diff --git a/capsulflask/__init__.py b/capsulflask/__init__.py index 55643bb..d76fd65 100644 --- a/capsulflask/__init__.py +++ b/capsulflask/__init__.py @@ -155,7 +155,6 @@ is_running_server = ('flask run' in command_line) or ('gunicorn' in command_line app.logger.info(f"is_running_server: {is_running_server}") if app.config['HUB_MODE_ENABLED']: - if app.config['HUB_MODEL'] == "capsul-flask": app.config['HUB_MODEL'] = hub_model.CapsulFlaskHub() @@ -177,7 +176,9 @@ if app.config['HUB_MODE_ENABLED']: from capsulflask import db db.init_app(app, is_running_server) - from capsulflask import auth, landing, console, payment, metrics, cli, hub_api, admin + from capsulflask import ( + auth, landing, console, payment, metrics, cli, hub_api, publicapi, admin + ) app.register_blueprint(landing.bp) app.register_blueprint(auth.bp) @@ -187,13 +188,13 @@ if app.config['HUB_MODE_ENABLED']: app.register_blueprint(cli.bp) app.register_blueprint(hub_api.bp) app.register_blueprint(admin.bp) + app.register_blueprint(publicapi.bp) app.add_url_rule("/", endpoint="index") if app.config['SPOKE_MODE_ENABLED']: - if app.config['SPOKE_MODEL'] == "shell-scripts": app.config['SPOKE_MODEL'] = spoke_model.ShellScriptSpoke() else: diff --git a/capsulflask/auth.py b/capsulflask/auth.py index f3731a2..f8a2a74 100644 --- a/capsulflask/auth.py +++ b/capsulflask/auth.py @@ -1,3 +1,4 @@ +from base64 import b64decode import functools import re @@ -24,6 +25,15 @@ def account_required(view): @functools.wraps(view) def wrapped_view(**kwargs): + api_token = request.headers.get('authorization', None) + if api_token is not None: + email = get_model().authenticate_token(b64decode(api_token).decode('utf-8')) + + if email is not None: + session.clear() + session["account"] = email + session["csrf-token"] = generate() + if session.get("account") is None or session.get("csrf-token") is None : return redirect(url_for("auth.login")) @@ -56,7 +66,7 @@ def login(): if not email: errors.append("email is required") elif len(email.strip()) < 6 or email.count('@') != 1 or email.count('.') == 0: - errors.append("enter a valid email address") + errors.append("enter a valid email address") if len(errors) == 0: result = get_model().login(email) diff --git a/capsulflask/console.py b/capsulflask/console.py index 5da18e9..f2ef93e 100644 --- a/capsulflask/console.py +++ b/capsulflask/console.py @@ -1,7 +1,9 @@ +from base64 import b64encode +from datetime import datetime, timedelta +import json import re import sys -import json -from datetime import datetime, timedelta + from flask import Blueprint from flask import flash from flask import current_app @@ -98,7 +100,6 @@ def index(): @bp.route("/", methods=("GET", "POST")) @account_required def detail(id): - duration=request.args.get('duration') if not duration: duration = "5m" @@ -188,6 +189,72 @@ def detail(id): duration=duration ) +def _create(vm_sizes, operating_systems, public_keys_for_account, server_data): + errors = list() + + size = server_data.get("size") + os = server_data.get("os") + posted_keys_count = int(server_data.get("ssh_authorized_key_count")) + + if not size: + errors.append("Size is required") + elif size not in vm_sizes: + errors.append(f"Invalid size {size}") + + if not os: + errors.append("OS is required") + elif os not in operating_systems: + errors.append(f"Invalid os {os}") + + posted_keys = list() + + if posted_keys_count > 1000: + errors.append("something went wrong with ssh keys") + else: + for i in range(0, posted_keys_count): + if f"ssh_key_{i}" in server_data: + posted_name = server_data.get(f"ssh_key_{i}") + key = None + for x in public_keys_for_account: + if x['name'] == posted_name: + key = x + if key: + posted_keys.append(key) + else: + errors.append(f"SSH Key \"{posted_name}\" doesn't exist") + + if len(posted_keys) == 0: + errors.append("At least one SSH Public Key is required") + + capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable( + vm_sizes[size]['memory_mb']*1024*1024 + ) + + if not capacity_avaliable: + errors.append(""" + host(s) at capacity. no capsuls can be created at this time. sorry. + """) + + if len(errors) == 0: + id = makeCapsulId() + get_model().create_vm( + email=session["account"], + id=id, + size=size, + os=os, + ssh_authorized_keys=list(map(lambda x: x["name"], posted_keys)) + ) + current_app.config["HUB_MODEL"].create( + email = session["account"], + id=id, + template_image_file_name=operating_systems[os]['template_image_file_name'], + vcpus=vm_sizes[size]['vcpus'], + memory_mb=vm_sizes[size]['memory_mb'], + ssh_authorized_keys=list(map(lambda x: x["content"], posted_keys)) + ) + return id, errors + + return None, errors @bp.route("/create", methods=("GET", "POST")) @account_required @@ -197,67 +264,16 @@ def create(): public_keys_for_account = get_model().list_ssh_public_keys_for_account(session["account"]) account_balance = get_account_balance(get_vms(), get_payments(), datetime.utcnow()) capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024) - errors = list() if request.method == "POST": if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']: return abort(418, f"u want tea") - - size = request.form["size"] - os = request.form["os"] - if not size: - errors.append("Size is required") - elif size not in vm_sizes: - errors.append(f"Invalid size {size}") - - if not os: - errors.append("OS is required") - elif os not in operating_systems: - errors.append(f"Invalid os {os}") - - posted_keys_count = int(request.form["ssh_authorized_key_count"]) - posted_keys = list() - - if posted_keys_count > 1000: - errors.append("something went wrong with ssh keys") - else: - for i in range(0, posted_keys_count): - if f"ssh_key_{i}" in request.form: - posted_name = request.form[f"ssh_key_{i}"] - key = None - for x in public_keys_for_account: - if x['name'] == posted_name: - key = x - if key: - posted_keys.append(key) - else: - errors.append(f"SSH Key \"{posted_name}\" doesn't exist") - - if len(posted_keys) == 0: - errors.append("At least one SSH Public Key is required") - - capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(vm_sizes[size]['memory_mb']*1024*1024) - - if not capacity_avaliable: - errors.append(""" - host(s) at capacity. no capsuls can be created at this time. sorry. - """) - - if len(errors) == 0: - id = make_capsul_id() - # we can't create the vm record in the DB yet because its IP address needs to be allocated first. - # so it will be created when the allocation happens inside the hub_api. - current_app.config["HUB_MODEL"].create( - email = session["account"], - id=id, - os=os, - size=size, - template_image_file_name=operating_systems[os]['template_image_file_name'], - vcpus=vm_sizes[size]['vcpus'], - memory_mb=vm_sizes[size]['memory_mb'], - ssh_authorized_keys=list(map(lambda x: dict(name=x['name'], content=x['content']), posted_keys)) - ) - + id, errors = _create( + vm_sizes, + operating_systems, + public_keys_for_account, + request.form) + if len(errors) == 0: return redirect(f"{url_for('console.index')}?created={id}") affordable_vm_sizes = dict() @@ -287,23 +303,25 @@ def create(): vm_sizes=affordable_vm_sizes ) -@bp.route("/ssh", methods=("GET", "POST")) +@bp.route("/keys", methods=("GET", "POST")) @account_required -def ssh_public_keys(): +def ssh_api_keys(): errors = list() + token = None + if request.method == "POST": if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']: return abort(418, f"u want tea") - method = request.form["method"] - content = None - if method == "POST": + action = request.form["action"] + + if action == 'upload_ssh_key': + content = None content = request.form["content"].replace("\r", " ").replace("\n", " ").strip() - - name = request.form["name"] - if not name or len(name.strip()) < 1: - if method == "POST": + + name = request.form["name"] + if not name or len(name.strip()) < 1: parts = re.split(" +", content) if len(parts) > 2 and len(parts[2].strip()) > 0: name = parts[2].strip() @@ -311,10 +329,9 @@ def ssh_public_keys(): name = parts[0].strip() else: errors.append("Name is required") - if not re.match(r"^[0-9A-Za-z_@:. -]+$", name): - errors.append(f"Key name '{name}' must match \"^[0-9A-Za-z_@:. -]+$\"") + if not re.match(r"^[0-9A-Za-z_@:. -]+$", name): + errors.append(f"Key name '{name}' must match \"^[0-9A-Za-z_@:. -]+$\"") - if method == "POST": if not content or len(content.strip()) < 1: errors.append("Content is required") else: @@ -327,24 +344,36 @@ def ssh_public_keys(): if len(errors) == 0: get_model().create_ssh_public_key(session["account"], name, content) - elif method == "DELETE": + elif action == "delete_ssh_key": + get_model().delete_ssh_public_key(session["account"], name) - if len(errors) == 0: - get_model().delete_ssh_public_key(session["account"], name) + elif action == "generate_api_token": + name = request.form["name"] + if name == '': + name = datetime.utcnow().strftime('%y-%m-%d %H:%M:%S') + token = b64encode( + get_model().generate_api_token(session["account"], name).encode('utf-8') + ).decode('utf-8') + + elif action == "delete_api_token": + get_model().delete_api_token(session["account"], request.form["id"]) for error in errors: flash(error) - keys_list=list(map( + ssh_keys_list=list(map( lambda x: dict(name=x['name'], content=f"{x['content'][:20]}...{x['content'][len(x['content'])-20:]}"), get_model().list_ssh_public_keys_for_account(session["account"]) )) + api_tokens_list = get_model().list_api_tokens(session["account"]) + return render_template( - "ssh-public-keys.html", + "keys.html", csrf_token = session["csrf-token"], - ssh_public_keys=keys_list, - has_ssh_public_keys=len(keys_list) > 0 + api_tokens=api_tokens_list, + ssh_public_keys=ssh_keys_list, + generated_api_token=token, ) def get_vms(): @@ -368,7 +397,6 @@ def get_vm_months_float(vm, as_of): return days / average_number_of_days_in_a_month def get_account_balance(vms, payments, as_of): - vm_cost_dollars = 0.0 for vm in vms: vm_months = get_vm_months_float(vm, as_of) @@ -381,7 +409,6 @@ def get_account_balance(vms, payments, as_of): @bp.route("/account-balance") @account_required def account_balance(): - payment_sessions = get_model().list_payment_sessions_for_account(session['account']) for payment_session in payment_sessions: if payment_session['type'] == 'btcpay': diff --git a/capsulflask/db.py b/capsulflask/db.py index 23b3621..4616c1d 100644 --- a/capsulflask/db.py +++ b/capsulflask/db.py @@ -33,7 +33,7 @@ def init_app(app, is_running_server): result = re.search(r"^\d+_(up|down)", filename) if not result: app.logger.error(f"schemaVersion {filename} must match ^\\d+_(up|down). exiting.") - exit(1) + continue key = result.group() with open(join(schemaMigrationsPath, filename), 'rb') as file: schemaMigrations[key] = file.read().decode("utf8") @@ -128,4 +128,3 @@ def close_db(e=None): if db_model is not None: db_model.cursor.close() current_app.config['PSYCOPG2_CONNECTION_POOL'].putconn(db_model.connection) - diff --git a/capsulflask/db_model.py b/capsulflask/db_model.py index 976985a..ff53381 100644 --- a/capsulflask/db_model.py +++ b/capsulflask/db_model.py @@ -1,8 +1,8 @@ - import re # I was never able to get this type hinting to work correctly # from psycopg2.extensions import connection as Psycopg2Connection, cursor as Psycopg2Cursor +import hashlib from nanoid import generate from flask import current_app from typing import List @@ -17,7 +17,6 @@ class DBModel: self.cursor = cursor - # ------ LOGIN --------- @@ -43,6 +42,16 @@ class DBModel: self.connection.commit() return (token, ignoreCaseMatches) + + def authenticate_token(self, token): + m = hashlib.md5() + m.update(token.encode('utf-8')) + hash_token = m.hexdigest() + self.cursor.execute("SELECT email FROM api_tokens WHERE token = %s", (hash_token, )) + result = self.cursor.fetchall() + if len(result) == 1: + return result[0] + return None def consume_token(self, token): self.cursor.execute("SELECT email FROM login_tokens WHERE token = %s and created > (NOW() - INTERVAL '20 min')", (token, )) @@ -132,6 +141,32 @@ class DBModel: self.cursor.execute( "DELETE FROM ssh_public_keys where email = %s AND name = %s", (email, name) ) self.connection.commit() + def list_api_tokens(self, email): + self.cursor.execute( + "SELECT id, token, name, created FROM api_tokens WHERE email = %s", + (email, ) + ) + return list(map( + lambda x: dict(id=x[0], token=x[1], name=x[2], created=x[3]), + self.cursor.fetchall() + )) + + def generate_api_token(self, email, name): + token = generate() + m = hashlib.md5() + m.update(token.encode('utf-8')) + hash_token = m.hexdigest() + self.cursor.execute( + "INSERT INTO api_tokens (email, name, token) VALUES (%s, %s, %s)", + (email, name, hash_token) + ) + self.connection.commit() + return token + + def delete_api_token(self, email, id_): + self.cursor.execute( "DELETE FROM api_tokens where email = %s AND id = %s", (email, id_)) + self.connection.commit() + def list_vms_for_account(self, email): self.cursor.execute(""" SELECT vms.id, vms.public_ipv4, vms.public_ipv6, vms.size, vms.os, vms.created, vms.deleted, vm_sizes.dollars_per_month @@ -479,8 +514,3 @@ class DBModel: #cursor.close() return to_return - - - - - diff --git a/capsulflask/publicapi.py b/capsulflask/publicapi.py new file mode 100644 index 0000000..413a06a --- /dev/null +++ b/capsulflask/publicapi.py @@ -0,0 +1,38 @@ +import datetime + +from flask import Blueprint +from flask import current_app +from flask import jsonify +from flask import request +from flask import session +from nanoid import generate + +from capsulflask.auth import account_required +from capsulflask.db import get_model + +bp = Blueprint("webapi", __name__, url_prefix="/api") + +@bp.route("/capsul/create", methods=["POST"]) +@account_required +def capsul_create(): + email = session["account"] + + from .console import _create,get_account_balance, get_payments, get_vms + + vm_sizes = get_model().vm_sizes_dict() + operating_systems = get_model().operating_systems_dict() + public_keys_for_account = get_model().list_ssh_public_keys_for_account(session["account"]) + account_balance = get_account_balance(get_vms(), get_payments(), datetime.datetime.utcnow()) + capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024) + + id, errors = _create( + vm_sizes, + operating_systems, + public_keys_for_account, + request.json) + + if id is not None: + return jsonify( + id=id, + ) + return jsonify(errors=errors) diff --git a/capsulflask/schema_migrations/16_down_api_tokens.py b/capsulflask/schema_migrations/16_down_api_tokens.py new file mode 100644 index 0000000..5f3f93e --- /dev/null +++ b/capsulflask/schema_migrations/16_down_api_tokens.py @@ -0,0 +1,2 @@ +DROP TABLE api_keys; +UPDATE schemaversion SET version = 15; diff --git a/capsulflask/schema_migrations/16_up_api_tokens.py b/capsulflask/schema_migrations/16_up_api_tokens.py new file mode 100644 index 0000000..ae15dbd --- /dev/null +++ b/capsulflask/schema_migrations/16_up_api_tokens.py @@ -0,0 +1,9 @@ +CREATE TABLE api_tokens ( + id SERIAL PRIMARY KEY, + email TEXT REFERENCES accounts(email) ON DELETE RESTRICT, + name TEXT NOT NULL, + created TIMESTAMP NOT NULL DEFAULT NOW(), + token TEXT NOT NULL +); + +UPDATE schemaversion SET version = 16; diff --git a/capsulflask/templates/base.html b/capsulflask/templates/base.html index 43f6266..ad24677 100644 --- a/capsulflask/templates/base.html +++ b/capsulflask/templates/base.html @@ -31,7 +31,7 @@ {% if session["account"] %} Capsuls - SSH Public Keys + SSH & API Keys Account Balance {% endif %} diff --git a/capsulflask/templates/capsul-detail.html b/capsulflask/templates/capsul-detail.html index c864b88..8476551 100644 --- a/capsulflask/templates/capsul-detail.html +++ b/capsulflask/templates/capsul-detail.html @@ -101,7 +101,7 @@
- {{ vm['ssh_authorized_keys'] }} + {{ vm['ssh_authorized_keys'] }}
diff --git a/capsulflask/templates/create-capsul.html b/capsulflask/templates/create-capsul.html index 25f6654..9f89eda 100644 --- a/capsulflask/templates/create-capsul.html +++ b/capsulflask/templates/create-capsul.html @@ -31,7 +31,7 @@

