Compare commits

...

76 Commits

Author SHA1 Message Date
7ae5071cef Merge pull request 'Make the displayed SSH username configurable' (#13) from mirsal/capsul-flask:ssh-username into yolocolo
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #12
2021-08-10 12:00:35 +02:00
0ae55712ac Merge pull request 'templates: Display IPv6 addresses on the capsul detail page' (#11) from mirsal/capsul-flask:ipv6 into yolocolo
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #11
2021-08-04 23:53:55 +02:00
8634cda388 templates: Display IPv6 addresses on the capsul detail page
Some checks failed
continuous-integration/drone/pr Build is failing
2021-08-04 19:53:06 +00:00
5f868de9cc Merge pull request 'Support dualstack ipv6 in the controller layer' (#10) from mirsal/capsul-flask:ipv6 into yolocolo
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #10

You Obviously Love Owls
2021-08-04 21:08:11 +02:00
d238bc9551 cosmetics: Remove trailing whitespace
Some checks failed
continuous-integration/drone/pr Build is failing
2021-08-04 15:35:41 +00:00
17c915c1bf Support dualstack ipv6 in the console controller
This commit updates the console controller logic and
a few bits in the model in order to support multiple
address families (ipv4 and ipv6)
2021-08-04 15:35:41 +00:00
8a6d558402 Retrieve IPv6 addresses from VMs
This commit allows the model to fetch IPv6 addresses from running VMs
and populate VirtualMachine objects with the value if it was retrieved
successfully
2021-08-04 15:35:41 +00:00
3wc
ff4e63339f Merge branch 'master' into yolocolo
All checks were successful
continuous-integration/drone/push Build is passing
2021-08-04 12:19:57 +02:00
3wc
bcd1190f50 Fix API 🙈
All checks were successful
continuous-integration/drone/push Build is passing
2021-07-29 11:36:58 +02:00
3wc
6963e22933 Merge branch 'publicapi' into yolocolo 2021-07-29 11:16:54 +02:00
3wc
816be36a52 Revert unthemed template changes, tweak theme 2021-07-29 11:11:51 +02:00
3wc
d6f2f6d0bf Merge branch 'master' into yolocolo 2021-07-29 09:47:31 +02:00
3wc
cffa40c0e3 Fix up API
All checks were successful
continuous-integration/drone/push Build is passing
2021-07-23 23:28:06 +02:00
3wc
6dbae94bd6 Fix typo
All checks were successful
continuous-integration/drone/push Build is passing
2021-07-23 18:08:05 +02:00
3wc
42edcd1c33 Updates for upstream IP handling 2021-07-23 18:07:37 +02:00
3wc
b27d5b3c5b Add basic "create" API..
.. using server-side API tokens
2021-07-23 18:07:35 +02:00
3wc
cfb323bf60 Merge branch 'yc-templates' into yolocolo
All checks were successful
continuous-integration/drone/push Build is passing
2021-07-22 01:03:02 +02:00
3wc
8c7197f118 Merge branch 'docker' into yolocolo 2021-07-22 01:02:34 +02:00
3wc
fb83f52162 Merge branch 'master' into yolocolo 2021-07-22 00:57:01 +02:00
3wc
982556a2c5 Tag with current branch, instead of latest
Some checks reported errors
continuous-integration/drone/pr Build was killed
continuous-integration/drone/push Build is passing
2021-07-22 00:28:33 +02:00
3wc
13646e64da Make docker-compose file less demanding
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is passing
2021-07-21 23:50:47 +02:00
3wc
67149f437a Changes from @decentral1se code review 2021-07-21 23:50:47 +02:00
3wc
308ac05fe6 Add openssh-cient to Dockerfile for ssh-keyscan 2021-07-21 23:50:47 +02:00
3wc
c378c2b287 STRIPE_SECRET_KEY not STRIPE_PUBLISHABLE_KEY 2021-07-21 23:50:47 +02:00
3wc
5367822747 Load secrets from files if _FILE vars are set 2021-07-21 23:50:47 +02:00
3wc
e295b4420c Docker updates for libvirtd 2021-07-21 23:50:47 +02:00
3wc
e4180b8306 Use Flask server in development 2021-07-21 23:50:47 +02:00
3wc
5cd5126039 Multi-stage build oh my! 2021-07-21 23:50:47 +02:00
3wc
f8e9ab2482 Initial attempt at Docker 2021-07-21 23:50:47 +02:00
3wc
487a1ac0a3 Revert accidental change to main images 2021-07-21 23:30:14 +02:00
3wc
71344fbf4d Merge branch 'yc-templates' into yolocolo 2021-07-21 22:49:17 +02:00
3wc
6f3ecf991d Custom theme fixes 2021-07-21 22:48:54 +02:00
3wc
40aa3bccd3 Load YOLOCOLO templates from a "theme" folder..
..configurable using the THEME env var.

