fix: Postgres auth + worker startup

2026-06-16 19:38:32 +02:00
parent 1a5d998cc8
commit 3136d55742
6 changed files with 31 additions and 24 deletions
@@ -8,20 +8,20 @@ services:
      POSTGRES_USER: ${POSTGRES_USER:-postgres}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB:-postgres}
+      POSTGRES_HOST_AUTH_METHOD: trust
    volumes:
      - ./data/db:/var/lib/postgresql/data
-      - ./supabase/postgresql.conf:/etc/postgresql.conf:ro
+      - ./supabase/pg_hba.conf:/etc/postgresql/pg_hba.conf:ro
      - ./supabase/migrations/00-run-init.sh:/docker-entrypoint-initdb.d/00-run-init.sh:ro
      - ./supabase/migrations/01-init.sql:/docker-entrypoint-initdb.d/01-init.sql:ro
      - ./supabase/migrations/post-boot.sql:/docker-entrypoint-initdb.d/post-boot.sql:ro
    command: >
      postgres
-      -c config_file=/etc/postgresql.conf
+      -c hba_file=/etc/postgresql/pg_hba.conf
      -c wal_level=logical
      -c max_wal_senders=0
      -c max_replication_slots=0
      -c idle_in_transaction_session_timeout=1min
-      -c jsonb_output_as_text=true
    ports:
      - "55632:5432"
    healthcheck:
@@ -34,7 +34,7 @@ services:
    image: postgrest/postgrest:v12.2.0
    restart: unless-stopped
    environment:
-      PGRST_DB_URI: postgres://authenticator:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB:-postgres}
+      PGRST_DB_URI: postgres://authenticator@db:5432/${POSTGRES_DB:-postgres}
      PGRST_DB_SCHEMAS: public
      PGRST_DB_ANON_ROLE: authenticator
      PGRST_JWT_SECRET: ${JWT_SECRET:-your-super-secret-jwt-key-change-in-production}
@@ -7,7 +7,7 @@ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<'E
 DO $$
 BEGIN
    IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'authenticator') THEN
-        CREATE ROLE authenticator NOLOGIN;
+        CREATE ROLE authenticator LOGIN;
    END IF;
 END
 $$;
@@ -0,0 +1,6 @@
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+local   all             all                                     trust
+host    all             all             127.0.0.1/32            trust
+host    all             all             ::1/128                 trust
+host    all             all             0.0.0.0/0               trust
+host    all             all             ::/0                    trust
@@ -16,5 +16,5 @@ maintenance_work_mem = 64MB
 # Timeouts
 idle_in_transaction_session_timeout = 60000

-# JSONB output as text for PostgREST compatibility
-jsonb_output_as_text = true
+# Logging
+log_statement = 'ddl'
@@ -1,16 +1,17 @@
 import logging
 import uuid
+from typing import Any

 import asyncpg
 from telegram import InlineKeyboardButton, InlineKeyboardMarkup, Update
-from telegram.ext import CommandHandler, ExtBot, ContextTypes
+from telegram.ext import Application, CommandHandler, ContextTypes

 from db import get_pool

 logger = logging.getLogger(__name__)


-async def _require_user(update: Update) -> asyncpg.Row | None:  # type: ignore[name-defined]
+async def _require_user(update: Update) -> dict[str, Any] | None:
    """Look up user by telegram_id. Auto-register on first /start."""
    telegram_id = update.effective_user.id
    pool = await get_pool()
@@ -24,7 +25,7 @@ async def _require_user(update: Update) -> asyncpg.Row | None:  # type: ignore[n
    return row


-async def _require_admin(update: Update) -> asyncpg.Row | None:  # type: ignore[name-defined]
+async def _require_admin(update: Update) -> dict[str, Any] | None:
    """Require the sender to be a whitelisted admin."""
    telegram_id = update.effective_user.id
    pool = await get_pool()
@@ -38,7 +39,7 @@ async def _require_admin(update: Update) -> asyncpg.Row | None:  # type: ignore[
    return row


-async def _auto_register(update: Update) -> asyncpg.Row | None:  # type: ignore[name-defined]
+async def _auto_register(update: Update) -> dict[str, Any] | None:
    """Create user row on first contact if not present. Returns nothing if un-whitelisted."""
    telegram_id = update.effective_user.id
    username = update.effective_user.username or None
@@ -71,20 +72,20 @@ async def _auto_register(update: Update) -> asyncpg.Row | None:  # type: ignore[
        first_name,
    )
    logger.info("Auto-registered user %s (%s)", telegram_id, first_name)
-    return asyncpg.Record(("id", user_uuid), ("is_active", True))  # type: ignore[call-arg]
+    return {"id": user_uuid, "is_active": True}


-def register_handlers(bot: ExtBot) -> None:
-    bot.add_handler(CommandHandler("start", start_handler))
-    bot.add_handler(CommandHandler("add", add_handler))
-    bot.add_handler(CommandHandler("list", list_handler))
-    bot.add_handler(CommandHandler("pause", pause_handler))
-    bot.add_handler(CommandHandler("resume", resume_handler))
-    bot.add_handler(CommandHandler("delete", delete_handler))
-    bot.add_handler(CommandHandler("stats", stats_handler))
-    bot.add_handler(CommandHandler("adduser", adduser_handler))
-    bot.add_handler(CommandHandler("removeuser", removeuser_handler))
-    bot.add_handler(CommandHandler("users", users_handler))
+def register_handlers(app: Application) -> None:
+    app.add_handler(CommandHandler("start", start_handler))
+    app.add_handler(CommandHandler("add", add_handler))
+    app.add_handler(CommandHandler("list", list_handler))
+    app.add_handler(CommandHandler("pause", pause_handler))
+    app.add_handler(CommandHandler("resume", resume_handler))
+    app.add_handler(CommandHandler("delete", delete_handler))
+    app.add_handler(CommandHandler("stats", stats_handler))
+    app.add_handler(CommandHandler("adduser", adduser_handler))
+    app.add_handler(CommandHandler("removeuser", removeuser_handler))
+    app.add_handler(CommandHandler("users", users_handler))


 # -- /start ---------------------------------------------------------------
@@ -160,7 +160,7 @@ async def main() -> None:

    from bot import register_handlers  # noqa: E402

-    register_handlers(app.bot)
+    register_handlers(app)

    scheduler = asyncio.ensure_future(scheduler_task(pool, app.bot))