mirrors/postgsail
1
0
Fork 0
mirror of https://github.com/xbgmsharp/postgsail.git synced 2025-09-17 19:27:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mirrors:v0.0.7
Branches Tags
mirrors:main mirrors:dependabot/github_actions/actions/checkout-5 mirrors:landingpage mirrors:gh-pages
mirrors:v0.9.4 mirrors:v0.9.3 mirrors:v0.9.2 mirrors:v0.9.1 mirrors:v0.9.0 mirrors:v0.8.1 mirrors:v0.8.0 mirrors:v0.7.8 mirrors:v0.7.7 mirrors:v0.7.6 mirrors:v0.7.5 mirrors:v0.7.4 mirrors:v0.7.2 mirrors:v0.7.1 mirrors:v0.7.0 mirrors:v0.6.1 mirrors:v0.6.0 mirrors:v0.5.1 mirrors:v0.5.0 mirrors:v0.4.1 mirrors:v0.4.0 mirrors:v0.3.1 mirrors:v0.3.0 mirrors:v0.2.3 mirrors:v0.2.2 mirrors:v0.2.1 mirrors:v0.2.0 mirrors:v0.1.0 mirrors:v0.0.11 mirrors:v0.0.10 mirrors:v0.0.9 mirrors:v0.0.8 mirrors:v0.0.7 mirrors:v0.0.6 mirrors:v0.0.5 mirrors:v0.0.4
..
compare: mirrors:v0.1.0
Branches Tags
mirrors:main mirrors:dependabot/github_actions/actions/checkout-5 mirrors:landingpage mirrors:gh-pages
mirrors:v0.9.4 mirrors:v0.9.3 mirrors:v0.9.2 mirrors:v0.9.1 mirrors:v0.9.0 mirrors:v0.8.1 mirrors:v0.8.0 mirrors:v0.7.8 mirrors:v0.7.7 mirrors:v0.7.6 mirrors:v0.7.5 mirrors:v0.7.4 mirrors:v0.7.2 mirrors:v0.7.1 mirrors:v0.7.0 mirrors:v0.6.1 mirrors:v0.6.0 mirrors:v0.5.1 mirrors:v0.5.0 mirrors:v0.4.1 mirrors:v0.4.0 mirrors:v0.3.1 mirrors:v0.3.0 mirrors:v0.2.3 mirrors:v0.2.2 mirrors:v0.2.1 mirrors:v0.2.0 mirrors:v0.1.0 mirrors:v0.0.11 mirrors:v0.0.10 mirrors:v0.0.9 mirrors:v0.0.8 mirrors:v0.0.7 mirrors:v0.0.6 mirrors:v0.0.5 mirrors:v0.0.4

164 Commits
v0.0.7 ... v0.1.0

Author SHA1 Message Date
xbgmsharp
cc67a3b37d Release v0.1.0 2023-06-23 11:03:16 +02:00
xbgmsharp
64ecbfc698 Fix typo 2023-06-22 23:28:45 +02:00
xbgmsharp
b19eeed59a Update badges, renew badge 2023-06-22 23:28:05 +02:00
xbgmsharp
8f5cd4237d dd new API endpoint, api.vessel_details_fn(), extend additionals vessels properties 2023-06-22 23:26:44 +02:00
xbgmsharp
7b3a1451bb Update templates messages 
Add iso3166 country list
Link MMSI MID Codes with iso3166 country list
 2023-06-21 15:49:10 +02:00
xbgmsharp
a2cdd8ddfe Add badges support 2023-06-20 15:24:47 +02:00
xbgmsharp
7a04026e67 Marked old function as deprecated 2023-06-20 09:05:27 +02:00
xbgmsharp
fab496ea3d Add web frontend container and update telegram container env 2023-06-07 12:22:20 +02:00
xbgmsharp
4f31831c94 Update prepare jwt auth with user_id 2023-06-07 12:20:40 +02:00
xbgmsharp
300e4bee48 Update debug output 2023-06-07 12:19:15 +02:00
xbgmsharp
99e258c974 Update Send notification telegram SQL requets 2023-05-25 16:37:01 +02:00
xbgmsharp
970c85c11e Update reverse geoip python function 
Update parsing geosjon python function
 2023-05-25 16:35:39 +02:00
xbgmsharp
bbf4426f55 Update OTP, add support for telegram 2023-05-25 16:34:35 +02:00
xbgmsharp
a8620f4b4c Update api_anonymous function persmision to support telegram 2023-05-25 16:28:59 +02:00
xbgmsharp
15accaa4cb Update api.metadata version fields to type TEXT 
Update debug output formating
Update SQL view statements, Make SQL error proof with REPLACE statement
 2023-05-25 16:26:19 +02:00
xbgmsharp
8d382b48ac Add telegram bot 2023-05-22 11:34:17 +02:00
xbgmsharp
2983f149ad Update .env sample for Telegram-bot 2023-05-17 16:37:31 +02:00
xbgmsharp
a1ca97b549 Release 0.0.11 2023-05-11 13:32:32 +02:00
xbgmsharp
119c1778e6 Update README 2023-05-08 10:20:41 +02:00
xbgmsharp
11489ce4aa Update grafana dashboards and configuration 2023-05-03 17:04:08 +02:00
xbgmsharp
42b070baa8 Update permsisions for grafana_role and grafana_auth_proxy role 2023-05-02 18:29:27 +02:00
xbgmsharp
a1df7b218c Update versions to include used extensions 2023-05-02 18:27:04 +02:00
xbgmsharp
160d6aa569 Update comment on fonction send_notifications 2023-04-23 23:13:30 +02:00
xbgmsharp
a2903e08ac Add role comment for user scheduler 2023-04-23 23:12:35 +02:00
xbgmsharp
5a74914eac Export helpers function to a separate file 2023-04-23 11:06:49 +02:00
xbgmsharp
55dc6275ee Add permision to morrage_view for user_role 2023-04-23 11:06:24 +02:00
xbgmsharp
f2c68c82d8 Fix error if data type is None 2023-04-23 11:04:59 +02:00
xbgmsharp
578ca925db Export helpers/generic functions to a new file 2023-04-23 11:00:40 +02:00
xbgmsharp
ae14017cfc Update cron fn, fix tipo 2023-04-23 10:57:28 +02:00
xbgmsharp
1b42e3849f Update stay(s),moorage(s) view with more details 2023-04-12 21:13:03 +02:00
xbgmsharp
2ffcbc5586 Remove unused api essel funtions 2023-04-03 22:51:57 +02:00
xbgmsharp
235506f2bc Update fucntions, remove typo on Unknow 2023-04-03 22:50:47 +02:00
xbgmsharp
5a2ba54b2a Update export GPX API endpoints, moorages and log. 
Logs gpx should be move to the cron process to remove api.metrics dependency
 2023-04-03 22:49:16 +02:00
xbgmsharp
122c44c338 Update new API endpoint api.export_moorages_gpx_fn 2023-04-02 17:49:30 +02:00
xbgmsharp
2e451fa93c Update API schema with new endpoint, Add moorages map export (geojson,gpx) and update log export gpx 2023-04-01 19:29:12 +02:00
xbgmsharp
d26d008b47 Update job_run_details_cleanup_fn to remove logs older than 90 days 2023-04-01 19:28:38 +02:00
xbgmsharp
6a6239f344 Update description of the public schema 2023-04-01 19:28:15 +02:00
xbgmsharp
2f6a0a6133 Update public.logbook_update_geojson_fn to export id and time 2023-04-01 19:27:16 +02:00
xbgmsharp
bda652b87e Update python function to filter geojson, add parameter to filter on LineString or Point 
Still pending work using pg type and transform json
 2023-04-01 19:25:43 +02:00
xbgmsharp
2f6bb6d5d9 Add new public function public.jsonb_diff_val 2023-04-01 19:25:14 +02:00
xbgmsharp
2cd9b0dd6c Add API endpoint api.timelapse_fn 2023-03-28 19:15:41 +02:00
xbgmsharp
13e4f453d5 Add function job_run_details_cleanup_fn, delete old job details log 2023-03-28 19:14:53 +02:00
xbgmsharp
bc7d51c71e Add geojson_py_fn in python 2023-03-28 19:13:42 +02:00
xbgmsharp
95d3c5bded Add new public function jsonb_recursive_merge and input validation: isdate, istimestamptz 2023-03-28 19:12:35 +02:00
xbgmsharp
f0c6f92920 pg_cron, add job_run_details_cleanup 2023-03-28 19:11:02 +02:00
xbgmsharp
852d2ff583 Release v0.0.10 2023-03-03 16:09:05 +01:00
xbgmsharp
7cf7905694 Update pushover link to work in prod env 2023-03-03 08:35:08 +01:00
xbgmsharp
0f8107a672 Update api.pushover_subscribe_link_fn and fix api.generate_otp_fn 2023-02-26 23:23:07 +01:00
xbgmsharp
77dec463d1 Add urlescape_py_fn to url encode using python 2023-02-26 22:57:44 +01:00
xbgmsharp
8ff1d0a8ed Allow user_role to access new api view total_info_view, stats_logs_view, stats_moorages_view 2023-02-26 21:09:13 +01:00
xbgmsharp
859788d98d Update api.export_logbook_gpx api.export_logbook_geojson 
Update api.moorage_view
Add Create api.total_info_view
Add Comment on missing api view
Add security_invoker on stats view
 2023-02-25 23:11:32 +01:00
xbgmsharp
62642ffbd6 Enforce OTP verification on login 2023-02-24 15:59:08 +01:00
xbgmsharp
c3760c8689 Allow UPSERT of otp code in generate_otp_fn 2023-02-24 15:58:36 +01:00
xbgmsharp
763c9ae802 Update versions fn and view 
Add new fn public.has_vessel_fn()
Deprecated unused and bad api.vessels2_view,api.vessel_p_view
 2023-02-24 15:57:32 +01:00
xbgmsharp
37abb3ae1f Minimum valid distance is less than 0.010. 
Exclude new function from vessel registration.
 2023-02-24 15:55:55 +01:00
xbgmsharp
a6da3cab0a Fix vessel_fn to use the latest location rather than the first know location 2023-02-15 16:24:11 +01:00
xbgmsharp
22f756b3a9 Update permissions to views 2023-02-14 19:04:38 +01:00
xbgmsharp
cb3e9d8e57 Update moorages_view and moorage_view with security invoker 2023-02-14 19:04:13 +01:00
xbgmsharp
1997fe5a81 Update logbook_update_geojson_fn, expose less properties in geojson 2023-02-14 12:22:58 +01:00
xbgmsharp
5a1451ff69 Improve process_logbook_queue_fn. Detect and remove stationary movement. 
Add logbook_metrics_dwithin_fn function.
 2023-02-13 23:56:39 +01:00
xbgmsharp
a18abec1f1 Update views owner permission using security_invoker and security_barrier 2023-02-09 16:47:02 +01:00
xbgmsharp
322c3ed4fb Update messages templates for email,pushover, telegram 2023-02-09 16:46:23 +01:00
xbgmsharp
d648d119cc Update API expose views with the latest pg15 feature security_invoker 2023-02-09 16:31:06 +01:00
xbgmsharp
9109474e8a Fix permission issue when vessel is not connected in public.check_jwt() 2023-02-07 14:49:32 +01:00
xbgmsharp
ca92a15eba boat-listing, make last_contact retrun null rather than empty string 2023-02-07 11:19:30 +01:00
xbgmsharp
d745048a9c Update reverse_geocode_py to fallback base on more field 
Don't exit with error so we don't stop the cron process
 2023-02-07 11:18:25 +01:00
xbgmsharp
6a0c15d23c process_logbook_queue_fn add more debug and disable unused function 2023-02-07 11:17:24 +01:00
xbgmsharp
fc01374441 Release v0.0.9 2023-02-06 21:54:26 +01:00
xbgmsharp
0ec3f7fe02 Sending null to no value entry when no metadata available 2023-02-06 21:38:02 +01:00
xbgmsharp
2bae8bd861 Fix and Update parameters check for auth functions 2023-02-06 21:37:19 +01:00
xbgmsharp
38d185d058 Add api.recover comment function 2023-02-05 01:18:24 +01:00
xbgmsharp
4342e29c69 Update vessel check, remove mmsi dependency to vessel_id 2023-02-05 01:16:26 +01:00
xbgmsharp
13d8ad9b3d Allow api_anonymous to execute api.recover and api.reset functions 2023-02-04 23:45:31 +01:00
xbgmsharp
caec91b7f2 Add api.recover and api.reset function to allow password reset 2023-02-04 23:44:47 +01:00
xbgmsharp
665a9d30e6 Fix/update vessel_fn sub query because of function owner 2023-02-04 23:42:38 +01:00
xbgmsharp
eb3a14bee4 Add reset query-string support to send_email_py 2023-02-04 23:41:10 +01:00
xbgmsharp
ba935d7520 Update new logbook entry template message 
Add new email reset template message
 2023-02-04 23:37:40 +01:00
xbgmsharp
11d136214c Disable health check for api (postgrest) and app (grafana) containers 
Missing wget or curl to run the test locally
 2023-02-02 00:45:14 +01:00
xbgmsharp
ddbeff7d7e Add docker healthy check for PostgreSQL 2023-02-01 23:59:22 +01:00
xbgmsharp
569700e1b3 Update README 2023-01-31 21:28:50 +01:00
xbgmsharp
93f8476d26 Update main process function is retruning result. 
Ensure the query is successful for process_logbook_queue_fn and process_stay_queue_fn
 2023-01-31 21:17:49 +01:00
xbgmsharp
4eef5595bc Fix tipo 2023-01-31 21:16:09 +01:00
xbgmsharp
cf9c67bb64 Update README 2023-01-29 22:29:47 +01:00
xbgmsharp
1968f86448 Add debug in send_email_py 2023-01-29 22:20:33 +01:00
xbgmsharp
552faa0a16 Add docker healthy check for Grafana 2023-01-28 21:47:05 +01:00
xbgmsharp
c0b6f17488 Add Grafana ENV Settings 2023-01-28 21:34:21 +01:00
xbgmsharp
1ab6501aad Update README 2023-01-28 21:33:30 +01:00
xbgmsharp
07280f1f67 pg_cron async job 
Update Notification cron job
Fix cron_vacuum cron job
Disable all cron job for debug
 2023-01-28 21:32:11 +01:00
xbgmsharp
d419a582b9 Remove debug helper for OTP 2023-01-28 21:28:02 +01:00
xbgmsharp
69c8ec17f9 Add connected_at on auth.accounts table 2023-01-28 21:25:12 +01:00
xbgmsharp
89d50b7a6a Update postgreSQL conf for PG15 2023-01-28 21:24:33 +01:00
xbgmsharp
976fc52e9a Update telgram obj queries to supprt group chat id 2022-12-28 22:06:10 +01:00
xbgmsharp
cb0b89c8f3 vessel function and view, remove the millisecond from the timestamp result 2022-12-28 22:04:50 +01:00
xbgmsharp
bcbcfa040d Update telegram object queries 2022-12-28 22:04:04 +01:00
xbgmsharp
b7857e0be6 Update email_otp message, remove recipient firstname 2022-12-28 22:03:40 +01:00
xbgmsharp
089876b62a Update api.metrics status to enum type and allow vessel to switch from sailing to motoring 2022-12-25 17:54:48 +01:00
xbgmsharp
fc9fb8769a Update monitorin offline and online to use send_notification_fn 2022-12-17 23:33:19 +01:00
xbgmsharp
3432d358d3 Add reverse_geoip_py_fn python3 function 2022-12-17 23:32:23 +01:00
xbgmsharp
340bda704e Update publick.email_templates table 2022-12-17 23:17:15 +01:00
xbgmsharp
54156ae7c9 Update api.metrics to support 2 dimension hypertable. Update api.metadata tablesto with updated_at handle by moddatetime extension 2022-12-17 23:15:22 +01:00
xbgmsharp
4c4f0bbd37 Update permision for role grafana_auth and grafana 2022-12-17 23:13:18 +01:00
xbgmsharp
b58fce186a Rename grafan container to app 2022-12-12 23:52:24 +01:00
xbgmsharp
c6c78ecffc Update pgsql/timescale grafana source 2022-12-12 23:51:57 +01:00
xbgmsharp
db0e493900 Add grafana config,dashboards,provisioning 2022-12-12 22:28:01 +01:00
xbgmsharp
dea5b8ddf7 Add grafana 2022-12-12 22:12:22 +01:00
xbgmsharp
e9e63fad50 Add ERD description 2022-12-12 22:11:52 +01:00
xbgmsharp
8b45a171e8 Update vessel_role permission for new api.metrics trigger 2022-12-12 16:21:42 +01:00
xbgmsharp
a0216dad6a Refactor metrics_trigger_fn on api.metrics trigger to avoid multiple stay or logbook active 2022-12-09 12:35:18 +01:00
xbgmsharp
ca5bffd88f Add tables MMSI MID Code Filtered by Flag of Registration 2022-12-09 12:34:23 +01:00
xbgmsharp
1dbf71064e Update reverse_geocode_py_fn to return always data if name is null then fallback to address field road,neighbourhood,suburb 2022-12-09 12:33:00 +01:00
xbgmsharp
6888953cbb Add OTP notification, Add OTP DELETE, Add api.pushover_subscribe_link_fn, Add auth.telegram_session_exists_fn 2022-12-06 21:41:14 +01:00
xbgmsharp
105d6b9113 Add AIS Ship Types tables 2022-12-06 21:40:09 +01:00
xbgmsharp
0c2e4b1d83 cron_vaccum_fn does not work 2022-12-05 23:31:45 +01:00
xbgmsharp
f8b1fb472a Remove mmsi dependency, enforce add check valid longitude,latitude, ignore silently NULL longitude,latitude 2022-12-05 23:29:44 +01:00
xbgmsharp
613ac5e29a Remove mmsi dependency and ensure longitude,latitude exist prior post processing 2022-12-05 23:23:51 +01:00
xbgmsharp
5ce5b606e9 Remove mmsi dependency, update to use vessel_id instead 2022-12-05 23:19:58 +01:00
xbgmsharp
0f59a31cdc Fix SQL query IMMUTABLE STRICT 2022-12-05 23:17:45 +01:00
xbgmsharp
58407a84e9 Update auth.vessel.mmsi type to NUMERIC and add conistraint and remove dependency 2022-12-05 23:15:44 +01:00
xbgmsharp
9ae9553254 Allow to set password from env for role grafana_auth 2022-12-05 14:56:53 +01:00
xbgmsharp
494cc9a571 Add new function urlencode_py_fn() 
Update debug for send_pushover and send_telegram
 2022-12-02 14:36:01 +01:00
xbgmsharp
dbd29ca58a Add new variable PGSAIL_PUSHOVER_APP_URL 2022-12-02 11:50:33 +01:00
xbgmsharp
00cdd7ca18 Refactor web user notification 
Add new cron job cron_new_notification
Add public.cron_process_new_notification_fn function
Add public.process_notification_queue_fn function
Update messages template table, align cron name with template notification name
 2022-12-02 11:22:28 +01:00
xbgmsharp
34fe0898b2 Split public schame in file by type tables,functions and functions in python 2022-11-30 21:15:47 +01:00
xbgmsharp
3522d3b9d7 Update email type to CITEXT, https://www.postgresql.org/docs/current/citext.html 2022-11-30 21:12:49 +01:00
xbgmsharp
d4f79e7f71 A large commit with new features (pushover, telegram, otp) and fixes 
Update reverse_geocode_py_fn validate input
Update email_templates add new message type for pushover, telegram and otp
Update send_email_py_fn mkae email From field humain friendly
Add send_pushover_py_fn python send pushover message
Add send_telegram_py_fn python send telegram message
Add process_account_otp_validation_queue_fn process handle for email validation
Add send_notification_fn refactor notification system to support email,pushover,telegram
Update public.process_queue table
Add new_account_otp_validation_entry_fn trigger
Update postgrest pre db check_jwt to support row security level
 2022-11-29 23:50:59 +01:00
xbgmsharp
4df4fa993a U 2022-11-29 23:25:51 +01:00
xbgmsharp
94f79080aa Add new app paremeters for pushover and telegram 
PGSAIL_PUSHOVER_APP_TOKEN -> app.pushover_app_token
PGSAIL_TELEGRAM_BOT_TOKEN -> app.telegram_bot_token
 2022-11-29 23:24:39 +01:00
xbgmsharp
1a5c0f10c3 Fixed typo in vesselid for auth.vessels table 2022-11-29 23:20:01 +01:00
xbgmsharp
e6309875fb Limit connection to database to 100 2022-11-29 23:19:31 +01:00
xbgmsharp
2e269b9424 Update RSL to 'user.email' settings 
Remove dependency to jwt for auth tables
 2022-11-29 22:51:07 +01:00
xbgmsharp
40e25b1f8c Add Email OTP validation API endpoint 2022-11-29 22:49:50 +01:00
xbgmsharp
9eec9ad355 Add description to accounts and vessels triggers with moddatetime 2022-11-29 10:39:26 +01:00
xbgmsharp
90d2c3b3a0 Update OTP Code to a random 6 digit 2022-11-29 10:38:45 +01:00
xbgmsharp
d25f31ce0b Add a every 6 minute job cron_process_new_account_otp_validation_queue_fn, delay from cron_new_account 2022-11-28 22:30:55 +01:00
xbgmsharp
c8e722283c Fixed ERD images link 2022-11-28 22:18:55 +01:00
xbgmsharp
2095e9b561 Update images links 2022-11-28 22:13:53 +01:00
xbgmsharp
73addfa928 publish initial release of Entity-Relationship Diagram (ERD) 2022-11-28 22:11:13 +01:00
xbgmsharp
345f190f4e Add CRON for new account pending otp validation notification 2022-11-28 21:51:27 +01:00
xbgmsharp
0682f06ae9 Update update_user_preferences_fn to allow email or telegram user auth (to be improve) 2022-11-28 21:49:57 +01:00
xbgmsharp
8bc0fdaf17 Fixed auth.vessels table creation 2022-11-28 21:48:30 +01:00
xbgmsharp
ab1afeee42 Enable telegram bot auth 2022-11-28 21:47:28 +01:00
xbgmsharp
b6d60dd0d5 Update grafana_auth role description 2022-11-28 18:17:07 +01:00
xbgmsharp
295d0a0a5e Fix SQL vquery 2022-11-28 15:26:43 +01:00
xbgmsharp
a68a0ee3e3 Refactor auth tables (accounts,vessels) 
Add unique userid column for jwt auth
Add unique vesselid column for jwt auth
Add new extensions citext,moddatetime
Update email column to citext type for fast queries
Add updated_at column to trak changed managed by moddatetime extension
Update index tables (accounts,vessels)
 2022-11-25 23:14:30 +01:00
xbgmsharp
ea7301e1ed Add primary support for new stays,moorages,stats,timelapse views 2022-11-25 22:37:08 +01:00
xbgmsharp
98f5d75429 Add grafana_auth apache proxy auth role 2022-11-25 22:33:54 +01:00
xbgmsharp
adc6799c93 Add comment on role 2022-11-25 22:24:40 +01:00
xbgmsharp
a865e91ce7 Allow anonymous role to excecute telegram and pushover registration function 2022-11-25 22:22:29 +01:00
xbgmsharp
a64425b13f Add new CONSTRAINT on auth.vessels and auth.accounts tables 
Add new index on auth.accounts table
 2022-11-20 23:27:34 +01:00
xbgmsharp
0586d30381 Improve Row Level Security 
Add Row Level Security for table auth.accounts
 2022-11-20 23:25:06 +01:00
xbgmsharp
db1d7c63e2 Add function api.update_user_preferences_fn to allow user update their preferences via api 2022-11-20 23:22:29 +01:00
xbgmsharp
4acb4de539 Improve debug output 2022-11-20 23:20:19 +01:00
xbgmsharp
07043ddf08 Add new metadata index 
Improve metrics debug output
 2022-11-20 23:19:12 +01:00
xbgmsharp
bd05591205 Add a every 15 minute job cron_process_prune_otp_fn 2022-11-20 23:18:15 +01:00
xbgmsharp
95ff1d8ff2 Add missing foreign keys between api.metrics and api.metadata 2022-10-25 16:25:45 +02:00
xbgmsharp
e92515ba66 Fixed email notification, 
Update conversion to Nautical Mile
 2022-10-24 16:56:05 +02:00
xbgmsharp
8b8087e56d Release v0.0.8 2022-10-19 13:28:31 +02:00
xbgmsharp
7b7aae7dfe Limit scope of cron job using vessel.client_id 
Ensure all queries to api.metrics are limited to a specific vessel using client_id
 2022-10-19 13:25:49 +02:00
xbgmsharp
be27618dac Update scheduler role permissions 2022-10-19 13:19:03 +02:00
xbgmsharp
7fb24d8cae Add new parameter PGSAIL_APP_UR 2022-10-18 21:39:58 +02:00
xbgmsharp
07c7628973 Limit scope of process functions 2022-09-24 23:53:47 +02:00
xbgmsharp
e42e52eaf0 Update permisions for new API endpoint 2022-09-24 23:52:42 +02:00
xbgmsharp
97e739ffe9 Refactor user_settings 2022-09-24 23:32:17 +02:00
xbgmsharp
3fb2534263 Update README, fix tipo in links 2022-09-24 23:16:24 +02:00
32 changed files with 8981 additions and 1478 deletions
Expand all files Collapse all files

11
.env.example
View File

@@ -1,15 +1,22 @@
# POSTGRESQL ENV Settings # POSTGRESQL ENV Settings
POSTGRES_USER=username POSTGRES_USER=username
POSTGRES_PASSWORD=password POSTGRES_PASSWORD=password
POSTGRES_DB=postgres
# PostgSail ENV Settings # PostgSail ENV Settings
PGSAIL_AUTHENTICATOR_PASSWORD=password PGSAIL_AUTHENTICATOR_PASSWORD=password
PGSAIL_GRAFANA_PASSWORD=password PGSAIL_GRAFANA_PASSWORD=password
PGSAIL_GRAFANA_AUTH_PASSWORD=password
PGSAIL_EMAIL_FROM=root@localhost PGSAIL_EMAIL_FROM=root@localhost
PGSAIL_EMAIL_SERVER=localhost PGSAIL_EMAIL_SERVER=localhost
#PGSAIL_EMAIL_USER= Comment if not use #PGSAIL_EMAIL_USER= Comment if not use
#PGSAIL_EMAIL_PASS= Comment if not use #PGSAIL_EMAIL_PASS= Comment if not use
#PGSAIL_PUSHOVER_TOKEN= Comment if not use #PGSAIL_PUSHOVER_APP_TOKEN= Comment if not use
#PGSAIL_PUSHOVER_APP= Comment if not use #PGSAIL_PUSHOVER_APP_URL= Comment if not use
#PGSAIL_TELEGRAM_BOT_TOKEN= Comment if not use
PGSAIL_APP_URL=http://localhost
PGSAIL_API_URL=http://localhost
# POSTGREST ENV Settings # POSTGREST ENV Settings
PGRST_DB_URI=postgres://authenticator:${PGSAIL_AUTHENTICATOR_PASSWORD}@127.0.0.1:5432/signalk PGRST_DB_URI=postgres://authenticator:${PGSAIL_AUTHENTICATOR_PASSWORD}@127.0.0.1:5432/signalk
PGRST_JWT_SECRET=_at_least_32__char__long__random PGRST_JWT_SECRET=_at_least_32__char__long__random
# Grafana ENV Settings
GF_SECURITY_ADMIN_PASSWORD=password

BIN
ERD/ERD_schema_api.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 104 KiB

BIN
ERD/ERD_schema_auth.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
ERD/ERD_schema_public.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

35
ERD/README.md Normal file
View File

@@ -0,0 +1,35 @@
# PostgSail ERD
The Entity-Relationship Diagram (ERD) provides a graphical representation of database tables, columns, and inter-relationships. ERD can give sufficient information for the database administrator to follow when developing and maintaining the database.