Defaults to normal Capsul theme.
2021-07-21 22:24:25 +02:00
3wc
bcc3f20b27 Tweak table style 2021-07-21 22:12:13 +02:00
3wc
8bd3971545 Improve form styling 2021-07-21 22:12:13 +02:00
3wc
c639899cd0 Remove cash payment option 2021-07-21 22:12:13 +02:00
3wc
a47c430855 Further colour tweak 2021-07-21 22:12:13 +02:00
3wc
d5362897df Fix typo, tweak colours 2021-07-21 22:12:13 +02:00
3wc
a52d183f2e More cheeky template changes 2021-07-21 22:12:13 +02:00
3wc
73042d1705 Disco updates for YOLOCOLO site 2021-07-21 22:12:13 +02:00
3wc
d3078fc5ce Merge branch 'yc-templates' into yolocolo 2021-07-21 21:07:59 +02:00
3wc
d60238f6f0 Improve form styling 2021-07-21 21:07:51 +02:00
3wc
ab55146d41 Remove cash payment option 2021-07-21 21:07:49 +02:00
3wc
7191213646 Further colour tweak 2021-07-21 21:07:27 +02:00
3wc
8c802a977a Fix typo, tweak colours 2021-07-21 21:07:27 +02:00
3wc
929aa29663 More cheeky template changes 2021-07-21 21:07:26 +02:00
3wc
61beee8d3b Disco updates for YOLOCOLO site 2021-07-21 21:07:03 +02:00
3wc
8586b85095 Merge branch 'master' into yolocolo
Some checks failed
continuous-integration/drone/push Build is failing
2021-07-21 20:38:36 +02:00
3wc
b2b78e0015 Merge branch 'yc-templates' into yolocolo
All checks were successful
continuous-integration/drone/push Build is passing
2021-07-21 11:43:17 +02:00
3wc
d6f4be8197 Improve form styling 2021-07-21 11:43:04 +02:00
3wc
5d3d0a1c5e Merge branch 'docker' into yolocolo 2021-07-21 11:38:58 +02:00
3wc
fc7e264178 Make docker-compose file less demanding
Some checks reported errors
continuous-integration/drone/pr Build was killed
continuous-integration/drone/push Build is passing
2021-07-21 11:38:01 +02:00
3wc
157e81e6e5 Merge branch 'yc-templates' into yolocolo
All checks were successful
continuous-integration/drone/push Build is passing
2021-07-21 02:02:58 +02:00
3wc
97f9486ea3 Remove cash payment option 2021-07-21 02:02:21 +02:00
3wc
4b90a6c7ae Merge branch 'yc-templates' into yolocolo
All checks were successful
continuous-integration/drone/push Build is passing
2021-07-21 01:56:45 +02:00
3wc
adc3342a8c Further colour tweak 2021-07-21 01:56:36 +02:00
3wc
f8bbdcc3c5 Merge branch 'yc-templates' into yolocolo
Some checks reported errors
continuous-integration/drone/push Build was killed
2021-07-21 01:54:35 +02:00
3wc
1133caa8a4 Fix typo, tweak colours 2021-07-21 01:54:21 +02:00
3wc
1f384f34b5 Merge branch 'yc-templates' into yolocolo
Some checks reported errors
continuous-integration/drone/push Build was killed
2021-07-21 01:44:52 +02:00
3wc
c25d85bbdd More cheeky template changes 2021-07-21 01:44:45 +02:00
3wc
0f4ac8e444 Merge branch 'yc-templates' into yolocolo
All checks were successful
continuous-integration/drone/push Build is passing
2021-07-21 01:15:51 +02:00
3wc
3cf501a393 Disco updates for YOLOCOLO site 2021-07-21 01:13:52 +02:00
3wc
180efa01af Merge branch 'optional-btcpay' into yolocolo
All checks were successful
continuous-integration/drone/push Build is passing
2021-07-21 00:30:34 +02:00
3wc
f5c079ffc2 Un-hard-code SSH key name
All checks were successful
continuous-integration/drone/push Build is passing
2021-07-20 23:55:03 +02:00
3wc
0e5dfe6bde Last re-hard-coding for "working" joy 2021-07-20 23:55:03 +02:00
3wc
2adbb8d94c Further filthy fix for local libvirt 2021-07-20 23:55:03 +02:00
3wc
8446d11720 Revert hardcoded local path to tank dir 2021-07-20 23:55:03 +02:00
3wc
a580b04659 Bag of hacks to get local libvirt working 2021-07-20 23:55:03 +02:00
3wc
2e6894ad14 Changes from @decentral1se code review
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is passing
2021-07-20 23:48:23 +02:00
3wc
2e6c6517f3 Add openssh-cient to Dockerfile for ssh-keyscan
Some checks reported errors
continuous-integration/drone/pr Build encountered an error
continuous-integration/drone/push Build is passing
2021-07-20 01:52:17 +02:00
3wc
be6c1b38b7 STRIPE_SECRET_KEY not STRIPE_PUBLISHABLE_KEY
Some checks failed
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-07-19 01:17:18 +02:00
3wc
aa8e129913 Load secrets from files if _FILE vars are set 2021-07-19 00:24:22 +02:00
3wc
71e09807a7 Docker updates for libvirtd 2021-07-15 00:13:11 +02:00
3wc
4816170c03 Use Flask server in development 2021-07-15 00:13:11 +02:00
3wc
6af241e8be Multi-stage build oh my! 2021-07-15 00:13:11 +02:00
3wc
c8ec53f207 Initial attempt at Docker 2021-07-15 00:13:11 +02:00
21 changed files with 370 additions and 174 deletions

View File

@ -183,7 +183,6 @@ if app.config['THEME'] != "":
app.jinja_loader = my_loader
if app.config['HUB_MODE_ENABLED']:
if app.config['HUB_MODEL'] == "capsul-flask":
app.config['HUB_MODEL'] = hub_model.CapsulFlaskHub()
@ -205,7 +204,9 @@ if app.config['HUB_MODE_ENABLED']:
from capsulflask import db
db.init_app(app, is_running_server)
from capsulflask import auth, landing, console, payment, metrics, cli, hub_api, admin
from capsulflask import (
auth, landing, console, payment, metrics, cli, hub_api, publicapi, admin
)
app.register_blueprint(landing.bp)
app.register_blueprint(auth.bp)
@ -215,13 +216,13 @@ if app.config['HUB_MODE_ENABLED']:
app.register_blueprint(cli.bp)
app.register_blueprint(hub_api.bp)
app.register_blueprint(admin.bp)
app.register_blueprint(publicapi.bp)
app.add_url_rule("/", endpoint="index")
if app.config['SPOKE_MODE_ENABLED']:
if app.config['SPOKE_MODEL'] == "shell-scripts":
app.config['SPOKE_MODEL'] = spoke_model.ShellScriptSpoke()
else:

