Feature Request : Add Talawa-API to run as systemd in Linux (All suggestion are taken from codeRabbit AI after resolving those new clean PR )

example/linux/installation.md

@@ -0,0 +1,225 @@
+# Talawa API Installation Guide
+
+This guide provides step-by-step instructions for setting up the Talawa API service on a Linux system using systemd.
+
+## Prerequisites
+
+- **fnm** (Fast Node Manager)
+- **Node.js** (version specified in your Talawa API's `package.json`)
+- **tsx** (TypeScript execution environment, install globally with `npm install -g tsx`)
+- A Linux system with **systemd**
+- **Root access** or `sudo` privileges for service installation
+- **Dedicated system user** `talawa` for running the service (security best practice)
+- **MongoDB** installed and running (required for Talawa API)
+- **Redis** installed and running (required for Talawa API)
+- Proper file permissions on `/path/to/your/talawa-api`
+- For development:
+  - Ensure `.env` file sets `NODE_ENV=development`
+  - Run the service manually to verify functionality
+- For production:
+  - Build the app to generate the `dist` folder
+  - Ensure `.env` file sets `NODE_ENV=production`
+- **Log file setup**:
+  - Ensure a log file exists at `/var/log/talawa-api.log` with appropriate permissions and ownership
+- Verify Node.js version in your system matches the version required by `package.json`
+- Install `jq` for parsing JSON data (`sudo apt install jq` or equivalent)
+
+## Steps
+
+### 1. Create a Dedicated System User
+
+- Create a user named `talawa` for running the service:
+
+  ```bash
+  sudo adduser --system --no-create-home --group talawa
+  ```
+- Verify the user creation:
+
+  ```bash
+  id talawa
+  ```
+
+### 2. Create the Systemd Service File
+
+- Create the `talawa-api.service` file in the `/etc/systemd/system/` directory with root privileges
+- Check following placeholders:
+  - `ExecStart` (path to your `Talawa-api.sh` script: `/path/to/your/talawa-api/example/linux/systemd/Talawa-api.sh`)
+  - `WorkingDirectory` (root directory of your Talawa API project: `/path/to/your/talawa-api`)
+  - `ReadOnlyPaths` (root directory of your Talawa API project: `/path/to/your/talawa-api`)
+  - `User, Group` (use the `talawa` user and group created earlier)
+- Refer to the example in `/path/to/your/talawa-api/example/linux/systemd/talawa-api.service` for guidance
+- Copy `talawa-api.service` then paste it inside `/etc/systemd/system/`
+- Make sure `talawa-api.service` is owned by root
+
+### 3. Set Up the `Talawa-api.sh` Script
+
+- Edit the script to specify:
+  - **Project directory** (e.g., `/path/to/your/talawa-api/talawa-api`)
+  - **Log file path** (e.g., `/var/log/talawa-api.log`)
+  - Ensure that the development (`src/index.ts`) and production (`dist/index.js`) paths are correctly set
+  - Make sure `Talawa-api.sh` is executable and owned by user `talawa`. Log file should also be owned by user `talawa`
+
+### 4. Configure the Environment
+
+- Ensure the `.env` file exists in the project directory and contains the appropriate configuration
+- Add the following environment variables:
+  - `NODE_ENV=development` or `NODE_ENV=production`
+
+### 5. Verify Log File and Permissions
+
+- Create the log file if it does not exist:
+
+  ```bash
+  sudo touch /var/log/talawa-api.log
+  sudo chown talawa:talawa /var/log/talawa-api.log
+  sudo chmod 664 /var/log/talawa-api.log
+  ```
+- Ensure the log file owner matches the service user (e.g., `talawa`)
+
+### 6. Set Up Log Rotation
+
+- Create a new logrotate configuration file for Talawa API:
+
+  ```bash
+  sudo nano /etc/logrotate.d/talawa-api
+  ```
+
+- Add the following configuration:
+  ```plaintext
+  /var/log/talawa-api.log {
+      su talawa talawa
+      weekly
+      rotate 4
+      compress
+      missingok
+      notifempty
+      create 664 talawa talawa
+      # Prevent symlink attacks
+      nolinkasym
+      # Delete old versions of log files
+      delaycompress
+      # Don't rotate empty log files
+      notifempty
+      postrotate
+          systemctl restart talawa-api.service > /dev/null 2>&1 || true
+      endscript
+  }
+  ```
+
+- Verify logrotate setup:
+
+  ```bash
+  sudo logrotate -f /etc/logrotate.d/talawa-api
+  sudo logrotate -v /etc/logrotate.conf
+  sudo logrotate -d /etc/logrotate.conf
+
+  ```
+- -f for forced rotation, -v for verbose rotation, -d for debuging mode rotation.