## A global overview
![API Schema](https://raw.githubusercontent.com/xbgmsharp/postgsail/main/ERD/postgsail.pgerd.png "API Schema")
## Further
There is 3 main schemas:
- API Schema ERD
- tables
- metrics
- logbook
- ...
- functions
- ...
![API Schem](https://raw.githubusercontent.com/xbgmsharp/postgsail/main/ERD/ERD_schema_api.png "API Schema")
- Auth Schema ERD
- tables
- accounts
- vessels
- ...
- functions
- ...
![Auth Schema](https://raw.githubusercontent.com/xbgmsharp/postgsail/main/ERD/ERD_schema_auth.png "Auth Schema")
- Public Schema ERD
- tables
- app_settings
- tpl_messages
- ...
- functions
- ...
![Public Schema](https://raw.githubusercontent.com/xbgmsharp/postgsail/main/ERD/ERD_schema_public.png "Public Schema")

BIN
ERD/postgsail.pgerd.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 360 KiB

42
README.md
View File

@@ -1,10 +1,7 @@
# PostgSail # PostgSail
Effortless cloud based solution for storing and sharing your SignalK data. Allow you to effortlessly log your sails and monitor your boat with historical data. Effortless cloud based solution for storing and sharing your SignalK data. Allow you to effortlessly log your sails and monitor your boat with historical data.
### Context ## Features
It is all about SQL, object-relational, time-series, spatial databases with a bit of python.
### Features
- Automatically log your voyages without manually starting or stopping a trip. - Automatically log your voyages without manually starting or stopping a trip.
- Automatically capture the details of your voyages (boat speed, heading, wind speed, etc). - Automatically capture the details of your voyages (boat speed, heading, wind speed, etc).
- Timelapse video your trips! - Timelapse video your trips!
@@ -16,12 +13,28 @@ It is all about SQL, object-relational, time-series, spatial databases with a bi
- History: view trends. - History: view trends.
- Alert monitoring: get notification on low voltage or low fuel remotely. - Alert monitoring: get notification on low voltage or low fuel remotely.
- Notification via email or PushOver, Telegram - Notification via email or PushOver, Telegram
- Offline mode
- Low Bandwith mode
## Context
It is all about SQL, object-relational, time-series, spatial databases with a bit of python.
PostgSail is an open-source alternative to traditional vessel data management.
It is based on a well known open-source technology stack, Signalk, PostgreSQL, TimescaleDB, PostGIS, PostgREST. It does perfectly integrate with standard monitoring tool stack like Grafana.
To understand the why and how, you might want to read [Why.md](https://github.com/xbgmsharp/postgsail/tree/main/Why.md)
## Architecture
For more clarity and visibility the complete [Entity-Relationship Diagram (ERD)](https://github.com/xbgmsharp/postgsail/tree/main/ERD/README.md) is export as PNG and SVG file.
### Cloud ### Cloud
If you prefer not to install or administer your instance of PostgSail, hosted versions of PostgSail are available in the cloud of your choice.
The cloud advantage. The cloud advantage.
Hosted and fullymanaged options for PostgSail, designed for all your deployment and business needs. Register and try for free at https://iot.openplotter.cloud/. Hosted and fullymanaged options for PostgSail, designed for all your deployment and business needs. Register and try for free at https://iot.openplotter.cloud/.
## Using PostgSail
### pre-deploy configuration ### pre-deploy configuration
To get these running, copy `.env.example` and rename to `.env` then set the value accordinly. To get these running, copy `.env.example` and rename to `.env` then set the value accordinly.
@@ -34,7 +47,7 @@ Notice, that `PGRST_JWT_SECRET` must be at least 32 characters long.
By default there is no network set and the postgresql data are store in a docker volume. By default there is no network set and the postgresql data are store in a docker volume.
You can update the default settings by editing `docker-compose.yml` to your need. You can update the default settings by editing `docker-compose.yml` to your need.
Then simply excecute: Then simply excecute:
``` ```bash
$ docker-compose up $ docker-compose up
``` ```
@@ -42,11 +55,11 @@ $ docker-compose up
Check and update your postgsail settings via SQL in the table `app_settings`: Check and update your postgsail settings via SQL in the table `app_settings`:
``` ```sql
select * from app_settings; SELECT * FROM app_settings;
``` ```
``` ```sql
UPDATE app_settings UPDATE app_settings
SET SET
value = 'new_value' value = 'new_value'
@@ -87,20 +100,20 @@ $ curl http://localhost:3000/ -H 'Authorization: Bearer my_token_from_register_v
#### API main workflow #### API main workflow
Check the [unit test sample](https://github.com/xbgmsharp/PostgSail/blob/main/tests/index.js). Check the [unit test sample](https://github.com/xbgmsharp/postgsail/blob/main/tests/index.js).
### Docker dependencies ### Docker dependencies
`docker-compose` is used to start environment dependencies. Dependencies consist of 2 containers: `docker-compose` is used to start environment dependencies. Dependencies consist of 3 containers:
- `timescaledb-postgis` alias `db`, PostgreSQL with TimescaleDB extension along with the PostGIS extension. - `timescaledb-postgis` alias `db`, PostgreSQL with TimescaleDB extension along with the PostGIS extension.
- `postgrest` alias `api`, Standalone web server that turns your PostgreSQL database directly into a RESTful API. - `postgrest` alias `api`, Standalone web server that turns your PostgreSQL database directly into a RESTful API.
- `grafana` alias `app`, visualize and monitor your data
### Optional docker images ### Optional docker images
- [Grafana](https://hub.docker.com/r/grafana/grafana), visualize and monitor your data
- [pgAdmin](https://hub.docker.com/r/dpage/pgadmin4), web UI to monitor and manage multiple PostgreSQL - [pgAdmin](https://hub.docker.com/r/dpage/pgadmin4), web UI to monitor and manage multiple PostgreSQL
- [Swagger](https://hub.docker.com/r/swaggerapi/swagger-ui), web UI to visualize documentation from PostgREST - [Swagger](https://hub.docker.com/r/swaggerapi/swagger-ui), web UI to visualize documentation from PostgREST
``` ```
docker-compose -f docker-compose-optional.yml up docker-compose -f docker-compose-optional.yml up
``` ```
@@ -113,9 +126,12 @@ Out of the box iot platform using docker with the following software:
- [PostGIS, a spatial database extender for PostgreSQL object-relational database.](https://postgis.net/) - [PostGIS, a spatial database extender for PostgreSQL object-relational database.](https://postgis.net/)
- [Grafana, open observability platform | Grafana Labs](https://grafana.com) - [Grafana, open observability platform | Grafana Labs](https://grafana.com)
### Releases & updates
PostgSail Release Notes & Future Plans: see planned and in-progress updates and detailed information about current and past releases. [PostgSail project](https://github.com/xbgmsharp?tab=projects)
### Support ### Support
To get support, please create new [issue](https://github.com/xbgmsharp/PostgSail/issues). To get support, please create new [issue](https://github.com/xbgmsharp/postgsail/issues).
There is more likely security flows and bugs. There is more likely security flows and bugs.

79
docker-compose.yml
View File

@@ -9,6 +9,8 @@ services:
- POSTGRES_DB=postgres - POSTGRES_DB=postgres
- TIMESCALEDB_TELEMETRY=off - TIMESCALEDB_TELEMETRY=off
- PGDATA=/var/lib/postgresql/data/pgdata - PGDATA=/var/lib/postgresql/data/pgdata
- TZ=UTC
network_mode: "host"
ports: ports:
- "5432:5432" - "5432:5432"
volumes: volumes:
@@ -17,6 +19,12 @@ services:
logging: logging:
options: options:
max-size: 10m max-size: 10m
healthcheck:
test: ["CMD-SHELL", "sh -c 'pg_isready -U ${POSTGRES_USER} -d signalk'"]
interval: 60s
timeout: 10s
retries: 5
start_period: 100s
api: api:
image: postgrest/postgrest image: postgrest/postgrest
@@ -36,6 +44,77 @@ services:
logging: logging:
options: options:
max-size: 10m max-size: 10m
#healthcheck:
# test: ["CMD-SHELL", "sh -c 'curl --fail http://localhost:3003/live || exit 1'"]
# interval: 60s
# timeout: 10s
# retries: 5
# start_period: 100s
app:
image: grafana/grafana:latest
container_name: app
restart: unless-stopped
volumes:
- data:/var/lib/grafana
- data:/var/log/grafana
- $PWD/grafana:/etc/grafana
ports:
- "3001:3000"
network_mode: "host"
env_file: .env
environment:
- GF_INSTALL_PLUGINS=pr0ps-trackmap-panel,fatcloud-windrose-panel
- GF_USERS_ALLOW_SIGN_UP=false
- GF_SMTP_ENABLED=false
depends_on:
- db
logging:
options:
max-size: 10m
#healthcheck:
# test: ["CMD-SHELL", "sh -c 'curl --fail http://localhost:3000/healthz || exit 1'"]
# interval: 60s
# timeout: 10s
# retries: 5
# start_period: 100s
telegram:
image: xbgmsharp/postgsail-telegram-bot
container_name: telegram
restart: unless-stopped
volumes:
- /etc/resolv.conf:/etc/resolv.conf:ro
ports:
- "3005:8080"
network_mode: "host"
env_file: .env
environment:
- BOT_TOKEN=${PGSAIL_TELEGRAM_BOT_TOKEN}
- PGSAIL_URL=${PGSAIL_API_URL}
depends_on:
- db
- api
logging:
options:
max-size: 10m
web:
image: xbgmsharp/postgsail-vuestic
container_name: web
restart: unless-stopped
volumes:
- /etc/resolv.conf:/etc/resolv.conf:ro
ports:
- "3006:8080"
network_mode: "host"
env_file: .env
depends_on:
- db
- api
logging:
options:
max-size: 10m
volumes: volumes:
data: {} data: {}

472
grafana/dashboards/Logbook.json Normal file
View File

@@ -0,0 +1,472 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"description": "Logs,Moorages,Stays",
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": 1,
"links": [
{
"asDropdown": false,
"icon": "external link",
"includeVars": true,
"keepTime": false,
"tags": [],
"targetBlank": true,
"title": "New link",
"tooltip": "",
"type": "dashboards",
"url": ""
}
],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"filterable": false,
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "id"
},
"properties": [
{
"id": "custom.width",
"value": 41
}
]
},
{
"matcher": {
"id": "byName",
"options": "distance"
},
"properties": [
{
"id": "custom.width",
"value": 104
}
]
}
]
},
"gridPos": {
"h": 10,
"w": 24,
"x": 0,
"y": 0
},
"id": 2,
"options": {
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": []
},
"pluginVersion": "9.4.3",
"targets": [
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"editorMode": "code",
"format": "table",
"group": [],
"metricColumn": "none",
"rawQuery": true,
"rawSql": "SET vessel.client_id = '${__user.login}';\nSELECT * from api.logs_view",
"refId": "A",
"select": [
[
{
"params": [
"_from_lat"
],
"type": "column"
}
]
],
"sql": {
"columns": [
{
"parameters": [],
"type": "function"
}
],
"groupBy": [
{
"property": {
"type": "string"
},
"type": "groupBy"
}
],
"limit": 50
},
"table": "logs",
"timeColumn": "_from_time",
"timeColumnType": "timestamp",
"where": []
}
],
"title": "Logbook ${__user.email} / ${__user.login}",
"type": "table"
},
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"filterable": false,
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "id"
},
"properties": [
{
"id": "custom.width",
"value": 41
}
]
},
{
"matcher": {
"id": "byName",
"options": "distance"
},
"properties": [
{
"id": "custom.width",
"value": 104
}
]
}
]
},
"gridPos": {
"h": 10,
"w": 24,
"x": 0,
"y": 10
},
"id": 5,
"options": {
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": []
},
"pluginVersion": "9.4.3",
"targets": [
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"editorMode": "code",
"format": "table",
"group": [],
"metricColumn": "none",
"rawQuery": true,
"rawSql": "SET vessel.client_id = '${__user.login}';\nSELECT * from api.stays_view",
"refId": "A",
"select": [
[
{
"params": [
"_from_lat"
],
"type": "column"
}
]
],
"sql": {
"columns": [
{
"parameters": [],
"type": "function"
}
],
"groupBy": [
{
"property": {
"type": "string"
},
"type": "groupBy"
}
],
"limit": 50
},
"table": "logs",
"timeColumn": "_from_time",
"timeColumnType": "timestamp",
"where": []
}
],
"title": "Stays",
"type": "table"
},
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"filterable": false,
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "id"
},
"properties": [
{
"id": "custom.width",
"value": 41
}
]
},
{
"matcher": {
"id": "byName",
"options": "distance"
},
"properties": [
{
"id": "custom.width",
"value": 104
}
]
}
]
},
"gridPos": {
"h": 10,
"w": 24,
"x": 0,
"y": 20
},
"id": 6,
"options": {
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": []
},
"pluginVersion": "9.4.3",
"targets": [
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"editorMode": "code",
"format": "table",
"group": [],
"metricColumn": "none",
"rawQuery": true,
"rawSql": "SET vessel.client_id = '${__user.login}';\nselect * from api.moorages_view",
"refId": "A",
"select": [
[
{
"params": [
"_from_lat"
],
"type": "column"
}
]
],
"sql": {
"columns": [
{
"parameters": [],
"type": "function"
}
],
"groupBy": [
{
"property": {
"type": "string"
},
"type": "groupBy"
}
],
"limit": 50
},
"table": "logs",
"timeColumn": "_from_time",
"timeColumnType": "timestamp",
"where": []
}
],
"title": "Moorages",
"type": "table"
}
],
"refresh": "",
"revision": 1,
"schemaVersion": 38,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"definition": "SET \"user.email\" = '${__user.email}';\nSET vessel.client_id = '${__user.login}';\nSELECT\n v.name AS __text,\n m.client_id AS __value\n FROM auth.vessels v\n JOIN api.metadata m ON v.owner_email = '${__user.email}' and m.vessel_id = v.vessel_id;",
"description": "Vessel Name",
"hide": 0,
"includeAll": false,
"label": "Boat",
"multi": false,
"name": "boat",
"options": [],
"query": "SET \"user.email\" = '${__user.email}';\nSET vessel.client_id = '${__user.login}';\nSELECT\n v.name AS __text,\n m.client_id AS __value\n FROM auth.vessels v\n JOIN api.metadata m ON v.owner_email = '${__user.email}' and m.vessel_id = v.vessel_id;",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"type": "query"
}
]
},
"time": {
"from": "now-15d",
"to": "now"
},
"timepicker": {},
"timezone": "utc",
"title": "Logbook",
"uid": "E_FUkx9nk",
"version": 1,
"weekStart": ""
}

735
grafana/dashboards/Monitor.json Normal file
View File

@@ -0,0 +1,735 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"description": "Monitoring view",
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": 2,
"links": [
{
"asDropdown": false,
"icon": "external link",
"includeVars": true,
"keepTime": false,
"tags": [],
"targetBlank": true,
"title": "New link",
"tooltip": "",
"type": "dashboards",
"url": ""
}
],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "volt"
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 12,
"x": 0,
"y": 0
},
"id": 8,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "9.4.3",
"targets": [
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"editorMode": "code",
"format": "time_series",
"group": [],
"metricColumn": "none",
"rawQuery": true,
"rawSql": "SET vessel.client_id = '${__user.login}';\nSELECT\n time AS \"time\",\n cast(metrics-> 'electrical.batteries.AUX2.voltage' AS numeric) AS AUX2Voltage\nFROM api.metrics\nWHERE\n $__timeFilter(time)\n AND client_id = '${boat}'\nORDER BY 1",
"refId": "A",
"select": [
[
{
"params": [
"_from_lat"
],
"type": "column"
}
]
],
"sql": {
"columns": [
{
"parameters": [],
"type": "function"
}
],
"groupBy": [
{
"property": {
"type": "string"
},
"type": "groupBy"
}
],
"limit": 50
},
"table": "trip_in_progress",
"timeColumn": "_from_time",
"timeColumnType": "timestamp",
"where": [
{
"name": "$__timeFilter",
"params": [],
"type": "macro"
}
]
}
],
"title": "AUX2 Voltage",
"type": "stat"
},
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "celsius"
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 12,
"x": 12,
"y": 0
},
"id": 7,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "9.4.3",
"targets": [
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"editorMode": "code",
"format": "time_series",
"group": [],
"metricColumn": "none",
"rawQuery": true,
"rawSql": "SET vessel.client_id = '${__user.login}';\nSELECT\n time AS \"time\",\n cast(metrics-> 'environment.outside.temperature' AS numeric) - 273.15 AS OutsideTemperature\nFROM api.metrics\nWHERE\n $__timeFilter(time)\n AND client_id = '${boat}'\nORDER BY 1",
"refId": "A",
"select": [
[
{
"params": [
"_from_lat"
],
"type": "column"
}
]
],
"sql": {
"columns": [
{
"parameters": [],
"type": "function"
}
],
"groupBy": [
{
"property": {
"type": "string"
},
"type": "groupBy"
}
],
"limit": 50
},
"table": "trip_in_progress",
"timeColumn": "_from_time",
"timeColumnType": "timestamp",
"where": [
{
"name": "$__timeFilter",
"params": [],
"type": "macro"
}
]
}
],
"title": "Temperature",
"type": "stat"
},
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"graph": false,
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": [
{
"__systemRef": "hideSeriesFrom",
"matcher": {
"id": "byNames",
"options": {
"mode": "exclude",
"names": [
"aux2"
],
"prefix": "All except:",
"readOnly": true
}
},
"properties": [
{
"id": "custom.hideFrom",
"value": {
"graph": true,
"legend": false,
"tooltip": false
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 4
},
"id": 4,
"options": {
"graph": {},
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "7.5.4",
"targets": [
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"editorMode": "code",
"format": "time_series",
"group": [],
"metricColumn": "none",
"rawQuery": true,
"rawSql": "SET vessel.client_id = '${__user.login}';\nSELECT\n time AS \"time\",\n cast(metrics-> 'electrical.batteries.AUX2.voltage' AS numeric) AS AUX2,\n\tcast(metrics-> 'electrical.batteries.House.voltage' AS numeric) AS House,\n\tcast(metrics-> 'environment.rpi.pijuice.gpioVoltage' AS numeric) AS gpioVoltage,\n\tcast(metrics-> 'electrical.batteries.Seatalk.voltage' AS numeric) AS SeatalkVoltage,\n\tcast(metrics-> 'electrical.batteries.Starter.voltage' AS numeric) AS StarterVoltage,\n\tcast(metrics-> 'environment.rpi.pijuice.batteryVoltage' AS numeric) AS RPIBatteryVoltage,\n\tcast(metrics-> 'electrical.batteries.victronDevice.voltage' AS numeric) AS victronDeviceVoltage\nFROM api.metrics\nWHERE\n $__timeFilter(time)\n\tAND client_id = '${boat}'\nORDER BY 1",
"refId": "A",
"select": [
[
{
"params": [
"_from_lat"
],
"type": "column"
}
]
],
"sql": {
"columns": [
{
"parameters": [],
"type": "function"
}
],
"groupBy": [
{
"property": {
"type": "string"
},
"type": "groupBy"
}
],
"limit": 50
},
"table": "trip_in_progress",
"timeColumn": "_from_time",
"timeColumnType": "timestamp",
"where": [
{
"name": "$__timeFilter",
"params": [],
"type": "macro"
}
]
}
],
"title": "Voltage",
"type": "timeseries"
},
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"graph": false,
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 13
},
"id": 2,
"options": {
"graph": {},
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "7.5.4",
"targets": [
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"editorMode": "code",
"format": "table",
"group": [],
"metricColumn": "none",
"rawQuery": true,
"rawSql": "SET vessel.client_id = '${__user.login}';\nSELECT\n time AS \"time\",\n cast(metrics-> 'environment.water.temperature' AS numeric) - 273.15 AS waterTemperature,\n\tcast(metrics-> 'environment.inside.temperature' AS numeric) - 273.15 AS insideTemperature,\n\tcast(metrics-> 'environment.outside.temperature' AS numeric) - 273.15 AS outsideTemperature\nFROM api.metrics\nWHERE\n $__timeFilter(time)\n AND client_id = '${boat}'\nORDER BY 1",
"refId": "A",
"select": [
[
{
"params": [
"_from_lat"
],
"type": "column"
}
]
],
"sql": {
"columns": [
{
"parameters": [],
"type": "function"
}
],
"groupBy": [
{
"property": {
"type": "string"
},
"type": "groupBy"
}
],
"limit": 50
},
"table": "trip_in_progress",
"timeColumn": "_from_time",
"timeColumnType": "timestamp",
"where": [
{
"name": "$__timeFilter",
"params": [],
"type": "macro"
}
]
}
],
"title": "Temperatures",
"type": "timeseries"
},
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 22
},
"id": 5,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "9.3.1",
"targets": [
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"editorMode": "code",
"format": "table",
"group": [],
"metricColumn": "none",
"rawQuery": true,
"rawSql": "SET vessel.client_id = '${__user.login}';\nwith config as (select set_config('vessel.id', '${boat}', false) ) select * from api.monitoring_view",
"refId": "A",
"select": [
[
{
"params": [
"_from_lat"
],
"type": "column"
}
]
],
"sql": {
"columns": [
{
"parameters": [],
"type": "function"
}
],
"groupBy": [
{
"property": {
"type": "string"
},
"type": "groupBy"
}
],
"limit": 50
},
"table": "trip_in_progress",
"timeColumn": "_from_time",
"timeColumnType": "timestamp",
"where": [
{
"name": "$__timeFilter",
"params": [],
"type": "macro"
}
]
}
],
"title": "Title",
"type": "timeseries"
}
],
"refresh": "",
"revision": 1,
"schemaVersion": 38,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"datasource": {
"type": "postgres",
"uid": "PCC52D03280B7034C"
},
"definition": "SET \"user.email\" = '${__user.email}';\nSET vessel.client_id = '${__user.login}';\nSELECT\n v.name AS __text,\n m.client_id AS __value\n FROM auth.vessels v\n JOIN api.metadata m ON v.owner_email = '${__user.email}' and m.vessel_id = v.vessel_id;",
"description": "Vessel name",
"hide": 0,
"includeAll": false,
"label": "Boat",
"multi": false,
"name": "boat",
"options": [],
"query": "SET \"user.email\" = '${__user.email}';\nSET vessel.client_id = '${__user.login}';\nSELECT\n v.name AS __text,\n m.client_id AS __value\n FROM auth.vessels v\n JOIN api.metadata m ON v.owner_email = '${__user.email}' and m.vessel_id = v.vessel_id;",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"type": "query"
}
]
},
"time": {
"from": "now-30d",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
]
},
"timezone": "utc",
"title": "Monitor",
"uid": "apqDcPjMz",
"version": 1,
"weekStart": ""
}

1049
grafana/dashboards/TimescaleDB.json Normal file
View File

File diff suppressed because it is too large Load Diff

1987
grafana/dashboards/Weather.json Normal file
View File

File diff suppressed because it is too large Load Diff

134
grafana/dashboards/home.json Normal file
View File

@@ -0,0 +1,134 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "postgres",
"uid": "OIttR1sVk"
},
"gridPos": {
"h": 3,
"w": 24,
"x": 0,
"y": 0
},
"id": 1,
"targets": [
{
"datasource": {
"type": "postgres",
"uid": "OIttR1sVk"
},
"refId": "A"
}
],
"type": "welcome"
},
{
"datasource": {
"type": "postgres",
"uid": "OIttR1sVk"
},
"gridPos": {
"h": 12,
"w": 24,
"x": 0,
"y": 3
},
"id": 3,
"links": [],
"options": {
"folderId": 0,
"maxItems": 30,
"query": "",
"showHeadings": true,
"showRecentlyViewed": true,
"showSearch": false,
"showStarred": true,
"tags": []
},
"pluginVersion": "9.4.3",
"tags": [],
"targets": [
{
"datasource": {
"type": "postgres",
"uid": "OIttR1sVk"
},
"refId": "A"
}
],
"title": "Dashboards",
"type": "dashlist"
}
],
"refresh": "",
"revision": 1,
"schemaVersion": 38,
"style": "dark",
"tags": [],
"templating": {
"list": []
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {
"hidden": true,
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
],
"type": "timepicker"
},
"timezone": "browser",
"title": "Home",
"version": 0,
"weekStart": ""
}

16
grafana/grafana.ini Normal file
View File

@@ -0,0 +1,16 @@
[users]
allow_sign_up = false
auto_assign_org = true
auto_assign_org_role = Editor
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-USER
header_property = email
auto_sign_up = true
enable_login_token = true
login_maximum_inactive_lifetime_duration = 12h
login_maximum_lifetime_duration = 1d
[dashboards]
default_home_dashboard_path = /etc/grafana/dashboards/home.json

25
grafana/provisioning/dashboards/default.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: 1
providers:
# <string> an unique provider name. Required
- name: 'PostgSail'