View File

@ -1,3 +1,4 @@
from base64 import b64decode
import functools
import re
@ -24,6 +25,15 @@ def account_required(view):
@functools.wraps(view)
def wrapped_view(**kwargs):
api_token = request.headers.get('authorization', None)
if api_token is not None:
email = get_model().authenticate_token(b64decode(api_token).decode('utf-8'))
if email is not None:
session.clear()
session["account"] = email
session["csrf-token"] = generate()
if session.get("account") is None or session.get("csrf-token") is None :
return redirect(url_for("auth.login"))
@ -56,7 +66,7 @@ def login():
if not email:
errors.append("email is required")
elif len(email.strip()) < 6 or email.count('@') != 1 or email.count('.') == 0:
errors.append("enter a valid email address")
errors.append("enter a valid email address")
if len(errors) == 0:
result = get_model().login(email)

View File

@ -1,7 +1,9 @@
from base64 import b64encode
from datetime import datetime, timedelta
import json
import re
import sys
import json
from datetime import datetime, timedelta
from flask import Blueprint
from flask import flash
from flask import current_app
@ -27,12 +29,14 @@ def make_capsul_id():
letters_n_nummers = generate(alphabet="1234567890qwertyuiopasdfghjklzxcvbnm", size=10)
return f"capsul-{letters_n_nummers}"
def double_check_capsul_address(id, ipv4, get_ssh_host_keys):
def double_check_capsul_address(id, ipv4, ipv6, get_ssh_host_keys):
try:
result = current_app.config["HUB_MODEL"].get(id, get_ssh_host_keys)
if result != None and result.ipv4 != None and result.ipv4 != ipv4:
ipv4 = result.ipv4
get_model().update_vm_ip(email=session["account"], id=id, ipv4=result.ipv4)
get_model().update_vm_ipv4(email=session["account"], id=id, ipv4=result.ipv4)
if result != None and result.ipv6 != None and result.ipv6 != ipv6:
get_model().update_vm_ipv6(email=session["account"], id=id, ipv6=result.ipv6)
if result != None and result.ssh_host_keys != None and get_ssh_host_keys:
get_model().update_vm_ssh_host_keys(email=session["account"], id=id, ssh_host_keys=result.ssh_host_keys)
@ -59,36 +63,37 @@ def index():
# for now we are going to check the IP according to the virt model
# on every request. this could be done by a background job and cached later on...
for vm in vms:
result = double_check_capsul_address(vm["id"], vm["ipv4"], False)
result = double_check_capsul_address(vm["id"], vm["ipv4"], vm["ipv6"], False)
if result is not None:
vm["ipv4"] = result.ipv4
vm["ipv6"] = result.ipv6
vm["state"] = result.state
else:
vm["state"] = "unknown"
mappedVms = []
for vm in vms:
ip_display = vm['ipv4']
if not ip_display:
if vm["state"] == "running":
ip_display = "..booting.."
else:
ip_display = "unknown"
ip_display_class = "ok"
if not vm['ipv4']:
if vm["state"] == "running":
ip_display_class = "waiting-pulse"
else:
ip_display_class = "yellow"
ip_display = {}
ip_display_class = {}
for af in ['ipv4', 'ipv6']:
ip_display[af] = vm[af]
ip_display_class[af] = "ok"
if not ip_display[af]:
if vm["state"] == "running":
ip_display[af] = "..booting.."
ip_display_class[af] = "waiting-pulse"
else:
ip_display[af] = "unknown"
ip_display_class[af] = "yellow"
mappedVms.append(dict(
id=vm['id'],
size=vm['size'],
state=vm['state'],
ipv4=ip_display,
ipv4_status=ip_display_class,
ipv4=ip_display['ipv4'],
ipv4_status=ip_display_class['ipv4'],
ipv6=ip_display['ipv6'],
ipv6_status=ip_display_class['ipv6'],
os=vm['os'],
created=vm['created'].strftime("%b %d %Y")
))
@ -98,7 +103,6 @@ def index():
@bp.route("/<string:id>", methods=("GET", "POST"))
@account_required
def detail(id):
duration=request.args.get('duration')
if not duration:
duration = "5m"
@ -169,10 +173,11 @@ def detail(id):
else:
needs_ssh_host_keys = "ssh_host_keys" not in vm or len(vm["ssh_host_keys"]) == 0
vm_from_virt_model = double_check_capsul_address(vm["id"], vm["ipv4"], needs_ssh_host_keys)
vm_from_virt_model = double_check_capsul_address(vm["id"], vm["ipv4"], vm['ipv6'], needs_ssh_host_keys)
if vm_from_virt_model is not None:
vm["ipv4"] = vm_from_virt_model.ipv4
vm["ipv6"] = vm_from_virt_model.ipv6
vm["state"] = vm_from_virt_model.state
if needs_ssh_host_keys:
vm["ssh_host_keys"] = vm_from_virt_model.ssh_host_keys
@ -190,6 +195,70 @@ def detail(id):
duration=duration
)
def _create(email, vm_sizes, operating_systems, public_keys_for_account, affordable_vm_sizes, server_data):
errors = list()
size = server_data.get("size")
os = server_data.get("os")
posted_keys_count = int(server_data.get("ssh_authorized_key_count"))
if not size:
errors.append("Size is required")
elif size not in vm_sizes:
errors.append(f"Invalid size {size}")
elif size not in affordable_vm_sizes:
errors.append(f"Your account must have enough credit to run an {size} for 1 month before you will be allowed to create it")
if not os:
errors.append("OS is required")
elif os not in operating_systems:
errors.append(f"Invalid os {os}")
posted_keys = list()
if posted_keys_count > 1000:
errors.append("something went wrong with ssh keys")
else:
for i in range(0, posted_keys_count):
if f"ssh_key_{i}" in server_data:
posted_name = server_data.get(f"ssh_key_{i}")
key = None
for x in public_keys_for_account:
if x['name'] == posted_name:
key = x
if key:
posted_keys.append(key)
else:
errors.append(f"SSH Key \"{posted_name}\" doesn't exist")
if len(posted_keys) == 0:
errors.append("At least one SSH Public Key is required")
capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(
vm_sizes[size]['memory_mb']*1024*1024
)
if not capacity_avaliable:
errors.append("""
host(s) at capacity. no capsuls can be created at this time. sorry.
""")
if len(errors) == 0:
id = make_capsul_id()
