jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
4f608bdc5f40b1cf4b57f031bd57be4e94cea434
cloudron-box/migrations/schema.sql

355 lines
14 KiB
MySQL
Raw Normal View History

app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
#### WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
#### This file is not used by any code and is here to document the latest schema
#### General ideas
db: change the encoding and collation by mistake many fields are encoded at utf8 which is an alias of utf8mb3 fixes #836
2025-06-18 20:55:14 +02:00
#### Default char set is utf8mb4 and DEFAULT COLLATE is utf8mb4_bin. Collate affects comparisons in WHERE and ORDER
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
#### Strict mode is enabled
#### VARCHAR - stored as part of table row (use for strings)
#### TEXT - stored offline from table row (use for strings)
move profile icons into the database
2021-04-29 12:49:48 -07:00
#### BLOB (64KB), MEDIUMBLOB (16MB), LONGBLOB (4GB) - stored offline from table row (use for binary data)
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
#### https://dev.mysql.com/doc/refman/5.0/en/storage-requirements.html
Make tests work the namecheap test never seems to work
2019-03-23 09:46:04 -07:00
#### Times are stored in the database in UTC. And precision is seconds
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
display last updated in app info
2017-11-19 12:36:05 -08:00
# The code uses zero dates. Make sure sql_mode does NOT have NO_ZERO_DATE
# http://johnemb.blogspot.com/2014/09/adding-or-removing-individual-sql-modes.html
# SET GLOBAL sql_mode=(SELECT REPLACE(@@sql_mode,'NO_ZERO_DATE',''));
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
CREATE TABLE IF NOT EXISTS users(
id VARCHAR(128) NOT NULL UNIQUE,
Allow multiple empty usernames in the db
2016-04-05 10:54:09 +02:00
username VARCHAR(254) UNIQUE,
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
email VARCHAR(254) NOT NULL UNIQUE,
password VARCHAR(1024) NOT NULL,
salt VARCHAR(512) NOT NULL,
users: rename createdAt to creationTime
2021-05-17 07:18:21 -07:00
creationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
users: replace modifiedAt with ts
2020-07-09 15:43:22 -07:00
ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
Add 2fa db record fields to users table
2018-04-25 16:33:18 +02:00
displayName VARCHAR(512) DEFAULT "",
fallbackEmail VARCHAR(512) DEFAULT "",
twoFactorAuthenticationSecret VARCHAR(128) DEFAULT "",
twoFactorAuthenticationEnabled BOOLEAN DEFAULT false,
Add user source property to schema
2019-08-29 17:52:00 +02:00
source VARCHAR(128) DEFAULT "",
migrate permissions and admin flag to user.role
2020-02-21 12:17:06 -08:00
role VARCHAR(32),
Separate invite and password reset token
2021-10-01 12:27:22 +02:00
inviteToken VARCHAR(128) DEFAULT "",
add missing fields in users table
2020-03-30 16:32:28 -07:00
resetToken VARCHAR(128) DEFAULT "",
make reset tokens only valid for a day fixes #563 mysql timestamps cannot be null. it will become current timestamp when set as null
2020-03-30 16:47:18 -07:00
resetTokenCreationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
add missing fields in users table
2020-03-30 16:32:28 -07:00
active BOOLEAN DEFAULT 1,
users: add unset route for avatar also add missing tests for avatar and profile locking
2025-07-15 10:06:26 +02:00
avatar MEDIUMBLOB,
Add profile backgroundImage api
2022-05-14 19:41:32 +02:00
backgroundImage MEDIUMBLOB,
make loginLocationsJson mediumtext it seems we overflow atleast in the demo cloudron TEXT – 64KB (65,535 characters) MEDIUMTEXT – 16MB (16,777,215 characters)
2021-08-20 10:30:14 -07:00
loginLocationsJson MEDIUMTEXT, // { locations: [{ ip, userAgent, city, country, ts }] }
notifications: per user email prefs
2024-12-11 18:24:20 +01:00
notificationConfigJson TEXT,
Add fallbackEmail to user data model
2018-01-21 14:25:39 +01:00
users: rename createdAt to creationTime
2021-05-17 07:18:21 -07:00
INDEX creationTime_index (creationTime),
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
PRIMARY KEY(id));
Rename groups table to userGroups
2018-12-01 00:38:00 +01:00
CREATE TABLE IF NOT EXISTS userGroups(
add groups table
2016-02-07 19:24:07 -08:00
id VARCHAR(128) NOT NULL UNIQUE,
Fix typo in schema
2016-09-27 21:11:41 +02:00
name VARCHAR(254) NOT NULL UNIQUE,
Add source property to userGroups
2020-06-04 13:25:55 +02:00
source VARCHAR(128) DEFAULT "",