# <int> Org id. Default to 1
orgId: 1
# <string> name of the dashboard folder.
#folder: 'PostgSail'
# <string> folder UID. will be automatically generated if not specified
#folderUid: ''
# <string> provider type. Default to 'file'
type: file
# <bool> disable dashboard deletion
disableDeletion: false
# <int> how often Grafana will scan for changed dashboards
updateIntervalSeconds: 60
# <bool> allow updating provisioned dashboards from the UI
allowUiUpdates: true
options:
# <string, required> path to dashboard files on disk. Required when using the 'file' type
path: /etc/grafana/dashboards/
# <bool> use folder names from filesystem to create folders in Grafana
foldersFromFilesStructure: true

18
grafana/provisioning/datasources/timescale.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: 1
datasources:
- name: PostgreSQL
isDefault: true
type: postgres
url: 172.30.0.1:5432
database: signalk
user: grafana
secureJsonData:
password: '${PGSAIL_GRAFANA_PASSWORD}'
jsonData:
sslmode: 'disable' # disable/require/verify-ca/verify-full
maxOpenConns: 10 # Grafana v5.4+
maxIdleConns: 2 # Grafana v5.4+
connMaxLifetime: 14400 # Grafana v5.4+
postgresVersion: 1500 # 903=9.3, 904=9.4, 905=9.5, 906=9.6, 1000=10
timescaledb: true

30
initdb/01signalk.sh
View File

@@ -7,20 +7,30 @@ echo $PGDATA
echo "${PGDATA}/postgresql.conf" echo "${PGDATA}/postgresql.conf"
cat << 'EOF' >> ${PGDATA}/postgresql.conf cat << 'EOF' >> ${PGDATA}/postgresql.conf
# PostgSail pg15
# Add settings for extensions here # Add settings for extensions here
shared_preload_libraries = 'timescaledb,pg_stat_statements,pg_cron' shared_preload_libraries = 'timescaledb,pg_stat_statements,pg_cron'
# TimescaleDB - time series database
# Disable timescaleDB telemetry
timescaledb.telemetry_level=off timescaledb.telemetry_level=off
# pg_cron - Run periodic jobs in PostgreSQL
# pg_cron database # pg_cron database
#cron.database_name = 'signalk' #cron.database_name = 'signalk'
# pg_cron connect via a unix domain socket # pg_cron connect via a unix domain socket
cron.host = '/var/run/postgresql/' cron.host = '/var/run/postgresql/'
# Increase the number of available background workers from the default of 8
#max_worker_processes = 8
# monitoring https://www.postgresql.org/docs/current/runtime-config-statistics.html#GUC-TRACK-IO-TIMING # monitoring https://www.postgresql.org/docs/current/runtime-config-statistics.html#GUC-TRACK-IO-TIMING
track_io_timing = on track_io_timing = on
stats_temp_directory = '/tmp' track_functions = all
# Remove in pg-15, does not exist anymore
#stats_temp_directory = '/tmp'
# Postgrest # PostgREST - turns your PostgreSQL database directly into a RESTful API
# send logs where the collector can access them # send logs where the collector can access them
#log_destination = 'stderr' log_destination = 'stderr'
# collect stderr output to log files # collect stderr output to log files
#logging_collector = on #logging_collector = on
# save logs in pg_log/ under the pg data directory # save logs in pg_log/ under the pg data directory
@@ -29,5 +39,19 @@ stats_temp_directory = '/tmp'
#log_filename = 'postgresql-%Y-%m-%d.log' #log_filename = 'postgresql-%Y-%m-%d.log'
# log every kind of SQL statement # log every kind of SQL statement
#log_statement = 'all' #log_statement = 'all'
# Do not enable log_statement as its log format will not be parsed by pgBadger.
# pgBadger - a fast PostgreSQL log analysis report
# log all the queries that are taking more than 1 second:
#log_min_duration_statement = 1000
#log_checkpoints = on
#log_connections = on
#log_disconnections = on
#log_lock_waits = on
#log_temp_files = 0
#log_autovacuum_min_duration = 0
#log_error_verbosity = default
# Francois
log_min_messages = NOTICE
EOF EOF

893
initdb/02_1_signalk_api.sql
View File

File diff suppressed because it is too large Load Diff

144
initdb/02_2_signalk_cron.sql
View File

@@ -28,7 +28,7 @@ begin
SET SET
processed = NOW() processed = NOW()
WHERE id = process_rec.id; WHERE id = process_rec.id;
RAISE NOTICE '-> updated process_queue table [%]', process_rec.id; RAISE NOTICE '-> cron_process_new_logbook_fn updated process_queue table [%]', process_rec.id;
END LOOP; END LOOP;
END; END;
$$ language plpgsql; $$ language plpgsql;
@@ -57,7 +57,7 @@ begin
SET SET
processed = NOW() processed = NOW()
WHERE id = process_rec.id; WHERE id = process_rec.id;
RAISE NOTICE '-> updated process_queue table [%]', process_rec.id; RAISE NOTICE '-> cron_process_new_stay_fn updated process_queue table [%]', process_rec.id;
END LOOP; END LOOP;
END; END;
$$ language plpgsql; $$ language plpgsql;
@@ -87,7 +87,7 @@ begin
SET SET
processed = NOW() processed = NOW()
WHERE id = process_rec.id; WHERE id = process_rec.id;
RAISE NOTICE '-> updated process_queue table [%]', process_rec.id; RAISE NOTICE '-> cron_process_new_moorage_fn updated process_queue table [%]', process_rec.id;
END LOOP; END LOOP;
END; END;
$$ language plpgsql; $$ language plpgsql;
@@ -123,16 +123,25 @@ begin
SET SET
active = False active = False
WHERE id = metadata_rec.id; WHERE id = metadata_rec.id;
RAISE NOTICE '-> updated api.metadata table to inactive for [%]', metadata_rec.id;
IF metadata_rec.client_id IS NULL OR metadata_rec.client_id = '' THEN
RAISE WARNING '-> cron_process_monitor_offline_fn invalid metadata record client_id %', client_id;
RAISE EXCEPTION 'Invalid metadata'
USING HINT = 'Unknow client_id';
RETURN;
END IF;
PERFORM set_config('vessel.client_id', metadata_rec.client_id, false);
RAISE DEBUG '-> DEBUG cron_process_monitor_offline_fn vessel.client_id %', current_setting('vessel.client_id', false);
RAISE NOTICE '-> cron_process_monitor_offline_fn updated api.metadata table to inactive for [%] [%]', metadata_rec.id, metadata_rec.client_id;
-- Gather email and pushover app settings -- Gather email and pushover app settings
app_settings = get_app_settings_fn(); --app_settings = get_app_settings_fn();
-- Gather user settings -- Gather user settings
user_settings := get_user_settings_from_metadata_fn(metadata_rec.id::INTEGER); user_settings := get_user_settings_from_clientid_fn(metadata_rec.client_id::TEXT);
--user_settings := get_user_settings_from_clientid_fn(metadata_rec.id::INTEGER); RAISE DEBUG '-> cron_process_monitor_offline_fn get_user_settings_from_clientid_fn [%]', user_settings;
RAISE DEBUG '-> debug monitor_offline get_user_settings_from_metadata_fn [%]', user_settings;
-- Send notification -- Send notification
--PERFORM send_notification_fn('monitor_offline'::TEXT, metadata_rec::RECORD); PERFORM send_notification_fn('monitor_offline'::TEXT, user_settings::JSONB);
PERFORM send_email_py_fn('monitor_offline'::TEXT, user_settings::JSONB, app_settings::JSONB); --PERFORM send_email_py_fn('monitor_offline'::TEXT, user_settings::JSONB, app_settings::JSONB);
--PERFORM send_pushover_py_fn('monitor_offline'::TEXT, user_settings::JSONB, app_settings::JSONB); --PERFORM send_pushover_py_fn('monitor_offline'::TEXT, user_settings::JSONB, app_settings::JSONB);
-- log/insert/update process_queue table with processed -- log/insert/update process_queue table with processed
INSERT INTO process_queue INSERT INTO process_queue
@@ -140,12 +149,12 @@ begin
VALUES VALUES
('monitoring_offline', metadata_rec.id, metadata_rec.interval, now()) ('monitoring_offline', metadata_rec.id, metadata_rec.interval, now())
RETURNING id INTO process_id; RETURNING id INTO process_id;
RAISE NOTICE '-> updated process_queue table [%]', process_id; RAISE NOTICE '-> cron_process_monitor_offline_fn updated process_queue table [%]', process_id;
END LOOP; END LOOP;
END; END;
$$ language plpgsql; $$ language plpgsql;
-- Description -- Description
COMMENT ON FUNCTION COMMENT ON FUNCTION
public.cron_process_monitor_offline_fn public.cron_process_monitor_offline_fn
IS 'init by pg_cron to monitor offline pending notification, if so perform send_email o send_pushover base on user preferences'; IS 'init by pg_cron to monitor offline pending notification, if so perform send_email o send_pushover base on user preferences';
@@ -169,27 +178,36 @@ begin
SELECT * INTO metadata_rec SELECT * INTO metadata_rec
FROM api.metadata FROM api.metadata
WHERE id = process_rec.payload::INTEGER; WHERE id = process_rec.payload::INTEGER;
IF metadata_rec.client_id IS NULL OR metadata_rec.client_id = '' THEN
RAISE WARNING '-> cron_process_monitor_online_fn invalid metadata record client_id %', client_id;
RAISE EXCEPTION 'Invalid metadata'
USING HINT = 'Unknow client_id';
RETURN;
END IF;
PERFORM set_config('vessel.client_id', metadata_rec.client_id, false);
RAISE DEBUG '-> DEBUG cron_process_monitor_online_fn vessel.client_id %', current_setting('vessel.client_id', false);
-- Gather email and pushover app settings -- Gather email and pushover app settings
app_settings = get_app_settings_fn(); --app_settings = get_app_settings_fn();
-- Gather user settings -- Gather user settings
user_settings := get_user_settings_from_metadata_fn(metadata_rec.id::INTEGER); user_settings := get_user_settings_from_clientid_fn(metadata_rec.client_id::TEXT);
--user_settings := get_user_settings_from_clientid_fn((metadata_rec.client_id::INTEGER, ); RAISE DEBUG '-> DEBUG cron_process_monitor_online_fn get_user_settings_from_clientid_fn [%]', user_settings;
RAISE NOTICE '-> debug monitor_online get_user_settings_from_metadata_fn [%]', user_settings;
-- Send notification -- Send notification
--PERFORM send_notification_fn('monitor_online'::TEXT, metadata_rec::RECORD); PERFORM send_notification_fn('monitor_online'::TEXT, user_settings::JSONB);
PERFORM send_email_py_fn('monitor_online'::TEXT, user_settings::JSONB, app_settings::JSONB); --PERFORM send_email_py_fn('monitor_online'::TEXT, user_settings::JSONB, app_settings::JSONB);
--PERFORM send_pushover_py_fn('monitor_online'::TEXT, user_settings::JSONB, app_settings::JSONB); --PERFORM send_pushover_py_fn('monitor_online'::TEXT, user_settings::JSONB, app_settings::JSONB);
-- update process_queue entry as processed -- update process_queue entry as processed
UPDATE process_queue UPDATE process_queue
SET SET
processed = NOW() processed = NOW()
WHERE id = process_rec.id; WHERE id = process_rec.id;
RAISE NOTICE '-> updated process_queue table [%]', process_rec.id; RAISE NOTICE '-> cron_process_monitor_online_fn updated process_queue table [%]', process_rec.id;
END LOOP; END LOOP;
END; END;
$$ language plpgsql; $$ language plpgsql;
-- Description -- Description
COMMENT ON FUNCTION COMMENT ON FUNCTION
public.cron_process_monitor_online_fn public.cron_process_monitor_online_fn
IS 'init by pg_cron to monitor back online pending notification, if so perform send_email or send_pushover base on user preferences'; IS 'init by pg_cron to monitor back online pending notification, if so perform send_email or send_pushover base on user preferences';
@@ -213,14 +231,43 @@ begin
SET SET
processed = NOW() processed = NOW()
WHERE id = process_rec.id; WHERE id = process_rec.id;
RAISE NOTICE '-> updated process_queue table [%]', process_rec.id; RAISE NOTICE '-> cron_process_new_account_fn updated process_queue table [%]', process_rec.id;
END LOOP; END LOOP;
END; END;
$$ language plpgsql; $$ language plpgsql;
-- Description -- Description
COMMENT ON FUNCTION COMMENT ON FUNCTION
public.cron_process_new_account_fn public.cron_process_new_account_fn
IS 'init by pg_cron to check for new account pending update, if so perform process_account_queue_fn'; IS 'deprecated, init by pg_cron to check for new account pending update, if so perform process_account_queue_fn';
-- CRON for new account pending otp validation notification
CREATE FUNCTION cron_process_new_account_otp_validation_fn() RETURNS void AS $$
declare
process_rec record;
begin
-- Check for new account pending update
RAISE NOTICE 'cron_process_new_account_otp_validation_fn';
FOR process_rec in
SELECT * from process_queue
where channel = 'new_account_otp' and processed is null
order by stored asc
LOOP
RAISE NOTICE '-> cron_process_new_account_otp_validation_fn [%]', process_rec.payload;
-- update account
PERFORM process_account_otp_validation_queue_fn(process_rec.payload::TEXT);
-- update process_queue entry as processed
UPDATE process_queue
SET
processed = NOW()
WHERE id = process_rec.id;
RAISE NOTICE '-> cron_process_new_account_otp_validation_fn updated process_queue table [%]', process_rec.id;
END LOOP;
END;
$$ language plpgsql;
-- Description
COMMENT ON FUNCTION
public.cron_process_new_account_otp_validation_fn
IS 'deprecated, init by pg_cron to check for new account otp pending update, if so perform process_account_otp_validation_queue_fn';
-- CRON for new vessel pending notification -- CRON for new vessel pending notification
CREATE FUNCTION cron_process_new_vessel_fn() RETURNS void AS $$ CREATE FUNCTION cron_process_new_vessel_fn() RETURNS void AS $$
@@ -242,17 +289,49 @@ begin
SET SET
processed = NOW() processed = NOW()
WHERE id = process_rec.id; WHERE id = process_rec.id;
RAISE NOTICE '-> updated process_queue table [%]', process_rec.id; RAISE NOTICE '-> cron_process_new_vessel_fn updated process_queue table [%]', process_rec.id;
END LOOP; END LOOP;
END; END;
$$ language plpgsql; $$ language plpgsql;
-- Description -- Description
COMMENT ON FUNCTION COMMENT ON FUNCTION
public.cron_process_new_vessel_fn public.cron_process_new_vessel_fn
IS 'init by pg_cron to check for new vessel pending update, if so perform process_vessel_queue_fn'; IS 'deprecated, init by pg_cron to check for new vessel pending update, if so perform process_vessel_queue_fn';
-- CRON for new event notification
CREATE FUNCTION cron_process_new_notification_fn() RETURNS void AS $$
declare
process_rec record;
begin
-- Check for new event notification pending update
RAISE NOTICE 'cron_process_new_notification_fn';
FOR process_rec in
SELECT * FROM process_queue
WHERE
(channel = 'new_account' OR channel = 'new_vessel' OR channel = 'email_otp')
and processed is null
order by stored asc
LOOP
RAISE NOTICE '-> cron_process_new_notification_fn for [%]', process_rec.payload;
-- process_notification_queue
PERFORM process_notification_queue_fn(process_rec.payload::TEXT, process_rec.channel::TEXT);
-- update process_queue entry as processed
UPDATE process_queue
SET
processed = NOW()
WHERE id = process_rec.id;
RAISE NOTICE '-> cron_process_new_notification_fn updated process_queue table [%]', process_rec.id;
END LOOP;
END;
$$ language plpgsql;
-- Description
COMMENT ON FUNCTION
public.cron_process_new_notification_fn
IS 'init by pg_cron to check for new event pending notifications, if so perform process_notification_queue_fn';
-- CRON for Vacuum database -- CRON for Vacuum database
CREATE FUNCTION cron_vaccum_fn() RETURNS void AS $$ CREATE FUNCTION cron_vaccum_fn() RETURNS void AS $$
-- ERROR: VACUUM cannot be executed from a function
declare declare
begin begin
-- Vacuum -- Vacuum
@@ -268,3 +347,18 @@ $$ language plpgsql;
COMMENT ON FUNCTION COMMENT ON FUNCTION
public.cron_vaccum_fn public.cron_vaccum_fn
IS 'init by pg_cron to full vaccum tables on schema api'; IS 'init by pg_cron to full vaccum tables on schema api';
-- CRON for Vacuum database
CREATE FUNCTION job_run_details_cleanup_fn() RETURNS void AS $$
DECLARE
BEGIN
-- Remove job run log older than 3 months
RAISE NOTICE 'job_run_details_cleanup_fn';
DELETE FROM postgres.cron.job_run_details
WHERE start_time <= NOW() AT TIME ZONE 'UTC' - INTERVAL '91 DAYS';
END;
$$ language plpgsql;
-- Description
COMMENT ON FUNCTION
public.cron_vaccum_fn
IS 'init by pg_cron to cleanup job_run_details table on schema public postgras db';

888
initdb/02_3_1_signalk_public_tables.sql Normal file
View File

@@ -0,0 +1,888 @@
---------------------------------------------------------------------------
-- singalk db public schema tables
--
-- List current database
select current_database();
-- connect to the DB
\c signalk
CREATE SCHEMA IF NOT EXISTS public;
COMMENT ON SCHEMA public IS 'backend public functions and tables';
---------------------------------------------------------------------------
-- Table geocoders
--
-- https://github.com/CartoDB/labs-postgresql/blob/master/workshop/plpython.md
--
CREATE TABLE IF NOT EXISTS geocoders(
name TEXT UNIQUE,
url TEXT,
reverse_url TEXT
);
-- Description
COMMENT ON TABLE
public.geocoders
IS 'geo service nominatim url';
INSERT INTO geocoders VALUES
('nominatim',
NULL,
'https://nominatim.openstreetmap.org/reverse');
-- https://photon.komoot.io/reverse?lat=48.30587233333333&lon=14.3040525
-- https://docs.mapbox.com/playground/geocoding/?search_text=-3.1457869856990897,51.35921326434686&limit=1
---------------------------------------------------------------------------
-- Tables for message template email/pushover/telegram
--
DROP TABLE IF EXISTS public.email_templates;
CREATE TABLE IF NOT EXISTS public.email_templates(
name TEXT UNIQUE,
email_subject TEXT,
email_content TEXT,
pushover_title TEXT,
pushover_message TEXT
);
-- Description
COMMENT ON TABLE
public.email_templates
IS 'email/message templates for notifications';
-- with escape value, eg: E'A\nB\r\nC'
-- https://stackoverflow.com/questions/26638615/insert-line-break-in-postgresql-when-updating-text-field
-- TODO Update notification subject for log entry to 'logbook #NB ...'
