Tag with current branch, instead of latest

.drone.yml

@@ -0,0 +1,13 @@
+---
+kind: pipeline
+name: publish docker image
+steps:
+  - name: build and publish
+    image: plugins/docker
+    settings:
+      username:
+        from_secret: docker_reg_username_3wc
+      password:
+        from_secret: docker_reg_passwd_3wc
+      repo: 3wordchant/capsul-flask
+      tags: ${DRONE_COMMIT_BRANCH}

.gitignore

@@ -1,6 +1,5 @@
 notes.txt
 .env
-.env.bak
 .vscode
 
 *.pyc

Dockerfile

@@ -0,0 +1,48 @@
+FROM python:3.8-alpine as build
+
+RUN apk add --no-cache \
+    build-base \
+    gcc \
+    gettext \
+    git \
+    jpeg-dev \
+    libffi-dev \
+    libjpeg \
+    musl-dev \
+    postgresql-dev \
+    python3-dev \
+    zlib-dev
+
+RUN mkdir -p /app/{code,venv}
+WORKDIR /app/code
+COPY Pipfile Pipfile.lock /app/code/
+
+RUN python3 -m venv /app/venv
+RUN pip install pipenv setuptools
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
+RUN pip install wheel cppy
+# Install dependencies into the virtual environment with Pipenv
+RUN pipenv install --deploy --verbose
+
+FROM python:3.8-alpine
+
+RUN apk add --no-cache \
+    cloud-utils \
+    libjpeg \
+    libpq \
+    libstdc++ \
+    libvirt-client \
+    openssh-client \
+    virt-install
+
+COPY . /app/code/
+WORKDIR /app/code
+
+COPY --from=build /app/venv /app/venv
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
+
+CMD ["gunicorn", "--bind", "0.0.0.0:5000", "-k", "gevent", "--worker-connections", "1000", "app:app"]
+
+VOLUME /app/code
+
+EXPOSE 5000

capsulflask/__init__.py

@@ -26,8 +26,24 @@ class StdoutMockFlaskMail:
     def send(self, message: Message):
       current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")
 
+
 load_dotenv(find_dotenv())
 
+for var_name in [
+  "SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",
+  "BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
+]:
+  var = os.environ.get(f"{var_name}_FILE")
+  if not var:
+    continue
+
+  if not os.path.isfile(var):
+    continue
+
+  with open(var) as secret_file:
+    os.environ[var_name] = secret_file.read().rstrip('\n')
+  del os.environ[f"{var_name}_FILE"]
+
 app = Flask(__name__)
 
 app.config.from_mapping(
@@ -142,12 +158,8 @@ app.config['HTTP_CLIENT'] = MyHTTPClient(timeout_seconds=int(app.config['INTERNA
 app.config['BTCPAY_ENABLED'] = False
 if app.config['BTCPAY_URL'] != "":
   try:
-    response = requests.get(app.config['BTCPAY_URL'])
-    if response.status_code == 200:
-      app.config['BTCPAY_CLIENT'] = btcpay.Client(api_uri=app.config['BTCPAY_URL'], pem=app.config['BTCPAY_PRIVATE_KEY'])
-      app.config['BTCPAY_ENABLED'] = True
-    else:
-      app.logger.warning(f"Can't reach BTCPAY_URL {app.config['BTCPAY_URL']}: Response status code: {response.status_code}. Capsul will work fine except cryptocurrency payments will not work.")
+    app.config['BTCPAY_CLIENT'] = btcpay.Client(api_uri=app.config['BTCPAY_URL'], pem=app.config['BTCPAY_PRIVATE_KEY'])
+    app.config['BTCPAY_ENABLED'] = True
   except:
     app.logger.warning("unable to create btcpay client. Capsul will work fine except cryptocurrency payments will not work. The error was: " + my_exec_info_message(sys.exc_info()))
 

capsulflask/cli.py

@@ -62,18 +62,6 @@ def sql_script(f, c):
 
     model.connection.commit()
 
-@bp.cli.command('account-balance')
-@click.option('-u', help='users email address')
-@with_appcontext
-def account_balance(u):
-  vms = get_model().list_vms_for_account(u)
-  payments = get_model().list_payments_for_account(u)
-  click.echo(".")
-  click.echo(".")
-  click.echo(get_account_balance(vms, payments, datetime.utcnow()))
-  click.echo(".")
-
-
 
 @bp.cli.command('cron-task')
 @with_appcontext

capsulflask/console.py

@@ -199,14 +199,6 @@ def create():
   capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
   errors = list()
 