current_app.config["HUB_MODEL"].create(
email = email,
id=id,
os=os,
size=size,
template_image_file_name=operating_systems[os]['template_image_file_name'],
vcpus=vm_sizes[size]['vcpus'],
memory_mb=vm_sizes[size]['memory_mb'],
ssh_authorized_keys=list(map(lambda x: dict(name=x['name'], content=x['content']), posted_keys))
)
return id, errors
return None, errors
@bp.route("/create", methods=("GET", "POST"))
@account_required
@ -212,64 +281,14 @@ def create():
if request.method == "POST":
if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
return abort(418, f"u want tea")
size = request.form["size"]
os = request.form["os"]
if not size:
errors.append("Size is required")
elif size not in vm_sizes:
errors.append(f"Invalid size {size}")
elif size not in affordable_vm_sizes:
errors.append(f"Your account must have enough credit to run an {size} for 1 month before you will be allowed to create it")
if not os:
errors.append("OS is required")
elif os not in operating_systems:
errors.append(f"Invalid os {os}")
posted_keys_count = int(request.form["ssh_authorized_key_count"])
posted_keys = list()
if posted_keys_count > 1000:
errors.append("something went wrong with ssh keys")
else:
for i in range(0, posted_keys_count):
if f"ssh_key_{i}" in request.form:
posted_name = request.form[f"ssh_key_{i}"]
key = None
for x in public_keys_for_account:
if x['name'] == posted_name:
key = x
if key:
posted_keys.append(key)
else:
errors.append(f"SSH Key \"{posted_name}\" doesn't exist")
if len(posted_keys) == 0:
errors.append("At least one SSH Public Key is required")
capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(vm_sizes[size]['memory_mb']*1024*1024)
if not capacity_avaliable:
errors.append("""
host(s) at capacity. no capsuls can be created at this time. sorry.
""")
id, errors = _create(
session['account'],
vm_sizes,
operating_systems,
public_keys_for_account,
affordable_vm_sizes,
request.form)
if len(errors) == 0:
id = make_capsul_id()
# we can't create the vm record in the DB yet because its IP address needs to be allocated first.
# so it will be created when the allocation happens inside the hub_api.
current_app.config["HUB_MODEL"].create(
email = session["account"],
id=id,
os=os,
size=size,
template_image_file_name=operating_systems[os]['template_image_file_name'],
vcpus=vm_sizes[size]['vcpus'],
memory_mb=vm_sizes[size]['memory_mb'],
ssh_authorized_keys=list(map(lambda x: dict(name=x['name'], content=x['content']), posted_keys))
)
return redirect(f"{url_for('console.index')}?created={id}")
@ -292,23 +311,25 @@ def create():
vm_sizes=affordable_vm_sizes
)
@bp.route("/ssh", methods=("GET", "POST"))
@bp.route("/keys", methods=("GET", "POST"))
@account_required
def ssh_public_keys():
def ssh_api_keys():
errors = list()
token = None
if request.method == "POST":
if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
return abort(418, f"u want tea")
method = request.form["method"]
content = None
if method == "POST":
action = request.form["action"]
if action == 'upload_ssh_key':
content = None
content = request.form["content"].replace("\r", " ").replace("\n", " ").strip()
name = request.form["name"]
if not name or len(name.strip()) < 1:
if method == "POST":
name = request.form["name"]
if not name or len(name.strip()) < 1:
parts = re.split(" +", content)
if len(parts) > 2 and len(parts[2].strip()) > 0:
name = parts[2].strip()
@ -316,10 +337,9 @@ def ssh_public_keys():
name = parts[0].strip()
else:
errors.append("Name is required")
if not re.match(r"^[0-9A-Za-z_@:. -]+$", name):
errors.append(f"Key name '{name}' must match \"^[0-9A-Za-z_@:. -]+$\"")
if not re.match(r"^[0-9A-Za-z_@:. -]+$", name):
errors.append(f"Key name '{name}' must match \"^[0-9A-Za-z_@:. -]+$\"")
if method == "POST":
if not content or len(content.strip()) < 1:
errors.append("Content is required")
else:
@ -332,24 +352,36 @@ def ssh_public_keys():
if len(errors) == 0:
get_model().create_ssh_public_key(session["account"], name, content)
elif method == "DELETE":
elif action == "delete_ssh_key":
get_model().delete_ssh_public_key(session["account"], name)
if len(errors) == 0:
get_model().delete_ssh_public_key(session["account"], name)
elif action == "generate_api_token":
name = request.form["name"]
if name == '':
name = datetime.utcnow().strftime('%y-%m-%d %H:%M:%S')
token = b64encode(
get_model().generate_api_token(session["account"], name).encode('utf-8')
).decode('utf-8')
elif action == "delete_api_token":
get_model().delete_api_token(session["account"], request.form["id"])
for error in errors:
flash(error)
keys_list=list(map(
ssh_keys_list=list(map(
lambda x: dict(name=x['name'], content=f"{x['content'][:20]}...{x['content'][len(x['content'])-20:]}"),
get_model().list_ssh_public_keys_for_account(session["account"])
))
api_tokens_list = get_model().list_api_tokens(session["account"])
return render_template(
"ssh-public-keys.html",
"keys.html",
csrf_token = session["csrf-token"],
ssh_public_keys=keys_list,
has_ssh_public_keys=len(keys_list) > 0
api_tokens=api_tokens_list,
ssh_public_keys=ssh_keys_list,
generated_api_token=token,
)
def get_vms():
@ -373,7 +405,6 @@ def get_vm_months_float(vm, as_of):
return days / average_number_of_days_in_a_month
def get_account_balance(vms, payments, as_of):
vm_cost_dollars = 0.0
for vm in vms:
vm_months = get_vm_months_float(vm, as_of)
@ -386,7 +417,6 @@ def get_account_balance(vms, payments, as_of):
@bp.route("/account-balance")
@account_required
def account_balance():
payment_sessions = get_model().list_payment_sessions_for_account(session['account'])
for payment_session in payment_sessions:
if payment_session['type'] == 'btcpay':

