add datasette

bopjesvla · Feb 28, 2025 · 3bb19be · 3bb19be
1 parent 0e0a662
commit 3bb19be
Show file tree

Hide file tree

Showing 5 changed files with 77 additions and 17 deletions.
diff --git a/backend/user.py b/backend/user.py
@@ -149,11 +149,11 @@ def form():
 def get_user():
     print(current_user.roles)
     if current_user.is_anonymous:
-        return jsonify({"logged_in": False})
+        return jsonify({"logged_in": False, "_permissions": []})
     else:
         permissions = list(set(perm for role in current_user.roles for perm in role.permissions))
 
-        return jsonify({"logged_in": True, "username": current_user.username, "permissions": permissions})
+        return jsonify({"logged_in": True, "username": current_user.username, "_permissions": permissions})
 
 
 @app.route("/delete-user", methods=["GET"])

diff --git a/datasette/metadata.json b/datasette/metadata.json
@@ -1,23 +1,71 @@
 {
     "title": "Hitchmap Datasette",
-    "allow_sql": false,
     "allow": {
-        "permissions": ["write-points"]
+        "_permissions": ["write-points"]
+    },
+    "permissions": {
+        "permissions-debug": true
     },
     "plugins": {
         "datasette-auth-existing-cookies": {
-            "api_url": "http://localhost:5000/user",
-            "headers": ["host"],
-            "ttl": 10
+            "api_url": "http://localhost:8080/user",
+            "headers": ["host"]
+        },
+        "datasette-permissions-sql": [
+            {
+                "action": "view-table",
+                "sql": "select 1 where :resource_1 = 'prod-points' and :resource_2 in ('points', 'duplicates') and 'read-points' in (select value from json_each(:actor__permissions))"
+            },
+            {
+                "action": "view-database",
+                "sql": "select 1 where :resource_1 = 'prod-points' and 'read-points' in (select value from json_each(:actor__permissions))"
+            },
+            {
+                "action": "view-query",
+                "sql": "select 1 where :resource_1 = 'prod-points' and 'write-points' in (select value from json_each(:actor__permissions))"
+            },
+            {
+                "action": "insert-row",
+                "sql": "select 1 where :resource_1 = 'prod-points' and :resource_2 in ('points', 'duplicates') and 'write-points' in (select value from json_each(:actor__permissions))"
+            },
+            {
+                "action": "update-row",
+                "sql": "select 1 where :resource_1 = 'prod-points' and :resource_2 in ('points', 'duplicates') and 'write-points' in (select value from json_each(:actor__permissions))"
+            },
+            {
+                "action": "delete-row",
+                "sql": "select 1 where :resource_1 = 'prod-points' and :resource_2 in ('points', 'duplicates') and 'write-points' in (select value from json_each(:actor__permissions))"
+            },
+            {
+                "action": "view-database-download",
+                "sql": "select 0 limit 0"
+            }
+        ],
+        "datasette-events-db": {
+            "database": "prod-points"
         }
     },
     "databases": {
         "prod-points": {
+            "permissions": {
+                "view-database-download": false,
+            },
             "tables": {
-                "points": {
-                    "allow": {
-                        "permissions": ["write-points"]
-                    }
+                "user": {
+                    "allow": false,
+                    "hidden": true
+                },
+                "sqlite_sequence": {
+                    "allow": false,
+                    "hidden": true
+                },
+                "roles_users": {
+                    "allow": false,
+                    "hidden": true
+                },
+                "role": {
+                    "allow": false,
+                    "hidden": true
                 }
             }
         }

diff --git a/datasette/run.sh b/datasette/run.sh
@@ -0,0 +1 @@
+datasette db/prod-points.sqlite --metadata datasette/metadata.json  --setting base_url /datasette/ --setting default_allow_sql off --internal ../datasette.sqlite
diff --git a/hitchmap.conf b/hitchmap.conf
@@ -1,9 +1,19 @@
 server {
-        location / {
-                proxy_set_header        Host $host;
-                proxy_set_header X-Real-IP  $remote_addr;
-                proxy_pass http://localhost:8080/;
-        }
+    server_name hitchmap.com;
+    location /datasette/ {
+        auth_basic           "closed datasette";
+        auth_basic_user_file /etc/nginx/.htpasswd;
+        proxy_pass http://localhost:8001/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    rewrite ^/datasette(/.*)$ $1 break;
+    }
+    location / {
+            proxy_set_header        Host $host;
+            proxy_set_header X-Real-IP  $remote_addr;
+            proxy_pass http://localhost:8080/;
+    }
 
     listen [::]:443 ssl ipv6only=on; # managed by Certbot
     listen 443 ssl; # managed by Certbot

diff --git a/server.py b/server.py
@@ -128,6 +128,7 @@ def serve_static(path):
         return send_from_directory(static_dir, path)
 
 
+init_security()
+
 if __name__ == "__main__":
-    init_security()
     app.run(host="0.0.0.0", debug=True)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		datasette db/prod-points.sqlite --metadata datasette/metadata.json --setting base_url /datasette/ --setting default_allow_sql off --internal ../datasette.sqlite