squid/blog
squid/blog
1
2
Fork 0
Code Issues 10 Pull Requests Actions Projects 1 Releases 7 Wiki Activity
80 Commits 5 Branches 7 Tags
Commit Graph

6 Commits

Author SHA1 Message Date
SquidSpirit
a9df43943e BLOG-90 Fix backend docker build error (#123)
All checks were successful
Frontend CI / build (push) Successful in 1m11s
Details 
### Description

- Using `alpine` for build environment.

<https://g.co/gemini/share/ad84493a13dd>

### Package Changes

_No response_

### Screenshots

_No response_

### Reference

Resolves #122.

### Checklist

- [x] A milestone is set
- [x] The related issuse has been linked to this branch

Reviewed-on: #123
Co-authored-by: SquidSpirit <squid@squidspirit.com>
Co-committed-by: SquidSpirit <squid@squidspirit.com>
 2025-08-06 21:44:06 +08:00
SquidSpirit
71bae3d8ca BLOG-90 Intergrate error tracking with Sentry (#120)
All checks were successful
Frontend CI / build (push) Successful in 1m29s
Details 
### Description

There are several environment variables should be set:

- Frontend
  - `PUBLIC_SENTRY_DSN`
  - `SENTRY_AUTH_TOKEN`
- Backend
  - `SENTRY_DSN`

If the dsn isn't set, errors won't be sent to Sentry.

### Package Changes

_No response_

### Screenshots

![image.png](/attachments/22e49f8d-ac01-4d09-8ff0-7ce87b787055)

### Reference

Resolves #90

### Checklist

- [x] A milestone is set
- [x] The related issuse has been linked to this branch

Reviewed-on: #120
Co-authored-by: SquidSpirit <squid@squidspirit.com>
Co-committed-by: SquidSpirit <squid@squidspirit.com>
 2025-08-06 20:20:47 +08:00
SquidSpirit
dd0567c937 BLOG-85 Implement OIDC authentication (#93)
All checks were successful
Frontend CI / build (push) Successful in 1m7s
Details 
### Description

- Login with configured OIDC issuer, and then save the logged in information in server session.
- Endpoints:
  - GET `/auth/login`
  - GET `/auth/callback`
  - GET `/auth/logout`

### Package Changes

```toml
actix-session = { version = "0.10.1", features = ["redis-session"] }
hex = "0.4.3"
openidconnect = { version = "4.0.1", features = [
    "reqwest",
    "reqwest-blocking",
] }
```

### Screenshots

<video src="attachments/8b15b576-61db-41b9-8587-b4b885018c93" title="Screencast From 2025-07-30 03-34-26.mp4" controls></video>

### Reference

Resolves #85

### Checklist

- [x] A milestone is set
- [x] The related issuse has been linked to this branch

Reviewed-on: #93
Co-authored-by: SquidSpirit <squid@squidspirit.com>
Co-committed-by: SquidSpirit <squid@squidspirit.com>
 2025-07-30 03:46:49 +08:00
SquidSpirit
ab3050db69 BLOG-78 Backend image upload and download (#84)
All checks were successful
Frontend CI / build (push) Successful in 1m4s
Details 
### Description

- Add some endpoints about image:
  - POST `/image/upload`
  - GET `/image/{id}`

> [!NOTE]
> Since there isn't identity authentication, the `/image` endpoints should be restricted to private network in nginx.

> [!NOTE]
> Volume for backend should be configured in `pod.yaml`.

