Merge branch 'yc-templates' into yolocolo

..to allow accessing config variables in the templates.

This removes the need for adding config variables manually to template
contexts.

.drone.yml

@@ -0,0 +1,14 @@
+---
+kind: pipeline
+name: publish docker image
+steps:
+  - name: build and publish
+    image: plugins/docker
+    settings:
+      username:
+        from_secret: docker_reg_username_3wc
+      password:
+        from_secret: docker_reg_passwd_3wc
+      repo: 3wordchant/capsul-flask
+      tags: latest
+

Dockerfile

@@ -0,0 +1,48 @@
+FROM python:3.8-alpine as build
+
+RUN apk add --no-cache \
+    build-base \
+    gcc \
+    gettext \
+    git \
+    jpeg-dev \
+    libffi-dev \
+    libjpeg \
+    musl-dev \
+    postgresql-dev \
+    python3-dev \
+    zlib-dev
+
+RUN mkdir -p /app/{code,venv}
+WORKDIR /app/code
+COPY Pipfile Pipfile.lock /app/code/
+
+RUN python3 -m venv /app/venv
+RUN pip install pipenv setuptools
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
+RUN pip install wheel cppy
+# Install dependencies into the virtual environment with Pipenv
+RUN pipenv install --deploy --verbose
+
+FROM python:3.8-alpine
+
+RUN apk add --no-cache \
+    cloud-utils \
+    libjpeg \
+    libpq \
+    libstdc++ \
+    libvirt-client \
+    openssh-client \
+    virt-install
+
+COPY . /app/code/
+WORKDIR /app/code
+
+COPY --from=build /app/venv /app/venv
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
+
+CMD ["gunicorn", "--bind", "0.0.0.0:5000", "-k", "gevent", "--worker-connections", "1000", "app:app"]
+
+VOLUME /app/code
+
+EXPOSE 5000

Pipfile

@@ -9,7 +9,6 @@ blinker = "==1.4"
 click = "==7.1.2"
 Flask = "==1.1.2"
 Flask-Mail = "==0.9.1"
-Flask-Testing = "==0.8.1"
 gunicorn = "==20.0.4"
 isort = "==4.3.21"
 itsdangerous = "==1.1.0"

app.py

@@ -1,4 +1,2 @@
 
-from capsulflask import create_app
-
-create_app()
+from capsulflask import app

capsulflask/__init__.py

@@ -8,7 +8,7 @@ import requests
 import sys
 
 import stripe
-from dotenv import find_dotenv, dotenv_values
+from dotenv import load_dotenv, find_dotenv
 from flask import Flask
 from flask_mail import Mail, Message
 from flask import render_template
@@ -22,68 +22,77 @@ from capsulflask import hub_model, spoke_model, cli
 from capsulflask.btcpay import client as btcpay
 from capsulflask.http_client import MyHTTPClient
 
-
 class StdoutMockFlaskMail:
     def send(self, message: Message):
       current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")
 
-def create_app():
 
-  config = {
-      **dotenv_values(find_dotenv()),
-      **os.environ,  # override loaded values with environment variables
-  }
+load_dotenv(find_dotenv())
 
-  app = Flask(__name__)
+for var_name in [
+  "SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",
+  "BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
+]:
+  var = os.environ.get(f"{var_name}_FILE")
+  if not var:
+    continue
 