View File

@ -33,7 +33,7 @@ def init_app(app, is_running_server):
result = re.search(r"^\d+_(up|down)", filename)
if not result:
app.logger.error(f"schemaVersion {filename} must match ^\\d+_(up|down). exiting.")
exit(1)
continue
key = result.group()
with open(join(schemaMigrationsPath, filename), 'rb') as file:
schemaMigrations[key] = file.read().decode("utf8")
@ -43,7 +43,7 @@ def init_app(app, is_running_server):
hasSchemaVersionTable = False
actionWasTaken = False
schemaVersion = 0
desiredSchemaVersion = 18
desiredSchemaVersion = 19
cursor = connection.cursor()
@ -128,4 +128,3 @@ def close_db(e=None):
if db_model is not None:
db_model.cursor.close()
current_app.config['PSYCOPG2_CONNECTION_POOL'].putconn(db_model.connection)

View File

@ -1,8 +1,8 @@
import re
# I was never able to get this type hinting to work correctly
# from psycopg2.extensions import connection as Psycopg2Connection, cursor as Psycopg2Cursor
import hashlib
from nanoid import generate
from flask import current_app
from typing import List
@ -17,7 +17,6 @@ class DBModel:
self.cursor = cursor
# ------ LOGIN ---------
@ -44,6 +43,16 @@ class DBModel:
return (token, ignoreCaseMatches)
def authenticate_token(self, token):
m = hashlib.md5()
m.update(token.encode('utf-8'))
hash_token = m.hexdigest()
self.cursor.execute("SELECT email FROM api_tokens WHERE token = %s", (hash_token, ))
result = self.cursor.fetchall()
if len(result) == 1:
return result[0]
return None
def consume_token(self, token):
self.cursor.execute("SELECT email FROM login_tokens WHERE token = %s and created > (NOW() - INTERVAL '20 min')", (token, ))
row = self.cursor.fetchone()
@ -132,6 +141,32 @@ class DBModel:
self.cursor.execute( "DELETE FROM ssh_public_keys where email = %s AND name = %s", (email, name) )
self.connection.commit()
def list_api_tokens(self, email):
self.cursor.execute(
"SELECT id, token, name, created FROM api_tokens WHERE email = %s",
(email, )
)
return list(map(
lambda x: dict(id=x[0], token=x[1], name=x[2], created=x[3]),
self.cursor.fetchall()
))
def generate_api_token(self, email, name):
token = generate()
m = hashlib.md5()
m.update(token.encode('utf-8'))
hash_token = m.hexdigest()
self.cursor.execute(
"INSERT INTO api_tokens (email, name, token) VALUES (%s, %s, %s)",
(email, name, hash_token)
)
self.connection.commit()
return token
def delete_api_token(self, email, id_):
self.cursor.execute( "DELETE FROM api_tokens where email = %s AND id = %s", (email, id_))
self.connection.commit()
def list_vms_for_account(self, email):
self.cursor.execute("""
SELECT vms.id, vms.public_ipv4, vms.public_ipv6, vms.size, vms.os, vms.created, vms.deleted, vm_sizes.dollars_per_month
@ -144,10 +179,14 @@ class DBModel:
self.cursor.fetchall()
))
def update_vm_ip(self, email, id, ipv4):
def update_vm_ipv4(self, email, id, ipv4):
self.cursor.execute("UPDATE vms SET public_ipv4 = %s WHERE email = %s AND id = %s", (ipv4, email, id))
self.connection.commit()
def update_vm_ipv6(self, email, id, ipv6):
self.cursor.execute("UPDATE vms SET public_ipv6 = %s WHERE email = %s AND id = %s", (ipv6, email, id))
self.connection.commit()
def update_vm_ssh_host_keys(self, email, id, ssh_host_keys):
for key in ssh_host_keys:
self.cursor.execute("""
@ -479,8 +518,3 @@ class DBModel:
#cursor.close()
return to_return

