fn;
+CREATE OR REPLACE FUNCTION api.versions_fn() RETURNS JSON
+AS $version$
+	DECLARE
+		_appv TEXT;
+		_sysv TEXT;
+    BEGIN
+        SELECT
+            value, version() into _appv,_sysv
+        FROM app_settings
+        WHERE name = 'app.version';
+        RETURN json_build_object('app_version', _appv,
+                           'sys_version', _sysv);
+    END;
+$version$ language plpgsql security definer;
+-- Description
+COMMENT ON FUNCTION
+    api.versions_fn
+    IS 'Expose function app and system version to API';
+
+DROP VIEW IF EXISTS api.versions_view;
+CREATE OR REPLACE VIEW api.versions_view AS
+    SELECT
+        value as app_version,
+        version() as sys_version
+    FROM app_settings
+    WHERE name = 'app.version';
+-- Description
+COMMENT ON VIEW
+    api.versions_view
+    IS 'Expose view app and system version to API';

initdb/02_6_signalk_roles.sql

@@ -15,9 +15,11 @@ select current_database();
 --
 -- api_anonymous
 -- nologin
--- api_anonymous role in the database with which to execute anonymous web requests.
+-- api_anonymous role in the database with which to execute anonymous web requests, limit 10 connections
 -- api_anonymous allows JWT token generation with an expiration time via function api.login() from auth.accounts table
-create role api_anonymous nologin noinherit;
+create role api_anonymous WITH NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOLOGIN NOBYPASSRLS NOREPLICATION CONNECTION LIMIT 10;
+-- Limit to 10 connections
+--alter user api_anonymous connection limit 10;
 grant usage on schema api to api_anonymous;
 -- explicitly limit EXECUTE privileges to only signup and login functions
 grant execute on function api.login(text,text) to api_anonymous;
@@ -27,35 +29,66 @@ grant execute on function public.check_jwt() to api_anonymous;
 
 -- authenticator
 -- login role
-create role authenticator noinherit login password 'mysecretpassword';
+create role authenticator NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT login password 'mysecretpassword';
 grant api_anonymous to authenticator;
 
--- Grafana user and role with login, read-only
-CREATE ROLE grafana WITH LOGIN PASSWORD 'mysecretpassword';
+-- Grafana user and role with login, read-only, limit 10 connections
+CREATE ROLE grafana WITH NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOBYPASSRLS NOREPLICATION CONNECTION LIMIT 10 LOGIN PASSWORD 'mysecretpassword';
 GRANT USAGE ON SCHEMA api TO grafana;
 GRANT USAGE, SELECT ON SEQUENCE api.logbook_id_seq,api.metadata_id_seq,api.moorages_id_seq,api.stays_id_seq TO grafana;
 GRANT SELECT ON TABLE api.metrics,api.logbook,api.moorages,api.stays,api.metadata TO grafana;
+-- Allow read on VIEWS
+GRANT SELECT ON TABLE api.logs_view,api.moorages_view,api.stays_view TO grafana;
+--GRANT SELECT ON TABLE api.logs_view,api.moorages_view,api.stays_view,api.vessel_view TO grafana;
 
