PostgREST
diff --git a/‎locales/zh_CN/LC_MESSAGES/admin.po
+381 b/‎locales/zh_CN/LC_MESSAGES/admin.po
+381
@@ -0,0 +1,381 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 1980, Joe Nelson, Steve Chavez
+# This file is distributed under the same license as the PostgREST package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2022.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PostgREST 9.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 1980-01-01 00:00+0000\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <[email protected]>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.9.0\n"
+
+#: ../../docs/admin.rst:4
+msgid "Hardening PostgREST"
+msgstr ""
+
+#: ../../docs/admin.rst:6
+msgid ""
+"PostgREST is a fast way to construct a RESTful API. Its default behavior "
+"is great for scaffolding in development. When it's time to go to "
+"production it works great too, as long as you take precautions. PostgREST"
+" is a small sharp tool that focuses on performing the API-to-database "
+"mapping. We rely on a reverse proxy like Nginx for additional safeguards."
+msgstr ""
+
+#: ../../docs/admin.rst:8
+msgid ""
+"The first step is to create an Nginx configuration file that proxies "
+"requests to an underlying PostgREST server."
+msgstr ""
+
+#: ../../docs/admin.rst:36
+msgid ""
+"For ubuntu, if you already installed nginx through :code:`apt` you can "
+"add this to the config file in :code:`/etc/nginx/sites-enabled/default`."
+msgstr ""
+
+#: ../../docs/admin.rst:42
+msgid "Block Full-Table Operations"
+msgstr ""
+
+#: ../../docs/admin.rst:44
+msgid ""
+"Each table in the admin-selected schema gets exposed as a top level "
+"route. Client requests are executed by certain database roles depending "
+"on their authentication. All HTTP verbs are supported that correspond to "
+"actions permitted to the role. For instance if the active role can drop "
+"rows of the table then the DELETE verb is allowed for clients. Here's an "
+"API request to delete old rows from a hypothetical logs table:"
+msgstr ""
+
+#: ../../docs/admin.rst:56
+msgid ""
+"However it's very easy to delete the **entire table** by omitting the "
+"query parameter!"
+msgstr ""
+
+#: ../../docs/admin.rst:68
+msgid ""
+"This can happen accidentally such as by switching a request from a GET to"
+" a DELETE. To protect against accidental operations use the `pg-"
+"safeupdate <https://github.com/eradman/pg-safeupdate>`_ PostgreSQL "
+"extension. It raises an error if UPDATE or DELETE are executed without "
+"specifying conditions. To install it you can use the `PGXN "
+"<https://pgxn.org/>`_ network:"
+msgstr ""
+
+#: ../../docs/admin.rst:77
+msgid ""
+"This does not protect against malicious actions, since someone can add a "
+"url parameter that does not affect the result set. To prevent this you "
+"must turn to database permissions, forbidding the wrong people from "
+"deleting rows, and using `row-level security "
+"<https://www.postgresql.org/docs/current/ddl-rowsecurity.html>`_ if finer"
+" access control is required."
+msgstr ""
+
+#: ../../docs/admin.rst:80
+msgid "Count-Header DoS"
+msgstr ""
+
+#: ../../docs/admin.rst:82
+msgid ""
+"For convenience to client-side pagination controls PostgREST supports "
+"counting and reporting total table size in its response. As described in "
+":ref:`limits`, responses ordinarily include a range but leave the total "
+"unspecified like"
+msgstr ""
+
+#: ../../docs/admin.rst:90
+msgid ""
+"However including the request header :code:`Prefer: count=exact` "
+"calculates and includes the full count:"
+msgstr ""
+
+#: ../../docs/admin.rst:98
+msgid ""
+"This is fine in small tables, but count performance degrades in big "
+"tables due to the MVCC architecture of PostgreSQL. For very large tables "
+"it can take a very long time to retrieve the results which allows a "
+"denial of service attack. The solution is to strip this header from all "
+"requests:"
+msgstr ""
+
+#: ../../docs/admin.rst:107
+msgid "HTTPS"
+msgstr ""
+
+#: ../../docs/admin.rst:109
+msgid ""
+"PostgREST aims to do one thing well: add an HTTP interface to a "
+"PostgreSQL database. To keep the code small and focused we do not "
+"implement HTTPS. Use a reverse proxy such as NGINX to add this, `here's "
+"how <https://nginx.org/en/docs/http/configuring_https_servers.html>`_. "
+"Note that some Platforms as a Service like Heroku also add SSL "
+"automatically in their load balancer."