View File

@ -44,6 +44,7 @@ class MockHub(VirtualizationInterface):
validate_capsul_id(id)
current_app.logger.info(f"mock create: {id} for {email}")
sleep(1)
get_model().create_vm(
email=email,
id=id,
@ -197,6 +198,10 @@ class CapsulFlaskHub(VirtualizationInterface):
validate_capsul_id(id)
online_hosts = get_model().get_online_hosts()
#current_app.logger.debug(f"hub_model.create(): ${len(online_hosts)} hosts")
current_app.logger.error(f'{email}, {id} {os} {size} {template_image_file_name} {vcpus} {memory_mb}')
current_app.logger.error(f'{ssh_authorized_keys}')
payload = json.dumps(dict(
type="create",
email=email,
@ -228,11 +233,12 @@ class CapsulFlaskHub(VirtualizationInterface):
# no need to do anything here since if it cant be parsed then generic_operation will handle it.
pass
if error_message != "":
raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts} failed with {error_message}")
if number_of_assigned != 1:
assigned_hosts_string = ", ".join(assigned_hosts)
raise ValueError(f"expected create capsul operation {operation_id} to be assigned to one host, it was assigned to {number_of_assigned} ({assigned_hosts_string})")
if error_message != "":
raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts_string} failed with {error_message}")
def destroy(self, email: str, id: str):

50
capsulflask/publicapi.py Normal file
View File

@ -0,0 +1,50 @@
import datetime
from flask import Blueprint
from flask import current_app
from flask import jsonify
from flask import request
from flask import session
from nanoid import generate
from capsulflask.auth import account_required
from capsulflask.db import get_model
bp = Blueprint("publicapi", __name__, url_prefix="/api")
@bp.route("/capsul/create", methods=["POST"])
@account_required
def capsul_create():
email = session["account"][0]
from .console import _create, get_account_balance, get_payments, get_vms
vm_sizes = get_model().vm_sizes_dict()
operating_systems = get_model().operating_systems_dict()
public_keys_for_account = get_model().list_ssh_public_keys_for_account(session["account"])
account_balance = get_account_balance(get_vms(), get_payments(), datetime.datetime.utcnow())
capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
affordable_vm_sizes = dict()
for key, vm_size in vm_sizes.items():
# if a user deposits $7.50 and then creates an f1-s vm which costs 7.50 a month,
# then they have to delete the vm and re-create it, they will not be able to, they will have to pay again.
# so for UX it makes a lot of sense to give a small margin of 25 cents for usability sake
if vm_size["dollars_per_month"] <= account_balance+0.25:
affordable_vm_sizes[key] = vm_size
request.json['ssh_authorized_key_count'] = 1
id, errors = _create(
email,
vm_sizes,
operating_systems,
public_keys_for_account,
affordable_vm_sizes,
request.json)
if id is not None:
return jsonify(
id=id,
)
return jsonify(errors=errors)

View File

@ -0,0 +1,2 @@
DROP TABLE api_keys;
UPDATE schemaversion SET version = 18;

View File

@ -0,0 +1,9 @@
CREATE TABLE api_tokens (
id SERIAL PRIMARY KEY,
email TEXT REFERENCES accounts(email) ON DELETE RESTRICT,
name TEXT NOT NULL,
created TIMESTAMP NOT NULL DEFAULT NOW(),
token TEXT NOT NULL
);
UPDATE schemaversion SET version = 19;

View File

@ -3,7 +3,7 @@
# check available RAM and IPv4s
ram_bytes_to_allocate="$1"
ram_bytes_available=$(grep -E "^(size|memory_available_bytes)" /proc/spl/kstat/zfs/arcstats | awk '{sum+=$3} END {printf "%.0f", sum}')
ram_bytes_available="$(($(grep Available /proc/meminfo | grep -o '[0-9]*') * 1024))"
ram_bytes_remainder="$((ram_bytes_available - ram_bytes_to_allocate))"
if echo "$ram_bytes_to_allocate" | grep -vqE "^[0-9]+$"; then
@ -11,8 +11,8 @@ if echo "$ram_bytes_to_allocate" | grep -vqE "^[0-9]+$"; then
exit 1
fi
# 20GB
if [ "$ram_bytes_remainder" -le $((20 * 1024 * 1024 * 1024)) ]; then
# 0.25GB
if [ "$ram_bytes_remainder" -le $((1 * 1024 * 1024 * 1024 / 4)) ]; then
echo "VM is requesting more RAM than $(hostname -f) has available."
echo "Bytes requested: $ram_bytes_to_allocate"
echo "Bytes available: $ram_bytes_available"

View File

@ -6,6 +6,7 @@
vmname="$1"
template_file="/tank/img/$2"
qemu_tank_dir="/tank"
vcpus="$3"
memory="$4"
pubkeys="$5"
@ -50,40 +51,40 @@ if echo "$public_ipv4" | grep -vqE "^[0-9.]+$"; then
exit 1
fi
disk="/tank/vm/$vmname.qcow2"
cdrom="/tank/vm/$vmname.iso"
xml="/tank/vm/$vmname.xml"
disk="$vmname.qcow2"
cdrom="$vmname.iso"
xml="$vmname.xml"
if [ -f /tank/vm/$vmname.qcow2 ]; then
echo "Randomly generated name matched an existing VM! Odds are like one in a billion. Buy a lotto ticket."
exit 1
fi
cp "$template_file" "$disk"
cp "$template_file" "/tank/vm/$disk"
cp /tank/config/cyberia-cloudinit.yml /tmp/cloudinit.yml
echo "$pubkeys" | while IFS= read -r line; do
echo " - $line" >> /tmp/cloudinit.yml
done
cloud-localds "$cdrom" /tmp/cloudinit.yml
cloud-localds "/tank/vm/$cdrom" /tmp/cloudinit.yml
qemu-img resize "$disk" "$root_volume_size"
qemu-img resize "/tank/vm/$disk" "$root_volume_size"
virt-install \
--memory "$memory" \
--vcpus "$vcpus" \
--name "$vmname" \
--disk "$disk",bus=virtio \
--disk "$cdrom",device=cdrom \
--disk "$qemu_tank_dir/vm/$disk",bus=virtio \
--disk "$qemu_tank_dir/vm/$cdrom",device=cdrom \
--os-type Linux \
--os-variant generic \
--virt-type kvm \
--graphics vnc,listen=127.0.0.1 \
--network network=$network_name,filterref=clean-traffic,model=virtio \
--network network=$network_name,model=virtio \
--import \
--print-xml > "$xml"
--print-xml > "/tank/vm/$xml"
chmod 0600 "$xml" "$disk" "$cdrom"
virsh define "$xml"
chmod 0600 "/tank/vm/$xml" "/tank/vm/$disk" "/tank/vm/$cdrom"
virsh define "/tank/vm/$xml"
virsh start "$vmname"
echo "success"