INSERT INTO email_templates VALUES
('logbook',
'New Logbook Entry',
E'Hello __RECIPIENT__,\n\nWe just wanted to let you know that you have a new entry on openplotter.cloud: "__LOGBOOK_NAME__"\r\n\r\nSee more details at __APP_URL__/log/__LOGBOOK_LINK__\n\nHappy sailing!\nThe PostgSail Team',
'New Logbook Entry',
E'New entry on openplotter.cloud: "__LOGBOOK_NAME__"\r\nSee more details at __APP_URL__/log/__LOGBOOK_LINK__\n'),
('new_account',
'Welcome',
E'Hello __RECIPIENT__,\nCongratulations!\nYou successfully created an account.\nKeep in mind to register your vessel.\nHappy sailing!',
'Welcome',
E'Hi!\nYou successfully created an account\nKeep in mind to register your vessel.\n'),
('new_vessel',
'New vessel',
E'Hi!\nHow are you?\n__BOAT__ is now linked to your account.\n',
'New vessel',
E'Hi!\nHow are you?\n__BOAT__ is now linked to your account.\n'),
('monitor_offline',
'Vessel Offline',
E'__BOAT__ has been offline for more than an hour\r\nFind more details at __APP_URL__/boats\n',
'Vessel Offline',
E'__BOAT__ has been offline for more than an hour\r\nFind more details at __APP_URL__/boats\n'),
('monitor_online',
'Vessel Online',
E'__BOAT__ just came online\nFind more details at __APP_URL__/boats\n',
'Vessel Online',
E'__BOAT__ just came online\nFind more details at __APP_URL__/boats\n'),
('new_badge',
'New Badge!',
E'Hello __RECIPIENT__,\nCongratulations! You have just unlocked a new badge: __BADGE_NAME__\nSee more details at __APP_URL__/badges\nHappy sailing!\nThe PostgSail Team',
'New Badge!',
E'Congratulations!\nYou have just unlocked a new badge: __BADGE_NAME__\nSee more details at __APP_URL__/badges\n'),
('pushover_valid',
'Pushover integration',
E'Hello __RECIPIENT__,\nCongratulations! You have just connect your account to Pushover.\n\nThe PostgSail Team',
'Pushover integration!',
E'Congratulations!\nYou have just connect your account to Pushover.\n'),
('email_otp',
'Email verification',
E'Hello,\nPlease active your account using the following code: __OTP_CODE__.\nThe code is valid 15 minutes.\nThe PostgSail Team',
'Email verification',
E'Congratulations!\nPlease validate your account. Check your email!'),
('email_valid',
'Email verified',
E'Hello,\nCongratulations!\nYou successfully validate your account.\nThe PostgSail Team',
'Email verified',
E'Hi!\nYou successfully validate your account.\n'),
('email_reset',
'Password reset',
E'Hello,\nYou requested a password reset. To reset your password __APP_URL__/reset?__RESET_QS__.\nThe PostgSail Team',
'Password reset',
E'You requested a password recovery. Check your email!\n'),
('telegram_otp',
'Telegram bot',
E'Hello,\nTo connect your account to a @postgsail_bot. Please type this verification code __OTP_CODE__ back to the bot.\nThe code is valid 15 minutes.\nThe PostgSail Team',
'Telegram bot',
E'Hello,\nTo connect your account to a @postgsail_bot. Check your email!\n'),
('telegram_valid',
'Telegram bot',
E'Hello __RECIPIENT__,\nCongratulations! You have just connect your account to your vessel, @postgsail_bot.\n\nThe PostgSail Team',
'Telegram bot!',
E'Congratulations!\nYou have just connect your account to your vessel, @postgsail_bot.\n');
---------------------------------------------------------------------------
-- Queue handling
--
-- https://gist.github.com/kissgyorgy/beccba1291de962702ea9c237a900c79
-- https://www.depesz.com/2012/06/13/how-to-send-mail-from-database/
-- Listen/Notify way
--create function new_logbook_entry() returns trigger as $$
--begin
-- perform pg_notify('new_logbook_entry', NEW.id::text);
-- return NEW;
--END;
--$$ language plpgsql;
-- table way
CREATE TABLE IF NOT EXISTS public.process_queue (
id SERIAL PRIMARY KEY,
channel TEXT NOT NULL,
payload TEXT NOT NULL,
stored TIMESTAMP WITHOUT TIME ZONE NOT NULL,
processed TIMESTAMP WITHOUT TIME ZONE DEFAULT NULL
);
-- Description
COMMENT ON TABLE
public.process_queue
IS 'process queue for async job';
-- Index
CREATE INDEX ON public.process_queue (channel);
CREATE INDEX ON public.process_queue (stored);
CREATE INDEX ON public.process_queue (processed);
-- Function process_queue helpers
create function new_account_entry_fn() returns trigger as $new_account_entry$
begin
insert into process_queue (channel, payload, stored) values ('new_account', NEW.email, now());
return NEW;
END;
$new_account_entry$ language plpgsql;
create function new_account_otp_validation_entry_fn() returns trigger as $new_account_otp_validation_entry$
begin
insert into process_queue (channel, payload, stored) values ('email_otp', NEW.email, now());
return NEW;
END;
$new_account_otp_validation_entry$ language plpgsql;
create function new_vessel_entry_fn() returns trigger as $new_vessel_entry$
begin
insert into process_queue (channel, payload, stored) values ('new_vessel', NEW.owner_email, now());
return NEW;
END;
$new_vessel_entry$ language plpgsql;
---------------------------------------------------------------------------
-- Tables Application Settings
-- https://dba.stackexchange.com/questions/27296/storing-application-settings-with-different-datatypes#27297
-- https://stackoverflow.com/questions/6893780/how-to-store-site-wide-settings-in-a-database
-- http://cvs.savannah.gnu.org/viewvc/*checkout*/gnumed/gnumed/gnumed/server/sql/gmconfiguration.sql
CREATE TABLE IF NOT EXISTS public.app_settings (
name TEXT NOT NULL UNIQUE,
value TEXT NOT NULL
);
-- Description
COMMENT ON TABLE public.app_settings IS 'application settings';
COMMENT ON COLUMN public.app_settings.name IS 'application settings name key';
COMMENT ON COLUMN public.app_settings.value IS 'application settings value';
---------------------------------------------------------------------------
-- Badges description
--
DROP TABLE IF EXISTS public.badges;
CREATE TABLE IF NOT EXISTS public.badges(
name TEXT UNIQUE,
description TEXT
);
-- Description
COMMENT ON TABLE
public.badges
IS 'Badges descriptions';
INSERT INTO badges VALUES
('Helmsman',
'Nice work logging your first sail! You are officially a helmsman now!'),
('Wake Maker',
'Yowzers! Welcome to the 15 knot+ club ya speed demon skipper!'),
('Explorer',
'It looks like home is where the helm is. Cheers to 10 days away from home port!'),
('Mooring Pro',
'It takes a lot of skill to "thread that floating needle" but seems like you have mastered mooring with 10 nights on buoy!'),
('Anchormaster',
'Hook, line and sinker, you have this anchoring thing down! 25 days on the hook for you!'),
('Traveler todo',
'Who needs to fly when one can sail! You are an international sailor. À votre santé!'),
('Stormtrooper',
'Just like the elite defenders of the Empire, here you are, our braving your own hydro-empire in windspeeds above 30kts. Nice work trooper! '),
('Club Alaska',
'Home to the bears, glaciers, midnight sun and high adventure. Welcome to the Club Alaska Captain!'),
('Tropical Traveler',
'Look at you with your suntan, tropical drink and southern latitude!'),
('Aloha Award',
'Ticking off over 2300 NM across the great blue Pacific makes you the rare recipient of the Aloha Award. Well done and Aloha sailor!'),
('Navigator Award',
'Woohoo! You made it, Ticking off over 100NM in one go, well done sailor!'),
('Captain Award',
'Congratulation, you reach over 1000NM, well done sailor!');
---------------------------------------------------------------------------
-- aistypes description
--
DROP TABLE IF EXISTS public.aistypes;
CREATE TABLE IF NOT EXISTS aistypes(
id NUMERIC UNIQUE,
description TEXT
);
-- Description
COMMENT ON TABLE
public.aistypes
IS 'aistypes AIS Ship Types, https://api.vesselfinder.com/docs/ref-aistypes.html';
INSERT INTO aistypes VALUES
(0, 'Not available (default)'),
(20, 'Wing in ground (WIG), all ships of this type'),
(21, 'Wing in ground (WIG), Hazardous category A'),
(22, 'Wing in ground (WIG), Hazardous category B'),
(23, 'Wing in ground (WIG), Hazardous category C'),
(24, 'Wing in ground (WIG), Hazardous category D'),
(25, 'Wing in ground (WIG), Reserved for future use'),
(26, 'Wing in ground (WIG), Reserved for future use'),
(27, 'Wing in ground (WIG), Reserved for future use'),
(28, 'Wing in ground (WIG), Reserved for future use'),
(29, 'Wing in ground (WIG), Reserved for future use'),
(30, 'Fishing'),
(31, 'Towing'),
(32, 'Towing: length exceeds 200m or breadth exceeds 25m'),
(33, 'Dredging or underwater ops'),
(34, 'Diving ops'),
(35, 'Military ops'),
(36, 'Sailing'),
(37, 'Pleasure Craft'),
(38, 'Reserved'),
(39, 'Reserved'),
(40, 'High speed craft (HSC), all ships of this type'),
(41, 'High speed craft (HSC), Hazardous category A'),
(42, 'High speed craft (HSC), Hazardous category B'),
(43, 'High speed craft (HSC), Hazardous category C'),
(44, 'High speed craft (HSC), Hazardous category D'),
(45, 'High speed craft (HSC), Reserved for future use'),
(46, 'High speed craft (HSC), Reserved for future use'),
(47, 'High speed craft (HSC), Reserved for future use'),
(48, 'High speed craft (HSC), Reserved for future use'),
(49, 'High speed craft (HSC), No additional information'),
(50, 'Pilot Vessel'),
(51, 'Search and Rescue vessel'),
(52, 'Tug'),
(53, 'Port Tender'),
(54, 'Anti-pollution equipment'),
(55, 'Law Enforcement'),
(56, 'Spare - Local Vessel'),
(57, 'Spare - Local Vessel'),
(58, 'Medical Transport'),
(59, 'Noncombatant ship according to RR Resolution No. 18'),
(60, 'Passenger, all ships of this type'),
(61, 'Passenger, Hazardous category A'),
(62, 'Passenger, Hazardous category B'),
(63, 'Passenger, Hazardous category C'),
(64, 'Passenger, Hazardous category D'),
(65, 'Passenger, Reserved for future use'),
(66, 'Passenger, Reserved for future use'),
(67, 'Passenger, Reserved for future use'),
(68, 'Passenger, Reserved for future use'),
(69, 'Passenger, No additional information'),
(70, 'Cargo, all ships of this type'),
(71, 'Cargo, Hazardous category A'),
(72, 'Cargo, Hazardous category B'),
(73, 'Cargo, Hazardous category C'),
(74, 'Cargo, Hazardous category D'),
(75, 'Cargo, Reserved for future use'),
(76, 'Cargo, Reserved for future use'),
(77, 'Cargo, Reserved for future use'),
(78, 'Cargo, Reserved for future use'),
(79, 'Cargo, No additional information'),
(80, 'Tanker, all ships of this type'),
(81, 'Tanker, Hazardous category A'),
(82, 'Tanker, Hazardous category B'),
(83, 'Tanker, Hazardous category C'),
(84, 'Tanker, Hazardous category D'),
(85, 'Tanker, Reserved for future use'),
(86, 'Tanker, Reserved for future use'),
(87, 'Tanker, Reserved for future use'),
(88, 'Tanker, Reserved for future use'),
(89, 'Tanker, No additional information'),
(90, 'Other Type, all ships of this type'),
(91, 'Other Type, Hazardous category A'),
(92, 'Other Type, Hazardous category B'),
(93, 'Other Type, Hazardous category C'),
(94, 'Other Type, Hazardous category D'),
(95, 'Other Type, Reserved for future use'),
(96, 'Other Type, Reserved for future use'),
(97, 'Other Type, Reserved for future use'),
(98, 'Other Type, Reserved for future use'),
(99, 'Other Type, no additional information');
---------------------------------------------------------------------------
-- MMSI MID Codes
--
DROP TABLE IF EXISTS public.mid;
CREATE TABLE IF NOT EXISTS public.mid(
country TEXT,
id NUMERIC UNIQUE,
country_id INTEGER
);
-- Description
COMMENT ON TABLE
public.mid
IS 'MMSI MID Codes (Maritime Mobile Service Identity) Filtered by Flag of Registration, https://www.marinevesseltraffic.com/2013/11/mmsi-mid-codes-by-flag.html';
INSERT INTO mid VALUES
('Adelie Land', 501, NULL),
('Afghanistan', 401, 4),
('Alaska', 303, 840),
('Albania', 201, 8),
('Algeria', 605, 12),
('American Samoa', 559, 16),
('Andorra', 202, 20),
('Angola', 603, 24),
('Anguilla', 301, 660),
('Antigua and Barbuda', 304, 28),
('Antigua and Barbuda', 305, 28),
('Argentina', 701, 32),
('Armenia', 216, 51),
('Aruba', 307, 533),
('Ascension Island', 608, NULL),
('Australia', 503, 36),
('Austria', 203, 40),
('Azerbaijan', 423, 31),
('Azores', 204, NULL),
('Bahamas', 308, 44),
('Bahamas', 309, 44),
('Bahamas', 311, 44),
('Bahrain', 408, 48),
('Bangladesh', 405, 50),
('Barbados', 314, 52),
('Belarus', 206, 112),
('Belgium', 205, 56),
('Belize', 312, 84),
('Benin', 610, 204),
('Bermuda', 310, 60),
('Bhutan', 410, 64),
('Bolivia', 720, 68),
('Bosnia and Herzegovina', 478, 70),
('Botswana', 611, 72),
('Brazil', 710, 76),
('British Virgin Islands', 378, 92),
('Brunei Darussalam', 508, 96),
('Bulgaria', 207, 100),
('Burkina Faso', 633, 854),
('Burundi', 609, 108),
('Cambodia', 514, 116),
('Cambodia', 515, 116),
('Cameroon', 613, 120),
('Canada', 316, 124),
('Cape Verde', 617, 132),
('Cayman Islands', 319, 136),
('Central African Republic', 612, 140),
('Chad', 670, 148),
('Chile', 725, 152),
('China', 412, 156),
('China', 413, 156),
('China', 414, 156),
('Christmas Island', 516, 162),
('Cocos Islands', 523, 166),
('Colombia', 730, 170),
('Comoros', 616, 174),
('Comoros', 620, 174),
('Congo', 615, 178),
('Cook Islands', 518, 184),
('Costa Rica', 321, 188),
(E'Côte d\'Ivoire', 619, 384),
('Croatia', 238, 191),
('Crozet Archipelago', 618, NULL),
('Cuba', 323, 192),
('Cyprus', 209, 196),
('Cyprus', 210, 196),
('Cyprus', 212, 196),
('Czech Republic', 270, 203),
('Denmark', 219, 208),
('Denmark', 220, 208),
('Djibouti', 621, 262),
('Dominica', 325, 212),
('Dominican Republic', 327, 214),
('DR Congo', 676, NULL),
('Ecuador', 735, 218),
('Egypt', 622, 818),
('El Salvador', 359, 222),
('Equatorial Guinea', 631, 226),
('Eritrea', 625, 232),
('Estonia', 276, 233),
('Ethiopia', 624, 231),
('Falkland Islands', 740, 234),
('Faroe Islands', 231, NULL),
('Fiji', 520, 242),
('Finland', 230, 246),
('France', 226, 250),
('France', 227, 250),
('France', 228, 250),
('French Polynesia', 546, 260),
('Gabonese Republic', 626, 266),
('Gambia', 629, 270),
('Georgia', 213, 268),
('Germany', 211, 276),
('Germany', 218, 276),
('Ghana', 627, 288),
('Gibraltar', 236, 292),
('Greece', 237, 300),
('Greece', 239, 300),
('Greece', 240, 300),
('Greece', 241, 300),
('Greenland', 331, 304),
('Grenada', 330, 308),
('Guadeloupe', 329, 312),
('Guatemala', 332, 320),
('Guiana', 745, 324),
('Guinea', 632, 324),
('Guinea-Bissau', 630, 624),
('Guyana', 750, 328),
('Haiti', 336, 332),
('Honduras', 334, 340),
('Hong Kong', 477, 344),
('Hungary', 243, 348),
('Iceland', 251, 352),
('India', 419, 356),
('Indonesia', 525, 360),
('Iran', 422, 364),
('Iraq', 425, 368),
('Ireland', 250, 372),
('Israel', 428, 376),
('Italy', 247, 380),
('Jamaica', 339, 388),
('Japan', 431, 392),
('Japan', 432, 392),
('Jordan', 438, 400),
('Kazakhstan', 436, 398),
('Kenya', 634, 404),
('Kerguelen Islands', 635, NULL),
('Kiribati', 529, 296),
('Kuwait', 447, 414),
('Kyrgyzstan', 451, 417),
('Lao', 531, 418),
('Latvia', 275, 428),
('Lebanon', 450, 422),
('Lesotho', 644, 426),
('Liberia', 636, 430),
('Liberia', 637, 430),
('Libya', 642, 434),
('Liechtenstein', 252, 438),
('Lithuania', 277, 440),
('Luxembourg', 253, 442),
('Macao', 453, 446),
('Madagascar', 647, 450),
('Madeira', 255, NULL),
('Makedonia', 274, NULL),
('Malawi', 655, 454),
('Malaysia', 533, 458),
('Maldives', 455, 462),
('Mali', 649, 466),
('Malta', 215, 470),
('Malta', 229, 470),
('Malta', 248, 470),
('Malta', 249, 470),
('Malta', 256, 470),
('Marshall Islands', 538, 584),
('Martinique', 347, 474),
('Mauritania', 654, 478),
('Mauritius', 645, 480),
('Mexico', 345, 484),
('Micronesia', 510, 583),
('Moldova', 214, 498),
('Monaco', 254, 492),
('Mongolia', 457, 496),
('Montenegro', 262, 499),
('Montserrat', 348, 500),
('Morocco', 242, 504),
('Mozambique', 650, 508),
('Myanmar', 506, 104),
('Namibia', 659, 516),
('Nauru', 544, 520),
('Nepal', 459, 524),
('Netherlands', 244, 528),
('Netherlands', 245, 528),
('Netherlands', 246, 528),
('Netherlands Antilles', 306, NULL),
('New Caledonia', 540, 540),
('New Zealand', 512, 554),
('Nicaragua', 350, 558),
('Niger', 656, 562),
('Nigeria', 657, 566),
('Niue', 542, 570),
('North Korea', 445, 408),
('Northern Mariana Islands', 536, 580),
('Norway', 257, 578),
('Norway', 258, 578),
('Norway', 259, 578),
('Oman', 461, 512),
('Pakistan', 463, 586),
('Palau', 511, 585),
('Palestine', 443, 275),
('Panama', 351, 591),
('Panama', 352, 591),
('Panama', 353, 591),
('Panama', 354, 591),
('Panama', 355, 591),
('Panama', 356, 591),
('Panama', 357, 591),
('Panama', 370, 591),
('Panama', 371, 591),
('Panama', 372, 591),
('Panama', 373, 591),
('Papua New Guinea', 553, 598),
('Paraguay', 755, 600),
('Peru', 760, 604),
('Philippines', 548, 608),
('Pitcairn Island', 555, 612),
('Poland', 261, 616),
('Portugal', 263, 620),
('Puerto Rico', 358, 630),
('Qatar', 466, 634),
('Reunion', 660, 638),
('Romania', 264, 642),
('Russian Federation', 273, 643),
('Rwanda', 661, 646),
('Saint Helena', 665, 654),
('Saint Kitts and Nevis', 341, 659),
('Saint Lucia', 343, 662),
('Saint Paul and Amsterdam Islands', 607, NULL),
('Saint Pierre and Miquelon', 361, 666),
('Samoa', 561, 882),
('San Marino', 268, 674),
('Sao Tome and Principe', 668, 678),
('Saudi Arabia', 403, 682),
('Senegal', 663, 686),
('Serbia', 279, 688),
('Seychelles', 664, 690),
('Sierra Leone', 667, 694),
('Singapore', 563, 702),
('Singapore', 564, 702),
('Singapore', 565, 702),
('Singapore', 566, 702),
('Slovakia', 267, 703),
('Slovenia', 278, 705),
('Solomon Islands', 557, 90),
('Somalia', 666, 706),
('South Africa', 601, 710),
('South Korea', 440, 410),
('South Korea', 441, 410),
('South Sudan', 638, 728),
('Spain', 224, 724),
('Spain', 225, 724),
('Sri Lanka', 417, 144),
('St Vincent and the Grenadines', 375, 670),
('St Vincent and the Grenadines', 376, 670),
('St Vincent and the Grenadines', 377, 670),
('Sudan', 662, 729),
('Suriname', 765, 740),
('Swaziland', 669, 748),
('Sweden', 265, 752),
('Sweden', 266, 752),
('Switzerland', 269, 756),
('Syria', 468, 760),
('Taiwan', 416, 158),
('Tajikistan', 472, 762),
('Tanzania', 674, 834),
('Tanzania', 677, 834),
('Thailand', 567, 764),
('Togolese', 671, 768),
('Tonga', 570, 776),
('Trinidad and Tobago', 362, 780),
('Tunisia', 672, 788),
('Turkey', 271, 792),
('Turkmenistan', 434, 795),
('Turks and Caicos Islands', 364, 796),
('Tuvalu', 572, 798),
('Uganda', 675, 800),
('Ukraine', 272, 804),
('United Arab Emirates', 470, 784),
('United Kingdom', 232, 826),
('United Kingdom', 233, 826),
('United Kingdom', 234, 826),
('United Kingdom', 235, 826),
('Uruguay', 770, 858),
('US Virgin Islands', 379, 850),
('USA', 338, 840),
('USA', 366, 840),
('USA', 367, 840),
('USA', 368, 840),
('USA', 369, 840),
('Uzbekistan', 437, 860),
('Vanuatu', 576, 548),
('Vanuatu', 577, 548),
('Vatican City', 208, NULL),
('Venezuela', 775, 862),
('Vietnam', 574, 704),
('Wallis and Futuna Islands', 578, 876),
('Yemen', 473, 887),
('Yemen', 475, 887),
('Zambia', 678, 894),
('Zimbabwe', 679, 716);
---------------------------------------------------------------------------
--
DROP TABLE IF EXISTS public.iso3166;
CREATE TABLE IF NOT EXISTS public.iso3166(
id INTEGER,
country TEXT,
alpha_2 TEXT,
alpha_3 TEXT
);
-- Description
COMMENT ON TABLE
public.iso3166
IS 'This is a complete list of all country ISO codes as described in the ISO 3166 international standard. Country Codes Alpha-2 & Alpha-3 https://www.iban.com/country-codes';
INSERT INTO iso3166 VALUES
(4,'Afghanistan','AF','AFG'),
(8,'Albania','AL','ALB'),
(12,'Algeria','DZ','DZA'),
(16,'American Samoa','AS','ASM'),
(20,'Andorra','AD','AND'),
(24,'Angola','AO','AGO'),
(660,'Anguilla','AI','AIA'),
(10,'Antarctica','AQ','ATA'),
(28,'Antigua and Barbuda','AG','ATG'),
(32,'Argentina','AR','ARG'),
(51,'Armenia','AM','ARM'),
(533,'Aruba','AW','ABW'),
(36,'Australia','AU','AUS'),
(40,'Austria','AT','AUT'),
(31,'Azerbaijan','AZ','AZE'),
(44,'Bahamas (the)','BS','BHS'),
(48,'Bahrain','BH','BHR'),
(50,'Bangladesh','BD','BGD'),
(52,'Barbados','BB','BRB'),
(112,'Belarus','BY','BLR'),
(56,'Belgium','BE','BEL'),
(84,'Belize','BZ','BLZ'),
(204,'Benin','BJ','BEN'),
(60,'Bermuda','BM','BMU'),
(64,'Bhutan','BT','BTN'),
(68,E'Bolivia (Plurinational State of)','BO','BOL'),
(535,'Bonaire, Sint Eustatius and Saba','BQ','BES'),
(70,'Bosnia and Herzegovina','BA','BIH'),
(72,'Botswana','BW','BWA'),
(74,'Bouvet Island','BV','BVT'),
(76,'Brazil','BR','BRA'),
(86,E'British Indian Ocean Territory (the)','IO','IOT'),
(96,'Brunei Darussalam','BN','BRN'),
(100,'Bulgaria','BG','BGR'),
(854,'Burkina Faso','BF','BFA'),
(108,'Burundi','BI','BDI'),
(132,'Cabo Verde','CV','CPV'),
(116,'Cambodia','KH','KHM'),
(120,'Cameroon','CM','CMR'),
(124,'Canada','CA','CAN'),
(136,E'Cayman Islands (the)','KY','CYM'),
(140,E'Central African Republic (the)','CF','CAF'),
(148,'Chad','TD','TCD'),
(152,'Chile','CL','CHL'),
(156,'China','CN','CHN'),
(162,'Christmas Island','CX','CXR'),
(166,E'Cocos (Keeling) Islands (the)','CC','CCK'),
(170,'Colombia','CO','COL'),
(174,'Comoros (the)','KM','COM'),
(180,E'Congo (the Democratic Republic of the)','CD','COD'),
(178,E'Congo (the)','CG','COG'),
(184,E'Cook Islands (the)','CK','COK'),
(188,'Costa Rica','CR','CRI'),
(191,'Croatia','HR','HRV'),
(192,'Cuba','CU','CUB'),
(531,'Curaçao','CW','CUW'),
(196,'Cyprus','CY','CYP'),
(203,'Czechia','CZ','CZE'),
(384,E'Côte d\'Ivoire','CI','CIV'),
(208,'Denmark','DK','DNK'),
(262,'Djibouti','DJ','DJI'),
(212,'Dominica','DM','DMA'),
(214,E'Dominican Republic (the)','DO','DOM'),
(218,'Ecuador','EC','ECU'),
(818,'Egypt','EG','EGY'),
(222,'El Salvador','SV','SLV'),
(226,'Equatorial Guinea','GQ','GNQ'),
(232,'Eritrea','ER','ERI'),
(233,'Estonia','EE','EST'),
(748,'Eswatini','SZ','SWZ'),
(231,'Ethiopia','ET','ETH'),
(238,E'Falkland Islands (the) [Malvinas]','FK','FLK'),
(234,E'Faroe Islands (the)','FO','FRO'),
(242,'Fiji','FJ','FJI'),
(246,'Finland','FI','FIN'),
(250,'France','FR','FRA'),
(254,'French Guiana','GF','GUF'),
(258,'French Polynesia','PF','PYF'),
(260,E'French Southern Territories (the)','TF','ATF'),
(266,'Gabon','GA','GAB'),
(270,E'Gambia (the)','GM','GMB'),
(268,'Georgia','GE','GEO'),
(276,'Germany','DE','DEU'),
(288,'Ghana','GH','GHA'),
(292,'Gibraltar','GI','GIB'),
(300,'Greece','GR','GRC'),
(304,'Greenland','GL','GRL'),
(308,'Grenada','GD','GRD'),
(312,'Guadeloupe','GP','GLP'),
(316,'Guam','GU','GUM'),
(320,'Guatemala','GT','GTM'),
(831,'Guernsey','GG','GGY'),
(324,'Guinea','GN','GIN'),
(624,'Guinea-Bissau','GW','GNB'),