+msgstr ""
+
+#: ../../docs/admin.rst:112
+msgid "Rate Limiting"
+msgstr ""
+
+#: ../../docs/admin.rst:114
+msgid ""
+"Nginx supports \"leaky bucket\" rate limiting (see `official docs "
+"<https://nginx.org/en/docs/http/ngx_http_limit_req_module.html>`_). Using"
+" standard Nginx configuration, routes can be grouped into *request zones*"
+" for rate limiting. For instance we can define a zone for login attempts:"
+msgstr ""
+
+#: ../../docs/admin.rst:120
+msgid ""
+"This creates a shared memory zone called \"login\" to store a log of IP "
+"addresses that access the rate limited urls. The space reserved, 10 MB "
+"(:code:`10m`) will give us enough space to store a history of 160k "
+"requests. We have chosen to allow only allow one request per second "
+"(:code:`1r/s`)."
+msgstr ""
+
+#: ../../docs/admin.rst:122
+msgid ""
+"Next we apply the zone to certain routes, like a hypothetical stored "
+"procedure called :code:`login`."
+msgstr ""
+
+#: ../../docs/admin.rst:131
+msgid ""
+"The burst argument tells Nginx to start dropping requests if more than "
+"five queue up from a specific IP."
+msgstr ""
+
+#: ../../docs/admin.rst:133
+msgid ""
+"Nginx rate limiting is general and indiscriminate. To rate limit each "
+"authenticated request individually you will need to add logic in a "
+":ref:`Custom Validation <custom_validation>` function."
+msgstr ""
+
+#: ../../docs/admin.rst:138
+msgid "Using External Connection Poolers"
+msgstr ""
+
+#: ../../docs/admin.rst:140
+msgid ""
+"PostgREST manages its :ref:`own pool of connections <db-pool>` and uses "
+"prepared statements by default in order to increase performance. However,"
+" this setting is incompatible with external connection poolers such as "
+"PgBouncer working in transaction pooling mode. In this case, you need to "
+"set the :ref:`db-prepared-statements` config option to ``false``. On the "
+"other hand, session pooling is fully compatible with PostgREST, while "
+"statement pooling is not compatible at all."
+msgstr ""
+
+#: ../../docs/admin.rst:144
+msgid ""
+"If prepared statements are enabled, PostgREST will quit after detecting "
+"that transaction or statement pooling is being used."
+msgstr ""
+
+#: ../../docs/admin.rst:146
+msgid ""
+"You should also set the :ref:`db-channel-enabled` config option to "
+"``false``, due to the ``LISTEN`` command not being compatible with "
+"transaction pooling, although it should not give any errors if it's left "
+"enabled by default."
+msgstr ""
+
+#: ../../docs/admin.rst:149
+msgid "Debugging"
+msgstr ""
+
+#: ../../docs/admin.rst:152
+msgid "Server Version"
+msgstr ""
+
+#: ../../docs/admin.rst:154
+msgid ""
+"When debugging a problem it's important to verify the PostgREST version. "
+"At any time you can make a request to the running server and determine "
+"exactly which version is deployed. Look for the :code:`Server` HTTP "
+"response header, which contains the version number."
+msgstr ""
+
+#: ../../docs/admin.rst:159
+msgid "Logging"
+msgstr ""
+
+#: ../../docs/admin.rst:161
+msgid ""
+"PostgREST logs basic request information to ``stdout``, including the "
+"authenticated user if available, the requesting IP address and user "
+"agent, the URL requested, and HTTP response status."
+msgstr ""
+
+#: ../../docs/admin.rst:168
+msgid ""
+"For diagnostic information about the server itself, PostgREST logs to "
+"``stderr``."
+msgstr ""
+
+#: ../../docs/admin.rst:180
+msgid ""
+"When running it in an SSH session you must detach it from stdout or it "
+"will be terminated when the session closes. The easiest technique is "
+"redirecting the output to a log file or to the syslog:"
+msgstr ""
+
+#: ../../docs/admin.rst:189
+msgid ""
+"PostgREST logging provides limited information for debugging server "
+"errors. It's helpful to get full information about both client requests "
+"and the corresponding SQL commands executed against the underlying "
+"database."
