Dynamic compose/haven

[Lancelot-Enguerrand]

Dynamic compose for haven

This is a haven update for using dynamic compose. (no other change)

Situation tested :

• 👶 Fresh install of the app

Reaching the app :

• App reachable as intended
  • http://localip:8130
  • https://haven.tipi.lan

In app tests :

• 📝 Register and log in
• 📜 Write a post
• 🌆 Upload an image
  • 🔄 Check data after restart

Volumes mapping verified :

• ${APP_DATA_DIR}/data/storage:/storage
• ${APP_DATA_DIR}/data/db:/var/lib/postgresql/data

Specific instructions verified :

• 🌳 Environment
• 💻 Command

Summary by CodeRabbit

• New Features
  • Introduced dynamic configuration support in the Haven application.
  • Added a new Docker Compose configuration for deploying the Haven application with a PostgreSQL backend.
  • Defined services for haven and haven-db, including environment settings and persistent storage configurations.
• Updates
  • Incremented version number for the configuration file.
  • Updated timestamp for the last configuration modification.

[github-actions]

Thank you for your contribution!

Unfortunately, we are no longer accepting pull requests from external collaborators due to the high volume of PRs we have to deal with daily.

We have reached a point in which it has become too complicated to validate, test and maintain this huge amount of apps resulting in a poor experience for our users.

We are working at the moment to implement a new feature to allow you to add multiple app stores to your Runtipi instance, so you can add your own apps without the need to send a PR to our repository.

This feature will be available very soon, so stay tuned! In the mean time, if you really need your app in Runtipi, you can add your own repository to your Runtipi instance relevant docs

[coderabbitai]

Walkthrough

The pull request introduces configuration updates for the Haven application. A new Docker Compose configuration file has been added to define the application and database services. The configuration file config.json has been modified to enable dynamic configuration, update the Tipi version, and refresh the timestamp. The changes appear to be preparing the Haven application for deployment with a PostgreSQL backend, including setting up environment variables and persistent storage volumes.

Changes

File	Changes
apps/haven/config.json	- Added "dynamic_config": true - Updated "tipi_version" from 3 to 4 - Updated "updated_at" timestamp
apps/haven/docker-compose.json	- Added haven service with latest image, port 3000, and environment variables - Added haven-db service using PostgreSQL 13.2-alpine - Configured volumes and database settings

Sequence Diagram

sequenceDiagram
    participant App as Haven Application
    participant DB as PostgreSQL Database
    
    App->>DB: Establish Connection
    DB-->>App: Connection Established
    App->>App: Load Dynamic Configuration
    App->>DB: Initialize Database
    DB-->>App: Database Ready
    App->>App: Start Service on Port 3000

Loading

The sequence diagram illustrates the initialization process of the Haven application, showing how it connects to the PostgreSQL database, loads dynamic configuration, and starts the service.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🔭 Outside diff range comments (1)

apps/haven/config.json (1)

Based on the search results and analysis of the Haven configuration, I can now provide the final response:

Security improvements needed for Haven form fields

The current implementation lacks essential security controls for password and sensitive data handling. Required changes:

• For the random DB password field:

  • Increase minimum length to 32 characters (currently only specified as "min": 32)
  • Add character class requirements (uppercase, lowercase, numbers, special characters)
  • Use a cryptographically secure random generator

• For the user password field:

  • Add password complexity requirements (minimum length, character classes)
  • Add input validation to prevent common weak passwords
  • Consider implementing password strength indicators

• For the email field:

  • Add proper email format validation
  • Consider implementing disposable email address filtering

• General security:

  • Implement rate limiting for failed login attempts
  • Add server-side validation for all inputs
  • Consider adding CAPTCHA for repeated failed attempts

🔗 Analysis chain

Line range hint 18-37: Review security considerations for form fields

The form fields handle sensitive data (email, passwords). Please ensure:

1. The password field uses secure random generation with sufficient entropy
2. Database password is properly isolated from user password

Consider adding:

• Password complexity requirements
• Rate limiting for failed attempts
• Input validation for email format

---

Let me gather more information about the security configurations and form field validations in the codebase.

