feat: NPM access list support (global default + per-project override)
This commit is contained in:
+11
-11
@@ -15,9 +15,9 @@ func (s *Store) CreateProject(p Project) (Project, error) {
|
||||
p.UpdatedAt = p.CreatedAt
|
||||
|
||||
_, err := s.db.Exec(
|
||||
`INSERT INTO projects (id, name, registry, image, port, healthcheck, env, volumes, created_at, updated_at)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
|
||||
p.ID, p.Name, p.Registry, p.Image, p.Port, p.Healthcheck, p.Env, p.Volumes, p.CreatedAt, p.UpdatedAt,
|
||||
`INSERT INTO projects (id, name, registry, image, port, healthcheck, env, volumes, npm_access_list_id, created_at, updated_at)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
|
||||
p.ID, p.Name, p.Registry, p.Image, p.Port, p.Healthcheck, p.Env, p.Volumes, p.NpmAccessListID, p.CreatedAt, p.UpdatedAt,
|
||||
)
|
||||
if err != nil {
|
||||
return Project{}, fmt.Errorf("insert project: %w", err)
|
||||
@@ -29,9 +29,9 @@ func (s *Store) CreateProject(p Project) (Project, error) {
|
||||
func (s *Store) GetProjectByID(id string) (Project, error) {
|
||||
var p Project
|
||||
err := s.db.QueryRow(
|
||||
`SELECT id, name, registry, image, port, healthcheck, env, volumes, created_at, updated_at
|
||||
`SELECT id, name, registry, image, port, healthcheck, env, volumes, npm_access_list_id, created_at, updated_at
|
||||
FROM projects WHERE id = ?`, id,
|
||||
).Scan(&p.ID, &p.Name, &p.Registry, &p.Image, &p.Port, &p.Healthcheck, &p.Env, &p.Volumes, &p.CreatedAt, &p.UpdatedAt)
|
||||
).Scan(&p.ID, &p.Name, &p.Registry, &p.Image, &p.Port, &p.Healthcheck, &p.Env, &p.Volumes, &p.NpmAccessListID, &p.CreatedAt, &p.UpdatedAt)
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
return Project{}, fmt.Errorf("project %s: %w", id, ErrNotFound)
|
||||
}
|
||||
@@ -44,7 +44,7 @@ func (s *Store) GetProjectByID(id string) (Project, error) {
|
||||
// GetAllProjects returns every project ordered by name.
|
||||
func (s *Store) GetAllProjects() ([]Project, error) {
|
||||
rows, err := s.db.Query(
|
||||
`SELECT id, name, registry, image, port, healthcheck, env, volumes, created_at, updated_at
|
||||
`SELECT id, name, registry, image, port, healthcheck, env, volumes, npm_access_list_id, created_at, updated_at
|
||||
FROM projects ORDER BY name`,
|
||||
)
|
||||
if err != nil {
|
||||
@@ -55,7 +55,7 @@ func (s *Store) GetAllProjects() ([]Project, error) {
|
||||
projects := []Project{}
|
||||
for rows.Next() {
|
||||
var p Project
|
||||
if err := rows.Scan(&p.ID, &p.Name, &p.Registry, &p.Image, &p.Port, &p.Healthcheck, &p.Env, &p.Volumes, &p.CreatedAt, &p.UpdatedAt); err != nil {
|
||||
if err := rows.Scan(&p.ID, &p.Name, &p.Registry, &p.Image, &p.Port, &p.Healthcheck, &p.Env, &p.Volumes, &p.NpmAccessListID, &p.CreatedAt, &p.UpdatedAt); err != nil {
|
||||
return nil, fmt.Errorf("scan project: %w", err)
|
||||
}
|
||||
projects = append(projects, p)
|
||||
@@ -66,7 +66,7 @@ func (s *Store) GetAllProjects() ([]Project, error) {
|
||||
// GetProjectsByImage returns all projects using the given image, newest first.