(At least one month of funding is required)

{% elif no_ssh_public_keys %}

You don't have any ssh public keys yet.

-

You must upload one before you can create a Capsul.

+

You must upload one before you can create a Capsul.

{% elif not capacity_avaliable %}

Host(s) at capacity. No capsuls can be created at this time. sorry.

{% else %} diff --git a/capsulflask/templates/ssh-public-keys.html b/capsulflask/templates/keys.html similarity index 51% rename from capsulflask/templates/ssh-public-keys.html rename to capsulflask/templates/keys.html index 3a98e67..f741ee7 100644 --- a/capsulflask/templates/ssh-public-keys.html +++ b/capsulflask/templates/keys.html @@ -1,17 +1,18 @@ {% extends 'base.html' %} -{% block title %}SSH Public Keys{% endblock %} +{% block title %}SSH & API Keys{% endblock %} {% block content %}

SSH PUBLIC KEYS

- {% if has_ssh_public_keys %}
{% endif %} + {% if ssh_public_keys|length > 0 %}
{% endif %} {% for ssh_public_key in ssh_public_keys %}
+
@@ -22,13 +23,14 @@ {% endfor %} - {% if has_ssh_public_keys %}
{% endif %} + {% if ssh_public_keys|length > 0 %}
{% endif %}

UPLOAD A NEW SSH PUBLIC KEY

+
@@ -54,6 +56,51 @@
+
+
+

API KEYS

+
+
+ {% if generated_api_token %} +
+ Generated key: + {{ generated_api_token }} + {% endif %} + {% if api_tokens|length >0 %}
{% endif %} + {% for api_token in api_tokens %} +
+ + + + +
+ {{ api_token['name'] }} + created {{ api_token['created'].strftime("%b %d %Y") }} + +
+
+ {% endfor %} + {% if api_tokens|length >0 %}
{% endif %} + +
+

GENERATE A NEW API KEY

+
+
+ + + +
+

Generate a new API key, to integrate with other systems.

+
+
+ + (defaults to creation time) +
+
+ +
+
+
{% endblock %} {% block pagesource %}/templates/ssh-public-keys.html{% endblock %}