### Package Changes

```toml
actix-multipart = "0.7.2"
```

### Screenshots

_No response_

### Reference

Resolves #78

### Checklist

- [x] A milestone is set
- [x] The related issuse has been linked to this branch

Reviewed-on: #84
Co-authored-by: SquidSpirit <squid@squidspirit.com>
Co-committed-by: SquidSpirit <squid@squidspirit.com>
 2025-07-27 13:10:46 +08:00
SquidSpirit
4a924c1b92 BLOG-65 Establish beta environment (#66)
All checks were successful
Frontend CI / build (push) Successful in 1m4s
Details 
### Description

- Change some environment variables implementation
- Nginx configuration:

  ```nginx
  server {
      server_name beta.squidspirit.com;

      proxy_pass_request_headers on;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      location / {
          proxy_pass http://127.0.0.1:10013/;
      }

      location /api/ {
          proxy_pass http://127.0.0.1:10014/;
      }

      listen 443 ssl; # managed by Certbot
      ssl_certificate /etc/letsencrypt/live/beta.squidspirit.com/fullchain.pem; # managed by Certbot
      ssl_certificate_key /etc/letsencrypt/live/beta.squidspirit.com/privkey.pem; # managed by Certbot
      include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
      ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
  }

  server {
      if ($host = beta.squidspirit.com) {
          return 301 https://$host$request_uri;
      } # managed by Certbot

      server_name beta.squidspirit.com;
      listen 80;
      return 404; # managed by Certbot
  }
  ```

- Podman kube configuration:

  ```yaml
    apiVersion: v1
  kind: Secret
  metadata:
    name: beta-blog-secret
  data:
    DATABASE_PASSWORD: {{BASE64_PASSWORD}}

  ---

  apiVersion: v1
  kind: Pod
  metadata:
    name: beta-blog
  spec:
    containers:
      - name: postgres
        image: docker.io/library/postgres:17-alpine
        imagePullPolicy: always
        env:
          - name: POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
                name: beta-blog-secret
                key: DATABASE_PASSWORD
        volumeMounts:
          - name: beta-blog-postgres
            mountPath: /var/lib/postgresql/data
      - name: backend
        image: registry.squidspirit.com/squid/beta-blog-backend:latest
        imagePullPolicy: always
        env:
          - name: DATABASE_PASSWORD
            valueFrom:
              secretKeyRef:
                name: beta-blog-secret
                key: DATABASE_PASSWORD
        volumeMounts:
          - name: beta-blog-localtime
            mountPath: /etc/localtime
            readonly: true
        ports:
          - hostPort: 10014
            hostIP: 127.0.0.1
            containerPort: 8080
      - name: frontend
        image: registry.squidspirit.com/squid/beta-blog-frontend:latest
        imagePullPolicy: always
        env:
          - name: PUBLIC_API_BASE_URL
            value: https://beta.squidspirit.com/api/
        volumeMounts:
          - name: beta-blog-localtime
            mountPath: /etc/localtime
            readonly: true
        ports:
          - hostPort: 10013
            hostIP: 127.0.0.1
            containerPort: 3000
    volumes:
      - name: beta-blog-localtime
        hostPath:
          path: /etc/localtime
      - name: beta-blog-postgres
        persistentVolumeClaim:
          claimName: beta-blog-postgres
  ```

### Package Changes

_No response_

### Screenshots

_No response_

### Reference

Resolves #65

### Checklist

- [x] A milestone is set
- [x] The related issuse has been linked to this branch

Reviewed-on: #66
Co-authored-by: SquidSpirit <squid@squidspirit.com>
Co-committed-by: SquidSpirit <squid@squidspirit.com>
 2025-07-24 02:23:44 +08:00
SquidSpirit
0726b11fe2 BLOG-59 Enhance deployment workflow and backend server configuration (#60)
All checks were successful
Frontend CI / build (push) Successful in 1m37s
Details 
### Description

- Updated deployment.yaml to specify separate build and push steps for frontend and backend.
- Added Dockerfile for backend service to define build process.
- Modified main.rs to bind the server to all network interfaces (0.0.0.0) instead of localhost.

### Package Changes

_No response_

### Screenshots

_No response_

### Reference

Resolves #59

### Checklist

- [x] A milestone is set
- [x] The related issuse has been linked to this branch

Reviewed-on: #60
Co-authored-by: SquidSpirit <squid@squidspirit.com>
Co-committed-by: SquidSpirit <squid@squidspirit.com>
 2025-07-23 00:59:18 +08:00