NOT READY YET
This package is meant as a turn key back office interface to a PostgREST instance with optional configuration, inspired by Rails' ActiveAdmin.
PostgREST is a web server that sits in front of a Postgres database providing a simple but powerful RESTful API.
It delegates a lot of the functionality to the database, performing authentication using roles and exposing only certain tables to the REST API using schemas.
A Postgrest database can have many different schemas (not to be confused with
the database schema).
A schema can be thought of a namespace that contains
tables, types and functions, a db connection can specifiy a
search path
which indicates which schemas, and with what precendence, to use to find the db
tables.
To understand better how does PostgREST restricts the API table exposure check
schema isolation,
switching schemas
and configuration.
PostgREST depends on JSON Web Tokens for authentication, which can be obtained from an external provider with a shared secret, or by defining a couple of PL/pgSQL procudeures it can provide a login RPC and generate it's own tokens.
Fine grained permissions can be given by granting different privileges to roles on a schema, table and row level.
To learn more about PostgREST role based auth check Role System.
PostgREST also generates an
OpenAPI description
of the api, which contains information about all of the endpoints (tables,
foreign tables, views, functions), it can be used to generate swagger.
PostgRestAdmin uses this description to infer the admin interface to the API
resources.
The most basic way use is just to define your main function as a PostgRestAdmin.Program, the admin interface is built from PostgREST Open API description.
module Main exposing (main)
import PostgRestAdmin
import PostgRestAdmin.Config as Config
main : PostgRestAdmin.Program Never Never
main =
PostgRestAdmin.application Config.init
Then flags can be passed on Elm.init
Elm.Main.init({
flags: {
host: "https://postgrest.example.com",
jwt: sessionStorage.getItem("jwt")
}
})
jwt
flag accepts a token to authenticate the requests.
Configuration params are passed to the PostgRestAdmin program in the example bellow.
-
host sets the PostgREST instance host,
-
formAuth enables form authentication, and takes a
-
FormAuth configuration
-
optionally FormAuth can be configured with
-
authUrl which specifies a url to POST credentials, wich can be a postgREST function or an external service if CORS is configured correctly.
port module Main exposing (main)
import PostgRestAdmin import PostgRestAdmin.Config as Config import PostgRestAdmin.Config.FormAuth as FormAuth
port loginSuccess : String -> Cmd msg
main : PostgRestAdmin.Program Never Never main = Config.init |> Config.host "https://postgrest.example.com" |> Config.formAuth (FormAuth.config |> FormAuth.authUrl "https://postgrest.example.com/rpc/login" ) |> Config.onLogin loginSuccess |> PostgRestAdmin.application
In addition to configuring the login POST url formAuth
and authUrl
,
the token is persisted to keep the user loggedin across page reloads, by using
flags and ports.
app = Elm.Main.init({
flags: {
jwt: sessionStorage.getItem("jwt")
}
})
app.ports.loginSuccess.subscribe(jwt => {
sessionStorage.setItem("jwt", jwt)
});
Most of the previous configuration options can be overriden using flags, thus the same build can be used in different environments. See Config.
You can override some listing, the detail for a resource, a form or add additional behaviour by mounting your own application in as many routes as you want.
See Config.routes.