|
||||
func (s *Store) GetProjectsByImage(image string) ([]Project, error) {
|
||||
rows, err := s.db.Query(
|
||||
`SELECT id, name, registry, image, port, healthcheck, env, volumes, created_at, updated_at
|
||||
`SELECT id, name, registry, image, port, healthcheck, env, volumes, npm_access_list_id, created_at, updated_at
|
||||
FROM projects WHERE image = ? ORDER BY created_at DESC`, image,
|
||||
)
|
||||
if err != nil {
|
||||
@@ -77,7 +77,7 @@ func (s *Store) GetProjectsByImage(image string) ([]Project, error) {
|
||||
projects := []Project{}
|
||||
for rows.Next() {
|
||||
var p Project
|
||||
if err := rows.Scan(&p.ID, &p.Name, &p.Registry, &p.Image, &p.Port, &p.Healthcheck, &p.Env, &p.Volumes, &p.CreatedAt, &p.UpdatedAt); err != nil {
|
||||
if err := rows.Scan(&p.ID, &p.Name, &p.Registry, &p.Image, &p.Port, &p.Healthcheck, &p.Env, &p.Volumes, &p.NpmAccessListID, &p.CreatedAt, &p.UpdatedAt); err != nil {
|
||||
return nil, fmt.Errorf("scan project: %w", err)
|
||||
}
|
||||
projects = append(projects, p)
|
||||
@@ -89,9 +89,9 @@ func (s *Store) GetProjectsByImage(image string) ([]Project, error) {
|
||||
func (s *Store) UpdateProject(p Project) error {
|
||||
p.UpdatedAt = Now()
|
||||
result, err := s.db.Exec(
|
||||
`UPDATE projects SET name=?, registry=?, image=?, port=?, healthcheck=?, env=?, volumes=?, updated_at=?
|
||||
`UPDATE projects SET name=?, registry=?, image=?, port=?, healthcheck=?, env=?, volumes=?, npm_access_list_id=?, updated_at=?
|
||||
WHERE id=?`,
|
||||
p.Name, p.Registry, p.Image, p.Port, p.Healthcheck, p.Env, p.Volumes, p.UpdatedAt, p.ID,
|
||||
p.Name, p.Registry, p.Image, p.Port, p.Healthcheck, p.Env, p.Volumes, p.NpmAccessListID, p.UpdatedAt, p.ID,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("update project: %w", err)
|
||||
|
||||
@@ -14,7 +14,7 @@ func (s *Store) GetSettings() (Settings, error) {
|
||||
base_volume_path, ssl_certificate_id, stale_threshold_days,
|
||||
allowed_volume_paths, wildcard_dns, dns_provider,
|
||||
cloudflare_api_token, cloudflare_zone_id,
|
||||
npm_remote, proxy_provider,
|
||||
npm_remote, npm_access_list_id, proxy_provider,
|
||||
traefik_entrypoint, traefik_cert_resolver, traefik_network, traefik_api_url,
|
||||
backup_enabled, backup_interval_hours, backup_retention_count,
|
||||
updated_at
|
||||
@@ -24,7 +24,7 @@ func (s *Store) GetSettings() (Settings, error) {
|
||||
&st.BaseVolumePath, &st.SSLCertificateID, &st.StaleThresholdDays,
|
||||
&st.AllowedVolumePaths, &wildcardDNS, &st.DNSProvider,
|
||||
&st.CloudflareAPIToken, &st.CloudflareZoneID,
|
||||
&npmRemote, &st.ProxyProvider,
|
||||
&npmRemote, &st.NpmAccessListID, &st.ProxyProvider,
|
||||
&st.TraefikEntrypoint, &st.TraefikCertResolver, &st.TraefikNetwork, &st.TraefikAPIURL,
|
||||
&backupEnabled, &st.BackupIntervalHours, &st.BackupRetentionCount,
|
||||
&st.UpdatedAt)
|
||||
@@ -59,7 +59,7 @@ func (s *Store) UpdateSettings(st Settings) error {
|
||||
base_volume_path=?, ssl_certificate_id=?, stale_threshold_days=?,
|
||||
allowed_volume_paths=?, wildcard_dns=?, dns_provider=?,
|
||||
cloudflare_api_token=?, cloudflare_zone_id=?,
|
||||
npm_remote=?, proxy_provider=?,
|
||||
npm_remote=?, npm_access_list_id=?, proxy_provider=?,
|
||||
traefik_entrypoint=?, traefik_cert_resolver=?, traefik_network=?, traefik_api_url=?,
|
||||
backup_enabled=?, backup_interval_hours=?, backup_retention_count=?,
|
||||
updated_at=?