-  app.config.from_mapping(
-    TESTING=config.get("TESTING", False),
-    BASE_URL=config.get("BASE_URL", "http://localhost:5000"),
-    SECRET_KEY=config.get("SECRET_KEY", "dev"),
-    HUB_MODE_ENABLED=config.get("HUB_MODE_ENABLED", "True").lower() in ['true', '1', 't', 'y', 'yes'],
-    SPOKE_MODE_ENABLED=config.get("SPOKE_MODE_ENABLED", "True").lower() in ['true', '1', 't', 'y', 'yes'],
-    INTERNAL_HTTP_TIMEOUT_SECONDS=config.get("INTERNAL_HTTP_TIMEOUT_SECONDS", "300"),
-    HUB_MODEL=config.get("HUB_MODEL", "capsul-flask"),
-    SPOKE_MODEL=config.get("SPOKE_MODEL", "mock"),
-    LOG_LEVEL=config.get("LOG_LEVEL", "INFO"),
-    SPOKE_HOST_ID=config.get("SPOKE_HOST_ID", "baikal"),
-    SPOKE_HOST_TOKEN=config.get("SPOKE_HOST_TOKEN", "changeme"),
-    HUB_TOKEN=config.get("HUB_TOKEN", "changeme"),
+  if not os.path.isfile(var):
+    continue
+
+  with open(var) as secret_file:
+    os.environ[var_name] = secret_file.read().rstrip('\n')
+  del os.environ[f"{var_name}_FILE"]
+
+app = Flask(__name__)
+
+app.config.from_mapping(
+  BASE_URL=os.environ.get("BASE_URL", default="http://localhost:5000"),
+  SECRET_KEY=os.environ.get("SECRET_KEY", default="dev"),
+  HUB_MODE_ENABLED=os.environ.get("HUB_MODE_ENABLED", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
+  SPOKE_MODE_ENABLED=os.environ.get("SPOKE_MODE_ENABLED", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
+  INTERNAL_HTTP_TIMEOUT_SECONDS=os.environ.get("INTERNAL_HTTP_TIMEOUT_SECONDS", default="300"),
+  HUB_MODEL=os.environ.get("HUB_MODEL", default="capsul-flask"),
+  SPOKE_MODEL=os.environ.get("SPOKE_MODEL", default="mock"),
+  LOG_LEVEL=os.environ.get("LOG_LEVEL", default="INFO"),
+  SPOKE_HOST_ID=os.environ.get("SPOKE_HOST_ID", default="baikal"),
+  SPOKE_HOST_TOKEN=os.environ.get("SPOKE_HOST_TOKEN", default="changeme"),
+  HUB_TOKEN=os.environ.get("HUB_TOKEN", default="changeme"),
 
   # https://www.postgresql.org/docs/9.1/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
   # https://stackoverflow.com/questions/56332906/where-to-put-ssl-certificates-when-trying-to-connect-to-a-remote-database-using
   # TLS example: sslmode=verify-full sslrootcert=letsencrypt-root-ca.crt host=db.example.com port=5432 user=postgres password=dev dbname=postgres
-    POSTGRES_CONNECTION_PARAMETERS=config.get(
+  POSTGRES_CONNECTION_PARAMETERS=os.environ.get(
     "POSTGRES_CONNECTION_PARAMETERS", 
-      "host=localhost port=5432 user=postgres password=dev dbname=postgres"
+    default="host=localhost port=5432 user=postgres password=dev dbname=postgres"
   ),
 
-    DATABASE_SCHEMA=config.get("DATABASE_SCHEMA", "public"),
+  DATABASE_SCHEMA=os.environ.get("DATABASE_SCHEMA", default="public"),
 