+- To confirm log rotation, check the rotated logs:
+
+  ```bash
+  ls -la /var/log/talawa-api.log*
+  ```
+
+### 7. Install Dependencies
+
+- Install required Node.js version with `fnm`:
+
+  ```bash
+  fnm install <node_version>
+  fnm use <node_version>
+  ```
+  Replace `<node_version>` with the version specified in `package.json` (`engines.node`)
+- Install dependencies:
+
+  ```bash
+  npm install
+  ```
+- Globally install `tsx` if not already installed:
+
+  ```bash
+  npm install -g tsx
+  ```
+- Install `jq`:
+
+  ```bash
+  sudo apt install jq
+  ```
+
+### 8. Enable and Start the Service
+
+1. Reload the systemd configuration:
+
+   ```bash
+   sudo systemctl daemon-reload
+   ```
+2. Enable the service:
+
+   ```bash
+   sudo systemctl enable talawa-api.service
+   ```
+3. Start the service:
+
+   ```bash
+   sudo systemctl start talawa-api.service
+   ```
+
+### 9. Verify the Installation
+
+- Check the status of the service:
+
+  ```bash
+  sudo systemctl status talawa-api.service
+  ```
+- View logs in real-time:
+
+  ```bash
+  sudo journalctl -u talawa-api.service -f
+  ```
+- Check for errors:
+
+  ```bash
+  sudo journalctl -u talawa-api.service -p err
+  ```
+- Verify the service configuration:
+
+  ```bash
+  sudo systemd-analyze verify talawa-api.service
+  ```
+- Verify service dependencies:
+
+  ```bash
+  sudo systemctl list-dependencies talawa-api.service
+  ```
+
+## Notes
+
+- Ensure the `Talawa-api.sh` script has executable permissions:
+
+  ```bash
+  chmod +x /path/to/Talawa-api.sh
+  ```
+- Adjust `LimitNOFILE` and security-related settings in the `talawa-api.service` file as needed for your environment
+- For production, ensure the `dist` folder exists by running:
+
+  ```bash
+  npm run build
+  ```
+- If you encounter any issues, refer to the logs in `/var/log/talawa-api.log` or use `journalctl`
+- Don't try to create a global variable to store paths for use in both systemd service and script files. Global variables (like `/path/to/your/talawa-api`) will not work properly as systemd services run in a separate environment. While there are various suggested solutions (using `/etc/environment`, `/etc/default/`, or `Environment` and `EnvironmentFile` directives), these approaches can complicate service execution and are not recommended. 
+- While systemd supports environment variables through EnvironmentFile and Environment directives, using absolute paths in both the service file and script ensures consistent behavior across different environments and makes debugging easier.
+
+### Additional Steps for Troubleshooting
+
+1. Verify Node.js and `tsx` installation:
+
+   ```bash
+   node -v
+   tsx -v
+   ```
+2. Ensure MongoDB and Redis are running:
+
+   ```bash
+   sudo systemctl status mongod
+   sudo systemctl status redis
+   ```

example/linux/systemd/Talawa-api.sh

@@ -0,0 +1,161 @@
+#!/bin/bash
+# filepath: /path/to/your/talawa-api/example/linux/systemd/Talawa-api.sh
+# Description: Talawa API startup script
+
+# Don't use environment variables in this script, as when the script will run by systemd, it will not have access to the environment variables of the user. I have tried setting the environment variables in the systemd service file but it didn't work. So, directly use the absolute paths in the script.
