Get desktop application:
View/edit binary Protocol Buffers messages
Used in:
/ Time-to-live in seconds for auth tokens. Default: 1h.
/ Time-to-live in seconds for refresh tokens. Default: 30 days.
/ Disables password-based sign-up. Does not affect already registered users.
/ Whether sign-in via OTP codes (e.g. sent via Email) should be allowed. / This may be less secure since ultimately you're delegating operational / security to a user's inbox.
/ Allow the creation of ephemeral user-accounts, e.g. for a frictionless / trial.
/ Minimal password length. Defaults to 8.
/ Password must contain lower and upper-case letters.
/ Password must contain digits in addition to alphabetic characters..
/ Password must contain special, non-alphanumeric, characters.
/ Map of configured OAuth providers.
/ List of custom URI schemes allowed as auth redirects. / / This is useful for mobile apps, desktop or SPAs where an app registers a / custom scheme for calls it wants to handle.
/ List of explicitly allowed redirect uris.
/ Policy covering user registration and change (username|email) flows around / what user identifier is expected and accepted. Default: ONLY_EMAIL.
Used in: ,
NOTE: These top-level fields currently have to be `required` due to the overly simple approach on how we do config merging (from env vars and vault).
/ Sqlite specific (as opposed to standard SQL) constrained-violation / resolution strategy upon insert.
Used in:
/ SQL default: Keep transaction open and abort the current statement.
/ Skip the statement and continue. Mostly matters in the context of batches / and transaction. Rather than aborting, subsequent operations will / continue.
/ Replaces the conflicting row in case of a collision (e.g. unique / constraint).
Used in:
/ Name will be used as <traildepot>/(data/<name>.db|migrations/<name>/).
Used in:
Which encryption method to use. STARTTLS by default.
Used in:
Used in:
/ System jobs overrides. / / NOTE: This is technically a map from id to config, however enums are not / allowed as map keys.
Used in:
Used in:
Settings for generic OpenID Connect provider. Name is implicitly provided via the `AuthConfig.oauth_provders` map key.
Used in:
Used in:
Database record insert.
Database record read/list, i.e. select.
Database record update.
Database record delete.
/ Lookup JSON schema for the given record api .
Used in:
/ API name, i.e. unique name used to access data via HTTP.
/ Referenced table to be exposed.
/ Attached databases - will `ATTACH <traildepot>/data/<name>.db AS <name>`. / Can only reference configured databases.
/ Strategy to be used on insert if a table constraint is violated.
/ Fill columns referencing _user(id) automatically from current user's / authentication context if present. Can be useful for static clients, such / as HTML forms, otherwise it's recommended to have the client provide user / ids explicitly and to keep this feature off.
/ Allow subscribing to data changes in realtime using SSE streaming. / / NOTE: If you're using a reverse proxy, this will likely require / configuration changes to allow for server-side streaming HTTP, e.g. / tell the proxy to keep listening and not cache.
/ Access control lists.
/ Columns excluded from this API. / / Excluded columns are completely inaccessible via this API. This is / different from columns with names prefixed by "_", which are considered / hidden. This means they can still be inserted, updated and access checked / unlike excluded columns.
/ Access rules to be evaluated on request. Expected to be valid SQL / expression, where `SELECT <expr>` returns a unary boolean. / / The evaluator injects _USER_, _ROW_ and _REQ_ tables that can be / used for validating access, e.g.: / / _USER_.id = _REQ_.owner / / ensures that the value provided for the `owner` column during an insert / matches the current authenticated user's id. One can also construct / arbitrary validations including sub-queries, e.g.: / / _USER_.id = _REQ_.owner AND EXISTS(SELECT FROM allowed WHERE / allowed.user = _USER_.id)
/ A list of foreign key columns that *can* be expanded on read/list, i.e. / the foreign record will be inlined into the response. By default nothing / is expanded. / / Only columns and foreign tables with names not starting with "_", i.e. are / allowed to be expanded.
/ Hard limit for listing records (default: 1024).
Used in:
/ S3 access key, a.k.a. username.
/ S3 secret access key, a.k.a. password.
Used in:
/ Application name presented to users, e.g. when sending emails. Default: / "TrailBase".
/ Your final, deployed URL. This url is used to build canonical urls / for emails, OAuth redirects, ... . Default: "http://localhost:4000".
/ Max age of logs that will be retained during period logs cleanup. Note / that this implies that some older logs may persist until the cleanup job / reruns. Default: 7 days.
/ If present will use S3 setup over local file-system based storage.
/ If enabled, batches of transactions can be submitted for atomic execution
/ Request size limit, default: 10MB.
/ Limits the request per IP per second to auth POST APIs for abuse / protection. If TrailBase is behind a proxy, make sure to set / "X-Forwarded-For". Default: disabled. / / Note that login endpoints have additional fixed rate limits / on a per credentials level.
Used in:
Used in:
/ Identifies the system job by its id.
/ Cron spec: shorthand or 7-components: (sec, min, hour, day of month, / / month, day of week, year).
/ Disable the system job.
Used in:
What user identifier to use for new user registrations as well as change-(email|username). NOTE: W/o email there's no way to contact users.
Used in:
/ Only email. Doesn't work for anonymous login.
/ Only username. No email allowed.
/ Requires email and allows an optional username.
/ Requires username and allows an optional email.
/ Requires both email and username.
QUESTION: Should we also support EMAIL OR USERNAME? The policy can always change leading to a mix but it may not be a great policy to start out width leading to inconsistency :shrug:.