+msgstr ""
+
+#: ../../docs/admin.rst:192
+msgid "HTTP Requests"
+msgstr ""
+
+#: ../../docs/admin.rst:194
+msgid ""
+"A great way to inspect incoming HTTP requests including headers and query"
+" parameters is to sniff the network traffic on the port where PostgREST "
+"is running. For instance on a development server bound to port 3000 on "
+"localhost, run this:"
+msgstr ""
+
+#: ../../docs/admin.rst:201
+msgid ""
+"The options to ngrep vary depending on the address and host on which "
+"you've bound the server. The binding is described in the "
+":ref:`configuration` section. The ngrep output isn't particularly pretty,"
+" but it's legible."
+msgstr ""
+
+#: ../../docs/admin.rst:206
+msgid "Automatic Connection Recovery"
+msgstr ""
+
+#: ../../docs/admin.rst:208
+msgid ""
+"When PostgREST loses the connection to the database, it retries the "
+"connection using capped exponential backoff, with 32 seconds being the "
+"maximum backoff time."
+msgstr ""
+
+#: ../../docs/admin.rst:210
+msgid ""
+"This retry behavior is triggered immediately after the connection is lost"
+" if :ref:`db-channel-enabled` is set to true(the default), otherwise it "
+"will be activated once a request is made."
+msgstr ""
+
+#: ../../docs/admin.rst:212
+msgid ""
+"To notify the client when the next reconnection attempt will be, "
+"PostgREST responds with ``503 Service Unavailable`` and the ``Retry-"
+"After: x`` header, where ``x`` is the number of seconds programmed for "
+"the next retry."
+msgstr ""
+
+#: ../../docs/admin.rst:215
+msgid "Database Logs"
+msgstr ""
+
+#: ../../docs/admin.rst:217
+msgid ""
+"Once you've verified that requests are as you expect, you can get more "
+"information about the server operations by watching the database logs. By"
+" default PostgreSQL does not keep these logs, so you'll need to make the "
+"configuration changes below. Find :code:`postgresql.conf` inside your "
+"PostgreSQL data directory (to find that, issue the command :code:`show "
+"data_directory;`). Either find the settings scattered throughout the file"
+" and change them to the following values, or append this block of code to"
+" the end of the configuration file."
+msgstr ""
+
+#: ../../docs/admin.rst:236
+msgid ""
+"Restart the database and watch the log file in real-time to understand "
+"how HTTP requests are being translated into SQL commands."
+msgstr ""
+
+#: ../../docs/admin.rst:240
+msgid "On Docker you can enable the logs by using a custom ``init.sh``:"
+msgstr ""
+
+#: ../../docs/admin.rst:247
+msgid ""
+"After that you can start the container and check the logs with ``docker "
+"logs``."
+msgstr ""
+
+#: ../../docs/admin.rst:255
+msgid "Schema Reloading"
+msgstr ""
+
+#: ../../docs/admin.rst:257
+msgid ""
+"Changing the schema while the server is running can lead to errors due to"
+" a stale schema cache. To learn how to refresh the cache see "
+":ref:`schema_reloading`."
+msgstr ""
+
+#: ../../docs/admin.rst:260
+msgid "Daemonizing"
+msgstr ""
+
+#: ../../docs/admin.rst:262
+msgid ""
+"For Linux distributions that use **systemd** (Ubuntu, Debian, Archlinux) "
+"you can create a daemon in the following way."
+msgstr ""
+
+#: ../../docs/admin.rst:264
+msgid "First, create postgrest configuration in ``/etc/postgrest/config``"
+msgstr ""
+
+#: ../../docs/admin.rst:273
+msgid ""
+"Then create the systemd service file in "
+"``/etc/systemd/system/postgrest.service``"
+msgstr ""
+
+#: ../../docs/admin.rst:288
+msgid "After that, you can enable the service at boot time and start it with:"
+msgstr ""
+
+#: ../../docs/admin.rst:299
+msgid "Alternate URL Structure"
+msgstr ""
+
+#: ../../docs/admin.rst:301
+msgid ""
+"As discussed in :ref:`singular_plural`, there are no special URL forms "
+"for singular resources in PostgREST, only operators for filtering. Thus "
+"there are no URLs like :code:`/people/1`. It would be specified instead "
+"as"
+msgstr ""
+
+#: ../../docs/admin.rst:315
+msgid ""
+"This allows compound primary keys and makes the intent for singular "
+"response independent of a URL convention."
+msgstr ""
+
+#: ../../docs/admin.rst:317
+msgid ""
+"Nginx rewrite rules allow you to simulate the familiar URL convention. "
+"The following example adds a rewrite rule for all table endpoints, but "
+"you'll want to restrict it to those tables that have a numeric simple "
+"primary key named \"id.\""
+msgstr ""
+