|
||||
@@ -69,7 +69,7 @@ func (s *Store) UpdateSettings(st Settings) error {
|
||||
st.BaseVolumePath, st.SSLCertificateID, st.StaleThresholdDays,
|
||||
st.AllowedVolumePaths, wildcardDNS, st.DNSProvider,
|
||||
st.CloudflareAPIToken, st.CloudflareZoneID,
|
||||
npmRemote, st.ProxyProvider,
|
||||
npmRemote, st.NpmAccessListID, st.ProxyProvider,
|
||||
st.TraefikEntrypoint, st.TraefikCertResolver, st.TraefikNetwork, st.TraefikAPIURL,
|
||||
backupEnabled, st.BackupIntervalHours, st.BackupRetentionCount,
|
||||
st.UpdatedAt,
|
||||
|
||||
@@ -113,6 +113,12 @@ func (s *Store) runMigrations() error {
|
||||
`UPDATE settings SET network = 'docker-watcher' WHERE network = ''`,
|
||||
// NPM remote mode: forward to server_ip instead of container name.
|
||||
`ALTER TABLE settings ADD COLUMN npm_remote INTEGER NOT NULL DEFAULT 0`,
|
||||
// Resource limits per stage.
|
||||
`ALTER TABLE stages ADD COLUMN cpu_limit REAL NOT NULL DEFAULT 0`,
|
||||
`ALTER TABLE stages ADD COLUMN memory_limit INTEGER NOT NULL DEFAULT 0`,
|
||||
// NPM access list support (global default + per-project override).
|
||||
`ALTER TABLE settings ADD COLUMN npm_access_list_id INTEGER NOT NULL DEFAULT 0`,
|
||||
`ALTER TABLE projects ADD COLUMN npm_access_list_id INTEGER NOT NULL DEFAULT 0`,
|
||||
}
|
||||
|
||||
for _, m := range migrations {
|
||||
@@ -167,6 +173,7 @@ CREATE TABLE IF NOT EXISTS projects (
|
||||
healthcheck TEXT NOT NULL DEFAULT '',
|
||||
env TEXT NOT NULL DEFAULT '{}',
|
||||
volumes TEXT NOT NULL DEFAULT '{}',
|
||||
npm_access_list_id INTEGER NOT NULL DEFAULT 0,
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now')),
|
||||
updated_at TEXT NOT NULL DEFAULT (datetime('now'))
|
||||
);
|
||||
@@ -183,6 +190,8 @@ CREATE TABLE IF NOT EXISTS stages (
|
||||
promote_from TEXT NOT NULL DEFAULT '',
|
||||
subdomain TEXT NOT NULL DEFAULT '',
|
||||
notification_url TEXT NOT NULL DEFAULT '',
|
||||
cpu_limit REAL NOT NULL DEFAULT 0,
|
||||
memory_limit INTEGER NOT NULL DEFAULT 0,
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now')),
|
||||
updated_at TEXT NOT NULL DEFAULT (datetime('now')),
|
||||
UNIQUE(project_id, name)
|
||||
@@ -213,6 +222,7 @@ CREATE TABLE IF NOT EXISTS settings (
|
||||
base_volume_path TEXT NOT NULL DEFAULT '',
|
||||
ssl_certificate_id INTEGER NOT NULL DEFAULT 0,
|
||||
npm_remote INTEGER NOT NULL DEFAULT 0,
|
||||
npm_access_list_id INTEGER NOT NULL DEFAULT 0,
|
||||
traefik_entrypoint TEXT NOT NULL DEFAULT 'websecure',
|
||||
traefik_cert_resolver TEXT NOT NULL DEFAULT 'letsencrypt',
|
||||
traefik_network TEXT NOT NULL DEFAULT '',
|
||||
|
||||
Reference in New Issue
Block a user