+PROJECT_DIR="/path/to/your/talawa-api"
+LOG_FILE="/var/log/talawa-api.log"
+DEV_PATH="src/index.ts"
+PROD_PATH="dist/index.js"
+
+# Check if the log file exists
+if [ ! -f "$LOG_FILE" ]; then
+  echo "Error: Log file '$LOG_FILE' not found. Exiting." 
+  echo "Please create it first with the correct ownership and permissions, then return."
+  exit 1
+fi
+
+# Get the current user
+CURRENT_USER=$(whoami)
+
+# Get the owner of the log file
+LOG_FILE_OWNER=$(stat -c '%U' "$LOG_FILE")
+
+# Check if the current user matches the owner of the log file
+if [ "$CURRENT_USER" != "$LOG_FILE_OWNER" ]; then
+  echo "Error: Current user '$CURRENT_USER' does not match the owner of the log file '$LOG_FILE_OWNER'. Exiting."
+  echo "Change ownership or permissions and try again."
+  exit 1
+fi
+
+# Check if the user has necessary permissions to read and write to the log file
+if [ ! -w "$LOG_FILE" ] || [ ! -r "$LOG_FILE" ]; then
+  echo "Error: User '$CURRENT_USER' does not have sufficient permissions to read or write to the log file '$LOG_FILE'. Exiting."
+  echo "Change permissions and try again."
+  exit 1
+fi
+
+echo "-------------------------------***************------------------------------------" | tee -a "$LOG_FILE"
+echo "------------------------------>Talawa-API Logs<-----------------------------------" | tee -a "$LOG_FILE"
+echo "------------------------------>Current session date: $(date)" | tee -a "$LOG_FILE" 
+echo "-------------------------------***************------------------------------------" | tee -a "$LOG_FILE"
+echo "Log file '$LOG_FILE' is present and writable by user '$CURRENT_USER'. Proceeding..." | tee -a "$LOG_FILE"
+
+# Verify the project directory exists
+if [ ! -d "$PROJECT_DIR" ]; then
+  echo "Error: Project directory '$PROJECT_DIR' not found. Exiting." | tee -a "$LOG_FILE"
+  exit 1
+fi
+
+# Switch to the project directory
+cd "$PROJECT_DIR" || { echo "Error: Failed to change to project directory '$PROJECT_DIR'. Exiting." | tee -a "$LOG_FILE"; exit 1; }
+
+echo "Changed to project directory '$PROJECT_DIR'. Proceeding..." | tee -a "$LOG_FILE"
+
+# Check for package.json in the current working directory
+if [ ! -f "package.json" ]; then
+  echo "Error: 'package.json' not found in $(pwd). Exiting." | tee -a "$LOG_FILE"
+  echo "Please ensure it is present, then return." | tee -a "$LOG_FILE"
+  exit 1
+fi
+
+echo "package.json is present in $(pwd). Proceeding..." | tee -a "$LOG_FILE"
+
+if ! command -v jq >/dev/null 2>&1; then
+  echo "Error: 'jq' is not installed on this system. Exiting." | tee -a "$LOG_FILE"
+  echo "It is required to parse the Node.js version from package.json." | tee -a "$LOG_FILE"
+  echo "Please install 'jq' manually, then return to the script." | tee -a "$LOG_FILE"
+  exit 1
+fi
+
+echo "'jq' is present. Proceeding..." | tee -a "$LOG_FILE"
+
+# Attempt to read the required Node.js version
+TARGET_NODE_VERSION=$(jq -r '.engines.node' package.json 2>/dev/null)
+
+# Continue with your script...
