change fork to its own repo

Author: danielstaleiny

.env

@@ -0,0 +1,38 @@
+# Docker specific configs
+# use only letters and numbers for the project name
+COMPOSE_PROJECT_NAME=postgreststarterkit
+
+
+# Global configs
+DEVELOPMENT=1
+JWT_SECRET=reallyreallyreallyreallyverysafe
+
+# DB connection details (used by all containers)
+# set PG_VERSION to match your production db major version
+PG_VERSION=11.2
+DB_HOST=db
+DB_PORT=5432
+DB_NAME=app
+DB_SCHEMA=api
+DB_USER=authenticator
+DB_PASS=authenticatorpass
+
+# OpenResty
+POSTGREST_HOST=postgrest
+POSTGREST_PORT=3000
+
+# PostgREST
+DB_ANON_ROLE=anonymous
+DB_POOL=10
+#MAX_ROWS=
+#PRE_REQUEST=
+SERVER_PROXY_URI=http://localhost:8080/rest
+
+# PostgreSQL container config
+# Use this to connect directly to the db running in the container
+SUPER_USER=superuser
+SUPER_USER_PASSWORD=superuserpass
+
+# RabbitMQ
+RABBITMQ_DEFAULT_USER=admin
+RABBITMQ_DEFAULT_PASS=adminpass

.gitattributes

@@ -0,0 +1,4 @@
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text=auto
+# convert all bash scripts to run with linux line endings by default.
+*.sh text eol=lf

.gitignore

@@ -0,0 +1,3 @@
+node_modules
+package-lock.json
+.db-data

.snapshotResolver.js

@@ -0,0 +1,15 @@
+module.exports = {
+  // resolves from test to snapshot path
+  resolveSnapshotPath: (testPath, snapshotExtension) =>
+    testPath.replace('__tests__', '__snapshots__') + snapshotExtension,
+
+  // resolves from snapshot to test path
+  resolveTestPath: (snapshotFilePath, snapshotExtension) =>
+    snapshotFilePath
+      .replace('__snapshots__', '__tests__')
+      .slice(0, -snapshotExtension.length),
+
+  // Example test path, used for preflight consistency check of the implementation above
+  // testPathForConsistencyCheck: 'some/__tests__/example.test.js',
+  testPathForConsistencyCheck: 'example.test.js',
+}

LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2017-present Ruslan Talpa, subZero Cloud LLC.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,149 @@
+# PostgREST Starter Kit
+
+Base project and tooling for authoring REST API backends with [PostgREST](https://postgrest.com).
+
+![PostgREST Starter Kit](https://raw.githubusercontent.com/wiki/subzerocloud/postgrest-starter-kit/images/postgrest-starter-kit.gif "PostgREST Starter Kit")
+
+
+## Purpose
+
+PostgREST enables a different way of building data driven API backends. It does "one thing well" and that is to provide you with a REST api over your database, however to build a complex production system that does things like talk to 3rd party systems, sends emails, implements real time updates for browsers, write integration tests, implement authentication, you need additional components. For this reason, some developers either submit feature requests that are not the scope of PostgREST or think of it just as a prototyping utility and not a powerful/flexible production component with excellent performance. This repository aims to be a starting point for all PostgREST based projects and bring all components together under a well defined structure. We also provide tooling that will aid you with iterating on your project and tools/scripts to enable a build pipeline to push everything to production. There are quite a few components in the stack but you can safely comment out pg_amqp_bridge/rabbitmq (or even openresty) instances in docker-compose.yml if you don't need the features/functionality they provide.
+
+## PostgREST+ as a service
+Run your PostgREST instance in [subZero cloud](https://subzero.cloud/postgrest-plus.html) and get additional features to the OS version ( [free plan](https://subzero.cloud/pricing.html) available). ALternatively, deploy an [enhanced version](https://docs.subzero.cloud/postgrest-plus/) of PostgREST on your infrastructure using binary and docker distributions.
+
+✓ **Fully Managed** &mdash; subZero automates every part of setup, running and scaling of PostgREST. Let your team focus on what they do best - building your product. Leave PostgREST management and monitoring to the experts.<br>
+✓ **Faster Queries** &mdash; Run an [enhanced PostgREST](https://docs.subzero.cloud/postgrest-plus/) version that uses prepared statements instead of inline queries. This results in up to 30% faster response times.<br>
+✓ **Custom Relations** &mdash; Define [custom relations](https://docs.subzero.cloud/postgrest-plus/) when automatic detection does not work. This allows you to use the powerful embedding feature even with the most complicated views<br>
+✓ **GraphQL API** &mdash; In addition to the REST API you get a GraphQL api with no additional coding. Leverage all the powerful tooling, libraries and integrations for GraphQL in your frontend.<br>
+
+## Features
+
+✓ Cross-platform development on macOS, Windows or Linux inside [Docker](https://www.docker.com/)<br>
+✓ [PostgreSQL](https://www.postgresql.org/) database schema boilerplate with authentication and authorization flow<br>
+✓ [OpenResty](https://openresty.org/en/) configuration files for the reverse proxy<br>
+✓ [RabbitMQ](https://www.rabbitmq.com/) integration through [pg-amqp-bridge](https://github.com/subzerocloud/pg-amqp-bridge)<br>
+✓ [Lua](https://www.lua.org/) functions to hook into each stage of the HTTP request and add custom logic (integrate 3rd party systems)<br>
+✓ Debugging and live code reloading (sql/configs/lua) functionality using [subzero-cli](https://github.com/subzerocloud/subzero-cli)<br>
+✓ Full migration management (migration files are automatically created) through [subzero-cli](https://github.com/subzerocloud/subzero-cli)/[sqitch](http://sqitch.org/)/[apgdiff](https://github.com/subzerocloud/apgdiff)<br>
+✓ SQL unit test using [pgTAP](http://pgtap.org/)<br>
+✓ Integration tests with [SuperTest / Mocha](https://github.com/visionmedia/supertest)<br>
+✓ Docker files for building production images<br>
+✓ Community support on [Slack](https://slack.subzero.cloud/)<br>
+✓ Compatible with [subZero Starter Kit](https://github.com/subzerocloud/subzero-starter-kit) if you need a GraphQL API and a few [more features](https://github.com/subzerocloud/subzero-starter-kit#features) with no additional work<br>
+
+
+## Directory Layout
+
+```bash
+.
+├── db                        # Database schema source files and tests
+│   └── src                   # Schema definition
+│       ├── api               # Api entities avaiable as REST endpoints
+│       ├── data              # Definition of source tables that hold the data
+│       ├── libs              # A collection modules of used throughout the code
+│       ├── authorization     # Application level roles and their privileges
+│       ├── sample_data       # A few sample rows
+│       └── init.sql          # Schema definition entry point
+├── openresty                 # Reverse proxy configurations and Lua code
+│   ├── lua                   # Application Lua code
+│   ├── nginx                 # Nginx configuration files
+│   ├── html                  # Static frontend files
+│   └── Dockerfile            # Dockerfile definition for building production images
+├── tests                     # Tests for all the components
+│   ├── db                    # pgTap tests for the db
+│   └── rest                  # REST interface tests
+├── docker-compose.yml        # Defines Docker services, networks and volumes
+└── .env                      # Project configurations
+
+```
+
+
+
+## Installation 
+
+### Prerequisites
+* [Docker](https://www.docker.com)
+* [Node.js](https://nodejs.org/en/)
+* [subZero CLI](https://github.com/subzerocloud/subzero-cli#install)
+
+### Create a New Project
+subzero-cli provides you with a `base-project` command that lets you create a new project structure:
+
+```bash
+subzero base-project
+
+? Enter the directory path where you want to create the project .
+? Choose the starter kit (Use arrow keys)
+  subzero-starter-kit (REST & GraphQL) 
+❯ postgrest-starter-kit (REST) 
+```
+
+After the files have been created, you can bring up your application (API).
+In the root folder of application, run the docker-compose command
+
+```bash
+docker-compose up -d
+```
+
+The API server will become available at the following endpoint:
+
+- REST [http://localhost:8080/api/](http://localhost:8080/api/)
+
+Try a simple request
+
+```bash
+curl http://localhost:8080/api/todos?select=id,todo
+```
+
+
+## Development workflow and debugging
+
+Execute `subzero dashboard` in the root of your project.<br />
+After this step you can view the logs of all the stack components (SQL queries will also be logged) and
+if you edit a sql/conf/lua file in your project, the changes will immediately be applied.
+
+
+## Testing
+
+The starter kit comes with a testing infrastructure setup.
+You can write pgTAP tests that run directly in your database, useful for testing the logic that resides in your database (user privileges, Row Level Security, stored procedures).
+Integration tests are written in JavaScript.
+
+Here is how you run them
+
+```bash
+npm install                     # Install test dependencies
+npm test                        # Run all tests (db, api)
+npm run test_db                 # Run pgTAP tests
+npm run test_api               # Run integration tests
+```
+
+
+## Deployment
+* [subZero Cloud](http://docs.subzero.cloud/production-infrastructure/subzero-cloud/)
+* [Amazon ECS+RDS](http://docs.subzero.cloud/production-infrastructure/aws-ecs-rds/)
+* [Amazon Fargate+RDS](http://docs.subzero.cloud/production-infrastructure/aws-fargate-rds/)
+* [Dedicated Linux Server](https://docs.subzero.cloud/production-infrastructure/ubuntu-server/)
+
+## Contributing
+
+Anyone and everyone is welcome to contribute.
+
+## Support and Documentation
+* [Documentation](https://docs.subzero.cloud/postgrest-starter-kit/)
+* [PostgREST API Referance](https://postgrest.com/en/stable/api.html)
+* [PostgreSQL Manual](https://www.postgresql.org/docs/current/static/index.html)
+* [Slack](https://slack.subzero.cloud/) — Get help, share ideas and feedback
+* [GitHub Issues](https://github.com/subzerocloud/postgrest-starter-kit/issues) — Check open issues, send feature requests
+
+## License
+
+Copyright © 2017-present subZero Cloud, LLC.<br />
+This source code is licensed under [MIT](https://github.com/subzerocloud/postgrest-starter-kit/blob/master/LICENSE.txt) license<br />
+The documentation to the project is licensed under the [CC BY-SA 4.0](http://creativecommons.org/licenses/by-sa/4.0/) license.
+
+
+
+## CSRF prevention
+[OWASP CSRF cheatsheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#Checking_The_Referer_Header)