(328,'Guyana','GY','GUY'),
(332,'Haiti','HT','HTI'),
(334,'Heard Island and McDonald Islands','HM','HMD'),
(336,E'Holy See (the)','VA','VAT'),
(340,'Honduras','HN','HND'),
(344,'Hong Kong','HK','HKG'),
(348,'Hungary','HU','HUN'),
(352,'Iceland','IS','ISL'),
(356,'India','IN','IND'),
(360,'Indonesia','ID','IDN'),
(364,E'Iran (Islamic Republic of)','IR','IRN'),
(368,'Iraq','IQ','IRQ'),
(372,'Ireland','IE','IRL'),
(833,'Isle of Man','IM','IMN'),
(376,'Israel','IL','ISR'),
(380,'Italy','IT','ITA'),
(388,'Jamaica','JM','JAM'),
(392,'Japan','JP','JPN'),
(832,'Jersey','JE','JEY'),
(400,'Jordan','JO','JOR'),
(398,'Kazakhstan','KZ','KAZ'),
(404,'Kenya','KE','KEN'),
(296,'Kiribati','KI','KIR'),
(408,E'Korea (the Democratic People\'s Republic of)','KP','PRK'),
(410,E'Korea (the Republic of)','KR','KOR'),
(414,'Kuwait','KW','KWT'),
(417,'Kyrgyzstan','KG','KGZ'),
(418,E'Lao People\'s Democratic Republic (the)','LA','LAO'),
(428,'Latvia','LV','LVA'),
(422,'Lebanon','LB','LBN'),
(426,'Lesotho','LS','LSO'),
(430,'Liberia','LR','LBR'),
(434,'Libya','LY','LBY'),
(438,'Liechtenstein','LI','LIE'),
(440,'Lithuania','LT','LTU'),
(442,'Luxembourg','LU','LUX'),
(446,'Macao','MO','MAC'),
(450,'Madagascar','MG','MDG'),
(454,'Malawi','MW','MWI'),
(458,'Malaysia','MY','MYS'),
(462,'Maldives','MV','MDV'),
(466,'Mali','ML','MLI'),
(470,'Malta','MT','MLT'),
(584,E'Marshall Islands (the)','MH','MHL'),
(474,'Martinique','MQ','MTQ'),
(478,'Mauritania','MR','MRT'),
(480,'Mauritius','MU','MUS'),
(175,'Mayotte','YT','MYT'),
(484,'Mexico','MX','MEX'),
(583,E'Micronesia (Federated States of)','FM','FSM'),
(498,E'Moldova (the Republic of)','MD','MDA'),
(492,'Monaco','MC','MCO'),
(496,'Mongolia','MN','MNG'),
(499,'Montenegro','ME','MNE'),
(500,'Montserrat','MS','MSR'),
(504,'Morocco','MA','MAR'),
(508,'Mozambique','MZ','MOZ'),
(104,'Myanmar','MM','MMR'),
(516,'Namibia','NA','NAM'),
(520,'Nauru','NR','NRU'),
(524,'Nepal','NP','NPL'),
(528,E'Netherlands (the)','NL','NLD'),
(540,'New Caledonia','NC','NCL'),
(554,'New Zealand','NZ','NZL'),
(558,'Nicaragua','NI','NIC'),
(562,E'Niger (the)','NE','NER'),
(566,'Nigeria','NG','NGA'),
(570,'Niue','NU','NIU'),
(574,'Norfolk Island','NF','NFK'),
(580,E'Northern Mariana Islands (the)','MP','MNP'),
(578,'Norway','NO','NOR'),
(512,'Oman','OM','OMN'),
(586,'Pakistan','PK','PAK'),
(585,'Palau','PW','PLW'),
(275,'Palestine, State of','PS','PSE'),
(591,'Panama','PA','PAN'),
(598,'Papua New Guinea','PG','PNG'),
(600,'Paraguay','PY','PRY'),
(604,'Peru','PE','PER'),
(608,E'Philippines (the)','PH','PHL'),
(612,'Pitcairn','PN','PCN'),
(616,'Poland','PL','POL'),
(620,'Portugal','PT','PRT'),
(630,'Puerto Rico','PR','PRI'),
(634,'Qatar','QA','QAT'),
(807,'Republic of North Macedonia','MK','MKD'),
(642,'Romania','RO','ROU'),
(643,'Russian Federation (the)','RU','RUS'),
(646,'Rwanda','RW','RWA'),
(638,'Réunion','RE','REU'),
(652,'Saint Barthélemy','BL','BLM'),
(654,'Saint Helena, Ascension and Tristan da Cunha','SH','SHN'),
(659,'Saint Kitts and Nevis','KN','KNA'),
(662,'Saint Lucia','LC','LCA'),
(663,'Saint Martin (French part)','MF','MAF'),
(666,'Saint Pierre and Miquelon','PM','SPM'),
(670,'Saint Vincent and the Grenadines','VC','VCT'),
(882,'Samoa','WS','WSM'),
(674,'San Marino','SM','SMR'),
(678,'Sao Tome and Principe','ST','STP'),
(682,'Saudi Arabia','SA','SAU'),
(686,'Senegal','SN','SEN'),
(688,'Serbia','RS','SRB'),
(690,'Seychelles','SC','SYC'),
(694,'Sierra Leone','SL','SLE'),
(702,'Singapore','SG','SGP'),
(534,'Sint Maarten (Dutch part)','SX','SXM'),
(703,'Slovakia','SK','SVK'),
(705,'Slovenia','SI','SVN'),
(90,'Solomon Islands','SB','SLB'),
(706,'Somalia','SO','SOM'),
(710,'South Africa','ZA','ZAF'),
(239,'South Georgia and the South Sandwich Islands','GS','SGS'),
(728,'South Sudan','SS','SSD'),
(724,'Spain','ES','ESP'),
(144,'Sri Lanka','LK','LKA'),
(729,'Sudan (the)','SD','SDN'),
(740,'Suriname','SR','SUR'),
(744,'Svalbard and Jan Mayen','SJ','SJM'),
(752,'Sweden','SE','SWE'),
(756,'Switzerland','CH','CHE'),
(760,'Syrian Arab Republic','SY','SYR'),
(158,'Taiwan (Province of China)','TW','TWN'),
(762,'Tajikistan','TJ','TJK'),
(834,'Tanzania, United Republic of','TZ','TZA'),
(764,'Thailand','TH','THA'),
(626,'Timor-Leste','TL','TLS'),
(768,'Togo','TG','TGO'),
(772,'Tokelau','TK','TKL'),
(776,'Tonga','TO','TON'),
(780,'Trinidad and Tobago','TT','TTO'),
(788,'Tunisia','TN','TUN'),
(792,'Turkey','TR','TUR'),
(795,'Turkmenistan','TM','TKM'),
(796,'Turks and Caicos Islands (the)','TC','TCA'),
(798,'Tuvalu','TV','TUV'),
(800,'Uganda','UG','UGA'),
(804,'Ukraine','UA','UKR'),
(784,'United Arab Emirates (the)','AE','ARE'),
(826,'United Kingdom of Great Britain and Northern Ireland (the)','GB','GBR'),
(581,'United States Minor Outlying Islands (the)','UM','UMI'),
(840,'United States of America (the)','US','USA'),
(858,'Uruguay','UY','URY'),
(860,'Uzbekistan','UZ','UZB'),
(548,'Vanuatu','VU','VUT'),
(862,'Venezuela (Bolivarian Republic of)','VE','VEN'),
(704,'Viet Nam','VN','VNM'),
(92,'Virgin Islands (British)','VG','VGB'),
(850,'Virgin Islands (U.S.)','VI','VIR'),
(876,'Wallis and Futuna','WF','WLF'),
(732,'Western Sahara','EH','ESH'),
(887,'Yemen','YE','YEM'),
(894,'Zambia','ZM','ZMB'),
(716,'Zimbabwe','ZW','ZWE'),
(248,E'Åland Islands','AX','ALA');

1197
initdb/02_3_2_signalk_public_functions.sql Normal file
View File

File diff suppressed because it is too large Load Diff

136
initdb/02_3_3_signalk_public_functions_helpers.sql Normal file
View File

@@ -0,0 +1,136 @@
---------------------------------------------------------------------------
-- singalk db public schema
--
-- List current database
select current_database();
-- connect to the DB
\c signalk
CREATE SCHEMA IF NOT EXISTS public;
---------------------------------------------------------------------------
-- basic helpers to check type and more
--
CREATE OR REPLACE FUNCTION public.isnumeric(text) RETURNS BOOLEAN AS
$isnumeric$
DECLARE x NUMERIC;
BEGIN
x = $1::NUMERIC;
RETURN TRUE;
EXCEPTION WHEN others THEN
RETURN FALSE;
END;
$isnumeric$
STRICT
LANGUAGE plpgsql IMMUTABLE;
-- Description
COMMENT ON FUNCTION
public.isnumeric
IS 'Check typeof value is numeric';
CREATE OR REPLACE FUNCTION public.isboolean(text) RETURNS BOOLEAN AS
$isboolean$
DECLARE x BOOLEAN;
BEGIN
x = $1::BOOLEAN;
RETURN TRUE;
EXCEPTION WHEN others THEN
RETURN FALSE;
END;
$isboolean$
STRICT
LANGUAGE plpgsql IMMUTABLE;
-- Description
COMMENT ON FUNCTION
public.isboolean
IS 'Check typeof value is boolean';
CREATE OR REPLACE FUNCTION public.isdate(s varchar) returns boolean as $$
BEGIN
perform s::date;
return true;
exception when others then
return false;
END;
$$ language plpgsql;
-- Description
COMMENT ON FUNCTION
public.isdate
IS 'Check typeof value is date';
CREATE OR REPLACE FUNCTION public.istimestamptz(text) RETURNS BOOLEAN AS
$isdate$
DECLARE x TIMESTAMP WITHOUT TIME ZONE;
BEGIN
x = $1::TIMESTAMP WITHOUT TIME ZONE;
RETURN TRUE;
EXCEPTION WHEN others THEN
RETURN FALSE;
END;
$isdate$
STRICT
LANGUAGE plpgsql IMMUTABLE;
-- Description
COMMENT ON FUNCTION
public.istimestamptz
IS 'Check typeof value is TIMESTAMP WITHOUT TIME ZONE';
---------------------------------------------------------------------------
-- JSON helpers
--
CREATE FUNCTION jsonb_key_exists(some_json jsonb, outer_key text)
RETURNS BOOLEAN AS $$
BEGIN
RETURN (some_json->outer_key) IS NOT NULL;
END;
$$ LANGUAGE plpgsql;
-- Description
COMMENT ON FUNCTION
public.jsonb_key_exists
IS 'function that checks if an outer key exists in some_json and returns a boolean';
-- https://stackoverflow.com/questions/42944888/merging-jsonb-values-in-postgresql
CREATE OR REPLACE FUNCTION public.jsonb_recursive_merge(A jsonb, B jsonb)
RETURNS jsonb LANGUAGE SQL AS $$
SELECT
jsonb_object_agg(
coalesce(ka, kb),
CASE
WHEN va isnull THEN vb
WHEN vb isnull THEN va
WHEN jsonb_typeof(va) <> 'object' OR jsonb_typeof(vb) <> 'object' THEN vb
ELSE jsonb_recursive_merge(va, vb) END
)
FROM jsonb_each(A) temptable1(ka, va)
FULL JOIN jsonb_each(B) temptable2(kb, vb) ON ka = kb
$$;
-- Description
COMMENT ON FUNCTION
public.jsonb_recursive_merge
IS 'Merging JSONB values';
-- https://stackoverflow.com/questions/36041784/postgresql-compare-two-jsonb-objects
CREATE OR REPLACE FUNCTION public.jsonb_diff_val(val1 JSONB,val2 JSONB)
RETURNS JSONB AS $jsonb_diff_val$
DECLARE
result JSONB;
v RECORD;
BEGIN
result = val1;
FOR v IN SELECT * FROM jsonb_each(val2) LOOP
IF result @> jsonb_build_object(v.key,v.value)
THEN result = result - v.key;
ELSIF result ? v.key THEN CONTINUE;
ELSE
result = result || jsonb_build_object(v.key,'null');
END IF;
END LOOP;
RETURN result;
END;
$jsonb_diff_val$ LANGUAGE plpgsql;
-- Description
COMMENT ON FUNCTION
public.jsonb_diff_val
IS 'Compare two jsonb objects';

418
initdb/02_3_3_signalk_public_functions_py.sql Normal file
View File

@@ -0,0 +1,418 @@
---------------------------------------------------------------------------
-- singalk db public schema
--
-- List current database
select current_database();
-- connect to the DB
\c signalk
CREATE SCHEMA IF NOT EXISTS public;
---------------------------------------------------------------------------
-- python reverse_geocode
--
-- https://github.com/CartoDB/labs-postgresql/blob/master/workshop/plpython.md
--
DROP FUNCTION IF EXISTS reverse_geocode_py_fn;
CREATE OR REPLACE FUNCTION reverse_geocode_py_fn(IN geocoder TEXT, IN lon NUMERIC, IN lat NUMERIC,
OUT geo_name TEXT)
AS $reverse_geocode_py$
import requests
# Use the shared cache to avoid preparing the geocoder metadata
if geocoder in SD:
plan = SD[geocoder]
# A prepared statement from Python
else:
plan = plpy.prepare("SELECT reverse_url AS url FROM geocoders WHERE name = $1", ["text"])
SD[geocoder] = plan
# Execute the statement with the geocoder param and limit to 1 result
rv = plpy.execute(plan, [geocoder], 1)
url = rv[0]['url']
# Validate input
if not lon or not lat:
plpy.notice('reverse_geocode_py_fn Parameters [{}] [{}]'.format(lon, lat))
plpy.error('Error missing parameters')
return None
# Make the request to the geocoder API
# https://operations.osmfoundation.org/policies/nominatim/
payload = {"lon": lon, "lat": lat, "format": "jsonv2", "zoom": 18}
r = requests.get(url, params=payload)
# Return the full address or nothing if not found
# Option1: If name is null fallback to address field road,neighbourhood,suburb
# Option2: Return the json for future reference like country
if r.status_code == 200 and "name" in r.json():
r_dict = r.json()
if r_dict["name"]:
return r_dict["name"]
elif "address" in r_dict and r_dict["address"]:
if "road" in r_dict["address"] and r_dict["address"]["road"]:
return r_dict["address"]["road"]
elif "neighbourhood" in r_dict["address"] and r_dict["address"]["neighbourhood"]:
return r_dict["address"]["neighbourhood"]
elif "suburb" in r_dict["address"] and r_dict["address"]["suburb"]:
return r_dict["address"]["suburb"]
elif "residential" in r_dict["address"] and r_dict["address"]["residential"]:
return r_dict["address"]["residential"]
elif "village" in r_dict["address"] and r_dict["address"]["village"]:
return r_dict["address"]["village"]
elif "town" in r_dict["address"] and r_dict["address"]["town"]:
return r_dict["address"]["town"]
else:
return 'n/a'
else:
return 'n/a'
else:
plpy.warning('Failed to received a geo full address %s', r.json())
#plpy.error('Failed to received a geo full address %s', r.json())
return 'unknow'
$reverse_geocode_py$ LANGUAGE plpython3u;
-- Description
COMMENT ON FUNCTION
public.reverse_geocode_py_fn
IS 'query reverse geo service to return location name using plpython3u';
---------------------------------------------------------------------------
-- python send email
--
-- https://www.programcreek.com/python/example/3684/email.utils.formatdate
DROP FUNCTION IF EXISTS send_email_py_fn;
CREATE OR REPLACE FUNCTION send_email_py_fn(IN email_type TEXT, IN _user JSONB, IN app JSONB) RETURNS void
AS $send_email_py$
# Import smtplib for the actual sending function
import smtplib
# Import the email modules we need
#from email.message import EmailMessage
from email.utils import formatdate,make_msgid
from email.mime.text import MIMEText
# Use the shared cache to avoid preparing the email metadata
if email_type in SD:
plan = SD[email_type]
# A prepared statement from Python
else:
plan = plpy.prepare("SELECT * FROM email_templates WHERE name = $1", ["text"])
SD[email_type] = plan
# Execute the statement with the email_type param and limit to 1 result
rv = plpy.execute(plan, [email_type], 1)
email_subject = rv[0]['email_subject']
email_content = rv[0]['email_content']
# Replace fields using input jsonb obj
if not _user or not app:
plpy.notice('send_email_py_fn Parameters [{}] [{}]'.format(_user, app))
plpy.error('Error missing parameters')
return None
if 'logbook_name' in _user and _user['logbook_name']:
email_content = email_content.replace('__LOGBOOK_NAME__', _user['logbook_name'])
if 'logbook_link' in _user and _user['logbook_link']:
email_content = email_content.replace('__LOGBOOK_LINK__', str(_user['logbook_link']))
if 'recipient' in _user and _user['recipient']:
email_content = email_content.replace('__RECIPIENT__', _user['recipient'])
if 'boat' in _user and _user['boat']:
email_content = email_content.replace('__BOAT__', _user['boat'])
if 'badge' in _user and _user['badge']:
email_content = email_content.replace('__BADGE_NAME__', _user['badge'])
if 'otp_code' in _user and _user['otp_code']:
email_content = email_content.replace('__OTP_CODE__', _user['otp_code'])
if 'reset_qs' in _user and _user['reset_qs']:
email_content = email_content.replace('__RESET_QS__', _user['reset_qs'])
if 'app.url' in app and app['app.url']:
email_content = email_content.replace('__APP_URL__', app['app.url'])
email_from = 'root@localhost'
if 'app.email_from' in app and app['app.email_from']:
email_from = 'PostgSail <' + app['app.email_from'] + '>'
#plpy.notice('Sending email from [{}] [{}]'.format(email_from, app['app.email_from']))
email_to = 'root@localhost'
if 'email' in _user and _user['email']:
email_to = _user['email']
#plpy.notice('Sending email to [{}] [{}]'.format(email_to, _user['email']))
else:
plpy.error('Error email to')
return None
msg = MIMEText(email_content, 'plain', 'utf-8')
msg["Subject"] = email_subject
msg["From"] = email_from
msg["To"] = email_to
msg["Date"] = formatdate()
msg["Message-ID"] = make_msgid()
server_smtp = 'localhost'
if 'app.email_server' in app and app['app.email_server']:
server_smtp = app['app.email_server']
#plpy.notice('Sending server [{}] [{}]'.format(server_smtp, app['app.email_server']))
# Send the message via our own SMTP server.
try:
# send your message with credentials specified above
with smtplib.SMTP(server_smtp, 25) as server:
if 'app.email_user' in app and app['app.email_user'] \
and 'app.email_pass' in app and app['app.email_pass']:
server.starttls()
server.login(app['app.email_user'], app['app.email_pass'])
#server.send_message(msg)
server.sendmail(msg["From"], msg["To"], msg.as_string())
server.quit()
# tell the script to report if your message was sent or which errors need to be fixed
plpy.notice('Sent email successfully to [{}] [{}]'.format(msg["To"], msg["Subject"]))
return None
except OSError as error:
plpy.error('OS Error occurred: ' + str(error))
except smtplib.SMTPConnectError:
plpy.error('Failed to connect to the server. Bad connection settings?')
except smtplib.SMTPServerDisconnected:
plpy.error('Failed to connect to the server. Wrong user/password?')
except smtplib.SMTPException as e:
plpy.error('SMTP error occurred: ' + str(e))
$send_email_py$ TRANSFORM FOR TYPE jsonb LANGUAGE plpython3u;
-- Description
COMMENT ON FUNCTION
public.send_email_py_fn
IS 'Send email notification using plpython3u';
---------------------------------------------------------------------------
-- python send pushover message
-- https://pushover.net/
DROP FUNCTION IF EXISTS send_pushover_py_fn;
CREATE OR REPLACE FUNCTION send_pushover_py_fn(IN message_type TEXT, IN _user JSONB, IN app JSONB) RETURNS void
AS $send_pushover_py$
import requests
# Use the shared cache to avoid preparing the email metadata
if message_type in SD:
plan = SD[message_type]
# A prepared statement from Python
else:
plan = plpy.prepare("SELECT * FROM email_templates WHERE name = $1", ["text"])
SD[message_type] = plan
# Execute the statement with the message_type param and limit to 1 result
rv = plpy.execute(plan, [message_type], 1)
pushover_title = rv[0]['pushover_title']
pushover_message = rv[0]['pushover_message']
# Replace fields using input jsonb obj
if 'logbook_name' in _user and _user['logbook_name']:
pushover_message = pushover_message.replace('__LOGBOOK_NAME__', _user['logbook_name'])
if 'logbook_link' in _user and _user['logbook_link']:
pushover_message = pushover_message.replace('__LOGBOOK_LINK__', str(_user['logbook_link']))
if 'recipient' in _user and _user['recipient']:
pushover_message = pushover_message.replace('__RECIPIENT__', _user['recipient'])
if 'boat' in _user and _user['boat']:
pushover_message = pushover_message.replace('__BOAT__', _user['boat'])
if 'badge' in _user and _user['badge']:
pushover_message = pushover_message.replace('__BADGE_NAME__', _user['badge'])
if 'app.url' in app and app['app.url']:
pushover_message = pushover_message.replace('__APP_URL__', app['app.url'])
pushover_token = None
if 'app.pushover_app_token' in app and app['app.pushover_app_token']:
pushover_token = app['app.pushover_app_token']
else:
plpy.error('Error no pushover token defined, check app settings')
return None
pushover_user = None
if 'pushover_user_key' in _user and _user['pushover_user_key']:
pushover_user = _user['pushover_user_key']
else:
plpy.error('Error no pushover user token defined, check user settings')
return None
# requests
r = requests.post("https://api.pushover.net/1/messages.json", data = {
"token": pushover_token,
"user": pushover_user,
"title": pushover_title,
"message": pushover_message
})
#print(r.text)
# Return ?? or None if not found
#plpy.notice('Sent pushover successfully to [{}] [{}]'.format(r.text, r.status_code))
if r.status_code == 200:
plpy.notice('Sent pushover successfully to [{}] [{}] [{}]'.format(pushover_user, pushover_title, r.text))
else:
plpy.error('Failed to send pushover')
return None
$send_pushover_py$ TRANSFORM FOR TYPE jsonb LANGUAGE plpython3u;
-- Description
COMMENT ON FUNCTION
public.send_pushover_py_fn
IS 'Send pushover notification using plpython3u';
---------------------------------------------------------------------------
-- python send telegram message
-- https://core.telegram.org/
DROP FUNCTION IF EXISTS send_telegram_py_fn;
CREATE OR REPLACE FUNCTION send_telegram_py_fn(IN message_type TEXT, IN _user JSONB, IN app JSONB) RETURNS void
AS $send_telegram_py$
"""
Send a message to a telegram user or group specified on chatId
chat_id must be a number!
"""
import requests
import json
# Use the shared cache to avoid preparing the email metadata
if message_type in SD:
plan = SD[message_type]
# A prepared statement from Python
else:
plan = plpy.prepare("SELECT * FROM email_templates WHERE name = $1", ["text"])
SD[message_type] = plan
# Execute the statement with the message_type param and limit to 1 result
rv = plpy.execute(plan, [message_type], 1)
telegram_title = rv[0]['pushover_title']
telegram_message = rv[0]['pushover_message']
# Replace fields using input jsonb obj
if 'logbook_name' in _user and _user['logbook_name']:
telegram_message = telegram_message.replace('__LOGBOOK_NAME__', _user['logbook_name'])
if 'logbook_link' in _user and _user['logbook_link']:
telegram_message = telegram_message.replace('__LOGBOOK_LINK__', str(_user['logbook_link']))
if 'recipient' in _user and _user['recipient']:
telegram_message = telegram_message.replace('__RECIPIENT__', _user['recipient'])
if 'boat' in _user and _user['boat']:
telegram_message = telegram_message.replace('__BOAT__', _user['boat'])
if 'badge' in _user and _user['badge']:
telegram_message = telegram_message.replace('__BADGE_NAME__', _user['badge'])
if 'app.url' in app and app['app.url']:
telegram_message = telegram_message.replace('__APP_URL__', app['app.url'])
telegram_token = None
if 'app.telegram_bot_token' in app and app['app.telegram_bot_token']:
telegram_token = app['app.telegram_bot_token']
else:
plpy.error('Error no telegram token defined, check app settings')
return None
telegram_chat_id = None
if 'telegram_chat_id' in _user and _user['telegram_chat_id']:
telegram_chat_id = _user['telegram_chat_id']
else:
plpy.error('Error no telegram user token defined, check user settings')
return None
# requests
headers = {'Content-Type': 'application/json',
'Proxy-Authorization': 'Basic base64'}
data_dict = {'chat_id': telegram_chat_id,
'text': telegram_message,
'parse_mode': 'HTML',
'disable_notification': False}
data = json.dumps(data_dict)
url = f'https://api.telegram.org/bot{telegram_token}/sendMessage'
r = requests.post(url,
data=data,
headers=headers)
#print(r.text)
# Return something boolean?
#plpy.notice('Sent telegram successfully to [{}] [{}]'.format(r.text, r.status_code))
if r.status_code == 200:
plpy.notice('Sent telegram successfully to [{}] [{}] [{}]'.format(telegram_chat_id, telegram_title, r.text))
else:
plpy.error('Failed to send telegram')
return None
$send_telegram_py$ TRANSFORM FOR TYPE jsonb LANGUAGE plpython3u;
-- Description
COMMENT ON FUNCTION
public.send_telegram_py_fn
IS 'Send a message to a telegram user or group specified on chatId using plpython3u';
---------------------------------------------------------------------------
-- python url encode
CREATE OR REPLACE FUNCTION urlencode_py_fn(uri text) RETURNS text
AS $urlencode_py$
import urllib.parse
return urllib.parse.quote(uri, safe="");
$urlencode_py$ LANGUAGE plpython3u IMMUTABLE STRICT;
---------------------------------------------------------------------------
-- python
-- https://ipapi.co/
DROP FUNCTION IF EXISTS reverse_geoip_py_fn;
CREATE OR REPLACE FUNCTION reverse_geoip_py_fn(IN _ip TEXT) RETURNS JSONB
AS $reverse_geoip_py$
"""
Return ipapi.co ip details
"""
import requests
import json
# requests
url = f'https://ipapi.co/{_ip}/json/'
r = requests.get(url)
#print(r.text)