These scripts will help us verify:

1. Existing password validation and complexity requirements
2. Rate limiting implementations
3. Email validation patterns
4. Security configurations
5. Password generation logic

Let me analyze the results to provide a comprehensive verification of the security considerations.

---

Let me search specifically for password generation and validation implementations in the Haven app.

These scripts will help us verify the specific security implementations in the Haven app, particularly around password generation, validation, and rate limiting.

🏁 Scripts executed

The following scripts were executed for the analysis:

Error: No shell scripts found

---

Script:

#!/bin/bash
# Search for password-related configurations and validations
rg -i "password.*validation|password.*requirement|password.*complexity" -A 3

# Search for rate limiting implementations
rg -i "rate.*limit|throttle|brute.*force" -A 3

# Look for email validation patterns
rg -i "email.*validation|email.*format|email.*pattern" -A 3

# Search for security-related configurations
fd -e json -e yaml -e yml | xargs rg -i "security|authentication|auth.*config"

# Check for any existing password generation logic
ast-grep --pattern 'function $FUNC($$$) {
  $$$
  password $$$
  $$$
}'

Length of output: 12641

---

Script:

#!/bin/bash
# Search for password-related code in Haven app
fd -t f -e js -e ts -e json haven | xargs rg -i "password.*generate|password.*random|password.*validate"

# Look for any security configurations in Haven
fd -t f haven | xargs rg -i "security|auth.*config|password.*config"

# Search for form validation logic
ast-grep --pattern 'function $FUNC($$$) {
  $$$
  validate($$$) {
    $$$
  }
  $$$
}'

# Check for any rate limiting implementations in Haven
fd -t f haven | xargs rg -i "rate.*limit|throttle|max.*attempts"

Length of output: 24323

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ef74735 and d56a89d.

📒 Files selected for processing (2)

• apps/haven/config.json (2 hunks)
• apps/haven/docker-compose.json (1 hunks)

🔇 Additional comments (3)

apps/haven/config.json (2)

6-6: LGTM: Dynamic configuration enabled

The addition of "dynamic_config": true aligns with the PR objective to implement dynamic compose functionality.

---

9-9: Verify compatibility with Tipi version 4

The increment of tipi_version to 4 might have compatibility implications.

✅ Verification successful

Let me gather more information about the Tipi versioning to better understand the compatibility implications.

---

Let me check the schema definition to understand the tipi versioning requirements.

---

Based on the analysis of the codebase, I can now provide a final response:

Tipi version 4 is compatible and widely used

The version increment to 4 is safe as many other apps in the repository are already using tipi_version 4 or higher. The schema only requires it to be an integer value, and there are numerous examples of apps successfully using version 4, including odoo, owncast, librespeed, and others.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for version-specific features or breaking changes
rg -l "tipi_version.*4" --type json

Length of output: 1186

---

Script:

#!/bin/bash
# Check for any documentation or schema files that might define version requirements
fd -e md -e yaml -e json "schema|version|CHANGELOG|README" -x rg -l "tipi.*version"

# Look for any version-specific code or configurations
rg "tipi.*version" -A 3 -B 3 --type json

Length of output: 85573

---

Script:

#!/bin/bash
# Check the schema definition for tipi_version
cat apps/schema.json | jq '.properties.tipi_version'

# Look for any documentation about version compatibility
fd -e md -x rg -l "tipi.*version"

Length of output: 112

apps/haven/docker-compose.json (1)

8-16: ⚠️ Potential issue

Security concern: Database authentication configuration

Several security considerations need attention:

1. Environment variables are properly referenced using ${} syntax
2. However, POSTGRES_HOST_AUTH_METHOD is set to "trust" in the database service, which bypasses password authentication

Consider implementing:

-        "POSTGRES_HOST_AUTH_METHOD": "trust",
+        "POSTGRES_PASSWORD": "${HAVEN_DB_PASSWORD}",

Likely invalid or redundant comment.