add groups table
2016-02-07 19:24:07 -08:00
PRIMARY KEY(id));
add group membership table
2016-02-08 08:55:37 -08:00
CREATE TABLE IF NOT EXISTS groupMembers(
groupId VARCHAR(128) NOT NULL,
userId VARCHAR(128) NOT NULL,
Rename groups table to userGroups
2018-12-01 00:38:00 +01:00
FOREIGN KEY(groupId) REFERENCES userGroups(id),
groupMembers: add unique constraint fixes #696
2020-12-22 10:34:19 -08:00
FOREIGN KEY(userId) REFERENCES users(id),
UNIQUE (groupId, userId));
add group membership table
2016-02-08 08:55:37 -08:00
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
CREATE TABLE IF NOT EXISTS tokens(
Make token API id based we don't return the accessToken anymore
2019-02-15 13:57:18 -08:00
id VARCHAR(128) NOT NULL UNIQUE,
Give optional name for tokens
2018-08-27 14:50:41 -07:00
name VARCHAR(64) DEFAULT "", // description
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
accessToken VARCHAR(128) NOT NULL UNIQUE,
Make token API id based we don't return the accessToken anymore
2019-02-15 13:57:18 -08:00
identifier VARCHAR(128) NOT NULL, // resourceId: app id or user id
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
clientId VARCHAR(128),
Add token scopes
2022-09-22 21:58:56 +02:00
scopeJson TEXT,
add note to change expires to TIMESTAMP type
2016-06-03 10:07:30 -07:00
expires BIGINT NOT NULL, // FIXME: make this a timestamp
tokens: add lastUsedTime
2021-03-15 12:47:57 -07:00
lastUsedTime TIMESTAMP NULL,
tokens: add ip restriction
2025-03-07 11:53:03 +01:00
allowedIpRanges TEXT NULL,
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
PRIMARY KEY(accessToken));
CREATE TABLE IF NOT EXISTS apps(
id VARCHAR(128) NOT NULL UNIQUE,
add note on appStoreId
2019-11-16 10:31:32 -08:00
appStoreId VARCHAR(128) NOT NULL, // empty for custom apps
Make start/stop just a installation code the runState now just tracks if an app is stopped.
2019-09-22 00:20:12 -07:00
installationState VARCHAR(512) NOT NULL, // the active task on the app
Make runState non-nullable
2019-09-22 22:07:14 -07:00
runState VARCHAR(512) NOT NULL, // if the app is stopped
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
health VARCHAR(128),
Add healthTime in the database this is currently an internal field and not returned in API
2019-02-12 16:03:12 -08:00
healthTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, // when the app last responded
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
containerId VARCHAR(128),
Change manifestJson column from VARCHAR to TEXT
2015-11-13 10:15:27 +01:00
manifestJson TEXT,
add note on accessRestriction
2016-05-27 11:10:36 -07:00
accessRestrictionJson TEXT, // { users: [ ], groups: [ ] }
Ensure we always set the correct default value for TIMESTAMP types So far it we rely on 0 default values in some case like the eventlog This will not work in mysql strict mode with https://dev.mysql.com/doc/refman/5.7/en/sql-mode.html#sqlmode_no_zero_date
2018-12-03 13:39:52 +01:00
creationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, // when the app was installed
apps: updateTime should be null if never updated "TIMESTAMP NULL" is an attribute modifier to make the column nullable. Without it, if you assign null, the timestamp becomes the current time!
2024-06-25 16:56:30 +02:00
updateTime TIMESTAMP NULL DEFAULT NULL, // when the last app update was done . Without the first NULL, it comes current time when assigned null!
Add a timestamp column to apps table this field can be used in UI to see if more detailed app information has to be fetched (since it calls the list apps REST API periodically)
2018-06-26 18:09:04 -07:00
ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, // when this db record was updated (useful for UI caching)
memoryLimit has to be BIGINT
2016-02-05 15:03:45 +01:00
memoryLimit BIGINT DEFAULT 0,
Rework cpuShares into cpuQuota cpuShares is the relative weight wrt other apps. This is used when there is contention for CPU. If we want this, maybe we implement a UI where we show all the apps and let the user re-order them. As it stands, it is confusing. cpuQuota is a more straightforward "hard limit" of the CPU% that you want the app to consume. Can be tested with : stress -c 8 -t 20s
2024-04-10 17:38:49 +02:00
cpuQuota INTEGER DEFAULT 100,
Add apps.xFrameOptions column
2016-07-14 15:04:52 +02:00
xFrameOptions VARCHAR(512),
Add sso db field SSO field tracks whether the user wants to enable SSO integration or not.