# Return something boolean?
#plpy.notice('IP [{}] [{}]'.format(_ip, r.status_code))
if r.status_code == 200:
#plpy.notice('Got [{}] [{}]'.format(r.text, r.status_code))
return r.text;
else:
plpy.error('Failed to get ip details')
return '{}'
$reverse_geoip_py$ LANGUAGE plpython3u;
-- Description
COMMENT ON FUNCTION
public.reverse_geoip_py_fn
IS 'Retrieve reverse geo IP location via ipapi.co using plpython3u';
---------------------------------------------------------------------------
-- python url escape
--
DROP FUNCTION IF EXISTS urlescape_py_fn;
CREATE OR REPLACE FUNCTION urlescape_py_fn(original text) RETURNS text LANGUAGE plpython3u AS $$
import urllib.parse
return urllib.parse.quote(original);
$$
IMMUTABLE STRICT;
-- Description
COMMENT ON FUNCTION
public.urlescape_py_fn
IS 'URL-encoding VARCHAR and TEXT values using plpython3u';
---------------------------------------------------------------------------
-- python geojson parser
--
--CREATE TYPE geometry_type AS ENUM ('LineString', 'Point');
DROP FUNCTION IF EXISTS geojson_py_fn;
CREATE OR REPLACE FUNCTION geojson_py_fn(IN original JSONB, IN geometry_type TEXT) RETURNS JSONB LANGUAGE plpython3u
AS $geojson_py$
import json
parsed = json.loads(original)
output = []
#plpy.notice(parsed)
# [None, None]
if None not in parsed:
for idx, x in enumerate(parsed):
#plpy.notice(idx, x)
for feature in x:
#plpy.notice(feature)
if (feature['geometry']['type'] != geometry_type):
output.append(feature)
#elif (feature['properties']['id']): TODO
# output.append(feature)
#else:
# plpy.notice('ignoring')
return json.dumps(output)
$geojson_py$ -- TRANSFORM FOR TYPE jsonb LANGUAGE plpython3u;
IMMUTABLE STRICT;
-- Description
COMMENT ON FUNCTION
public.geojson_py_fn
IS 'Parse geojson using plpython3u (should be done in PGSQL)';

1016
initdb/02_3_signalk_public.sql
View File

File diff suppressed because it is too large Load Diff

143
initdb/02_4_signalk_auth.sql
View File

@@ -15,41 +15,78 @@ CREATE SCHEMA IF NOT EXISTS auth;
COMMENT ON SCHEMA auth IS 'auth postgrest for users and vessels'; COMMENT ON SCHEMA auth IS 'auth postgrest for users and vessels';
CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; -- provides functions to generate universally unique identifiers (UUIDs) CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; -- provides functions to generate universally unique identifiers (UUIDs)
CREATE EXTENSION IF NOT EXISTS "moddatetime"; -- provides functions for tracking last modification time
CREATE EXTENSION IF NOT EXISTS "citext"; -- provides data type for case-insensitive character strings
CREATE EXTENSION IF NOT EXISTS "pgcrypto"; -- provides cryptographic functions
DROP TABLE IF EXISTS auth.accounts CASCADE; DROP TABLE IF EXISTS auth.accounts CASCADE;
CREATE TABLE IF NOT EXISTS auth.accounts ( CREATE TABLE IF NOT EXISTS auth.accounts (
-- id UUID DEFAULT uuid_generate_v4() NOT NULL, userid UUID NOT NULL UNIQUE DEFAULT uuid_generate_v4(),
email text primary key check ( email ~* '^.+@.+\..+$' ), user_id TEXT NOT NULL UNIQUE DEFAULT RIGHT(gen_random_uuid()::text, 12),
email CITEXT primary key check ( email ~* '^.+@.+\..+$' ),
first text not null check (length(pass) < 512), first text not null check (length(pass) < 512),
last text not null check (length(pass) < 512), last text not null check (length(pass) < 512),
pass text not null check (length(pass) < 512), pass text not null check (length(pass) < 512),
role name not null check (length(role) < 512), role name not null check (length(role) < 512),
preferences JSONB null, preferences JSONB NULL DEFAULT '{"email_notifications":true}',
created_at TIMESTAMP WITHOUT TIME ZONE default NOW() created_at TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT NOW(),
connected_at TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT NOW(),
CONSTRAINT valid_email CHECK (length(email) > 5), -- Enforce at least 5 char, eg: a@b.io
CONSTRAINT valid_first CHECK (length(first) > 1),
CONSTRAINT valid_last CHECK (length(last) > 1),
CONSTRAINT valid_pass CHECK (length(pass) > 4)
); );
-- Preferences jsonb -- Description
---- PushOver Notification, bool COMMENT ON TABLE
---- PushOver user key, varchar auth.accounts
---- Email notification, bool IS 'users account table';
---- Instagram Handle, varchar -- Indexes
---- Timezone, TZ CREATE INDEX accounts_role_idx ON auth.accounts (role);
---- Unit, bool CREATE INDEX accounts_preferences_idx ON auth.accounts using GIN (preferences);
---- Preferred Homepage CREATE INDEX accounts_userid_idx ON auth.accounts (userid);
---- Website, varchar or text
---- Public Profile CREATE TRIGGER accounts_moddatetime
---- References to users ? BEFORE UPDATE ON auth.accounts
FOR EACH ROW
EXECUTE PROCEDURE moddatetime (updated_at);
-- Description
COMMENT ON TRIGGER accounts_moddatetime
ON auth.accounts
IS 'Automatic update of updated_at on table modification';
DROP TABLE IF EXISTS auth.vessels; DROP TABLE IF EXISTS auth.vessels;
CREATE TABLE IF NOT EXISTS auth.vessels ( CREATE TABLE IF NOT EXISTS auth.vessels (
-- vesselId UUID PRIMARY KEY REFERENCES auth.accounts(id) ON DELETE RESTRICT, vessel_id TEXT NOT NULL UNIQUE DEFAULT RIGHT(gen_random_uuid()::text, 12),
owner_email TEXT PRIMARY KEY REFERENCES auth.accounts(email) ON DELETE RESTRICT, -- user_id TEXT NOT NULL REFERENCES auth.accounts(user_id) ON DELETE RESTRICT,
mmsi TEXT UNIQUE, owner_email CITEXT PRIMARY KEY REFERENCES auth.accounts(email) ON DELETE RESTRICT,
name TEXT, -- mmsi TEXT UNIQUE, -- Should be a numeric range between 100000000 and 800000000.
-- owner_email TEXT, mmsi NUMERIC UNIQUE, -- MMSI can be optional but if present must be a valid one and unique
pass UUID, name TEXT NOT NULL CHECK (length(name) >= 3 AND length(name) < 512),
-- pass text not null check (length(pass) < 512), -- unused
role name not null check (length(role) < 512), role name not null check (length(role) < 512),
created_at TIMESTAMP WITHOUT TIME ZONE default NOW() created_at TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT NOW()
-- CONSTRAINT valid_length_mmsi CHECK (length(mmsi) < 10 OR length(mmsi) = 0)
CONSTRAINT valid_range_mmsi CHECK (mmsi > 100000000 AND mmsi < 800000000)
); );
-- Description
COMMENT ON TABLE
auth.vessels
IS 'vessels table link to accounts email user_id column';
-- Indexes
CREATE INDEX vessels_role_idx ON auth.vessels (role);
CREATE INDEX vessels_name_idx ON auth.vessels (name);
CREATE INDEX vessels_vesselid_idx ON auth.vessels (vessel_id);
CREATE TRIGGER vessels_moddatetime
BEFORE UPDATE ON auth.vessels
FOR EACH ROW
EXECUTE PROCEDURE moddatetime (updated_at);
-- Description
COMMENT ON TRIGGER vessels_moddatetime
ON auth.vessels
IS 'Automatic update of updated_at on table modification';
create or replace function create or replace function
auth.check_role_exists() returns trigger as $$ auth.check_role_exists() returns trigger as $$
@@ -72,10 +109,13 @@ create constraint trigger ensure_user_role_exists
-- trigger add queue new account -- trigger add queue new account
CREATE TRIGGER new_account_entry AFTER INSERT ON auth.accounts CREATE TRIGGER new_account_entry AFTER INSERT ON auth.accounts
FOR EACH ROW EXECUTE FUNCTION public.new_account_entry_fn(); FOR EACH ROW EXECUTE FUNCTION public.new_account_entry_fn();
-- trigger add queue new account OTP validation
CREATE TRIGGER new_account_otp_validation_entry AFTER INSERT ON auth.accounts
FOR EACH ROW EXECUTE FUNCTION public.new_account_otp_validation_entry_fn();
-- trigger check role on vessel -- trigger check role on vessel
drop trigger if exists ensure_user_role_exists on auth.vessels; drop trigger if exists ensure_vessel_role_exists on auth.vessels;
create constraint trigger ensure_user_role_exists create constraint trigger ensure_vessel_role_exists
after insert or update on auth.vessels after insert or update on auth.vessels
for each row for each row
execute procedure auth.check_role_exists(); execute procedure auth.check_role_exists();
@@ -83,8 +123,6 @@ create constraint trigger ensure_user_role_exists
CREATE TRIGGER new_vessel_entry AFTER INSERT ON auth.vessels CREATE TRIGGER new_vessel_entry AFTER INSERT ON auth.vessels
FOR EACH ROW EXECUTE FUNCTION public.new_vessel_entry_fn(); FOR EACH ROW EXECUTE FUNCTION public.new_vessel_entry_fn();
create extension if not exists pgcrypto;
create or replace function create or replace function
auth.encrypt_pass() returns trigger as $$ auth.encrypt_pass() returns trigger as $$
begin begin
@@ -113,6 +151,7 @@ begin
return ( return (
select role from auth.accounts select role from auth.accounts
where accounts.email = user_role.email where accounts.email = user_role.email
and user_role.pass is NOT NULL
and accounts.pass = crypt(user_role.pass, accounts.pass) and accounts.pass = crypt(user_role.pass, accounts.pass)
); );
end; end;
@@ -133,6 +172,9 @@ declare
_role name; _role name;
result auth.jwt_token; result auth.jwt_token;
app_jwt_secret text; app_jwt_secret text;
_email_valid boolean := false;
_email text := email;
_user_id text := null;
begin begin
-- check email and password -- check email and password
select auth.user_role(email, pass) into _role; select auth.user_role(email, pass) into _role;
@@ -145,13 +187,24 @@ begin
FROM app_settings FROM app_settings
WHERE name = 'app.jwt_secret'; WHERE name = 'app.jwt_secret';
-- Check email_valid and generate OTP
SELECT preferences['email_valid'],user_id INTO _email_valid,_user_id
FROM auth.accounts a
WHERE a.email = _email;
IF _email_valid is null or _email_valid is False THEN
INSERT INTO process_queue (channel, payload, stored)
VALUES ('email_otp', email, now());
END IF;
-- Generate jwt
select jwt.sign( select jwt.sign(
-- row_to_json(r), '' -- row_to_json(r), ''
-- row_to_json(r)::json, current_setting('app.jwt_secret')::text -- row_to_json(r)::json, current_setting('app.jwt_secret')::text
row_to_json(r)::json, app_jwt_secret row_to_json(r)::json, app_jwt_secret
) as token ) as token
from ( from (
select _role as role, login.email as email, select _role as role, login.email as email, -- TODO replace with user_id
-- select _role as role, user_id as uid,
extract(epoch from now())::integer + 60*60 as exp extract(epoch from now())::integer + 60*60 as exp
) r ) r
into result; into result;
@@ -165,12 +218,18 @@ api.signup(in email text, in pass text, in firstname text, in lastname text) ret
declare declare
_role name; _role name;
begin begin
IF email IS NULL OR email = ''
OR pass IS NULL OR pass = '' THEN
RAISE EXCEPTION 'Invalid input'
USING HINT = 'Check your parameter';
END IF;
-- check email and password -- check email and password
select auth.user_role(email, pass) into _role; select auth.user_role(email, pass) into _role;
if _role is null then if _role is null then
RAISE WARNING 'Register new account email:[%]', email; RAISE WARNING 'Register new account email:[%]', email;
INSERT INTO auth.accounts ( email, pass, first, last, role) -- TODO replace preferences default into table rather than trigger
VALUES (email, pass, firstname, lastname, 'user_role'); INSERT INTO auth.accounts ( email, pass, first, last, role, preferences)
VALUES (email, pass, firstname, lastname, 'user_role', '{"email_notifications":true}');
end if; end if;
return ( api.login(email, pass) ); return ( api.login(email, pass) );
end; end;
@@ -185,21 +244,28 @@ declare
result auth.jwt_token; result auth.jwt_token;
app_jwt_secret text; app_jwt_secret text;
vessel_rec record; vessel_rec record;
_vessel_id text;
begin begin
IF vessel_email IS NULL OR vessel_email = ''
OR vessel_name IS NULL OR vessel_name = '' THEN
RAISE EXCEPTION 'Invalid input'
USING HINT = 'Check your parameter';
END IF;
IF public.isnumeric(vessel_mmsi) IS False THEN
vessel_mmsi = NULL;
END IF;
-- check vessel exist -- check vessel exist
SELECT * INTO vessel_rec SELECT * INTO vessel_rec
FROM auth.vessels vessel FROM auth.vessels vessel
WHERE LOWER(vessel.owner_email) = LOWER(vessel_email) WHERE vessel.owner_email = vessel_email;
AND vessel.mmsi = vessel_mmsi IF vessel_rec IS NULL THEN
AND LOWER(vessel.name) = LOWER(vessel_name);
if vessel_rec is null then
RAISE WARNING 'Register new vessel name:[%] mmsi:[%] for [%]', vessel_name, vessel_mmsi, vessel_email; RAISE WARNING 'Register new vessel name:[%] mmsi:[%] for [%]', vessel_name, vessel_mmsi, vessel_email;
INSERT INTO auth.vessels (owner_email, mmsi, name, role) INSERT INTO auth.vessels (owner_email, mmsi, name, role)
VALUES (vessel_email, vessel_mmsi, vessel_name, 'vessel_role'); VALUES (vessel_email, vessel_mmsi::NUMERIC, vessel_name, 'vessel_role') RETURNING vessel_id INTO _vessel_id;
vessel_rec.role := 'vessel_role'; vessel_rec.role := 'vessel_role';
vessel_rec.owner_email = vessel_email; vessel_rec.owner_email = vessel_email;
vessel_rec.mmsi = vessel_mmsi; vessel_rec.vessel_id = _vessel_id;
end if; END IF;
-- Get app_jwt_secret -- Get app_jwt_secret
SELECT value INTO app_jwt_secret SELECT value INTO app_jwt_secret
@@ -211,8 +277,9 @@ begin
) as token ) as token
from ( from (
select vessel_rec.role as role, select vessel_rec.role as role,
vessel_rec.owner_email as email, vessel_rec.owner_email as email, -- TODO replace with user_id
vessel_rec.mmsi as mmsi -- vessel_rec.user_id as uid
vessel_rec.vessel_id as vid
) r ) r
into result; into result;
return result; return result;

218
initdb/02_5_signalk_api_deps.sql
View File

@@ -1,6 +1,6 @@
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
-- singalk db permissions -- signalk db api schema
-- -- View and Function that have dependency with auth schema
-- List current database -- List current database
select current_database(); select current_database();
@@ -8,67 +8,98 @@ select current_database();
-- connect to the DB -- connect to the DB
\c signalk \c signalk
-- Link auth.vessels with api.metadata
ALTER TABLE api.metadata ADD vessel_id TEXT NOT NULL REFERENCES auth.vessels(vessel_id) ON DELETE RESTRICT;
COMMENT ON COLUMN api.metadata.vessel_id IS 'Link auth.vessels with api.metadata';
-- Link auth.vessels with auth.accounts
--ALTER TABLE auth.vessels ADD user_id TEXT NOT NULL REFERENCES auth.accounts(user_id) ON DELETE RESTRICT;
--COMMENT ON COLUMN auth.vessels.user_id IS 'Link auth.vessels with auth.accounts';
--COMMENT ON COLUMN auth.vessels.vessel_id IS 'Vessel identifier. Link auth.vessels with api.metadata';
-- REFERENCE ship type with AIS type ?
-- REFERENCE mmsi MID with country ?
-- List vessel -- List vessel
--TODO add geojson with position --TODO add geojson with position
DROP VIEW IF EXISTS api.vessels_view; DROP VIEW IF EXISTS api.vessels_view;
CREATE OR REPLACE VIEW api.vessels_view AS CREATE OR REPLACE VIEW api.vessels_view AS
WITH metadata AS (
SELECT COALESCE(
(SELECT m.time
FROM api.metadata m
WHERE m.vessel_id = current_setting('vessel.id')
)::TEXT ,
NULL ) as last_contact
)
SELECT SELECT
v.name as name, v.name as name,
v.mmsi as mmsi, v.mmsi as mmsi,
v.created_at as created_at, v.created_at::timestamp(0) as created_at,
coalesce(m.time, null) as last_contact m.last_contact as last_contact
FROM auth.vessels v, api.metadata m FROM auth.vessels v, metadata m
WHERE WHERE v.owner_email = current_setting('user.email');
m.mmsi = current_setting('vessel.mmsi') -- Description
AND m.mmsi = v.mmsi COMMENT ON VIEW
AND lower(v.owner_email) = lower(current_setting('request.jwt.claims', true)::json->>'email'); api.vessels_view
IS 'Expose vessels listing to web api';
DROP VIEW IF EXISTS api.vessel_p_view; DROP FUNCTION IF EXISTS public.has_vessel_fn;
CREATE OR REPLACE VIEW api.vessel_p_view AS CREATE OR REPLACE FUNCTION public.has_vessel_fn() RETURNS BOOLEAN
SELECT AS $has_vessel$
v.name as name, DECLARE
v.mmsi as mmsi, BEGIN
v.created_at as created_at, -- Check a vessel and user exist
null as last_contact RETURN (
FROM auth.vessels v SELECT auth.vessels.name
WHERE lower(v.owner_email) = lower(current_setting('request.jwt.claims', true)::json->>'email'); FROM auth.vessels, auth.accounts
WHERE auth.vessels.owner_email = auth.accounts.email
AND auth.accounts.email = current_setting('user.email')
) IS NOT NULL;
END;
$has_vessel$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
public.has_vessel_fn
IS 'Expose has vessel to API';
-- Or function? -- Or function?
-- TODO Improve: return null until the vessel has sent metadata?
DROP FUNCTION IF EXISTS api.vessel_fn; DROP FUNCTION IF EXISTS api.vessel_fn;
CREATE OR REPLACE FUNCTION api.vessel_fn(OUT vessel JSON) RETURNS JSON CREATE OR REPLACE FUNCTION api.vessel_fn(OUT vessel JSON) RETURNS JSON
AS $vessel$ AS $vessel$
DECLARE DECLARE
BEGIN BEGIN
SELECT SELECT
json_build_object( jsonb_build_object(
'name', v.name, 'name', v.name,
'mmsi', v.mmsi, 'mmsi', coalesce(v.mmsi, null),
'created_at', v.created_at, 'created_at', v.created_at::timestamp(0),
'last_contact', m.time, 'last_contact', coalesce(m.time, null),
'geojson', ST_AsGeoJSON(geojson_t.*)::json 'geojson', coalesce(ST_AsGeoJSON(geojson_t.*)::json, null)
) )::jsonb || api.vessel_details_fn()::jsonb
INTO vessel INTO vessel
FROM auth.vessels v, api.metadata m, FROM auth.vessels v, api.metadata m,
( SELECT ( select
t.* current_setting('vessel.name') as name,
FROM ( time,
( select courseovergroundtrue,
current_setting('vessel.name') as name, speedoverground,
time, anglespeedapparent,
courseovergroundtrue, longitude,latitude,
speedoverground, st_makepoint(longitude,latitude) AS geo_point
anglespeedapparent, FROM api.metrics
longitude,latitude, WHERE
st_makepoint(longitude,latitude) AS geo_point latitude IS NOT NULL
FROM public.last_metric AND longitude IS NOT NULL
WHERE latitude IS NOT NULL AND client_id = current_setting('vessel.client_id', false)
AND longitude IS NOT NULL ORDER BY time DESC
) ) AS geojson_t
) AS t WHERE
) AS geojson_t m.vessel_id = current_setting('vessel.id')
WHERE v.mmsi = current_setting('vessel.mmsi') AND m.vessel_id = v.vessel_id;
AND m.mmsi = v.mmsi; --RAISE notice 'api.vessel_fn %', obj;
--RAISE notice 'api.vessel_fn %', obj;
END; END;
$vessel$ language plpgsql security definer; $vessel$ language plpgsql security definer;
-- Description -- Description
@@ -84,13 +115,13 @@ AS $user_settings$
select row_to_json(row)::json INTO settings select row_to_json(row)::json INTO settings
from ( from (
select email,first,last,preferences,created_at, select email,first,last,preferences,created_at,
INITCAP(CONCAT (LEFT(first, 1), ' ', last)) AS username INITCAP(CONCAT (LEFT(first, 1), ' ', last)) AS username,
public.has_vessel_fn() as has_vessel
from auth.accounts from auth.accounts
where lower(email) = lower(current_setting('request.jwt.claims', true)::json->>'email') where email = current_setting('user.email')
) row; ) row;
END; END;
$user_settings$ language plpgsql security definer; $user_settings$ language plpgsql security definer;
-- Description -- Description
COMMENT ON FUNCTION COMMENT ON FUNCTION
api.settings_fn api.settings_fn
@@ -99,31 +130,96 @@ COMMENT ON FUNCTION
DROP FUNCTION IF EXISTS api.versions_fn; DROP FUNCTION IF EXISTS api.versions_fn;
CREATE OR REPLACE FUNCTION api.versions_fn() RETURNS JSON CREATE OR REPLACE FUNCTION api.versions_fn() RETURNS JSON
AS $version$ AS $version$
DECLARE DECLARE
_appv TEXT; _appv TEXT;
_sysv TEXT; _sysv TEXT;
BEGIN BEGIN
SELECT SELECT
value, version() into _appv,_sysv value, rtrim(substring(version(), 0, 17)) AS sys_version into _appv,_sysv
FROM app_settings FROM app_settings
WHERE name = 'app.version'; WHERE name = 'app.version';
RETURN json_build_object('app_version', _appv, RETURN json_build_object('api_version', _appv,
'sys_version', _sysv); 'sys_version', _sysv,
'timescaledb', (SELECT extversion as timescaledb FROM pg_extension WHERE extname='timescaledb'),
'postgis', (SELECT extversion as postgis FROM pg_extension WHERE extname='postgis'));
END; END;
$version$ language plpgsql security definer; $version$ language plpgsql security definer;
-- Description -- Description
COMMENT ON FUNCTION COMMENT ON FUNCTION
api.versions_fn api.versions_fn
IS 'Expose function app and system version to API'; IS 'Expose as a function, app and system version to API';
DROP VIEW IF EXISTS api.versions_view; DROP VIEW IF EXISTS api.versions_view;
CREATE OR REPLACE VIEW api.versions_view AS CREATE OR REPLACE VIEW api.versions_view AS
SELECT SELECT
value as app_version, value AS api_version,
version() as sys_version --version() as sys_version
rtrim(substring(version(), 0, 17)) AS sys_version,
(SELECT extversion as timescaledb FROM pg_extension WHERE extname='timescaledb'),
(SELECT extversion as postgis FROM pg_extension WHERE extname='postgis')
FROM app_settings FROM app_settings
WHERE name = 'app.version'; WHERE name = 'app.version';
-- Description -- Description
COMMENT ON VIEW COMMENT ON VIEW
api.versions_view api.versions_view
IS 'Expose view app and system version to API'; IS 'Expose as a table view app and system version to API';
DROP FUNCTION IF EXISTS api.update_user_preferences_fn;
-- Update/Add a specific user setting into preferences
CREATE OR REPLACE FUNCTION api.update_user_preferences_fn(IN key TEXT, IN value TEXT) RETURNS BOOLEAN AS
$update_user_preferences$
DECLARE
first_c TEXT := NULL;
last_c TEXT := NULL;
_value TEXT := value;
BEGIN
-- Is it the only way to check variable type?