-  affordable_vm_sizes = dict()
-  for key, vm_size in vm_sizes.items():
-    # if a user deposits $7.50 and then creates an f1-s vm which costs 7.50 a month, 
-    # then they have to delete the vm and re-create it, they will not be able to, they will have to pay again.
-    # so for UX it makes a lot of sense to give a small margin of 25 cents for usability sake
-    if vm_size["dollars_per_month"] <= account_balance+0.25:
-      affordable_vm_sizes[key] = vm_size
-
   if request.method == "POST":
     if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
       return abort(418, f"u want tea")
@@ -217,8 +209,6 @@ def create():
       errors.append("Size is required")
     elif size not in vm_sizes:
       errors.append(f"Invalid size {size}")
-    elif size not in affordable_vm_sizes:
-      errors.append(f"Your account must have enough credit to run an {size} for 1 month before you will be allowed to create it")
 
     if not os:
       errors.append("OS is required")
@@ -270,6 +260,13 @@ def create():
       
       return redirect(f"{url_for('console.index')}?created={id}")
   
+  affordable_vm_sizes = dict()
+  for key, vm_size in vm_sizes.items():
+    # if a user deposits $7.50 and then creates an f1-s vm which costs 7.50 a month, 
+    # then they have to delete the vm and re-create it, they will not be able to, they will have to pay again.
+    # so for UX it makes a lot of sense to give a small margin of 25 cents for usability sake
+    if vm_size["dollars_per_month"] <= account_balance+0.25:
+      affordable_vm_sizes[key] = vm_size
 
   for error in errors:
     flash(error)

capsulflask/db.py

@@ -43,7 +43,7 @@ def init_app(app, is_running_server):
   hasSchemaVersionTable = False
   actionWasTaken = False
   schemaVersion = 0
-  desiredSchemaVersion = 20
+  desiredSchemaVersion = 18
 
   cursor = connection.cursor()
 

capsulflask/hub_model.py

@@ -228,8 +228,8 @@ class CapsulFlaskHub(VirtualizationInterface):
         # no need to do anything here since if it cant be parsed then generic_operation will handle it.
         pass
       
-    assigned_hosts_string = ", ".join(assigned_hosts)
     if number_of_assigned != 1:
+      assigned_hosts_string = ", ".join(assigned_hosts)
       raise ValueError(f"expected create capsul operation {operation_id} to be assigned to one host, it was assigned to {number_of_assigned} ({assigned_hosts_string})")
     if error_message != "":
       raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts_string} failed with {error_message}")

capsulflask/payment.py

@@ -58,19 +58,14 @@ def btcpay_payment():
     dollars = result[1]
 
     if len(errors) == 0:
-      try:
-        invoice = current_app.config['BTCPAY_CLIENT'].create_invoice(dict(
-          price=float(dollars), 
-          currency="USD",
-          itemDesc="Capsul Cloud Compute",
-          transactionSpeed="high",
-          redirectURL=f"{current_app.config['BASE_URL']}/console/account-balance",
-          notificationURL=f"{current_app.config['BASE_URL']}/payment/btcpay/webhook"
-        ))
-      except:
-        current_app.logger.error(f"An error occurred while attempting to reach BTCPay Server: {my_exec_info_message(sys.exc_info())}")
-        flash("An error occurred while attempting to reach BTCPay Server.")
-        return redirect(url_for("console.account_balance"))
+      invoice = current_app.config['BTCPAY_CLIENT'].create_invoice(dict(
+        price=float(dollars), 
+        currency="USD",
+        itemDesc="Capsul Cloud Compute",
+        transactionSpeed="high",
+        redirectURL=f"{current_app.config['BASE_URL']}/console/account-balance",
+        notificationURL=f"{current_app.config['BASE_URL']}/payment/btcpay/webhook"
+      ))
 
       current_app.logger.info(f"created btcpay invoice: {invoice}")
 

capsulflask/schema_migrations/19_down_os_updates.sql

@@ -1,8 +0,0 @@
-DELETE FROM os_images WHERE id = 'guixsystem130';
-DELETE FROM os_images WHERE id = 'archlinux';
-UPDATE os_images SET deprecated = FALSE WHERE id = 'guixsystem120';
-UPDATE os_images SET deprecated = FALSE WHERE id = 'centos7';
-UPDATE os_images SET deprecated = FALSE WHERE id = 'centos8';
-UPDATE os_images SET description = 'Ubuntu 20.04 LTS (Fossa)' WHERE id = 'ubuntu20';
-
-UPDATE schemaversion SET version = 18;