2016-11-11 10:48:33 +05:30
sso BOOLEAN DEFAULT 1, // whether user chose to enable SSO
Allow apps to specify custom devices
2024-12-05 13:47:59 +01:00
devicesJson TEXT,
Merge readonlyRootfs and development mode into debug mode The core issue we want to solve is to debug a running app. Let's make it explicit that it is in debugging mode because functions like update/backup/restore don't work. Part of #171
2017-01-20 05:48:25 -08:00
debugModeJson TEXT, // options for development mode
Implement HSTS preload This allows browsers to query https directly instead of the initial http redirect https://hstspreload.org/#opt-in says it should be explicitly opt in
2023-03-06 11:15:55 +01:00
reverseProxyConfigJson TEXT, // { robotsTxt, csp, hstsPreload }
add note on enableBackup
2017-11-21 18:09:44 -08:00
enableBackup BOOLEAN DEFAULT 1, // misnomer: controls automatic daily backups
Add option to toggle app automatic updates
2018-12-07 09:03:28 -08:00
enableAutomaticUpdate BOOLEAN DEFAULT 1,
Add optional mailbox support
2021-03-16 22:38:59 -07:00
enableMailbox BOOLEAN DEFAULT 1, // whether sendmail addon is enabled
make mailbox domain nullable for apps that do not use sendmail/recvmail addon, these are now null. otherwise, there is no way to edit the mailbox in the UI part of #669
2020-03-30 22:18:39 -07:00
mailboxName VARCHAR(128), // mailbox of this app
add mailbox display name to schema
2022-06-01 22:06:34 -07:00
mailboxDomain VARCHAR(128), // mailbox domain of this app
mailboxDisplayName VARCHAR(128), // mailbox display name
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
enableInbox BOOLEAN DEFAULT 0, // whether recvmail addon is enabled
inboxName VARCHAR(128), // mailbox of this app
add mailbox display name to schema
2022-06-01 22:06:34 -07:00
inboxDomain VARCHAR(128), // mailbox domain of this app
update schema
2019-03-22 14:09:31 -07:00
label VARCHAR(128), // display name
Add per-app notes feature
2024-04-10 17:02:32 +02:00
notes TEXT, // free form notes for admins
update schema
2019-03-22 14:09:31 -07:00
tagsJson VARCHAR(2048), // array of tags
migrate app dataDir to volumes
2022-06-01 22:44:52 -07:00
storageVolumeId VARCHAR(128),
storageVolumePrefix VARCHAR(128),
add taskId to tasks table
2019-08-26 14:12:36 -07:00
taskId INTEGER, // current task
errorMessage -> errorJson
2019-08-30 09:45:43 -07:00
errorJson TEXT,
aschema: dd servicesConfigJson
2020-06-26 15:48:39 -07:00
servicesConfigJson TEXT, // app services configuration
statically allocate app container IPs We removed httpPort with the assumption that docker allocated IPs and kept them as long as the container is around. This turned out to be not true because the IP changes on even container restart. So we now allocate IPs statically. The iprange makes sure we don't overlap with addons and other CI app or JupyterHub apps. https://github.com/moby/moby/issues/6743 https://github.com/moby/moby/pull/19001
2020-11-20 14:13:16 -08:00
containerIp VARCHAR(16) UNIQUE, // this is not-null because of ip allocation fails, user can 'repair'
apps: add icon and appStoreIcon to database
2021-04-30 13:18:15 -07:00
appStoreIcon MEDIUMBLOB,
icon MEDIUMBLOB,
schema: add cron to apps table
2021-12-03 11:40:55 -08:00
crontab TEXT,
Add apps.upstreamUri support
2022-06-08 11:21:09 +02:00
upstreamUri VARCHAR(256) DEFAULT "",
Add initial support for apps.checklist
2024-04-17 16:54:54 +02:00
checklistJson TEXT, // checklist for admins
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
add mailboxDomain field to apps table
2019-11-14 21:43:14 -08:00
FOREIGN KEY(mailboxDomain) REFERENCES domains(domain),
add inboxDomain fk constraint
2024-02-27 13:45:08 +01:00
FOREIGN KEY(inboxDomain) REFERENCES domains(domain),
add taskId to tasks table
2019-08-26 14:12:36 -07:00
FOREIGN KEY(taskId) REFERENCES tasks(id),
migrate app dataDir to volumes
2022-06-01 22:44:52 -07:00
FOREIGN KEY(storageVolumeId) REFERENCES volumes(id),
UNIQUE (storageVolumeId, storageVolumePrefix),
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
PRIMARY KEY(id));
CREATE TABLE IF NOT EXISTS appPortBindings(
hostPort INTEGER NOT NULL UNIQUE,
Add type field to port bindings table Part of #504
2018-08-12 22:08:19 -07:00
type VARCHAR(8) NOT NULL DEFAULT "tcp",
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
environmentVariable VARCHAR(128) NOT NULL,
appId VARCHAR(128) NOT NULL,
apps: rework portBindings ports is REST API input . Map of env var to the host port portBinding is the database structure. Map of env var to host port, count, type etc also, rename portCount -> count in various places to keep things consistent
2024-07-16 22:21:36 +02:00
count INTEGER NOT NULL DEFAULT 1,
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
FOREIGN KEY(appId) REFERENCES apps(id),
PRIMARY KEY(hostPort));
CREATE TABLE IF NOT EXISTS settings(
name VARCHAR(128) NOT NULL UNIQUE,
Make settings.value field TEXT We already store JSON blobs there and the gce dns backend will require a larger blob for a certificate. Since we use innodb the storage format in TEXT will only be different if the data is large
2017-09-11 15:35:55 +02:00
value TEXT,
branding: move logo into database initially, i tried to put this in the current value field but that is TEXT and has a size limit of 64K. TEXT also stores things with character encoding, so we have to stash it as base64
2021-04-29 15:46:11 -07:00
valueBlob MEDIUMBLOB,
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
PRIMARY KEY(name));
CREATE TABLE IF NOT EXISTS appAddonConfigs(
appId VARCHAR(128) NOT NULL,
addonId VARCHAR(32) NOT NULL,
Add name to appAddonConfigs Part of #109
2017-03-25 13:35:28 -07:00
name VARCHAR(128) NOT NULL,
appAddonConfigs: change value to TEXT since the value is used directly as an environment variable, we have to allow up to max env var size (32767). Use TEXT which has a size of 64k
2021-08-09 13:40:23 -07:00
value TEXT NOT NULL,
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
FOREIGN KEY(appId) REFERENCES apps(id));
Custom env vars for apps Add a table and the install/configure routes. Initially, I thought we can just keep the env vars in docker container but that doesn't work since we create the container only later in apptask. And if the container gets deleted we lose this information.
