Skip to content

Backport master to develop #388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MarcelGeo merged 27 commits into from
Feb 28, 2025
Merged

Backport master to develop #388

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
a444246
Merge pull request #318 from MerginMaps/develop
MarcelGeo Nov 4, 2024
83cfacf
Set proper project version type in flask cmd
varmar05 Nov 13, 2024
c8a7654
Merge pull request #330 from MerginMaps/fix_download_cmd
MarcelGeo Nov 13, 2024
84141dc
fix spelling of template
MarcelGeo Nov 18, 2024
16185da
Remove pretty text wrap froom span
MarcelGeo Nov 18, 2024
cbc826a
Merge pull request #329 from MerginMaps/build-2024.7.0
MarcelGeo Nov 18, 2024
4f2d1dd
Merge pull request #336 from MerginMaps/develop
MarcelGeo Nov 25, 2024
b4cef2a
Fix db migration not to include deleted users
varmar05 Dec 16, 2024
6275d97
Fix db migration not to include deleted projects
varmar05 Dec 16, 2024
141baa2
Merge pull request #347 from MerginMaps/fix_alembic_deleted_projects
MarcelGeo Dec 16, 2024
be8f5a6
Merge pull request #345 from MerginMaps/build-2025.1.0
MarcelGeo Dec 18, 2024
14ed20f
Fix error in alembic migration script
varmar05 Jan 7, 2025
8f73129
Merge pull request #350 from MerginMaps/fix_alembic_error
MarcelGeo Jan 7, 2025
2b57c0b
Merge pull request #360 from MerginMaps/develop
MarcelGeo Jan 20, 2025
241d854
Add an example config for production proxy with SSL termination
varmar05 Jan 21, 2025
62ae5c4
Add option for nginx logs written to file
varmar05 Jan 21, 2025
aa2a39e
Merge pull request #362 from MerginMaps/nginx_logs
MarcelGeo Jan 21, 2025
b3bf9fe
Merge pull request #361 from MerginMaps/prod_setup_hints
MarcelGeo Jan 21, 2025
035f546
Simplify gzip settings to avoaid clash with API responses
varmar05 Jan 24, 2025
566158a
Merge pull request #364 from MerginMaps/fix_gzip
MarcelGeo Jan 24, 2025
bcb81cf
Backport error handling for username
MarcelGeo Feb 13, 2025
8105541
Merge pull request #377 from MerginMaps/release-2025.2.0
MarcelGeo Feb 13, 2025
9666044
Merge pull request #385 from MerginMaps/develop
MarcelGeo Feb 26, 2025
a6c0178
Fix sql with '' regexp issue in similar to
MarcelGeo Feb 26, 2025
4f8f558
Merge pull request #386 from MerginMaps/fix-duplicate-sql
MarcelGeo Feb 26, 2025
e5d1873
fix very long emails as username
MarcelGeo Feb 26, 2025
65c7029
Merge pull request #387 from MerginMaps/fix-duplicate-sql
MarcelGeo Feb 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
projects/
mergin_db

logs
*.log
.DS_Store
*.stackdump
Expand Down
3 changes: 2 additions & 1 deletion development.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,8 @@ If you want to run the whole stack locally, you can use the docker. Docker will
docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d

# Give ownership of the ./projects folder to user that is running the gunicorn container
sudo chown 901:999 projects/
sudo chown 901:999 projects
sudo chown 101:999 logs

# init db and create user
docker exec -it merginmaps-server flask init-db
Expand Down
1 change: 1 addition & 0 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,5 +95,6 @@ services:
volumes:
- ./projects:/data # map data dir to host
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- ./logs:/var/log/nginx/
networks:
- merginmaps
5 changes: 5 additions & 0 deletions nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,11 @@ server {
# We are only proxying - not returning any files
#root /dev/null;

# Logs - uncomment to enable logs written to file
# make sure mounted directory has correct permissions and beware of disk space used by the logs
# access_log /var/log/nginx/access.log;
# error_log /var/log/nginx/error.log warn;

location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
Expand Down
11 changes: 7 additions & 4 deletions server/mergin/auth/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,22 +203,25 @@ def generate_username(cls, email: str) -> Optional[str]:
).ljust(4, "0")
# additional check for reserved words
username = f"{username}0" if is_reserved_word(username) else username
# some value until 25 + space for suffix
username = username[:22]
# check if we already do not have existing usernames
suffix = db.session.execute(
query = db.session.execute(
text(
"""
SELECT
replace(username, :username, '0')::int AS suffix
FROM "user"
WHERE
username = :username OR
username SIMILAR TO :username'\d+'
username SIMILAR TO :username_like
ORDER BY replace(username, :username, '0')::int DESC
LIMIT 1;
"""
),
{"username": username},
).scalar()
{"username": username, "username_like": f"{username}\d+"},
)
suffix = query.scalar()
return username if suffix is None else username + str(int(suffix) + 1)

@classmethod
Expand Down
5 changes: 5 additions & 0 deletions server/mergin/tests/test_auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@ def test_logout(client):
400,
), # tests with upper case, but email already exists
(" mergin@mergin.com ", "#pwd123", 400), # invalid password
("verylonglonglonglonglonglonglongemail@example.com", "#pwd1234", 201),
]


Expand Down Expand Up @@ -851,6 +852,10 @@ def test_username_generation(client):

user = add_user("support1", "user")
assert User.generate_username("support@example.com") == "support0"
assert (
User.generate_username("verylonglonglonglonglong@example.com")
== "verylonglonglonglonglo"
)


def test_server_usage(client):
Expand Down
8 changes: 7 additions & 1 deletion server/migrations/community/d02961c7416c_add_project_member_table.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,13 @@ def data_upgrade():
FROM project_access
)
INSERT INTO project_member (project_id, user_id, role)
SELECT project_id, user_id, role::project_role FROM members;
SELECT m.project_id, m.user_id, m.role::project_role
FROM members m
LEFT OUTER JOIN "user" u on u.id = m.user_id
LEFT OUTER JOIN project p ON p.id = m.project_id
WHERE
u.username !~ 'deleted_\d{13}$' AND
p.removed_at IS NULL;
"""
)
)
Expand Down
63 changes: 63 additions & 0 deletions ssl-proxy.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@

server {
listen 80;
server_name merginmaps.company.com; # FIXME

if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}

upstream app_server {
# route to the application proxy
server 127.0.0.1:8080 fail_timeout=0;
}

server {
listen 443 ssl;
server_name merginmaps.company.com; # FIXME
client_max_body_size 4G;

ssl_certificate_key /etc/letsencrypt/live/merginmaps.company.com/privkey.pem; # FIXME
ssl_certificate /etc/letsencrypt/live/merginmaps.company.com/fullchain.pem; # FIXME

# Don't show version information
server_tokens off;

# Enable gzip compression
gzip on;
gzip_min_length 10240;
gzip_comp_level 1;
gzip_vary on;
gzip_proxied any;
gzip_types
text/css
text/javascript
application/javascript
application/x-javascript;

# Prevent crawlers from indexing and following links for all content served from the mergin app
add_header X-Robots-Tag "none";

# Protect against clickjacking iframe
add_header Content-Security-Policy "frame-ancestors 'self';" always;

# Add a HSTS policy to prevent plain http from browser
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

# Set cookies security flags
proxy_cookie_flags ~ secure httponly samesite=strict;

location / {
root /var/www/html;

# The lines below were copied from application proxy
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
proxy_pass http://app_server;
}
}
Loading