-- Convert string to jsonb and skip type of json obj or integer or boolean
SELECT SUBSTRING(value, 1, 1),RIGHT(value, 1) INTO first_c,last_c;
IF first_c <> '{' AND last_c <> '}' AND public.isnumeric(value) IS False
AND public.isboolean(value) IS False THEN
--RAISE WARNING '-> first_c:[%] last_c:[%] pg_typeof:[%]', first_c,last_c,pg_typeof(value);
_value := to_jsonb(value)::jsonb;
END IF;
--RAISE WARNING '-> update_user_preferences_fn update preferences for user [%]', current_setting('request.jwt.claims', true)::json->>'email';
UPDATE auth.accounts
SET preferences =
jsonb_set(preferences::jsonb, key::text[], _value::jsonb)
WHERE
email = current_setting('user.email', true);
IF FOUND THEN
--RAISE WARNING '-> update_user_preferences_fn True';
RETURN True;
END IF;
--RAISE WARNING '-> update_user_preferences_fn False';
RETURN False;
END;
$update_user_preferences$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
api.update_user_preferences_fn
IS 'Update user preferences jsonb key pair value';
DROP FUNCTION IF EXISTS api.vessel_details_fn;
CREATE OR REPLACE FUNCTION api.vessel_details_fn() RETURNS JSON AS
$vessel_details$
DECLARE
BEGIN
RETURN ( WITH tbl AS (
SELECT mmsi,ship_type,length,beam,height FROM api.metadata WHERE client_id = current_setting('vessel.client_id', false)
)
SELECT json_build_object(
'ship_type', (SELECT ais.description FROM aistypes ais, tbl WHERE t.ship_type = ais.id),
'country', (SELECT mid.country FROM mid, tbl WHERE LEFT(cast(mmsi as text), 3)::NUMERIC = mid.id),
'alpha_2', (SELECT o.alpha_2 FROM mid m, iso3166 o, tbl WHERE LEFT(cast(mmsi as text), 3)::NUMERIC = m.id AND m.country_id = o.id),
'length', t.ship_type,
'beam', t.beam,
'height', t.height)
FROM tbl t
);
END;
$vessel_details$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
api.vessel_details_fn
IS 'Return vessel details such as metadata (length,beam,height), ais type and country name and country iso3166-alpha-2';

509
initdb/02_5_signalk_auth_otp.sql Normal file
View File

@@ -0,0 +1,509 @@
---------------------------------------------------------------------------
-- signalk db auth schema
-- View and Function that have dependency with auth schema
-- List current database
select current_database();
-- connect to the DB
\c signalk
DROP TABLE IF EXISTS auth.otp;
CREATE TABLE IF NOT EXISTS auth.otp (
-- update email type to CITEXT, https://www.postgresql.org/docs/current/citext.html
user_email CITEXT NOT NULL PRIMARY KEY REFERENCES auth.accounts(email) ON DELETE RESTRICT,
otp_pass VARCHAR(10) NOT NULL,
otp_timestamp TIMESTAMP WITHOUT TIME ZONE DEFAULT NOW(),
otp_tries SMALLINT NOT NULL DEFAULT '0'
);
-- Description
COMMENT ON TABLE
auth.otp
IS 'Stores temporal otp code for up to 15 minutes';
-- Indexes
CREATE INDEX otp_pass_idx ON auth.otp (otp_pass);
CREATE INDEX otp_user_email_idx ON auth.otp (user_email);
DROP FUNCTION IF EXISTS public.generate_uid_fn;
CREATE OR REPLACE FUNCTION public.generate_uid_fn(size INT) RETURNS TEXT
AS $generate_uid_fn$
DECLARE
characters TEXT := '0123456789';
bytes BYTEA := gen_random_bytes(size);
l INT := length(characters);
i INT := 0;
output TEXT := '';
BEGIN
WHILE i < size LOOP
output := output || substr(characters, get_byte(bytes, i) % l + 1, 1);
i := i + 1;
END LOOP;
RETURN output;
END;
$generate_uid_fn$ LANGUAGE plpgsql VOLATILE;
-- Description
COMMENT ON FUNCTION
public.generate_uid_fn
IS 'Generate a random digit';
-- gerenate a OTP code by email
-- Expose as an API endpoint
DROP FUNCTION IF EXISTS api.generate_otp_fn;
CREATE OR REPLACE FUNCTION api.generate_otp_fn(IN email TEXT) RETURNS TEXT
AS $generate_otp$
DECLARE
_email CITEXT := email;
_email_check TEXT := NULL;
_otp_pass VARCHAR(10) := NULL;
BEGIN
IF email IS NULL OR _email IS NULL OR _email = '' THEN
RAISE EXCEPTION 'invalid input' USING HINT = 'check your parameter';
END IF;
SELECT lower(a.email) INTO _email_check FROM auth.accounts a WHERE a.email = _email;
IF _email_check IS NULL THEN
RETURN NULL;
END IF;
--SELECT substr(gen_random_uuid()::text, 1, 6) INTO otp_pass;
SELECT generate_uid_fn(6) INTO _otp_pass;
-- upsert - Insert or update otp code on conflit
INSERT INTO auth.otp (user_email, otp_pass)
VALUES (_email_check, _otp_pass)
ON CONFLICT (user_email) DO UPDATE SET otp_pass = _otp_pass, otp_timestamp = NOW();
RETURN _otp_pass;
END;
$generate_otp$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
api.generate_otp_fn
IS 'Generate otp code';
DROP FUNCTION IF EXISTS api.recover;
CREATE OR REPLACE FUNCTION api.recover(in email text) returns BOOLEAN
AS $recover_fn$
DECLARE
_email CITEXT := email;
_user_id TEXT := NULL;
otp_pass TEXT := NULL;
_reset_qs TEXT := NULL;
user_settings jsonb := NULL;
BEGIN
IF _email IS NULL OR _email = '' THEN
RAISE EXCEPTION 'Invalid input'
USING HINT = 'Check your parameter';
END IF;
SELECT user_id INTO _user_id FROM auth.accounts a WHERE a.email = _email;
IF NOT FOUND THEN
RAISE EXCEPTION 'Invalid input'
USING HINT = 'Check your parameter';
END IF;
-- Generate OTP
otp_pass := api.generate_otp_fn(email);
SELECT CONCAT('uuid=', _user_id, '&token=', otp_pass) INTO _reset_qs;
-- Send email/notifications
user_settings := '{"email": "' || _email || '", "reset_qs": "' || _reset_qs || '"}';
PERFORM send_notification_fn('email_reset'::TEXT, user_settings::JSONB);
RETURN TRUE;
END;
$recover_fn$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
api.recover
IS 'Send recover password email to reset password';
DROP FUNCTION IF EXISTS api.reset;
CREATE OR REPLACE FUNCTION api.reset(in pass text, in token text, in uuid text) returns BOOLEAN
AS $reset_fn$
DECLARE
_email TEXT := NULL;
BEGIN
-- Check parameters
IF token IS NULL OR uuid IS NULL OR pass IS NULL THEN
RAISE EXCEPTION 'invalid input' USING HINT = 'check your parameter';
END IF;
-- Verify token
SELECT auth.verify_otp_fn(token) INTO _email;
IF _email IS NOT NULL THEN
SELECT email INTO _email FROM auth.accounts WHERE user_id = uuid;
IF _email IS NULL THEN
RETURN False;
END IF;
-- Set user new password
UPDATE auth.accounts
SET pass = pass
WHERE email = _email;
-- Enable email_validation into user preferences
PERFORM api.update_user_preferences_fn('{email_valid}'::TEXT, True::TEXT);
-- Enable email_notifications
PERFORM api.update_user_preferences_fn('{email_notifications}'::TEXT, True::TEXT);
-- Delete token when validated
DELETE FROM auth.otp
WHERE user_email = _email;
RETURN True;
END IF;
RETURN False;
END;
$reset_fn$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
api.reset
IS 'Reset user password base on otp code and user_id send by email from api.recover';
DROP FUNCTION IF EXISTS auth.verify_otp_fn;
CREATE OR REPLACE FUNCTION auth.verify_otp_fn(IN token TEXT) RETURNS TEXT
AS $verify_otp$
DECLARE
email TEXT := NULL;
BEGIN
IF token IS NULL THEN
RAISE EXCEPTION 'invalid input' USING HINT = 'check your parameter';
END IF;
-- Token is valid 15 minutes
SELECT user_email INTO email
FROM auth.otp
WHERE otp_timestamp > NOW() AT TIME ZONE 'UTC' - INTERVAL '15 MINUTES'
AND otp_tries < 3
AND otp_pass = token;
RETURN email;
END;
$verify_otp$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
auth.verify_otp_fn
IS 'Verify OTP';
-- CRON to purge OTP older than 15 minutes
DROP FUNCTION IF EXISTS public.cron_process_prune_otp_fn;
CREATE OR REPLACE FUNCTION public.cron_process_prune_otp_fn() RETURNS void
AS $$
DECLARE
otp_rec record;
BEGIN
-- Purge OTP older than 15 minutes
RAISE NOTICE 'cron_process_prune_otp_fn';
FOR otp_rec in
SELECT *
FROM auth.otp
WHERE otp_timestamp < NOW() AT TIME ZONE 'UTC' - INTERVAL '15 MINUTES'
ORDER BY otp_timestamp desc
LOOP
RAISE NOTICE '-> cron_process_prune_otp_fn deleting expired otp for user [%]', otp_rec.user_email;
-- remove entry
DELETE FROM auth.otp
WHERE user_email = otp_rec.user_email;
RAISE NOTICE '-> cron_process_prune_otp_fn deleted expire otp for user [%]', otp_rec.user_email;
END LOOP;
END;
$$ language plpgsql;
-- Description
COMMENT ON FUNCTION
public.cron_process_prune_otp_fn
IS 'init by pg_cron to purge older than 15 minutes OTP token';
-- Email OTP validation
-- Expose as an API endpoint
DROP FUNCTION IF EXISTS api.email_fn;
CREATE OR REPLACE FUNCTION api.email_fn(IN token TEXT) RETURNS BOOLEAN
AS $email_validation$
DECLARE
_email TEXT := NULL;
BEGIN
-- Check parameters
IF token IS NULL THEN
RAISE EXCEPTION 'invalid input' USING HINT = 'check your parameter';
END IF;
-- Verify token
SELECT auth.verify_otp_fn(token) INTO _email;
IF _email IS NOT NULL THEN
-- Check the email JWT token match the OTP email
IF current_setting('user.email', true) <> _email THEN
RETURN False;
END IF;
-- Set user email into env to allow RLS update
--PERFORM set_config('user.email', _email, false);
-- Enable email_validation into user preferences
PERFORM api.update_user_preferences_fn('{email_valid}'::TEXT, True::TEXT);
-- Enable email_notifications
PERFORM api.update_user_preferences_fn('{email_notifications}'::TEXT, True::TEXT);
-- Delete token when validated
DELETE FROM auth.otp
WHERE user_email = _email;
-- Disable to reduce spam
-- Send Notification async
--INSERT INTO process_queue (channel, payload, stored)
-- VALUES ('email_valid', _email, now());
RETURN True;
END IF;
RETURN False;
END;
$email_validation$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
api.email_fn
IS 'Store email_valid into user preferences if valid token/otp';
-- Pushover Subscription API
-- Web-Based Subscription Process
-- https://pushover.net/api/subscriptions#web
-- Expose as an API endpoint
CREATE OR REPLACE FUNCTION api.pushover_subscribe_link_fn(OUT pushover_link JSON) RETURNS JSON
AS $pushover_subscribe_link$
DECLARE
app_url text;
otp_code text;
pushover_app_url text;
success text;
failure text;
email text := current_setting('user.email', true);
BEGIN
--https://pushover.net/api/subscriptions#web
-- "https://pushover.net/subscribe/PostgSail-23uvrho1d5y6n3e"
-- + "?success=" + urlencode("https://beta.openplotter.cloud/api/rpc/pushover_fn?token=" + generate_otp_fn({{email}}))
-- + "&failure=" + urlencode("https://beta.openplotter.cloud/settings");
-- get app_url
SELECT
value INTO app_url
FROM
public.app_settings
WHERE
name = 'app.url';
-- get pushover url subscribe
SELECT
value INTO pushover_app_url
FROM
public.app_settings
WHERE
name = 'app.pushover_app_url';
-- Generate OTP
otp_code := api.generate_otp_fn(email);
-- On success redirect to API endpoint
SELECT CONCAT(
'?success=',
public.urlescape_py_fn(CONCAT(app_url,'/pushover?token=')),
otp_code)
INTO success;
-- On failure redirect to user settings, where he does come from
SELECT CONCAT(
'&failure=',
public.urlescape_py_fn(CONCAT(app_url,'/profile'))
) INTO failure;
SELECT json_build_object('link', CONCAT(pushover_app_url, success, failure)) INTO pushover_link;
END;
$pushover_subscribe_link$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
api.pushover_subscribe_link_fn
IS 'Generate Pushover subscription link';
-- Confirm Pushover Subscription
-- Web-Based Subscription Process
-- https://pushover.net/api/subscriptions#web
-- Expose as an API endpoint
DROP FUNCTION IF EXISTS api.pushover_fn;
CREATE OR REPLACE FUNCTION api.pushover_fn(IN token TEXT, IN pushover_user_key TEXT) RETURNS BOOLEAN
AS $pushover$
DECLARE
_email TEXT := NULL;
BEGIN
-- Check parameters
IF token IS NULL OR pushover_user_key IS NULL THEN
RAISE EXCEPTION 'invalid input' USING HINT = 'check your parameter';
END IF;
-- Verify token
SELECT auth.verify_otp_fn(token) INTO _email;
IF _email IS NOT NULL THEN
-- Set user email into env to allow RLS update
PERFORM set_config('user.email', _email, false);
-- Add pushover_user_key into user preferences
PERFORM api.update_user_preferences_fn('{pushover_user_key}'::TEXT, pushover_user_key::TEXT);
-- Enable phone_notifications
PERFORM api.update_user_preferences_fn('{phone_notifications}'::TEXT, True::TEXT);
-- Delete token when validated
DELETE FROM auth.otp
WHERE user_email = _email;
-- Disable Notification because
-- Pushover send a notification when sucesssful with the description of the app
--
-- Send Notification async
--INSERT INTO process_queue (channel, payload, stored)
-- VALUES ('pushover_valid', _email, now());
RETURN True;
END IF;
RETURN False;
END;
$pushover$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
api.pushover_fn
IS 'Confirm Pushover Subscription and store pushover_user_key into user preferences if provide a valid OTP token';
-- Telegram OTP Validation
-- Expose as an API endpoint
DROP FUNCTION IF EXISTS api.telegram_fn;
CREATE OR REPLACE FUNCTION api.telegram_fn(IN token TEXT, IN telegram_obj TEXT) RETURNS BOOLEAN
AS $telegram$
DECLARE
_email TEXT := NULL;
user_settings jsonb;
BEGIN
-- Check parameters
IF token IS NULL OR telegram_obj IS NULL THEN
RAISE EXCEPTION 'invalid input' USING HINT = 'check your parameter';
END IF;
-- Verify token
SELECT auth.verify_otp_fn(token) INTO _email;
IF _email IS NOT NULL THEN
-- Set user email into env to allow RLS update
PERFORM set_config('user.email', _email, false);
-- Add telegram obj into user preferences
PERFORM api.update_user_preferences_fn('{telegram}'::TEXT, telegram_obj::TEXT);
-- Delete token when validated
DELETE FROM auth.otp
WHERE user_email = _email;
-- Send Notification async
INSERT INTO process_queue (channel, payload, stored)
VALUES ('telegram_valid', _email, now());
RETURN True;
END IF;
RETURN False;
END;
$telegram$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
api.telegram_fn
IS 'Confirm telegram user and store telegram chat details into user preferences if provide a valid OTP token';
-- Telegram user validation
DROP FUNCTION IF EXISTS auth.telegram_user_exists_fn;
CREATE OR REPLACE FUNCTION auth.telegram_user_exists_fn(IN email TEXT, IN user_id BIGINT) RETURNS BOOLEAN
AS $telegram_user_exists$
DECLARE
_email CITEXT := email;
_user_id BIGINT := user_id;
BEGIN
IF _email IS NULL OR _chat_id IS NULL THEN
RAISE EXCEPTION 'invalid input' USING HINT = 'check your parameter';
END IF;
-- Does user and telegram obj
SELECT preferences->'telegram'->'from'->'id' INTO _user_id
FROM auth.accounts a
WHERE a.email = _email
AND cast(preferences->'telegram'->'from'->'id' as BIGINT) = _user_id::BIGINT;
IF FOUND THEN
RETURN TRUE;
END IF;
RETURN FALSE;
END;
$telegram_user_exists$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
auth.telegram_user_exists_fn
IS 'Check if user exist based on email and user_id';
-- Telegram otp validation
DROP FUNCTION IF EXISTS api.telegram_otp_fn;
CREATE OR REPLACE FUNCTION api.telegram_otp_fn(IN email TEXT, OUT otp_code TEXT) RETURNS TEXT
AS $telegram_otp$
DECLARE
_email CITEXT := email;
user_settings jsonb := NULL;
BEGIN
IF _email IS NULL THEN
RAISE EXCEPTION 'invalid input' USING HINT = 'check your parameter';
END IF;
-- Generate token
otp_code := api.generate_otp_fn(_email);
IF otp_code IS NOT NULL THEN
-- Set user email into env to allow RLS update
PERFORM set_config('user.email', _email, false);
-- Send Notification
user_settings := '{"email": "' || _email || '", "otp_code": "' || otp_code || '"}';
PERFORM send_notification_fn('telegram_otp'::TEXT, user_settings::JSONB);
END IF;
END;
$telegram_otp$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
api.telegram_otp_fn
IS 'Telegram otp generation';
-- Telegram JWT auth
-- Expose as an API endpoint
-- Avoid sending a password so use email and chat_id as key pair
DROP FUNCTION IF EXISTS api.telegram;
CREATE OR REPLACE FUNCTION api.telegram(IN user_id BIGINT, IN email TEXT DEFAULT NULL) RETURNS auth.jwt_token
AS $telegram_jwt$
DECLARE
_email TEXT := email;
_user_id BIGINT := user_id;
_uid TEXT := NULL;
_exist BOOLEAN := False;
result auth.jwt_token;
app_jwt_secret text;
BEGIN
IF _user_id IS NULL THEN
RAISE EXCEPTION 'invalid input' USING HINT = 'check your parameter';
END IF;
-- Check _user_id
SELECT auth.telegram_session_exists_fn(_user_id) into _exist;
IF _exist IS NULL OR _exist <> True THEN
--RAISE EXCEPTION 'invalid input' USING HINT = 'check your parameter';
RETURN NULL;
END IF;
-- Get email and user_id
SELECT a.email,a.user_id INTO _email,_uid
FROM auth.accounts a
WHERE cast(preferences->'telegram'->'from'->'id' as BIGINT) = _user_id::BIGINT;
-- Get app_jwt_secret
SELECT value INTO app_jwt_secret
FROM app_settings
WHERE name = 'app.jwt_secret';
-- Generate JWT token, force user_role
select jwt.sign(
row_to_json(r)::json, app_jwt_secret
) as token
from (
select 'user_role' as role,
(select lower(_email)) as email,
_uid as uid,
extract(epoch from now())::integer + 60*60 as exp
) r
into result;
return result;
END;
$telegram_jwt$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
api.telegram
IS 'Generate a JWT user_role token based on chat_id from telegram';
-- Telegram chat_id session validation
DROP FUNCTION IF EXISTS auth.telegram_session_exists_fn;
CREATE OR REPLACE FUNCTION auth.telegram_session_exists_fn(IN user_id BIGINT) RETURNS BOOLEAN
AS $telegram_session_exists$
DECLARE
_id BIGINT := NULL;
_user_id BIGINT := user_id;
_email TEXT := NULL;
BEGIN
IF user_id IS NULL THEN
RAISE EXCEPTION 'invalid input' USING HINT = 'check your parameter';
END IF;
-- Find user email based on telegram chat_id
SELECT preferences->'telegram'->'from'->'id' INTO _id
FROM auth.accounts a
WHERE cast(preferences->'telegram'->'from'->'id' as BIGINT) = _user_id::BIGINT;
IF FOUND THEN
RETURN True;
END IF;
RETURN FALSE;
END;
$telegram_session_exists$ language plpgsql security definer;
-- Description
COMMENT ON FUNCTION
auth.telegram_session_exists_fn
IS 'Check if session/user exist based on user_id';

216
initdb/02_6_signalk_roles.sql
View File

@@ -18,77 +18,128 @@ select current_database();
-- api_anonymous role in the database with which to execute anonymous web requests, limit 10 connections -- api_anonymous role in the database with which to execute anonymous web requests, limit 10 connections
-- api_anonymous allows JWT token generation with an expiration time via function api.login() from auth.accounts table -- api_anonymous allows JWT token generation with an expiration time via function api.login() from auth.accounts table
create role api_anonymous WITH NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOLOGIN NOBYPASSRLS NOREPLICATION CONNECTION LIMIT 10; create role api_anonymous WITH NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOLOGIN NOBYPASSRLS NOREPLICATION CONNECTION LIMIT 10;
comment on role api_anonymous is
'The role that PostgREST will switch to when a user is not authenticated.';
-- Limit to 10 connections -- Limit to 10 connections
--alter user api_anonymous connection limit 10; --alter user api_anonymous connection limit 10;
grant usage on schema api to api_anonymous; grant usage on schema api to api_anonymous;
-- explicitly limit EXECUTE privileges to only signup and login functions -- explicitly limit EXECUTE privileges to only signup and login and reset functions
grant execute on function api.login(text,text) to api_anonymous; grant execute on function api.login(text,text) to api_anonymous;
grant execute on function api.signup(text,text,text,text) to api_anonymous; grant execute on function api.signup(text,text,text,text) to api_anonymous;
grant execute on function api.recover(text) to api_anonymous;
grant execute on function api.reset(text,text,text) to api_anonymous;
-- explicitly limit EXECUTE privileges to pgrest db-pre-request function -- explicitly limit EXECUTE privileges to pgrest db-pre-request function
grant execute on function public.check_jwt() to api_anonymous; grant execute on function public.check_jwt() to api_anonymous;
-- explicitly limit EXECUTE privileges to only telegram jwt auth function
grant execute on function api.telegram(bigint,text) to api_anonymous;
-- explicitly limit EXECUTE privileges to only pushover subscription validation function
grant execute on function api.email_fn(text) to api_anonymous;
grant execute on function api.pushover_fn(text,text) to api_anonymous;
grant execute on function api.telegram_fn(text,text) to api_anonymous;
grant execute on function api.telegram_otp_fn(text) to api_anonymous;
--grant execute on function api.generate_otp_fn(text) to api_anonymous;
-- authenticator -- authenticator
-- login role -- login role
create role authenticator NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT login password 'mysecretpassword'; create role authenticator NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT login password 'mysecretpassword';
comment on role authenticator is
'Role that serves as an entry-point for API servers such as PostgREST.';
grant api_anonymous to authenticator; grant api_anonymous to authenticator;
-- Grafana user and role with login, read-only, limit 10 connections -- Grafana user and role with login, read-only, limit 15 connections
CREATE ROLE grafana WITH NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOBYPASSRLS NOREPLICATION CONNECTION LIMIT 10 LOGIN PASSWORD 'mysecretpassword'; CREATE ROLE grafana WITH NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOBYPASSRLS NOREPLICATION CONNECTION LIMIT 15 LOGIN PASSWORD 'mysecretpassword';
comment on role grafana is
'Role that grafana will use for authenticated web users.';
-- Allow API schema and Tables
GRANT USAGE ON SCHEMA api TO grafana; GRANT USAGE ON SCHEMA api TO grafana;
GRANT USAGE, SELECT ON SEQUENCE api.logbook_id_seq,api.metadata_id_seq,api.moorages_id_seq,api.stays_id_seq TO grafana; GRANT USAGE, SELECT ON SEQUENCE api.logbook_id_seq,api.metadata_id_seq,api.moorages_id_seq,api.stays_id_seq TO grafana;
GRANT SELECT ON TABLE api.metrics,api.logbook,api.moorages,api.stays,api.metadata TO grafana; GRANT SELECT ON TABLE api.metrics,api.logbook,api.moorages,api.stays,api.metadata TO grafana;
-- Allow read on VIEWS -- Allow read on VIEWS on API schema
GRANT SELECT ON TABLE api.logs_view,api.moorages_view,api.stays_view TO grafana; GRANT SELECT ON TABLE api.logs_view,api.moorages_view,api.stays_view TO grafana;
--GRANT SELECT ON TABLE api.logs_view,api.moorages_view,api.stays_view,api.vessel_view TO grafana; GRANT SELECT ON TABLE api.log_view,api.moorage_view,api.stay_view,api.vessels_view TO grafana;
GRANT SELECT ON TABLE api.metrics,api.logbook,api.moorages,api.stays,api.metadata,api.stays_at TO grafana;
-- Allow Auth schema and Tables
GRANT USAGE ON SCHEMA auth TO grafana;
GRANT SELECT ON TABLE auth.vessels TO grafana;
GRANT EXECUTE ON FUNCTION public.citext_eq(citext, citext) TO grafana;
-- Grafana_auth authenticator user and role with login, read-only on auth.accounts, limit 15 connections
CREATE ROLE grafana_auth WITH NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOBYPASSRLS NOREPLICATION CONNECTION LIMIT 15 LOGIN PASSWORD 'mysecretpassword';
comment on role grafana_auth is
'Role that grafana auth proxy authenticator via apache.';
-- Allow read on VIEWS on API schema
GRANT USAGE ON SCHEMA api TO grafana_auth;
GRANT SELECT ON TABLE api.metadata TO grafana_auth;
-- Allow Auth schema and Tables
GRANT USAGE ON SCHEMA auth TO grafana_auth;
GRANT SELECT ON TABLE auth.accounts TO grafana_auth;
GRANT SELECT ON TABLE auth.vessels TO grafana_auth;
-- GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO grafana_auth;
GRANT EXECUTE ON FUNCTION public.citext_eq(citext, citext) TO grafana_auth;
-- User: -- User:
-- nologin, web api only -- nologin, web api only
-- read-only for all and Read-Write on logbook, stays and moorage except for specific (name, notes) COLUMNS -- read-only for all and Read-Write on logbook, stays and moorage except for specific (name, notes) COLUMNS
CREATE ROLE user_role WITH NOLOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOBYPASSRLS NOREPLICATION; CREATE ROLE user_role WITH NOLOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOBYPASSRLS NOREPLICATION;
comment on role user_role is
'Role that PostgREST will switch to for authenticated web users.';
GRANT user_role to authenticator; GRANT user_role to authenticator;
GRANT USAGE ON SCHEMA api TO user_role; GRANT USAGE ON SCHEMA api TO user_role;
GRANT USAGE, SELECT ON SEQUENCE api.logbook_id_seq,api.metadata_id_seq,api.moorages_id_seq,api.stays_id_seq TO user_role; GRANT USAGE, SELECT ON SEQUENCE api.logbook_id_seq,api.metadata_id_seq,api.moorages_id_seq,api.stays_id_seq TO user_role;
GRANT SELECT ON TABLE api.metrics,api.logbook,api.moorages,api.stays,api.metadata,api.stays_at TO user_role; GRANT SELECT ON TABLE api.metrics,api.logbook,api.moorages,api.stays,api.metadata,api.stays_at TO user_role;
-- To check?
GRANT SELECT ON TABLE auth.vessels TO user_role; GRANT SELECT ON TABLE auth.vessels TO user_role;
-- Allow update on table for notes
--GRANT UPDATE ON TABLE api.logbook,api.moorages,api.stays TO user_role;
-- Allow users to update certain columns -- Allow users to update certain columns
GRANT UPDATE (name, notes) ON api.logbook TO user_role; GRANT UPDATE (name, notes) ON api.logbook TO user_role;
GRANT UPDATE (name, notes, stay_code) ON api.stays TO user_role; GRANT UPDATE (name, notes, stay_code) ON api.stays TO user_role;
GRANT UPDATE (name, notes, stay_code, home_flag) ON api.moorages TO user_role; GRANT UPDATE (name, notes, stay_code, home_flag) ON api.moorages TO user_role;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA api TO user_role; GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA api TO user_role;
-- explicitly limit EXECUTE privileges to pgrest db-pre-request function -- explicitly limit EXECUTE privileges to pgrest db-pre-request function
GRANT EXECUTE ON FUNCTION api.export_logbook_geojson_linestring_fn(int4) TO user_role; --GRANT EXECUTE ON FUNCTION public.check_jwt() TO user_role;
GRANT EXECUTE ON FUNCTION public.check_jwt() TO user_role; -- Allow others functions or allow all in public !! ??