-    MAIL_SERVER=config.get("MAIL_SERVER", ""),
-    MAIL_PORT=config.get("MAIL_PORT", "465"),
-    MAIL_USE_TLS=config.get("MAIL_USE_TLS", "False").lower() in ['true', '1', 't', 'y', 'yes'],
-    MAIL_USE_SSL=config.get("MAIL_USE_SSL", "True").lower() in ['true', '1', 't', 'y', 'yes'],
-    MAIL_USERNAME=config.get("MAIL_USERNAME", ""),
-    MAIL_PASSWORD=config.get("MAIL_PASSWORD", ""),
-    MAIL_DEFAULT_SENDER=config.get("MAIL_DEFAULT_SENDER", "no-reply@capsul.org"),
-    ADMIN_EMAIL_ADDRESSES=config.get("ADMIN_EMAIL_ADDRESSES", "ops@cyberia.club"),
-    ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=config.get("ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES", "forest.n.johnson@gmail.com,capsul@cyberia.club"),
+  MAIL_SERVER=os.environ.get("MAIL_SERVER", default=""),
+  MAIL_PORT=os.environ.get("MAIL_PORT", default="465"),
+  MAIL_USE_TLS=os.environ.get("MAIL_USE_TLS", default="False").lower() in ['true', '1', 't', 'y', 'yes'],
+  MAIL_USE_SSL=os.environ.get("MAIL_USE_SSL", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
+  MAIL_USERNAME=os.environ.get("MAIL_USERNAME", default=""),
+  MAIL_PASSWORD=os.environ.get("MAIL_PASSWORD", default=""),
+  MAIL_DEFAULT_SENDER=os.environ.get("MAIL_DEFAULT_SENDER", default="no-reply@capsul.org"),
+  ADMIN_EMAIL_ADDRESSES=os.environ.get("ADMIN_EMAIL_ADDRESSES", default="ops@cyberia.club"),
+  ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=os.environ.get("ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES", default="forest.n.johnson@gmail.com,capsul@cyberia.club"),
 
-    PROMETHEUS_URL=config.get("PROMETHEUS_URL", "https://prometheus.cyberia.club"),
+  PROMETHEUS_URL=os.environ.get("PROMETHEUS_URL", default="https://prometheus.cyberia.club"),
 
-    STRIPE_API_VERSION=config.get("STRIPE_API_VERSION", "2020-03-02"),
-    STRIPE_SECRET_KEY=config.get("STRIPE_SECRET_KEY", ""),
-    STRIPE_PUBLISHABLE_KEY=config.get("STRIPE_PUBLISHABLE_KEY", ""),
-    #STRIPE_WEBHOOK_SECRET=config.get("STRIPE_WEBHOOK_SECRET", "")
+  STRIPE_API_VERSION=os.environ.get("STRIPE_API_VERSION", default="2020-03-02"),
+  STRIPE_SECRET_KEY=os.environ.get("STRIPE_SECRET_KEY", default=""),
+  STRIPE_PUBLISHABLE_KEY=os.environ.get("STRIPE_PUBLISHABLE_KEY", default=""),
+  #STRIPE_WEBHOOK_SECRET=os.environ.get("STRIPE_WEBHOOK_SECRET", default="")
 
-    BTCPAY_PRIVATE_KEY=config.get("BTCPAY_PRIVATE_KEY", "").replace("\\n", "\n"),
-    BTCPAY_URL=config.get("BTCPAY_URL", "https://btcpay.cyberia.club")
-  )
+  BTCPAY_PRIVATE_KEY=os.environ.get("BTCPAY_PRIVATE_KEY", default="").replace("\\n", "\n"),
+  BTCPAY_URL=os.environ.get("BTCPAY_URL", default="https://btcpay.cyberia.club")
+)
 
-  app.config['HUB_URL'] = config.get("HUB_URL", app.config['BASE_URL'])
+app.config['HUB_URL'] = os.environ.get("HUB_URL", default=app.config['BASE_URL'])
 
-  class SetLogLevelToDebugForHeartbeatRelatedMessagesFilter(logging.Filter):
+class SetLogLevelToDebugForHeartbeatRelatedMessagesFilter(logging.Filter):
   def isHeartbeatRelatedString(self, thing):
     # thing_string = "<error>"
     is_in_string = False
@@ -107,7 +116,7 @@ def create_app():
 
     return True
 
-  logging_dict_config({
+logging_dict_config({
   'version': 1,
   'formatters': {'default': {
     'format': '[%(asctime)s] %(levelname)s in %(module)s: %(message)s',
@@ -127,7 +136,7 @@ def create_app():
     'level': app.config['LOG_LEVEL'],
     'handlers': ['wsgi']
   }
-  })
+})
 
 # app.logger.critical("critical")
 # app.logger.error("error")
@@ -135,40 +144,37 @@ def create_app():
 # app.logger.info("info")
 # app.logger.debug("debug")
 