capsulflask/schema_migrations/19_up_os_updates.sql

@@ -1,12 +0,0 @@
-INSERT INTO os_images (id, template_image_file_name, description, deprecated)
-VALUES  ('guixsystem130', 'guixsystem/1.3.0/root.img.qcow2', 'Guix System 1.3.0', FALSE);
-INSERT INTO os_images (id, template_image_file_name, description, deprecated)
-VALUES  ('archlinux', 'archlinux/root.img.qcow2', 'Arch Linux', FALSE);
-
-UPDATE os_images SET deprecated = TRUE WHERE id = 'guixsystem120';
-UPDATE os_images SET deprecated = TRUE WHERE id = 'centos7';
-UPDATE os_images SET deprecated = TRUE WHERE id = 'centos8';
-UPDATE os_images SET description = 'Ubuntu 20.04 (Focal)' WHERE id = 'ubuntu20';
-
-
-UPDATE schemaversion SET version = 19;

capsulflask/schema_migrations/20_down_deferrable_constraints.sql

@@ -1,21 +0,0 @@
-
-ALTER TABLE host_network ALTER CONSTRAINT host_network_host_fkey NOT DEFERRABLE;
-ALTER TABLE host_operation ALTER CONSTRAINT host_operation_host_fkey NOT DEFERRABLE;
-ALTER TABLE host_operation ALTER CONSTRAINT host_operation_operation_fkey NOT DEFERRABLE;
-ALTER TABLE login_tokens ALTER CONSTRAINT login_tokens_email_fkey NOT DEFERRABLE;
-ALTER TABLE operations ALTER CONSTRAINT operations_email_fkey NOT DEFERRABLE;
-ALTER TABLE payment_sessions ALTER CONSTRAINT payment_sessions_email_fkey NOT DEFERRABLE;
-ALTER TABLE payments ALTER CONSTRAINT payments_email_fkey NOT DEFERRABLE;
-ALTER TABLE ssh_public_keys ALTER CONSTRAINT ssh_public_keys_email_fkey NOT DEFERRABLE;
-ALTER TABLE unresolved_btcpay_invoices ALTER CONSTRAINT unresolved_btcpay_invoices_email_fkey NOT DEFERRABLE;
-ALTER TABLE unresolved_btcpay_invoices ALTER CONSTRAINT unresolved_btcpay_invoices_email_payment_id_fkey NOT DEFERRABLE;
-ALTER TABLE vm_ssh_authorized_key ALTER CONSTRAINT vm_ssh_public_key_email_ssh_public_key_name_fkey NOT DEFERRABLE;
-ALTER TABLE vm_ssh_authorized_key ALTER CONSTRAINT vm_ssh_public_key_email_vm_id_fkey NOT DEFERRABLE;
-ALTER TABLE vm_ssh_host_key ALTER CONSTRAINT vm_ssh_host_key_email_vm_id_fkey NOT DEFERRABLE;
-ALTER TABLE vms ALTER CONSTRAINT vms_email_fkey NOT DEFERRABLE;
-ALTER TABLE vms ALTER CONSTRAINT vms_host_network_name_fkey NOT DEFERRABLE;
-ALTER TABLE vms ALTER CONSTRAINT vms_host_fkey NOT DEFERRABLE;
-ALTER TABLE vms ALTER CONSTRAINT vms_os_fkey NOT DEFERRABLE;
-ALTER TABLE vms ALTER CONSTRAINT vms_size_fkey NOT DEFERRABLE;
-
-UPDATE schemaversion SET version = 19;

capsulflask/schema_migrations/20_up_deferrable_constraints.sql

@@ -1,21 +0,0 @@
-
-ALTER TABLE host_network ALTER CONSTRAINT host_network_host_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE host_operation ALTER CONSTRAINT host_operation_host_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE host_operation ALTER CONSTRAINT host_operation_operation_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE login_tokens ALTER CONSTRAINT login_tokens_email_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE operations ALTER CONSTRAINT operations_email_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE payment_sessions ALTER CONSTRAINT payment_sessions_email_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE payments ALTER CONSTRAINT payments_email_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE ssh_public_keys ALTER CONSTRAINT ssh_public_keys_email_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE unresolved_btcpay_invoices ALTER CONSTRAINT unresolved_btcpay_invoices_email_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE unresolved_btcpay_invoices ALTER CONSTRAINT unresolved_btcpay_invoices_email_payment_id_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE vm_ssh_authorized_key ALTER CONSTRAINT vm_ssh_public_key_email_ssh_public_key_name_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE vm_ssh_authorized_key ALTER CONSTRAINT vm_ssh_public_key_email_vm_id_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE vm_ssh_host_key ALTER CONSTRAINT vm_ssh_host_key_email_vm_id_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE vms ALTER CONSTRAINT vms_email_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE vms ALTER CONSTRAINT vms_host_network_name_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE vms ALTER CONSTRAINT vms_host_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE vms ALTER CONSTRAINT vms_os_fkey DEFERRABLE INITIALLY DEFERRED;
-ALTER TABLE vms ALTER CONSTRAINT vms_size_fkey DEFERRABLE INITIALLY DEFERRED;
-
-UPDATE schemaversion SET version = 20;