GRANT EXECUTE ON FUNCTION public.st_asgeojson(text) TO user_role; --GRANT EXECUTE ON FUNCTION api.export_logbook_geojson_linestring_fn(int4) TO user_role;
GRANT EXECUTE ON FUNCTION public.geography_eq(geography, geography) TO user_role; --GRANT EXECUTE ON FUNCTION public.st_asgeojson(text) TO user_role;
--GRANT EXECUTE ON FUNCTION public.geography_eq(geography, geography) TO user_role;
-- TODO should not be need !! ?? -- TODO should not be need !! ??
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO user_role; GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO user_role;
-- pg15 feature security_invoker=true,security_barrier=true
GRANT SELECT ON TABLE api.logs_view,api.moorages_view,api.stays_view TO user_role;
GRANT SELECT ON TABLE api.log_view,api.moorage_view,api.stay_view,api.vessels_view TO user_role;
GRANT SELECT ON TABLE api.monitoring_view TO user_role;
GRANT SELECT ON TABLE api.total_info_view TO user_role;
GRANT SELECT ON TABLE api.stats_logs_view TO user_role;
GRANT SELECT ON TABLE api.stats_moorages_view TO user_role;
-- Update ownership for security user_role as run by web user. -- Update ownership for security user_role as run by web user.
-- Web listing -- Web listing
ALTER VIEW api.stays_view OWNER TO user_role; --ALTER VIEW api.stays_view OWNER TO user_role;
ALTER VIEW api.moorages_view OWNER TO user_role; --ALTER VIEW api.moorages_view OWNER TO user_role;
ALTER VIEW api.logs_view OWNER TO user_role; --ALTER VIEW api.logs_view OWNER TO user_role;
--ALTER VIEW api.vessel_p_view OWNER TO user_role;
--ALTER VIEW api.monitoring_view OWNER TO user_role;
-- Remove all permissions except select -- Remove all permissions except select
REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.stays_view FROM user_role; --REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.stays_view FROM user_role;
REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.moorages_view FROM user_role; --REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.moorages_view FROM user_role;
REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.logs_view FROM user_role; --REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.logs_view FROM user_role;
--REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.monitoring_view FROM user_role;
-- Allow read and update on VIEWS -- Allow read and update on VIEWS
-- Web detail view -- Web detail view
ALTER VIEW api.log_view OWNER TO user_role; --ALTER VIEW api.log_view OWNER TO user_role;
-- Remove all permissions except select and update -- Remove all permissions except select and update
REVOKE TRUNCATE, DELETE, TRIGGER, INSERT ON TABLE api.log_view FROM user_role; --REVOKE TRUNCATE, DELETE, TRIGGER, INSERT ON TABLE api.log_view FROM user_role;
ALTER VIEW api.vessels_view OWNER TO user_role; ALTER VIEW api.vessels_view OWNER TO user_role;
-- Remove all permissions except select and update -- Remove all permissions except select and update
REVOKE TRUNCATE, DELETE, TRIGGER, INSERT ON TABLE api.vessels_view FROM user_role; REVOKE TRUNCATE, DELETE, TRIGGER, INSERT ON TABLE api.vessels_view FROM user_role;
-- Vessel: -- Vessel:
-- nologin -- nologin
-- insert-update-only for api.metrics,api.logbook,api.moorages,api.stays,api.metadata and sequences and process_queue -- insert-update-only for api.metrics,api.logbook,api.moorages,api.stays,api.metadata and sequences and process_queue
CREATE ROLE vessel_role WITH NOLOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOBYPASSRLS NOREPLICATION; CREATE ROLE vessel_role WITH NOLOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOBYPASSRLS NOREPLICATION;
comment on role vessel_role is
'Role that PostgREST will switch to for authenticated web vessels.';
GRANT vessel_role to authenticator; GRANT vessel_role to authenticator;
GRANT USAGE ON SCHEMA api TO vessel_role; GRANT USAGE ON SCHEMA api TO vessel_role;
GRANT INSERT, UPDATE, SELECT ON TABLE api.metrics,api.logbook,api.moorages,api.stays,api.metadata TO vessel_role; GRANT INSERT, UPDATE, SELECT ON TABLE api.metrics,api.logbook,api.moorages,api.stays,api.metadata TO vessel_role;
@@ -97,19 +148,31 @@ GRANT INSERT ON TABLE public.process_queue TO vessel_role;
GRANT USAGE, SELECT ON SEQUENCE public.process_queue_id_seq TO vessel_role; GRANT USAGE, SELECT ON SEQUENCE public.process_queue_id_seq TO vessel_role;
-- explicitly limit EXECUTE privileges to pgrest db-pre-request function -- explicitly limit EXECUTE privileges to pgrest db-pre-request function
GRANT EXECUTE ON FUNCTION public.check_jwt() to vessel_role; GRANT EXECUTE ON FUNCTION public.check_jwt() to vessel_role;
-- explicitly limit EXECUTE privileges to api.metrics triggers function
GRANT EXECUTE ON FUNCTION public.trip_in_progress_fn(text) to vessel_role;
GRANT EXECUTE ON FUNCTION public.stay_in_progress_fn(text) to vessel_role;
-- hypertable get_partition_hash ?!?
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA _timescaledb_internal TO vessel_role;
--- Scheduler: --- Scheduler:
-- TODO: currently cron function are run as super user, switch to scheduler role. -- TODO: currently cron function are run as super user, switch to scheduler role.
-- Scheduler read-only all, and write on logbook, stays, moorage, process_queue -- Scheduler read-only all, and write on api.logbook, api.stays, api.moorages, public.process_queue, auth.otp
-- Crons -- Crons
CREATE ROLE scheduler WITH NOLOGIN; --CREATE ROLE scheduler WITH NOLOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOBYPASSRLS NOREPLICATION;
CREATE ROLE scheduler WITH NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOBYPASSRLS NOREPLICATION CONNECTION LIMIT 10 LOGIN;
comment on role scheduler is
'Role that pgcron will use to process logbook,moorages,stays,monitoring and notification.';
GRANT scheduler to authenticator; GRANT scheduler to authenticator;
GRANT EXECUTE ON FUNCTION api.run_cron_jobs() to scheduler; GRANT USAGE ON SCHEMA api TO scheduler;
GRANT SELECT ON TABLE api.metrics,api.metadata TO scheduler;
GRANT INSERT, UPDATE, SELECT ON TABLE api.logbook,api.moorages,api.stays TO scheduler;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO scheduler; GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO scheduler;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO scheduler; GRANT SELECT ON ALL TABLES IN SCHEMA public TO scheduler;
GRANT SELECT,UPDATE ON TABLE process_queue TO scheduler; GRANT SELECT,UPDATE ON TABLE public.process_queue TO scheduler;
GRANT USAGE ON SCHEMA auth TO scheduler; GRANT USAGE ON SCHEMA auth TO scheduler;
GRANT SELECT ON ALL TABLES IN SCHEMA auth TO scheduler; GRANT SELECT ON ALL TABLES IN SCHEMA auth TO scheduler;
GRANT SELECT,UPDATE,DELETE ON TABLE auth.otp TO scheduler;
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
-- Security policy -- Security policy
@@ -122,12 +185,24 @@ CREATE POLICY admin_all ON api.metadata TO current_user
WITH CHECK (true); WITH CHECK (true);
-- Allow vessel_role to insert and select on their own records -- Allow vessel_role to insert and select on their own records
CREATE POLICY api_vessel_role ON api.metadata TO vessel_role CREATE POLICY api_vessel_role ON api.metadata TO vessel_role
USING (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%') USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (true); WITH CHECK (true);
-- Allow user_role to update and select on their own records -- Allow user_role to update and select on their own records
CREATE POLICY api_user_role ON api.metadata TO user_role CREATE POLICY api_user_role ON api.metadata TO user_role
USING (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%') USING (client_id = current_setting('vessel.client_id', true))
WITH CHECK (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%'); WITH CHECK (client_id = current_setting('vessel.client_id', false));
-- Allow scheduler to update and select based on the client_id
CREATE POLICY api_scheduler_role ON api.metadata TO scheduler
USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (client_id = current_setting('vessel.client_id', false));
-- Allow grafana to select based on email
CREATE POLICY grafana_role ON api.metadata TO grafana
USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (false);
-- Allow grafana_auth to select
CREATE POLICY grafana_proxy_role ON api.metadata TO grafana_auth
USING (true)
WITH CHECK (false);
ALTER TABLE api.metrics ENABLE ROW LEVEL SECURITY; ALTER TABLE api.metrics ENABLE ROW LEVEL SECURITY;
-- Administrator can see all rows and add any rows -- Administrator can see all rows and add any rows
@@ -136,12 +211,20 @@ CREATE POLICY admin_all ON api.metrics TO current_user
WITH CHECK (true); WITH CHECK (true);
-- Allow vessel_role to insert and select on their own records -- Allow vessel_role to insert and select on their own records
CREATE POLICY api_vessel_role ON api.metrics TO vessel_role CREATE POLICY api_vessel_role ON api.metrics TO vessel_role
USING (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%') USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (true); WITH CHECK (true);
-- Allow user_role to update and select on their own records -- Allow user_role to update and select on their own records
CREATE POLICY api_user_role ON api.metrics TO user_role CREATE POLICY api_user_role ON api.metrics TO user_role
USING (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%') USING (client_id = current_setting('vessel.client_id', true))
WITH CHECK (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%'); WITH CHECK (client_id = current_setting('vessel.client_id', false));
-- Allow scheduler to update and select based on the client_id
CREATE POLICY api_scheduler_role ON api.metrics TO scheduler
USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (client_id = current_setting('vessel.client_id', false));
-- Allow grafana to select based on the client_id
CREATE POLICY grafana_role ON api.metrics TO grafana
USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (false);
-- Be sure to enable row level security on the table -- Be sure to enable row level security on the table
ALTER TABLE api.logbook ENABLE ROW LEVEL SECURITY; ALTER TABLE api.logbook ENABLE ROW LEVEL SECURITY;
@@ -152,12 +235,20 @@ CREATE POLICY admin_all ON api.logbook TO current_user
WITH CHECK (true); WITH CHECK (true);
-- Allow vessel_role to insert and select on their own records -- Allow vessel_role to insert and select on their own records
CREATE POLICY api_vessel_role ON api.logbook TO vessel_role CREATE POLICY api_vessel_role ON api.logbook TO vessel_role
USING (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%') USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (true); WITH CHECK (true);
-- Allow user_role to update and select on their own records -- Allow user_role to update and select on their own records
CREATE POLICY api_user_role ON api.logbook TO user_role CREATE POLICY api_user_role ON api.logbook TO user_role
USING (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%') USING (client_id = current_setting('vessel.client_id', true))
WITH CHECK (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%'); WITH CHECK (client_id = current_setting('vessel.client_id', false));
-- Allow scheduler to update and select based on the client_id
CREATE POLICY api_scheduler_role ON api.logbook TO scheduler
USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (client_id = current_setting('vessel.client_id', false));
-- Allow grafana to select based on the client_id
CREATE POLICY grafana_role ON api.logbook TO grafana
USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (false);
-- Be sure to enable row level security on the table -- Be sure to enable row level security on the table
ALTER TABLE api.stays ENABLE ROW LEVEL SECURITY; ALTER TABLE api.stays ENABLE ROW LEVEL SECURITY;
@@ -167,12 +258,20 @@ CREATE POLICY admin_all ON api.stays TO current_user
WITH CHECK (true); WITH CHECK (true);
-- Allow vessel_role to insert and select on their own records -- Allow vessel_role to insert and select on their own records
CREATE POLICY api_vessel_role ON api.stays TO vessel_role CREATE POLICY api_vessel_role ON api.stays TO vessel_role
USING (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%') USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (true); WITH CHECK (true);
-- Allow user_role to update and select on their own records -- Allow user_role to update and select on their own records
CREATE POLICY api_user_role ON api.stays TO user_role CREATE POLICY api_user_role ON api.stays TO user_role
USING (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%') USING (client_id = current_setting('vessel.client_id', true))
WITH CHECK (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%'); WITH CHECK (client_id = current_setting('vessel.client_id', false));
-- Allow scheduler to update and select based on the client_id
CREATE POLICY api_scheduler_role ON api.stays TO scheduler
USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (client_id = current_setting('vessel.client_id', false));
-- Allow grafana to select based on the client_id
CREATE POLICY grafana_role ON api.stays TO grafana
USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (false);
-- Be sure to enable row level security on the table -- Be sure to enable row level security on the table
ALTER TABLE api.moorages ENABLE ROW LEVEL SECURITY; ALTER TABLE api.moorages ENABLE ROW LEVEL SECURITY;
@@ -182,12 +281,20 @@ CREATE POLICY admin_all ON api.moorages TO current_user
WITH CHECK (true); WITH CHECK (true);
-- Allow vessel_role to insert and select on their own records -- Allow vessel_role to insert and select on their own records
CREATE POLICY api_vessel_role ON api.moorages TO vessel_role CREATE POLICY api_vessel_role ON api.moorages TO vessel_role
USING (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%') USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (true); WITH CHECK (true);
-- Allow user_role to update and select on their own records -- Allow user_role to update and select on their own records
CREATE POLICY api_user_role ON api.moorages TO user_role CREATE POLICY api_user_role ON api.moorages TO user_role
USING (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%') USING (client_id = current_setting('vessel.client_id', true))
WITH CHECK (client_id LIKE '%' || current_setting('vessel.mmsi', false) || '%'); WITH CHECK (client_id = current_setting('vessel.client_id', false));
-- Allow scheduler to update and select based on the client_id
CREATE POLICY api_scheduler_role ON api.moorages TO scheduler
USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (client_id = current_setting('vessel.client_id', false));
-- Allow grafana to select based on the client_id
CREATE POLICY grafana_role ON api.moorages TO grafana
USING (client_id = current_setting('vessel.client_id', false))
WITH CHECK (false);
-- Be sure to enable row level security on the table -- Be sure to enable row level security on the table
ALTER TABLE auth.vessels ENABLE ROW LEVEL SECURITY; ALTER TABLE auth.vessels ENABLE ROW LEVEL SECURITY;
@@ -197,9 +304,32 @@ CREATE POLICY admin_all ON auth.vessels TO current_user
WITH CHECK (true); WITH CHECK (true);
-- Allow user_role to update and select on their own records -- Allow user_role to update and select on their own records
CREATE POLICY api_user_role ON auth.vessels TO user_role CREATE POLICY api_user_role ON auth.vessels TO user_role
USING (mmsi = current_setting('vessel.mmsi', false) USING (vessel_id = current_setting('vessel.id', true)
AND owner_email = current_setting('request.jwt.claims', false)::json->>'email' AND owner_email = current_setting('user.email', true)
)
WITH CHECK (mmsi = current_setting('vessel.mmsi', false)
AND owner_email = current_setting('request.jwt.claims', false)::json->>'email'
) )
WITH CHECK (vessel_id = current_setting('vessel.id', true)
AND owner_email = current_setting('user.email', true)
);
-- Allow grafana to select based on email
CREATE POLICY grafana_role ON auth.vessels TO grafana
USING (owner_email = current_setting('user.email', true))
WITH CHECK (false);
-- Allow grafana to select
CREATE POLICY grafana_proxy_role ON auth.vessels TO grafana_auth
USING (true)
WITH CHECK (false);
-- Be sure to enable row level security on the table
ALTER TABLE auth.accounts ENABLE ROW LEVEL SECURITY;
-- Administrator can see all rows and add any rows
CREATE POLICY admin_all ON auth.accounts TO current_user
USING (true)
WITH CHECK (true);
-- Allow user_role to update and select on their own records
CREATE POLICY api_user_role ON auth.accounts TO user_role
USING (email = current_setting('user.email', true))
WITH CHECK (email = current_setting('user.email', true));
-- Allow grafana_auth to select
CREATE POLICY grafana_proxy_role ON auth.accounts TO grafana_auth
USING (true)
WITH CHECK (false);

2
initdb/03pgjwt.sql
View File

@@ -8,7 +8,7 @@
-- List current database -- List current database
select current_database(); select current_database();
-- connext to the DB -- connect to the DB
\c signalk \c signalk
CREATE SCHEMA IF NOT EXISTS jwt; CREATE SCHEMA IF NOT EXISTS jwt;

35
initdb/04pgcron.sql
View File

@@ -8,18 +8,18 @@
CREATE EXTENSION IF NOT EXISTS pg_cron; -- provides a simple cron-based job scheduler for PostgreSQL CREATE EXTENSION IF NOT EXISTS pg_cron; -- provides a simple cron-based job scheduler for PostgreSQL
-- TRUNCATE table jobs -- TRUNCATE table jobs
TRUNCATE TABLE cron.job CONTINUE IDENTITY RESTRICT; --TRUNCATE TABLE cron.job CONTINUE IDENTITY RESTRICT;
-- Create a every 5 minutes or minute job cron_process_new_logbook_fn ?? -- Create a every 5 minutes or minute job cron_process_new_logbook_fn ??
SELECT cron.schedule('cron_new_logbook', '*/5 * * * *', 'select public.cron_process_new_logbook_fn()') ; SELECT cron.schedule('cron_new_logbook', '*/5 * * * *', 'select public.cron_process_new_logbook_fn()');
--UPDATE cron.job SET database = 'signalk' where jobname = 'cron_new_logbook'; --UPDATE cron.job SET database = 'signalk' where jobname = 'cron_new_logbook';
-- Create a every 5 minute job cron_process_new_stay_fn -- Create a every 5 minute job cron_process_new_stay_fn
SELECT cron.schedule('cron_new_stay', '*/5 * * * *', 'select public.cron_process_new_stay_fn()'); SELECT cron.schedule('cron_new_stay', '*/6 * * * *', 'select public.cron_process_new_stay_fn()');
--UPDATE cron.job SET database = 'signalk' where jobname = 'cron_new_stay'; --UPDATE cron.job SET database = 'signalk' where jobname = 'cron_new_stay';
-- Create a every 6 minute job cron_process_new_moorage_fn, delay from stay to give time to generate geo reverse location, eg: name -- Create a every 6 minute job cron_process_new_moorage_fn, delay from stay to give time to generate geo reverse location, eg: name
SELECT cron.schedule('cron_new_moorage', '*/6 * * * *', 'select public.cron_process_new_moorage_fn()'); SELECT cron.schedule('cron_new_moorage', '*/7 * * * *', 'select public.cron_process_new_moorage_fn()');
--UPDATE cron.job SET database = 'signalk' where jobname = 'cron_new_moorage'; --UPDATE cron.job SET database = 'signalk' where jobname = 'cron_new_moorage';
-- Create a every 10 minute job cron_process_monitor_offline_fn -- Create a every 10 minute job cron_process_monitor_offline_fn
@@ -31,20 +31,37 @@ SELECT cron.schedule('cron_monitor_online', '*/10 * * * *', 'select public.cron_
--UPDATE cron.job SET database = 'signalk' where jobname = 'cron_monitor_online'; --UPDATE cron.job SET database = 'signalk' where jobname = 'cron_monitor_online';
-- Create a every 5 minute job cron_process_new_account_fn -- Create a every 5 minute job cron_process_new_account_fn
SELECT cron.schedule('cron_new_account', '*/5 * * * *', 'select public.cron_process_new_account_fn()'); --SELECT cron.schedule('cron_new_account', '*/5 * * * *', 'select public.cron_process_new_account_fn()');
--UPDATE cron.job SET database = 'signalk' where jobname = 'cron_new_account'; --UPDATE cron.job SET database = 'signalk' where jobname = 'cron_new_account';
-- Create a every 5 minute job cron_process_new_vessel_fn -- Create a every 5 minute job cron_process_new_vessel_fn
SELECT cron.schedule('cron_new_vessel', '*/5 * * * *', 'select public.cron_process_new_vessel_fn()'); --SELECT cron.schedule('cron_new_vessel', '*/5 * * * *', 'select public.cron_process_new_vessel_fn()');
--UPDATE cron.job SET database = 'signalk' where jobname = 'cron_new_vessel'; --UPDATE cron.job SET database = 'signalk' where jobname = 'cron_new_vessel';
-- Create a every 6 minute job cron_process_new_account_otp_validation_queue_fn, delay from cron_new_account
--SELECT cron.schedule('cron_new_account_otp', '*/6 * * * *', 'select public.cron_process_new_account_otp_validation_fn()');
--UPDATE cron.job SET database = 'signalk' where jobname = 'cron_new_account_otp';
-- Notification
-- Create a every 1 minute job cron_process_new_notification_queue_fn, new_account, new_vessel, _new_account_otp
SELECT cron.schedule('cron_new_notification', '*/2 * * * *', 'select public.cron_process_new_notification_fn()');
--UPDATE cron.job SET database = 'signalk' where jobname = 'cron_new_notification';
-- Maintenance -- Maintenance
-- Vacuum database at “At 01:01 on Sunday.” -- Vacuum database at “At 01:01 on Sunday.”
SELECT cron.schedule('cron_vacumm', '1 1 * * 0', 'select public.cron_vaccum_fn()'); SELECT cron.schedule('cron_vacuum', '1 1 * * 0', 'VACUUM (FULL, VERBOSE, ANALYZE, INDEX_CLEANUP) api.logbook,api.stays,api.moorages,api.metadata,api.metrics;');
-- Remove all jobs log at “At 02:02 on Sunday.”
SELECT cron.schedule('job_run_details_cleanup', '2 2 * * 0', 'select public.job_run_details_cleanup_fn()');
-- Any other maintenance require? -- Any other maintenance require?
-- OTP
-- Create a every 15 minute job cron_process_prune_otp_fn
SELECT cron.schedule('cron_prune_otp', '*/15 * * * *', 'select public.cron_process_prune_otp_fn()');
-- Cron job settings
UPDATE cron.job SET database = 'signalk'; UPDATE cron.job SET database = 'signalk';
UPDATE cron.job SET username = 'username'; -- TODO update to scheduler, pending process_queue update
--UPDATE cron.job SET username = 'username' where jobname = 'cron_vacuum'; -- TODO Update to superuser for vaccuum permissions
UPDATE cron.job SET nodename = '/var/run/postgresql/'; -- VS default localhost ?? UPDATE cron.job SET nodename = '/var/run/postgresql/'; -- VS default localhost ??
-- check job lists -- check job lists
SELECT * FROM cron.job; SELECT * FROM cron.job;
@@ -53,6 +70,8 @@ SELECT * FROM cron.job;
-- unschedule by job name -- unschedule by job name
--SELECT cron.unschedule('cron_new_logbook'); --SELECT cron.unschedule('cron_new_logbook');
-- TRUNCATE TABLE cron.job_run_details -- TRUNCATE TABLE cron.job_run_details
TRUNCATE TABLE cron.job_run_details CONTINUE IDENTITY RESTRICT; --TRUNCATE TABLE cron.job_run_details CONTINUE IDENTITY RESTRICT;
-- check job log -- check job log
select * from cron.job_run_details ORDER BY end_time DESC LIMIT 10; select * from cron.job_run_details ORDER BY end_time DESC LIMIT 10;
-- DEBUG Disable all
UPDATE cron.job SET active = False;

9
initdb/99env.sh
View File

@@ -14,12 +14,15 @@ INSERT INTO app_settings (name, value) VALUES
('app.email_user', '${PGSAIL_EMAIL_USER}'), ('app.email_user', '${PGSAIL_EMAIL_USER}'),
('app.email_pass', '${PGSAIL_EMAIL_PASS}'), ('app.email_pass', '${PGSAIL_EMAIL_PASS}'),
('app.email_from', '${PGSAIL_EMAIL_FROM}'), ('app.email_from', '${PGSAIL_EMAIL_FROM}'),
('app.pushover_token', '${PGSAIL_PUSHOVER_TOKEN}'), ('app.pushover_app_token', '${PGSAIL_PUSHOVER_APP_TOKEN}'),
('app.pushover_app', '_todo_'), ('app.pushover_app_url', '${PGSAIL_PUSHOVER_APP_URL}'),
('app.telegram_bot_token', '${PGSAIL_TELEGRAM_BOT_TOKEN}'),
('app.url', '${PGSAIL_APP_URL}'),
('app.version', '${PGSAIL_VERSION}'); ('app.version', '${PGSAIL_VERSION}');
-- Update comment with version -- Update comment with version
COMMENT ON DATABASE signalk IS 'version ${PGSAIL_VERSION}'; COMMENT ON DATABASE signalk IS 'PostgSail version ${PGSAIL_VERSION}';
-- Update password from env -- Update password from env
ALTER ROLE authenticator WITH PASSWORD '${PGSAIL_AUTHENTICATOR_PASSWORD}'; ALTER ROLE authenticator WITH PASSWORD '${PGSAIL_AUTHENTICATOR_PASSWORD}';
ALTER ROLE grafana WITH PASSWORD '${PGSAIL_GRAFANA_PASSWORD}'; ALTER ROLE grafana WITH PASSWORD '${PGSAIL_GRAFANA_PASSWORD}';
ALTER ROLE grafana_auth WITH PASSWORD '${PGSAIL_GRAFANA_AUTH_PASSWORD}';
END END

2
initdb/PGSAIL_VERSION
View File

@@ -1 +1 @@
0.0.7 0.1.0