✨ Allow connect to read-only databases.

2025-07-19 18:37:23 +02:00 · 2022-01-27 14:02:37 +01:00 · 2022-01-27 14:02:37 +01:00 · bc2a0432b9
commit bc2a0432b9
parent f72e140327
8 changed files with 216 additions and 135 deletions
--- a/backend/src/app/setup.clj
+++ b/backend/src/app/setup.clj
@ -7,6 +7,7 @@
 (ns app.setup
  "Initial data setup of instance."
  (:require
+   [app.common.logging :as l]
   [app.common.uuid :as uuid]
   [app.db :as db]
   [buddy.core.codecs :as bc]
@ -14,55 +15,49 @@
   [clojure.spec.alpha :as s]
   [integrant.core :as ig]))

-(declare initialize-instance-id!)
-(declare initialize-secret-key!)
-(declare retrieve-all)
+(defn- generate-random-key
+  []
+  (-> (bn/random-bytes 64)
+      (bc/bytes->b64u)
+      (bc/bytes->str)))
+
+(defn- retrieve-all
+  [conn]
+  (->> (db/query conn :server-prop {:preload true})
+       (filter #(not= "secret-key" (:id %)))
+       (map (fn [row]
+              [(keyword (:id row))
+               (db/decode-transit-pgobject (:content row))]))
+       (into {})))
+
+(defn- handle-instance-id
+  [instance-id conn read-only?]
+  (or instance-id
+      (let [instance-id (uuid/random)]
+        (when-not read-only?
+          (try
+            (db/insert! conn :server-prop
+                        {:id "instance-id"
+                         :preload true
+                         :content (db/tjson instance-id)})
+            (catch Throwable cause
+              (l/warn :hint "unable to persist instance-id"
+                      :instance-id instance-id
+                      :cause cause))))
+        instance-id)))

 (defmethod ig/pre-init-spec ::props [_]
  (s/keys :req-un [::db/pool]))

 (defmethod ig/init-key ::props
-  [_ {:keys [pool] :as cfg}]
+  [_ {:keys [pool key] :as cfg}]
  (db/with-atomic [conn pool]
-    (let [cfg (assoc cfg :conn conn)]
-      (initialize-secret-key! cfg)
-      (initialize-instance-id! cfg)
-      (retrieve-all cfg))))
+    (db/xact-lock! conn 0)
+    (when-not key
+      (l/warn :hint (str "using autogenerated secret-key, it will change on each restart and will invalidate "
+                         "all sessions on each restart, it is hightly recommeded setting up the "
+                         "PENPOT_SECRET_KEY environment variable")))

-(def sql:upsert-secret-key
-  "insert into server_prop (id, preload, content)
-   values ('secret-key', true, ?::jsonb)
-   on conflict (id) do update set content = ?::jsonb")
-
-(def sql:insert-secret-key
-  "insert into server_prop (id, preload, content)
-   values ('secret-key', true, ?::jsonb)
-   on conflict (id) do nothing")
-
-(defn- initialize-secret-key!
-  [{:keys [conn key] :as cfg}]
-  (if key
-    (let [key (db/tjson key)]
-      (db/exec-one! conn [sql:upsert-secret-key key key]))
-    (let [key (-> (bn/random-bytes 64)
-                  (bc/bytes->b64u)
-                  (bc/bytes->str))
-          key (db/tjson key)]
-      (db/exec-one! conn [sql:insert-secret-key key]))))
-
-(defn- initialize-instance-id!
-  [{:keys [conn] :as cfg}]
-  (let [iid (uuid/random)]
-
-    (db/insert! conn :server-prop
-                {:id "instance-id"
-                 :preload true
-                 :content (db/tjson iid)}
-                {:on-conflict-do-nothing true})))
-
-(defn- retrieve-all
-  [{:keys [conn] :as cfg}]
-  (reduce (fn [acc row]
-            (assoc acc (keyword (:id row)) (db/decode-transit-pgobject (:content row))))
-          {}
-          (db/query conn :server-prop {:preload true})))
+    (let [stored (-> (retrieve-all conn)
+                     (assoc :secret-key (or key (generate-random-key))))]
+      (update stored :instance-id handle-instance-id conn (db/read-only? pool)))))