View File

@ -29,7 +29,8 @@ if virsh domuuid "$vmname" | grep -vqE '^[\t\s\n]*$'; then
esac
fi
# this gets the ipv4
# this gets the vm ip addresses
ipv4="$(virsh domifaddr "$vmname" | awk '/ipv4/ {print $4}' | cut -d'/' -f1)"
ipv6="$(virsh domifaddr "$vmname" | awk '/ipv6/ {print $4}' | cut -d'/' -f1)"
echo "$exists $state $ipv4"
echo "$exists $state $ipv4 $ipv6"

View File

@ -114,24 +114,30 @@ class ShellScriptSpoke(VirtualizationInterface):
if len(fields) < 3:
return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state)
ipaddr = fields[2]
ip4addr = fields[2]
if not re.match(r"^([0-9]{1,3}\.){3}[0-9]{1,3}$", ipaddr):
if not re.match(r"^([0-9]{1,3}\.){3}[0-9]{1,3}$", ip4addr):
return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state)
if get_ssh_host_keys:
try:
completedProcess2 = run([join(current_app.root_path, 'shell_scripts/ssh-keyscan.sh'), ipaddr], capture_output=True)
completedProcess2 = run([join(current_app.root_path, 'shell_scripts/ssh-keyscan.sh'), ip4addr], capture_output=True)
self.validate_completed_process(completedProcess2)
ssh_host_keys = json.loads(completedProcess2.stdout.decode("utf-8"))
return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state, ipv4=ipaddr, ssh_host_keys=ssh_host_keys)
return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state, ipv4=ip4addr, ssh_host_keys=ssh_host_keys)
except:
current_app.logger.warning(f"""
failed to ssh-keyscan {id} at {ipaddr}:
failed to ssh-keyscan {id} at {ip4addr}:
{my_exec_info_message(sys.exc_info())}"""
)
return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state, ipv4=ipaddr)
if len(fields) < 4:
return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state, ipv4=ip4addr)
ip6addr = fields[3]
return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state, ipv4=ip4addr, ipv6=ip6addr)
def list_ids(self) -> list:
completedProcess = run([join(current_app.root_path, 'shell_scripts/list-ids.sh')], capture_output=True)

View File

@ -1,8 +1,8 @@
html {
color: #bdc7b8;
color: #241e1e;
font: calc(0.40rem + 1vmin) monospace;
overflow-y: scroll;
background-color: #241e1e;
background-color: #bdc7b8;
}
body {
@ -19,8 +19,8 @@ body {
}
a {
color:#6CF;
text-shadow: 1px 1px 0px #000c;
color:#00517a;
text-shadow: 1px 1px 0px #eee;
}
a.no-shadow {
@ -28,7 +28,7 @@ a.no-shadow {
}
a:hover, a:active, a:visited {
color: #b5bd68;
color: #323417;
}
.nav-links a {
@ -59,11 +59,11 @@ h1, h2, h3, h4, h5 {
margin: initial;
padding: initial;
text-transform: uppercase;
text-shadow: 2px 2px 0px #0007;
text-shadow: 2px 2px 0px #eee;
}
main {
border: 1px dashed #bdc7b8;
border: 1px dashed #241e1e;
padding: 1rem;
margin-bottom: 2em;
@ -143,7 +143,7 @@ input, textarea, select, label {
input, select, textarea {
outline: 0;
padding: 0.25em 0.5em;
color: #bdc7b8;
color: #241e1e;
background-color: #bdc7b805;
}

View File

@ -31,7 +31,7 @@
{% if session["account"] %}
<a href="/console">Capsuls</a>
<a href="/console/ssh">SSH Public Keys</a>
<a href="/console/keys">SSH &amp; API Keys</a>
<a href="/console/account-balance">Account Balance</a>
{% endif %}

View File

@ -79,6 +79,10 @@
<label class="align" for="ipv4">IPv4 Address</label>
<span id="ipv4">{{ vm['ipv4'] }}</span>
</div>
<div class="row justify-start">
<label class="align" for="ipv6">IPv6 Address</label>
<span id="ipv6">{{ vm['ipv6'] }}</span>
</div>
<div class="row justify-start">
<label class="align" for="os_description">Operating System</label>
<span id="os_description">{{ vm['os_description'] }}</span>
@ -101,7 +105,7 @@
</div>
<div class="row justify-start">
<label class="align" for="ssh_authorized_keys">SSH Authorized Keys</label>
<a id="ssh_authorized_keys" href="/console/ssh">{{ vm['ssh_authorized_keys'] }}</a>
<a id="ssh_authorized_keys" href="/console/keys">{{ vm['ssh_authorized_keys'] }}</a>
</div>
</div>

View File

@ -31,7 +31,7 @@
<p>(At least one month of funding is required)</p>
{% elif no_ssh_public_keys %}
<p>You don't have any ssh public keys yet.</p>
<p>You must <a href="/console/ssh">upload one</a> before you can create a Capsul.</p>
<p>You must <a href="/console/keys">upload one</a> before you can create a Capsul.</p>
{% elif not capacity_avaliable %}
<p>Host(s) at capacity. No capsuls can be created at this time. sorry. </p>
{% else %}