2018-10-11 14:07:43 -07:00
CREATE TABLE IF NOT EXISTS appEnvVars(
appId VARCHAR(128) NOT NULL,
name TEXT NOT NULL,
value TEXT NOT NULL,
FOREIGN KEY(appId) REFERENCES apps(id));
Add backups table
2016-03-07 09:26:26 -08:00
CREATE TABLE IF NOT EXISTS backups(
update schema file
2017-05-26 22:23:24 -07:00
id VARCHAR(128) NOT NULL,
backups: add remotePath the main motivation is that id can be used in REST API routes. previously, the id was a path and this had a "/" in it. This made /api/v1/backups/:backupId not work.
2022-04-04 14:13:27 -07:00
remotePath VARCHAR(256) NOT NULL UNIQUE,
backups: set label of backup and control it's retention
2022-04-02 17:09:08 -07:00
label VARCHAR(128) DEFAULT "",
Ensure we always set the correct default value for TIMESTAMP types So far it we rely on 0 default values in some case like the eventlog This will not work in mysql strict mode with https://dev.mysql.com/doc/refman/5.7/en/sql-mode.html#sqlmode_no_zero_date
2018-12-03 13:39:52 +01:00
creationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
Add encryptionVersion to backups this will identify the old style backups and warn user that a restore doesn't work anymore
2020-05-13 22:09:33 -07:00
packageVersion VARCHAR(128) NOT NULL, /* app version or box version */
encryptionVersion INTEGER, /* when null, unencrypted backup */
Add backups table
2016-03-07 09:26:26 -08:00
type VARCHAR(16) NOT NULL, /* 'box' or 'app' */
add identifier to backups table
2020-06-14 11:29:07 -07:00
identifier VARCHAR(128) NOT NULL, /* 'box' or the app id */
backups: add remotePath the main motivation is that id can be used in REST API routes. previously, the id was a path and this had a "/" in it. This made /api/v1/backups/:backupId not work.
2022-04-04 14:13:27 -07:00
dependsOnJson TEXT, /* comma separate list of objects this backup depends on */
Add backups table
2016-03-07 09:26:26 -08:00
state VARCHAR(16) NOT NULL,
Rename restoreConfig to manifest in backup table Only the manifest needs to be preserved in the backup table
2017-11-16 11:22:09 -08:00
manifestJson TEXT, /* to validate if the app can be installed in this version of box */
Stop the app only after the backup completed App backup can take a long time or possibly not work at all. For such cases, do not stop the app or leave it in some errored state. newConfigJson is the new config to be updated to. This ensures that the db has correct app info during the update.
2017-10-12 17:46:15 -07:00
format VARCHAR(16) DEFAULT "tgz",
Add preserveSecs to backup entries We want to keep updates automatic and don't want to keep reminding users that apps are getting updated etc (i.e beyong the weekly digest). The reason to remind them is so they can check if the app updated correctly. in some very corner cases, the app is not really checked upon for a while and people forget about them until they check them later. in such cases, it's too late to recover because the backpus gets cleaned up. this preserve seconds fields, let's us mark 'update' backups for preservation for 3 weeks.
2019-04-13 17:09:15 -07:00
preserveSecs INTEGER DEFAULT 0,
backup: move appConfig to backups table this is useful for clone also to copy notes, operators, checklist of the time when the backup was made (as opposed to current) at this point, it's not clear why we need a archives table. it's an optimization to not have to store icon for every backup.