db/src/api/.login.spec.js

@@ -0,0 +1,29 @@
+const ROOT = process.cwd()
+const { get, post, put, patch, del } = require(`${ROOT}/util/fetch.js`)(
+  'http://localhost:3000/'
+)
+
+describe('/rpc/login', () => {
+  test('success 200', async () => {
+    const res = await post('rpc/login')({
+      body: {
+        email: '[email protected]',
+        password: 'pass',
+      },
+    })
+    res.body.csrf = 'checked'
+    res.body.token = 'checked'
+    res.body.refresh_token = 'checked'
+    expect(res).toMatchSnapshot()
+  })
+
+  test('fail 404', async () => {
+    const res = await post('rpc/login')({
+      body: {
+        email: '[email protected]',
+        password: 'nonexistent',
+      },
+    })
+    expect(res).toMatchSnapshot()
+  })
+})

db/src/api/.login.spec.js.snap

@@ -0,0 +1,30 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`/rpc/login fail 404 1`] = `
+Object {
+  "body": Object {
+    "code": "28P01",
+    "details": "Invalid email or password",
+    "hint": "Make sure your email and password are correct!",
+    "message": "invalid_password",
+  },
+  "status": 403,
+  "statusText": "Forbidden",
+}
+`;
+
+exports[`/rpc/login success 200 1`] = `
+Object {
+  "body": Object {
+    "csrf": "checked",
+    "email": "[email protected]",
+    "id": 1,
+    "name": "alice",
+    "refresh_token": "checked",
+    "role": "webuser",
+    "token": "checked",
+  },
+  "status": 200,
+  "statusText": "OK",
+}
+`;

db/src/api/.logout.spec.js

@@ -0,0 +1,33 @@
+const ROOT = process.cwd()
+const { get, post, put, patch, del } = require(`${ROOT}/util/fetch.js`)(
+  'http://localhost:3000/'
+)
+
+describe('/rpc/logout', () => {
+  test('success 200 without refresh_token', async () => {
+    const res = await post('rpc/logout')({
+      withRole: { id: 1, role: 'webuser' },
+    })
+    expect(res).toMatchSnapshot()
+  })
+
+  test('success 200 with refresh_token', async () => {
+    const res = await post('rpc/logout')({
+      withRole: { id: 1, role: 'webuser' },
+      body: {
+        refresh_token: 'de688895-6181-440f-a25a-8a9ba14b2162',
+      },
+    })
+    expect(res).toMatchSnapshot()
+  })
+
+  test('success 200 with refresh_token which is not in db', async () => {
+    const res = await post('rpc/logout')({
+      withRole: { id: 1, role: 'webuser' },
+      body: {
+        refresh_token: 'de688895-6181-440f-a25a-000000000000',
+      },
+    })
+    expect(res).toMatchSnapshot()
+  })
+})

db/src/api/.logout.spec.js.snap

@@ -0,0 +1,25 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`/rpc/logout success 200 with refresh_token 1`] = `
+Object {
+  "body": "{\\"ok\\" : true}",
+  "status": 200,
+  "statusText": "OK",
+}
+`;
+
+exports[`/rpc/logout success 200 with refresh_token which is not in db 1`] = `
+Object {
+  "body": "{\\"ok\\" : true}",
+  "status": 200,
+  "statusText": "OK",
+}
+`;
+
+exports[`/rpc/logout success 200 without refresh_token 1`] = `
+Object {
+  "body": "{\\"ok\\" : true}",
+  "status": 200,
+  "statusText": "OK",
+}
+`;

db/src/api/.me.spec.js

@@ -0,0 +1,25 @@
+const ROOT = process.cwd()
+const { get, post, put, patch, del } = require(`${ROOT}/util/fetch.js`)(
+  'http://localhost:3000/'
+)
+
+describe('/rpc/me', () => {
+  test('success 200 POST', async () => {
+    const res = await post('rpc/me')({
+      withRole: { id: 1, role: 'webuser' },
+    })
+    expect(res).toMatchSnapshot()
+  })
+
+  test('success 200 GET', async () => {
+    const res = await get('rpc/me')({
+      withRole: { id: 1, role: 'webuser' },
+    })
+    expect(res).toMatchSnapshot()
+  })
+
+  test('fail 401', async () => {
+    const res = await post('rpc/me')({})
+    expect(res).toMatchSnapshot()
+  })
+})