-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathdocker-compose.rest.yml
More file actions
39 lines (39 loc) · 2.32 KB
/
docker-compose.rest.yml
File metadata and controls
39 lines (39 loc) · 2.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# PostgREST API service configuration
services:
rest:
container_name: ${COMPOSE_INSTANCE_NAME:?COMPOSE_INSTANCE_NAME must be set in the generated .env}-rest
image: postgrest/postgrest:v12.2.8
depends_on:
db:
condition: service_healthy
restart: unless-stopped
environment:
PGRST_DB_URI: postgres://authenticator:${POSTGRES_AUTHENTICATOR_PASSWORD:?POSTGRES_AUTHENTICATOR_PASSWORD must be set in the generated .env}@db:5432/statbus_${DEPLOYMENT_SLOT_CODE:?DEPLOYMENT_SLOT_CODE must be set in the generated .env}
PGRST_DB_SCHEMAS: ${PGRST_DB_SCHEMAS:-public}
PGRST_DB_ANON_ROLE: anon
PGRST_DB_USE_LEGACY_GUCS: "false"
# PostgREST needs JWT_SECRET for validating incoming JWTs, but it must NOT be exposed
# to PostgreSQL as a session variable (via PGRST_APP_SETTINGS_*) because users with
# direct database access could read it and forge JWTs. Instead, the secret is stored
# in auth.secrets table with RLS protection, accessible only via SECURITY DEFINER functions.
PGRST_JWT_SECRET: ${JWT_SECRET:?JWT_SECRET must be set in the generated .env}
# JWT expiration time in seconds: 3600 = 1 hour
PGRST_APP_SETTINGS_ACCESS_JWT_EXP: ${ACCESS_JWT_EXPIRY:?ACCESS_JWT_EXPIRY must be set in the generated .env}
# Refresh token expiration time in seconds: 2592000 = 30 days
PGRST_APP_SETTINGS_REFRESH_JWT_EXP: ${REFRESH_JWT_EXPIRY:?REFRESH_JWT_EXPIRY must be set in the generated .env}
# Enable group by counting for getting the available filter values with counts
PGRST_DB_AGGREGATES_ENABLED: "true"
# JWT claims available in current_setting('request.jwt.claims')
PGRST_JWT_AUD: "statbus"
# Ensure OpenAPI documentation uses the right base url
PGRST_OPENAPI_SERVER_PROXY_URI: ${SITE_URL:?SITE_URL must be set in the generated .env}/postgrest
# Pass deployment slot code to database for cookie naming
PGRST_DB_CONFIG: app.settings.deployment_slot_code=${DEPLOYMENT_SLOT_CODE:?DEPLOYMENT_SLOT_CODE must be set in the generated .env}
# Add pre-request function for API key revocation check
PGRST_DB_PRE_REQUEST: auth.check_api_key_revocation
ports:
- "${REST_BIND_ADDRESS:?REST_BIND_ADDRESS must be set in the generated .env}:3000"
profiles:
- "all"
- "all_except_app"
command: "postgrest"