-  stripe.api_key = app.config['STRIPE_SECRET_KEY']
-  stripe.api_version = app.config['STRIPE_API_VERSION']
+stripe.api_key = app.config['STRIPE_SECRET_KEY']
+stripe.api_version = app.config['STRIPE_API_VERSION']
 
-  if app.config['MAIL_SERVER'] != "":
+if app.config['MAIL_SERVER'] != "":
   app.config['FLASK_MAIL_INSTANCE'] = Mail(app)
-  else:
+else:
   app.logger.warning("No MAIL_SERVER configured. capsul will simply print emails to stdout.")
   app.config['FLASK_MAIL_INSTANCE'] = StdoutMockFlaskMail()
 
-  app.config['HTTP_CLIENT'] = MyHTTPClient(timeout_seconds=int(app.config['INTERNAL_HTTP_TIMEOUT_SECONDS']))
+app.config['HTTP_CLIENT'] = MyHTTPClient(timeout_seconds=int(app.config['INTERNAL_HTTP_TIMEOUT_SECONDS']))
 
-  try:
+try:
   app.config['BTCPAY_CLIENT'] = btcpay.Client(api_uri=app.config['BTCPAY_URL'], pem=app.config['BTCPAY_PRIVATE_KEY'])
-  except:
+except:
   app.logger.warning("unable to create btcpay client. Capsul will work fine except cryptocurrency payments will not work. The error was: " + my_exec_info_message(sys.exc_info()))
 
 # only start the scheduler and attempt to migrate the database if we are running the app.
 # otherwise we are running a CLI command.
-  command_line = ' '.join(sys.argv)
-  is_running_server = (
-    ('flask run' in command_line) or
-    ('gunicorn' in command_line) or
-    ('test' in command_line)
-  )
+command_line = ' '.join(sys.argv)
+is_running_server = ('flask run' in command_line) or ('gunicorn' in command_line)
 
-  app.logger.info(f"is_running_server: {is_running_server}")
+app.logger.info(f"is_running_server: {is_running_server}")
+
+if app.config['HUB_MODE_ENABLED']:
 
-  if app.config['HUB_MODE_ENABLED']:
   if app.config['HUB_MODEL'] == "capsul-flask":
     app.config['HUB_MODEL'] = hub_model.CapsulFlaskHub()
 
     # debug mode (flask reloader) runs two copies of the app. When running in debug mode,
     # we only want to start the scheduler one time.
-      if is_running_server and (not app.debug or config.get('WERKZEUG_RUN_MAIN') == 'true'):
+    if is_running_server and (not app.debug or os.environ.get('WERKZEUG_RUN_MAIN') == 'true'):
       scheduler = BackgroundScheduler()
       heartbeat_task_url = f"{app.config['HUB_URL']}/hub/heartbeat-task"
       heartbeat_task_headers = {'Authorization': f"Bearer {app.config['HUB_TOKEN']}"}
@@ -184,23 +190,23 @@ def create_app():
   from capsulflask import db
   db.init_app(app, is_running_server)
 
-  from capsulflask import (
-    auth, landing, console, payment, metrics, cli, hub_api, publicapi, admin
-  )
+  from capsulflask import auth, landing, console, payment, metrics, cli, hub_api, admin
 
-  app.register_blueprint(auth.bp)
   app.register_blueprint(landing.bp)
+  app.register_blueprint(auth.bp)
   app.register_blueprint(console.bp)
   app.register_blueprint(payment.bp)
   app.register_blueprint(metrics.bp)
   app.register_blueprint(cli.bp)
   app.register_blueprint(hub_api.bp)
   app.register_blueprint(admin.bp)
-  app.register_blueprint(publicapi.bp)
 
   app.add_url_rule("/", endpoint="index")
 