capsulflask/spoke_api.py

@@ -182,10 +182,7 @@ def handle_destroy(operation_id, request_body):
     return abort(400, f"bad request; email is required for destroy")
 
   try:
-    vm = current_app.config['SPOKE_MODEL'].get(request_body['id'], False)
-    current_app.logger.warning(f"destroy {request_body['id']} was called for {request_body['email']}, however the vm does not exist. returning success. ")
-    if vm is not None:
-      current_app.config['SPOKE_MODEL'].destroy(id=request_body['id'], email=request_body['email'])
+    current_app.config['SPOKE_MODEL'].destroy(id=request_body['id'], email=request_body['email'])
   except:
     error_message = my_exec_info_message(sys.exc_info())
     params =          f"email='{request_body['email'] if 'email' in request_body else 'KeyError'}', "

capsulflask/templates/support.html

@@ -7,11 +7,18 @@
     <h1>SUPPORT</h1>
   </div>
   <div class="row half-margin">
-    <a href="mailto:support@cyberia.club?subject=capsul%20support%20request">support@cyberia.club</a>
+    <a href="mailto:support@cyberia.club?subject=Please%20help!">support@cyberia.club</a> 
   </div>
 {% endblock %}
 
 {% block subcontent %}
+<p>
+  Note: We maintain a searchable archive of all support emails at 
+  <a href="https://lists.cyberia.club/~cyberia/support">https://lists.cyberia.club/~cyberia/support</a>
+</p>
+<p>
+  If you do not want your mail to appear in a public archive, email <a href="mailto:capsul@cyberia.club?subject=Please%20help!">capsul@cyberia.club</a> instead.
+</p>
 <p>
   Please describe your problem or feature request, and we will do our best to get back to you promptly. Thank you very much.
 </p>

docker-compose.yml

@@ -0,0 +1,36 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: 3wordchant/capsul-flask:latest
+    build: .
+    volumes:
+      - "./:/app/code"
+      - "../tank:/tank"
+      # - "/var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock"
+    depends_on:
+      - db
+    ports:
+      - "5000:5000"
+    environment:
+      - "POSTGRES_CONNECTION_PARAMETERS=host=db port=5432 user=capsul password=capsul dbname=capsul"
+      - SPOKE_MODEL=shell-scripts
+        #- FLASK_DEBUG=1
+      - BASE_URL=http://localhost:5000
+      - ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=3wc.capsul@doesthisthing.work
+      - VIRSH_DEFAULT_CONNECT_URI=qemu:///system
+    # The image uses gunicorn by default, let's override it with Flask's
+    # built-in development server
+    command: ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
+  db:
+    image: "postgres:9.6.5-alpine"
+    volumes:
+      - "postgres:/var/lib/postgresql/data"
+    environment:
+      POSTGRES_USER: capsul
+      POSTGRES_PASSWORD: capsul
+      POSTGRES_DB: capsul
+
+volumes:
+  postgres:

docs/database.md

@@ -48,20 +48,3 @@ $ pipenv run flask cli sql -c "SELECT id, created, email, dollars, invalidated f
 ## how to view the logs on the database server (legion.cyberia.club)
 
 `sudo -u postgres pg_dump capsul-flask | gzip -9 > capsul-backup-2021-02-15.gz`
-
-
-## changing the email address on an account
-
-```
-UPDATE accounts SET lower_case_email = 'new@email.address' WHERE email = 'old@email.address' ;
-UPDATE accounts SET email = 'new@email.address' WHERE email = 'old@email.address' ;
-UPDATE login_tokens SET email = 'new@email.address' WHERE email = 'old@email.address' ;
-UPDATE operations SET email = 'new@email.address' WHERE email = 'old@email.address' ;
-UPDATE payment_sessions SET email = 'new@email.address' WHERE email = 'old@email.address' ;
-UPDATE payments SET email = 'new@email.address' WHERE email = 'old@email.address' ;
-UPDATE ssh_public_keys SET email = 'new@email.address' WHERE email = 'old@email.address' ;
-UPDATE unresolved_btcpay_invoices SET email = 'new@email.address' WHERE email = 'old@email.address' ;
-UPDATE vm_ssh_authorized_key SET email = 'new@email.address' WHERE email = 'old@email.address' ;
-UPDATE vm_ssh_host_key SET email = 'new@email.address' WHERE email = 'old@email.address' ;
-UPDATE vms SET email = 'new@email.address' WHERE email = 'old@email.address' ;
-```