 -- User:
--- nologin
--- read-only for all and Read-Write on logbook, stays and moorage except for name COLUMN ?
-CREATE ROLE user_role WITH NOLOGIN;
+-- nologin, web api only
+-- read-only for all and Read-Write on logbook, stays and moorage except for specific (name, notes) COLUMNS
+CREATE ROLE user_role WITH NOLOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOBYPASSRLS NOREPLICATION;
 GRANT user_role to authenticator;
 GRANT USAGE ON SCHEMA api TO user_role;
 GRANT USAGE, SELECT ON SEQUENCE api.logbook_id_seq,api.metadata_id_seq,api.moorages_id_seq,api.stays_id_seq TO user_role;
-GRANT SELECT ON TABLE api.metrics,api.logbook,api.moorages,api.stays,api.metadata TO user_role;
+GRANT SELECT ON TABLE api.metrics,api.logbook,api.moorages,api.stays,api.metadata,api.stays_at TO user_role;
+GRANT SELECT ON TABLE auth.vessels TO user_role;
 -- Allow update on table for notes
-GRANT UPDATE ON TABLE api.logbook,api.moorages,api.stays TO user_role;
+--GRANT UPDATE ON TABLE api.logbook,api.moorages,api.stays TO user_role;
+-- Allow users to update certain columns
+GRANT UPDATE (name, notes) ON api.logbook TO user_role;
+GRANT UPDATE (name, notes, stay_code) ON api.stays TO user_role;
+GRANT UPDATE (name, notes, stay_code, home_flag) ON api.moorages TO user_role;
 GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA api TO user_role;
 -- explicitly limit EXECUTE privileges to pgrest db-pre-request function
-GRANT EXECUTE ON FUNCTION public.check_jwt() to user_role;
--- Allow read on VIEWS
-GRANT SELECT ON TABLE api.logs_view,api.moorages_view,api.stays_view TO user_role;
+GRANT EXECUTE ON FUNCTION api.export_logbook_geojson_linestring_fn(int4) TO user_role;
+GRANT EXECUTE ON FUNCTION public.check_jwt() TO user_role;
+GRANT EXECUTE ON FUNCTION public.st_asgeojson(text) TO user_role;
+GRANT EXECUTE ON FUNCTION public.geography_eq(geography, geography) TO user_role;
+-- TODO should not be need !! ??
+GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO user_role;
+
+-- Update ownership for security user_role as run by web user.
+-- Web listing
+ALTER VIEW api.stays_view OWNER TO user_role;
+ALTER VIEW api.moorages_view OWNER TO user_role;
+ALTER VIEW api.logs_view OWNER TO user_role;
+-- Remove all permissions except select
+REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.stays_view FROM user_role;
+REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.moorages_view FROM user_role;
+REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.logs_view FROM user_role;
+
+-- Allow read and update on VIEWS
+-- Web detail view
+ALTER VIEW api.log_view OWNER TO user_role;
+-- Remove all permissions except select and update
+REVOKE TRUNCATE, DELETE, TRIGGER, INSERT ON TABLE api.log_view FROM user_role;
+
+ALTER VIEW api.vessels_view OWNER TO user_role;
+-- Remove all permissions except select and update
+REVOKE TRUNCATE, DELETE, TRIGGER, INSERT ON TABLE api.vessels_view FROM user_role;
 
 -- Vessel:
 -- nologin
 -- insert-update-only for api.metrics,api.logbook,api.moorages,api.stays,api.metadata and sequences and process_queue
-CREATE ROLE vessel_role WITH NOLOGIN;
+CREATE ROLE vessel_role WITH NOLOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOBYPASSRLS NOREPLICATION;
 GRANT vessel_role to authenticator;
 GRANT USAGE ON SCHEMA api TO vessel_role;
 GRANT INSERT, UPDATE, SELECT ON TABLE api.metrics,api.logbook,api.moorages,api.stays,api.metadata TO vessel_role;
@@ -65,6 +98,7 @@ GRANT USAGE, SELECT ON SEQUENCE public.process_queue_id_seq TO vessel_role;
 -- explicitly limit EXECUTE privileges to pgrest db-pre-request function
 GRANT EXECUTE ON FUNCTION public.check_jwt() to vessel_role;
 
+--- Scheduler:
 -- TODO: currently cron function are run as super user, switch to scheduler role.
 -- Scheduler read-only all, and write on logbook, stays, moorage, process_queue
 -- Crons
@@ -154,3 +188,18 @@ CREATE POLICY api_vessel_role ON api.moorages TO vessel_role
 CREATE POLICY api_user_role ON api.moorages TO user_role
     USING (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%')
     WITH CHECK (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%');
+
+-- Be sure to enable row level security on the table
+ALTER TABLE auth.vessels ENABLE ROW LEVEL SECURITY;
+-- Administrator can see all rows and add any rows
+CREATE POLICY admin_all ON auth.vessels TO current_user
+    USING (true)
+    WITH CHECK (true);
+-- Allow user_role to update and select on their own records
+CREATE POLICY api_user_role ON auth.vessels TO user_role
+    USING (mmsi = current_setting('vessel.mmsi', false)
+        AND owner_email = current_setting('request.jwt.claims', false)::json->>'email'
+    )
+    WITH CHECK (mmsi = current_setting('vessel.mmsi', false)
+        AND owner_email = current_setting('request.jwt.claims', false)::json->>'email'
+    )

initdb/PGSAIL_VERSION

@@ -1 +1 @@
-0.0.4
+0.0.7