2024-12-10 20:52:29 +01:00
appConfigJson TEXT, /* useful for clone and archive */
Add backups table
2016-03-07 09:26:26 -08:00
add indexes for ORDER BY fields used in code we hit ER_OUT_OF_SORTMEMORY with large tables
2021-05-17 07:06:11 -07:00
INDEX creationTime_index (creationTime),
update schema file
2017-05-26 22:23:24 -07:00
PRIMARY KEY (id));
add eventlog table
2016-04-29 23:28:54 -07:00
archives: use separate table Cleaner to separate things from the backups table. * icon, appConfig, appStoreIcon etc are only valid for archives * older version cloudron does not have appConfig in backups table (so it cannot be an archive entry)
2024-12-10 10:06:52 +01:00
CREATE TABLE IF NOT EXISTS archives(
id VARCHAR(128) NOT NULL UNIQUE,
backupId VARCHAR(128) NOT NULL,
creationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
appStoreIcon MEDIUMBLOB,
icon MEDIUMBLOB,
FOREIGN KEY(backupId) REFERENCES backups(id),
PRIMARY KEY (id));
add eventlog table
2016-04-29 23:28:54 -07:00
CREATE TABLE IF NOT EXISTS eventlog(
id VARCHAR(128) NOT NULL,
action VARCHAR(128) NOT NULL,
eventlog: add Json suffix to json fields
2021-11-17 12:21:46 -08:00
sourceJson TEXT, /* { userId, username, ip }. userId can be null for cron,sysadmin */
dataJson TEXT, /* free flowing json based on action */
Ensure we always set the correct default value for TIMESTAMP types So far it we rely on 0 default values in some case like the eventlog This will not work in mysql strict mode with https://dev.mysql.com/doc/refman/5.7/en/sql-mode.html#sqlmode_no_zero_date
2018-12-03 13:39:52 +01:00
creationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
add eventlog table
2016-04-29 23:28:54 -07:00
add indexes for ORDER BY fields used in code we hit ER_OUT_OF_SORTMEMORY with large tables
2021-05-17 07:06:11 -07:00
INDEX creationTime_index (creationTime),
add eventlog table
2016-04-29 23:28:54 -07:00
PRIMARY KEY (id));
add mailboxes table
2016-05-26 18:02:22 -07:00
Add domains table
2017-10-27 23:39:53 +02:00
CREATE TABLE IF NOT EXISTS domains(
Add db migration scripts This adds domains table and adjusts the apps and mailboxes table accordingly Also ensure we explicitly set the table collation, this is required for the foreign key from apps table (utf8) and the newly created domains table, which by default now would be utf8mb4 Put db table constraint for mailboxes.domain Update the schema file
2017-10-30 00:16:33 +01:00
domain VARCHAR(128) NOT NULL UNIQUE, /* if this needs to be larger, InnoDB has a limit of 767 bytes for PRIMARY KEY values! */
Add domains table
2017-10-27 23:39:53 +02:00
zoneName VARCHAR(128) NOT NULL, /* this mostly contains the domain itself again */
Add domains.provider
2018-01-09 14:46:38 -08:00
provider VARCHAR(16) NOT NULL,
Add domains table
2017-10-27 23:39:53 +02:00
configJson TEXT, /* JSON containing the dns backend provider config */
Add migration script for tlsConfig in domains
2018-01-31 16:51:53 +01:00
tlsConfigJson TEXT, /* JSON containing the tls provider config */
move wellKnownJson to domains after some more thought: * If app moves to another location, user has to remember to move all this config * It's not really associated with an app. It's to do with the domain info * We can put some hints in the UI if app is missing. part of #703
2020-12-23 15:34:23 -08:00
wellKnownJson TEXT, /* JSON containing well known docs for this domain */
Add domains table
2017-10-27 23:39:53 +02:00
store custom app certificates in subdomains table the REST route and model code is still ununsed as before since there is no way to set the certs from the UI.
2021-05-05 10:34:22 -07:00
fallbackCertificateJson MEDIUMTEXT,
store fallback certs in the database
2021-05-04 21:40:11 -07:00
db: change the encoding and collation by mistake many fields are encoded at utf8 which is an alias of utf8mb3 fixes #836
2025-06-18 20:55:14 +02:00
PRIMARY KEY (domain));
Add maildb also, migrate values from settings table to maildb
2018-01-20 22:17:53 -08:00
Rename maildb table to mail
2018-01-23 15:45:30 +01:00
CREATE TABLE IF NOT EXISTS mail(
Add maildb also, migrate values from settings table to maildb
2018-01-20 22:17:53 -08:00
domain VARCHAR(128) NOT NULL UNIQUE,
enabled BOOLEAN DEFAULT 0, /* MDA enabled */
mailFromValidation BOOLEAN DEFAULT 1,
catchAllJson TEXT,
relayJson TEXT,
mail: add API to get/set banner part of #341
2020-08-23 14:33:58 -07:00
bannerJson TEXT,
Add maildb also, migrate values from settings table to maildb
2018-01-20 22:17:53 -08:00
mail: move dkim keys into the database
2021-10-11 19:51:29 -07:00
dkimKeyJson MEDIUMTEXT,
vary dkim selector per mail domain this is required for the case where the domain is added on multiple cloudrons. initially, the plan was to just vary this as a derivation of the dashboard domain. but this will break existing installation (wildcard and manual domain setups cannot be re-programmed automatically).
2019-06-10 12:23:29 -07:00
dkimSelector VARCHAR(128) NOT NULL DEFAULT "cloudron",
Add maildb also, migrate values from settings table to maildb
2018-01-20 22:17:53 -08:00
FOREIGN KEY(domain) REFERENCES domains(domain),
db: change the encoding and collation by mistake many fields are encoded at utf8 which is an alias of utf8mb3 fixes #836
2025-06-18 20:55:14 +02:00
PRIMARY KEY(domain));
Add maildb also, migrate values from settings table to maildb
2018-01-20 22:17:53 -08:00
schema: update comment
2024-12-03 16:33:59 +01:00
/* NOTE: this table contains only real mailboxes. And has unique constraint to handle
rework how app mailboxes are allocated Our current setup had a mailbox allocated for an app during app install (into the mailboxes table). This has many issues: * When set to a custom mailbox location, there was no way to access this mailbox even via IMAP. Even when using app credentials, we cannot use IMAP since the ldap logic was testing on the addon type (most of our apps only use sendmail addon and thus cannot recvmail). * The mailboxes table was being used to add hidden 'app' type entries. This made it very hard for the user to understand why a mailbox conflicts. For example, if you set an app to use custom mailbox 'blog', this is hidden from all views. The solution is to let an app send email as whatever mailbox name is allocated to it (which we now track in the apps table. the default is in the db already so that REST response contains it). When not using Cloudron email, it will just send mail as that mailbox and the auth checks the "app password" in the addons table. Any replies to that mailbox will end up in the domain's mail server (not our problem). When using cloudron email, the app can send mail like above. Any responses will not end anywhere and bounce since there is no 'mailbox'. This is the expected behavior. If user wants to access this mailbox name, he can create a concrete mailbox and set himself as owner OR set this as an alias. For apps using the recvmail addon, the workflow is to actually create a mailbox at some point. Currently, we have no UI for this 'flow'. It's fine because we have only meemo using it. Intuitive much!