View File

@ -1,17 +1,18 @@
{% extends 'base.html' %}
{% block title %}SSH Public Keys{% endblock %}
{% block title %}SSH &amp; API Keys{% endblock %}
{% block content %}
<div class="row third-margin">
<h1>SSH PUBLIC KEYS</h1>
</div>
<div class="row third-margin"><div>
{% if has_ssh_public_keys %} <hr/> {% endif %}
{% if ssh_public_keys|length > 0 %} <hr/> {% endif %}
{% for ssh_public_key in ssh_public_keys %}
<form method="post">
<input type="hidden" name="method" value="DELETE"></input>
<input type="hidden" name="action" value="delete_ssh_key"></input>
<input type="hidden" name="name" value="{{ ssh_public_key['name'] }}"></input>
<input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
<div class="row">
@ -22,13 +23,14 @@
</form>
{% endfor %}
{% if has_ssh_public_keys %} <hr/> {% endif %}
{% if ssh_public_keys|length > 0 %} <hr/> {% endif %}
<div class="third-margin">
<h1>UPLOAD A NEW SSH PUBLIC KEY</h1>
</div>
<form method="post">
<input type="hidden" name="method" value="POST"></input>
<input type="hidden" name="action" value="upload_ssh_key"></input>
<input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
<div class="row justify-start">
<label class="align" for="content">File Contents</label>
@ -54,6 +56,51 @@
</div>
</form>
</div></div>
<hr/>
<div class="row third-margin">
<h1>API KEYS</h1>
</div>
<div class="row third-margin"><div>
{% if generated_api_token %}
<hr/>
Generated key:
<span class="code">{{ generated_api_token }}</span>
{% endif %}
{% if api_tokens|length >0 %} <hr/>{% endif %}
{% for api_token in api_tokens %}
<form method="post">
<input type="hidden" name="method" value="DELETE"></input>
<input type="hidden" name="action" value="delete_api_token"></input>
<input type="hidden" name="id" value="{{ api_token['id'] }}"></input>
<input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
<div class="row">
<span class="code">{{ api_token['name'] }}</span>
created {{ api_token['created'].strftime("%b %d %Y") }}
<input type="submit" value="Delete">
</div>
</form>
{% endfor %}
{% if api_tokens|length >0 %} <hr/>{% endif %}
<div class="third-margin">
<h1>GENERATE A NEW API KEY</h1>
</div>
<form method="post">
<input type="hidden" name="method" value="POST"></input>
<input type="hidden" name="action" value="generate_api_token"></input>
<input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
<div class="smalltext">
<p>Generate a new API key, to integrate with other systems.</p>
</div>
<div class="row justify-start">
<label class="align" for="name">Key Name</label>
<input type="text" id="name" name="name"></input> (defaults to creation time)
</div>
<div class="row justify-end">
<input type="submit" value="Generate">
</div>
</form>
</div></div>
{% endblock %}
{% block pagesource %}/templates/ssh-public-keys.html{% endblock %}

View File

@ -2,7 +2,7 @@
<head>
<!-- Namecoin Address: N2aVL6pHtBp7EtNGb3jpsL2L2NyjBNbiB1 -->
<link href="{{ url_for('static', filename='favicon.yolocolo.ico') }}" rel="icon">
<title>{% block title %}{% endblock %}{% if self.title() %} - {% endif %}Capsul</title>
<title>{% block title %}{% endblock %}{% if self.title() %} - {% endif %}Serverscoop</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<meta name="Description" content="Cyberia Capsul">
@ -14,7 +14,7 @@
<nav>
<div class="row justify-space-between half-margin">
<div>
🦉 <a href="/"><b>YOLOCOLO</b></a>
🍞 <a href="/"><b>serverscoop</b></a>
</div>
<div>
&nbsp;
@ -31,7 +31,7 @@
{% if session["account"] %}
<a href="/console">Capsuls</a>
<a href="/console/ssh">SSH Public Keys</a>
<a href="/console/keys">SSH &amp; API Keys</a>
<a href="/console/account-balance">Account Balance</a>
{% endif %}
@ -49,9 +49,7 @@
<footer>
This server runs <a
href="https://giit.cyberia.club/~forest/capsul-flask">capsul-flask</a> by
Cyberia Computer Club, available under the <a
href="https://creativecommons.org/licenses/by-sa/4.0/">Attribution-ShareAlike
4.0 International</a> licence.<br/><br/>
Cyberia Computer Club, available under the GNU AFFERO GENERAL PUBLIC LICENSE.<br/><br/>
<a href="https://git.autonomic.zone/3wordchant/capsul-flask/src/branch/yolocolo/capsulflask{% block pagesource %}{% endblock %}">View page source</a>
</footer>
</body>

View File

@ -3,13 +3,11 @@
{% block content %}
<h1>
<pre>
_ _
_ _ ___ | | ___ ___ ___ | | ___
| | | |/ _ \| |/ _ \ / __/ _ \| |/ _ \
| |_| | (_) | | (_) | (_| (_) | | (_) |
\__, |\___/|_|\___/ \___\___/|_|\___/
|___/
___ ___ _ ____ _____ _ __ ___ ___ ___ ___ _ __
/ __|/ _ \ '__\ \ / / _ \ '__/ __|/ __/ _ \ / _ \| '_ \
\__ \ __/ | \ V / __/ | \__ \ (_| (_) | (_) | |_) |
|___/\___|_| \_/ \___|_| |___/\___\___/ \___/| .__/
|_|
</pre>
<span>Co-operative hosting using <a href="https://cyberia.club">Cyberia</a>'s Capsul</span>
{% endblock %}