-  if app.config['SPOKE_MODE_ENABLED']:
+
+
+if app.config['SPOKE_MODE_ENABLED']:
+
   if app.config['SPOKE_MODEL'] == "shell-scripts":
     app.config['SPOKE_MODEL'] = spoke_model.ShellScriptSpoke()
   else:
@@ -210,8 +216,8 @@ def create_app():
 
   app.register_blueprint(spoke_api.bp)
 
-  @app.after_request
-  def security_headers(response):
+@app.after_request
+def security_headers(response):
   response.headers['X-Frame-Options'] = 'SAMEORIGIN'
   if 'Content-Security-Policy' not in response.headers:
     response.headers['Content-Security-Policy'] = "default-src 'self'"
@@ -219,8 +225,8 @@ def create_app():
   return response
 
 
-  @app.context_processor
-  def override_url_for():
+@app.context_processor
+def override_url_for():
   """
   override the url_for function built into flask 
   with our own custom implementation that busts the cache correctly when files change 
@@ -228,7 +234,11 @@ def create_app():
   return dict(url_for=url_for_with_cache_bust)
 
 
-  def url_for_with_cache_bust(endpoint, **values):
+@app.context_processor
+def load_config_vars():
+  return dict(config=app.config)
+
+def url_for_with_cache_bust(endpoint, **values):
   """
   Add a query parameter based on the hash of the file, this acts as a cache bust
   """
@@ -252,5 +262,3 @@ def create_app():
       values['q'] = current_app.config['STATIC_FILE_HASH_CACHE'][filename]
 
   return url_for(endpoint, **values)
-
-  return app

capsulflask/auth.py

@@ -1,4 +1,3 @@
-from base64 import b64decode
 import functools
 import re
 
@@ -25,15 +24,6 @@ def account_required(view):
 
     @functools.wraps(view)
     def wrapped_view(**kwargs):
-        api_token = request.headers.get('authorization', None)
-        if api_token is not None:
-            email = get_model().authenticate_token(b64decode(api_token).decode('utf-8'))
-
-            if email is not None:
-                session.clear()
-                session["account"] = email
-                session["csrf-token"] = generate()
-
         if session.get("account") is None or session.get("csrf-token") is None :
             return redirect(url_for("auth.login"))
 
@@ -41,6 +31,7 @@ def account_required(view):
 
     return wrapped_view
 
+
 def admin_account_required(view):
     """View decorator that redirects non-admin users to the login page."""
 

capsulflask/console.py

@@ -1,9 +1,7 @@
-from base64 import b64encode
-from datetime import datetime, timedelta
-import json
 import re
 import sys
-
+import json
+from datetime import datetime, timedelta
 from flask import Blueprint
 from flask import flash
 from flask import current_app
@@ -100,6 +98,7 @@ def index():
 @bp.route("/<string:id>", methods=("GET", "POST"))
 @account_required
 def detail(id):
+
   duration=request.args.get('duration')
   if not duration:
     duration = "5m"
@@ -189,67 +188,6 @@ def detail(id):
       duration=duration
     )
 
-def _create(vm_sizes, operating_systems, public_keys_for_account, server_data):
-  errors = list()
-
-  size = server_data.get("size")
-  os = server_data.get("os")
-  posted_keys_count = int(server_data.get("ssh_authorized_key_count"))
-
-  if not size:
-    errors.append("Size is required")
-  elif size not in vm_sizes:
-    errors.append(f"Invalid size {size}")
-
-  if not os:
-    errors.append("OS is required")
-  elif os not in operating_systems:
-    errors.append(f"Invalid os {os}")
-
-  posted_keys = list()
-
-  if posted_keys_count > 1000:
-    errors.append("something went wrong with ssh keys")
-  else:
-    for i in range(0, posted_keys_count):
-      if f"ssh_key_{i}" in server_data:
-        posted_name = server_data.get(f"ssh_key_{i}")
-        key = None
-        for x in public_keys_for_account:
-          if x['name'] == posted_name:
-            key = x
-        if key:
-          posted_keys.append(key)
-        else:
-          errors.append(f"SSH Key \"{posted_name}\" doesn't exist")
-
-  if len(posted_keys) == 0:
-    errors.append("At least one SSH Public Key is required")
-
-  capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(
-    vm_sizes[size]['memory_mb']*1024*1024
-  )
-
-  if not capacity_avaliable:
-    errors.append("""
-      host(s) at capacity. no capsuls can be created at this time. sorry. 
-    """)
-
-  if len(errors) == 0:
-    id = make_capsul_id()
-    current_app.config["HUB_MODEL"].create(
-      email = session["account"],
-      id=id,
-      os=os,
-      size=size,
-      template_image_file_name=operating_systems[os]['template_image_file_name'],
-      vcpus=vm_sizes[size]['vcpus'],
-      memory_mb=vm_sizes[size]['memory_mb'],
-      ssh_authorized_keys=list(map(lambda x: x["content"], posted_keys))
-    )
-    return id, errors
-
-  return None, errors
 