2018-12-06 21:08:19 -08:00
conflict with aliases and mailbox names
The mailboxes domain column must reference the mail domain column
2018-02-10 21:29:10 -08:00
*/
CREATE TABLE IF NOT EXISTS mailboxes(
name VARCHAR(128) NOT NULL,
mail: add type field
2018-04-07 19:12:07 -07:00
type VARCHAR(16) NOT NULL, /* 'mailbox', 'alias', 'list' */
rework how app mailboxes are allocated Our current setup had a mailbox allocated for an app during app install (into the mailboxes table). This has many issues: * When set to a custom mailbox location, there was no way to access this mailbox even via IMAP. Even when using app credentials, we cannot use IMAP since the ldap logic was testing on the addon type (most of our apps only use sendmail addon and thus cannot recvmail). * The mailboxes table was being used to add hidden 'app' type entries. This made it very hard for the user to understand why a mailbox conflicts. For example, if you set an app to use custom mailbox 'blog', this is hidden from all views. The solution is to let an app send email as whatever mailbox name is allocated to it (which we now track in the apps table. the default is in the db already so that REST response contains it). When not using Cloudron email, it will just send mail as that mailbox and the auth checks the "app password" in the addons table. Any replies to that mailbox will end up in the domain's mail server (not our problem). When using cloudron email, the app can send mail like above. Any responses will not end anywhere and bounce since there is no 'mailbox'. This is the expected behavior. If user wants to access this mailbox name, he can create a concrete mailbox and set himself as owner OR set this as an alias. For apps using the recvmail addon, the workflow is to actually create a mailbox at some point. Currently, we have no UI for this 'flow'. It's fine because we have only meemo using it. Intuitive much!
2018-12-06 21:08:19 -08:00
ownerId VARCHAR(128) NOT NULL, /* user id */
mail: owner can be a group
2020-11-12 23:25:33 -08:00
ownerType VARCHAR(16) NOT NULL,
mail: implement aliases across domains part of #577
2020-04-19 18:44:16 -07:00
aliasName VARCHAR(128), /* the target name type is an alias */
aliasDomain VARCHAR(128), /* the target domain */
Make mailing list members fully qualified Part of #637
2019-09-11 12:44:15 -07:00
membersJson TEXT, /* members of a group. fully qualified */
add membersOnly flag to a mailing list
2020-04-17 16:55:23 -07:00
membersOnly BOOLEAN DEFAULT false,
Ensure we always set the correct default value for TIMESTAMP types So far it we rely on 0 default values in some case like the eventlog This will not work in mysql strict mode with https://dev.mysql.com/doc/refman/5.7/en/sql-mode.html#sqlmode_no_zero_date
2018-12-03 13:39:52 +01:00
creationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
The mailboxes domain column must reference the mail domain column
2018-02-10 21:29:10 -08:00
domain VARCHAR(128),
mail: add active flag to mailboxes and lists
2021-04-14 22:37:01 -07:00
active BOOLEAN DEFAULT 1,
mail: add flag to enable/disable pop3 access per mailbox
2021-10-08 10:15:48 -07:00
enablePop3 BOOLEAN DEFAULT 0,
mail: quota support
2022-08-17 23:18:38 +02:00
storageQuota BIGINT DEFAULT 0,
messagesQuota BIGINT DEFAULT 0,
The mailboxes domain column must reference the mail domain column
2018-02-10 21:29:10 -08:00
FOREIGN KEY(domain) REFERENCES mail(domain),
mail: implement aliases across domains part of #577
2020-04-19 18:44:16 -07:00
FOREIGN KEY(aliasDomain) REFERENCES mail(domain),
The mailboxes domain column must reference the mail domain column
2018-02-10 21:29:10 -08:00
UNIQUE (name, domain));
Add maildb also, migrate values from settings table to maildb
2018-01-20 22:17:53 -08:00
rename subdomains table to locations
2022-02-07 13:53:24 -08:00
CREATE TABLE IF NOT EXISTS locations(
add subdomains table with migration scripts
2018-06-28 19:39:15 +02:00
appId VARCHAR(128) NOT NULL,
domain VARCHAR(128) NOT NULL,
subdomain VARCHAR(128) NOT NULL,
add secondary domains note that for updates to work, we keep the secondary domain optional, even though they are really not. part of #809
2022-01-14 22:40:51 -08:00
type VARCHAR(128) NOT NULL, /* primary, secondary, redirect, alias */
environmentVariable VARCHAR(128), /* only set for secondary */
Remove apps.location and apps.domain This is now managed in the subdomains table
2018-06-29 11:29:30 +02:00
store custom app certificates in subdomains table the REST route and model code is still ununsed as before since there is no way to set the certs from the UI.