+if [ -z "$TARGET_NODE_VERSION" ] || [ "$TARGET_NODE_VERSION" == "null" ]; then
+  echo "Error: Unable to read 'engines.node' from package.json. Exiting." | tee -a "$LOG_FILE"
+  exit 1
+fi
+
+# Remove 'v' prefix if present, e.g. "v20.18.0" -> "20.18.0"
+INSTALLED_NODE_VERSION=$(node -v 2>/dev/null | sed 's/^v//')
+
+echo "Installed Node.js version: $INSTALLED_NODE_VERSION" | tee -a "$LOG_FILE"
+echo "Target Node.js version: $TARGET_NODE_VERSION" | tee -a "$LOG_FILE"
+
+if [ "$INSTALLED_NODE_VERSION" != "$TARGET_NODE_VERSION" ]; then
+  echo "Error: Node.js version mismatch. Found $INSTALLED_NODE_VERSION, need $TARGET_NODE_VERSION. Exiting." | tee -a "$LOG_FILE"
+  echo "First install the required Node.js version from package.json in system then proceed further. It should match system Node.js version and Talawa-api Node.js version v$TARGET_NODE_VERSION"  | tee -a "$LOG_FILE"
+  exit 1
+fi
+
+echo "Node.js version matched. Proceeding..." | tee -a "$LOG_FILE"
+
+# Check if tsx is installed
+if ! command -v tsx >/dev/null 2>&1; then
+  echo "Error: 'tsx' is not installed on this system. Exiting." | tee -a "$LOG_FILE"
+  echo "Please install 'tsx' manually, then rerun the script." | tee -a "$LOG_FILE"
+  exit 1
+fi
+
+# Define the path to the tsx executable dynamically
+TSX_PATH=$(which tsx)
+
+# Check if the TSX_PATH is valid
+if [ ! -x "$TSX_PATH" ]; then
+  echo "Error: Path for 'tsx' is not found or not executable. Verify it is properly installed. Exiting." | tee -a "$LOG_FILE"
+  exit 1
+fi
+
+echo "'tsx' is installed and executable at '$TSX_PATH'. Proceeding..." | tee -a "$LOG_FILE"
+
+# Validate paths for development and production
+if [ ! -f "$DEV_PATH" ]; then
+  echo "Error: Development path '$DEV_PATH' not found. Exiting." | tee -a "$LOG_FILE"
+  exit 1
+fi
+
+if [ ! -f "$PROD_PATH" ]; then
+  echo "Error: Production path '$PROD_PATH' not found. Exiting." | tee -a "$LOG_FILE"
+  exit 1
+fi
+
+echo "Development and production paths are valid. Proceeding..." | tee -a "$LOG_FILE"
+
+# Check if .env file is present
+if [ ! -f ".env" ]; then
+  echo "Error: '.env' file not found. Exiting." | tee -a "$LOG_FILE"
+  exit 1
+fi
+echo ".env file found in '$(pwd)' directory. Proceeding..." | tee -a "$LOG_FILE"
+
+# Load environment variables from .env file securely
+NODE_ENV=$(grep '^NODE_ENV=' .env | cut -d '=' -f2)
+if [ -n "$NODE_ENV" ]; then
+  export NODE_ENV
+else
+  echo "Error: NODE_ENV not found in .env file" | tee -a "$LOG_FILE"
+  exit 1
+fi
+
+# Check if NODE_ENV is set
+if [ -z "$NODE_ENV" ]; then
+  echo "Error: Property 'NODE_ENV' is not present in the .env file. Exiting." | tee -a "$LOG_FILE"
+  exit 1
+fi
+
+echo "Environment variable 'NODE_ENV' is set to '$NODE_ENV'. Proceeding..." | tee -a "$LOG_FILE"
+
+# Check the value of NODE_ENV and execute the corresponding command
+if [ "$NODE_ENV" == "development" ]; then
+    echo "Starting Talawa API in development mode..." | tee -a "$LOG_FILE"
+    exec "$TSX_PATH" "$DEV_PATH"
+elif [ "$NODE_ENV" == "production" ]; then
+    echo "Starting Talawa API in production mode..." | tee -a "$LOG_FILE"
+    exec "$TSX_PATH" "$PROD_PATH"
+else
+    echo "NODE_ENV is not set to a valid value. Please set it to 'development' or 'production'. Exiting." | tee -a "$LOG_FILE"
+    exit 1
+fi