2021-05-05 10:34:22 -07:00
certificateJson MEDIUMTEXT,
add subdomains table with migration scripts
2018-06-28 19:39:15 +02:00
FOREIGN KEY(domain) REFERENCES domains(domain),
FOREIGN KEY(appId) REFERENCES apps(id),
Add tasks table and API progress will be tracked with this table instead of being in-process like progress.js
2018-11-16 11:13:03 -08:00
UNIQUE (subdomain, domain));
CREATE TABLE IF NOT EXISTS tasks(
Make tasks indexed by id instead of type The caas migrate logic is broken at this point until it uses new task framework
2018-12-08 18:50:06 -08:00
id int NOT NULL AUTO_INCREMENT,
tasks: make type field longer
2025-07-18 14:24:24 +02:00
type VARCHAR(32) NOT NULL, /* 32 prefix + 128 for any id */
schema: add missing args to tasks table
2021-09-30 09:01:43 -07:00
argsJson TEXT,
another schema update
2025-06-19 19:43:51 +02:00
pending BOOLEAN DEFAULT true,
tasks: add completed flag in some cases, the tasks are setting percent to 100 and crashing later
2025-07-16 15:22:00 +02:00
completed BOOLEAN DEFAULT false,
Add tasks table and API progress will be tracked with this table instead of being in-process like progress.js
2018-11-16 11:13:03 -08:00
percent INTEGER DEFAULT 0,
message TEXT,
tasks: make error a json also, handle case where we never got to handle task exit cleanly
2019-08-30 13:46:55 -07:00
errorJson TEXT,
resultJson TEXT,
Add tasks table and API progress will be tracked with this table instead of being in-process like progress.js
2018-11-16 11:13:03 -08:00
creationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
add indexes for ORDER BY fields used in code we hit ER_OUT_OF_SORTMEMORY with large tables
2021-05-17 07:06:11 -07:00
INDEX creationTime_index (creationTime),
Add tasks table and API progress will be tracked with this table instead of being in-process like progress.js
2018-11-16 11:13:03 -08:00
PRIMARY KEY (id));
Use subdomains table in appdb
2018-06-29 11:04:14 +02:00
Add notificationdb table and db wrapper
2018-12-17 15:52:52 +01:00
CREATE TABLE IF NOT EXISTS notifications(
id int NOT NULL AUTO_INCREMENT,
remove action field from notifications table it is mostly unused
2019-02-28 14:59:33 -08:00
eventId VARCHAR(128), // reference to eventlog. can be null
Add notification types
2023-09-22 17:58:13 +02:00
type VARCHAR(128) NOT NULL DEFAULT ""
Add notificationdb table and db wrapper
2018-12-17 15:52:52 +01:00
title VARCHAR(512) NOT NULL,
message TEXT,
acknowledged BOOLEAN DEFAULT false,
creationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
notifications: add context field
2024-12-11 22:29:00 +01:00
context VARCHAR(128) DEFAULT "", // used along with "type" to create uniqueness
add indexes for ORDER BY fields used in code we hit ER_OUT_OF_SORTMEMORY with large tables
2021-05-17 07:06:11 -07:00
INDEX creationTime_index (creationTime),
Fix notifications schema
2021-04-19 21:00:31 -07:00
FOREIGN KEY(eventId) REFERENCES eventlog(id),
Add notificationdb table and db wrapper
2018-12-17 15:52:52 +01:00
PRIMARY KEY (id)
);
Add tasks table and API progress will be tracked with this table instead of being in-process like progress.js
2018-11-16 11:13:03 -08:00
Add app passwords feature
2020-01-31 15:28:42 -08:00
CREATE TABLE IF NOT EXISTS appPasswords(
id VARCHAR(128) NOT NULL UNIQUE,
name VARCHAR(128) NOT NULL,
userId VARCHAR(128) NOT NULL,
identifier VARCHAR(128) NOT NULL, // resourceId: app id or mail or webadmin
hashedPassword VARCHAR(1024) NOT NULL,
creationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
schema.sql: fix appPasswords constraint
2021-04-19 21:02:14 -07:00
UNIQUE KEY appPasswords_name_appId_identifier (name, userId, identifier)
Add app passwords feature
2020-01-31 15:28:42 -08:00
FOREIGN KEY(userId) REFERENCES users(id),
Fix uniqueness constraint in app passwords table Fixes #688
2020-05-30 12:57:25 -07:00
Add app passwords feature
2020-01-31 15:28:42 -08:00
PRIMARY KEY (id)
);
registry config: create table and migrate existing setting
2025-05-07 14:09:10 +02:00
CREATE TABLE IF NOT EXISTS dockerRegistries(
id VARCHAR(128) NOT NULL UNIQUE,
provider VARCHAR(16) NOT NULL,
serverAddress VARCHAR(128) NOT NULL,
username VARCHAR(128),
email VARCHAR(128),
password VARCHAR(128),
PRIMARY KEY (id)
);
Add volume management the volumes table can later have backup flag, mount options etc
2020-10-27 22:39:05 -07:00
CREATE TABLE IF NOT EXISTS volumes(
id VARCHAR(128) NOT NULL UNIQUE,
name VARCHAR(256) NOT NULL UNIQUE,
Update schema
2025-06-19 18:10:11 +02:00
hostPath VARCHAR(768) NOT NULL UNIQUE, // computed hostPath . has to be < 768*4 (3072) bytes
Add volume management the volumes table can later have backup flag, mount options etc
2020-10-27 22:39:05 -07:00
creationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
volumes: generate systemd mount files based on mount type
2021-05-12 18:00:43 -07:00
mountType VARCHAR(16) DEFAULT "noop",
mountOptionsJson TEXT,
Add volume management the volumes table can later have backup flag, mount options etc
2020-10-27 22:39:05 -07:00
PRIMARY KEY (id)
);
rename appVolumes to appMounts
2020-10-28 19:42:48 -07:00
CREATE TABLE IF NOT EXISTS appMounts(
Add volume management the volumes table can later have backup flag, mount options etc
2020-10-27 22:39:05 -07:00
appId VARCHAR(128) NOT NULL,
volumeId VARCHAR(128) NOT NULL,
Do not allow duplicate mounts
2020-10-29 22:08:31 -07:00
readOnly BOOLEAN DEFAULT 1,
UNIQUE KEY appMounts_appId_volumeId (appId, volumeId),
Add volume management the volumes table can later have backup flag, mount options etc
2020-10-27 22:39:05 -07:00
FOREIGN KEY(appId) REFERENCES apps(id),
FOREIGN KEY(volumeId) REFERENCES volumes(id));
secrets -> blobs this will also have certs which are not really "secrets"
2021-04-30 22:26:51 -07:00
CREATE TABLE IF NOT EXISTS blobs(
id VARCHAR(128) NOT NULL UNIQUE,
Fix blobs schema
2022-02-01 17:29:19 -08:00
value MEDIUMBLOB,
secrets -> blobs this will also have certs which are not really "secrets"
2021-04-30 22:26:51 -07:00
PRIMARY KEY(id));
Add secrets table this will hold keys, certs etc
2021-04-30 21:54:53 -07:00
Add initial applink support
2022-07-06 19:15:59 +02:00
CREATE TABLE IF NOT EXISTS appLinks(
id VARCHAR(128) NOT NULL UNIQUE,
accessRestrictionJson TEXT, // { users: [ ], groups: [ ] }
creationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, // when the app was installed
updateTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, // when the last app update was done
ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, // when this db record was updated (useful for UI caching)
label VARCHAR(128), // display name
tagsJson VARCHAR(2048), // array of tags
icon MEDIUMBLOB,
upstreamUri VARCHAR(256) DEFAULT "",
PRIMARY KEY(id));
oidc: put clients into the db
2023-03-16 15:37:03 +01:00
CREATE TABLE IF NOT EXISTS oidcClients(
id VARCHAR(128) NOT NULL UNIQUE,
secret VARCHAR(128) DEFAULT "",
Add oidc.name and oidc.appId fields
2023-03-23 09:27:40 +01:00
appId VARCHAR(128) DEFAULT "",
name VARCHAR(128) DEFAULT "",
oidc: initial logout redirect URI support
2023-03-17 11:29:03 +01:00
loginRedirectUri VARCHAR(256) DEFAULT "",
oidc: add clients.tokenSignatureAlgorithm
2023-04-04 15:38:45 +02:00
tokenSignatureAlgorithm VARCHAR(128) DEFAULT "",
oidc: put clients into the db
2023-03-16 15:37:03 +01:00
PRIMARY KEY(id));
remove global lock Currently, the update/apptask/fullbackup/platformstart take a global lock and cannot run in parallel. This causes situations where when a user tries to trigger an apptask, it says "waiting for backup to finish..." etc The solution is to let them run in parallel. We need a lock at the app level as app operations running in parallel would be bad (tm). In addition, the update task needs a lock just for the update part. We also need multi-process locks. Running tasks as processes is core to our "kill" strategy. Various inter process locks were explored: * node's IPC mechanism with process.send(). But this only works for direct node.js children. taskworker is run via sudo and the IPC does not work. * File lock using O_EXCL. Basic ideas to create lock files. While file creation can be done atomically, it becomes complicated to clean up lock files when the tasks crash. We need a way to know what locks were held by the crashing task. flock and friends are not built-into node.js * sqlite/redis were options but introduce additional deps * Settled on MySQL based locking. Initial plan was to have row locks or table locks. Each row is a kind of lock. While implementing, it was found that we need many types of locks (and not just update lock and app locks). For example, we need locks for each task type, so that only one task type is active at a time. * Instead of rows, we can just lock table and have a json blob in it. This hit a road block that LOCK TABLE is per session and our db layer cannot handle this easily! i.e when issing two db.query() it might use two different connections from the pool. We have to expose the connection, release connection etc. * Next idea was atomic blob update of the blob checking if old blob was same. This approach, was finally refined into a version field. Phew!
2024-12-07 14:35:45 +01:00
CREATE TABLE IF NOT EXISTS locks(
id VARCHAR(128) NOT NULL UNIQUE,
dataJson TEXT,
version INT DEFAULT 1
ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP);
Reference in New Issue Copy Permalink