 @bp.route("/create", methods=("GET", "POST"))
 @account_required
@@ -264,12 +202,62 @@ def create():
   if request.method == "POST":
     if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
       return abort(418, f"u want tea")
-    id, errors = _create(
-      vm_sizes, 
-      operating_systems,
-      public_keys_for_account,
-      request.form)
+
+    size = request.form["size"]
+    os = request.form["os"]
+    if not size:
+      errors.append("Size is required")
+    elif size not in vm_sizes:
+      errors.append(f"Invalid size {size}")
+
+    if not os:
+      errors.append("OS is required")
+    elif os not in operating_systems:
+      errors.append(f"Invalid os {os}")
+
+    posted_keys_count = int(request.form["ssh_authorized_key_count"])
+    posted_keys = list()
+
+    if posted_keys_count > 1000:
+      errors.append("something went wrong with ssh keys")
+    else:
+      for i in range(0, posted_keys_count):
+        if f"ssh_key_{i}" in request.form:
+          posted_name = request.form[f"ssh_key_{i}"]
+          key = None
+          for x in public_keys_for_account:
+            if x['name'] == posted_name:
+              key = x
+          if key:
+            posted_keys.append(key)
+          else:
+            errors.append(f"SSH Key \"{posted_name}\" doesn't exist")
+
+    if len(posted_keys) == 0:
+      errors.append("At least one SSH Public Key is required")
+
+    capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(vm_sizes[size]['memory_mb']*1024*1024)
+
+    if not capacity_avaliable:
+      errors.append("""
+        host(s) at capacity. no capsuls can be created at this time. sorry. 
+      """)
+
     if len(errors) == 0:
+      id = make_capsul_id()
+      # we can't create the vm record in the DB yet because its IP address needs to be allocated first.
+      # so it will be created when the allocation happens inside the hub_api.
+      current_app.config["HUB_MODEL"].create(
+        email = session["account"],
+        id=id,
+        os=os,
+        size=size,
+        template_image_file_name=operating_systems[os]['template_image_file_name'],
+        vcpus=vm_sizes[size]['vcpus'],
+        memory_mb=vm_sizes[size]['memory_mb'],
+        ssh_authorized_keys=list(map(lambda x: dict(name=x['name'], content=x['content']), posted_keys)) 
+      )
+      
       return redirect(f"{url_for('console.index')}?created={id}")
   
   affordable_vm_sizes = dict()
@@ -299,25 +287,23 @@ def create():
     vm_sizes=affordable_vm_sizes
   )
 
-@bp.route("/keys", methods=("GET", "POST"))
+@bp.route("/ssh", methods=("GET", "POST"))
 @account_required
-def ssh_api_keys():
+def ssh_public_keys():
   errors = list()
 
-  token = None
-
   if request.method == "POST":
     if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
       return abort(418, f"u want tea")
       
-    action = request.form["action"]
-
-    if action == 'upload_ssh_key':
+    method = request.form["method"]
     content = None
+    if method == "POST":
       content = request.form["content"].replace("\r", " ").replace("\n", " ").strip()
       
     name = request.form["name"]
     if not name or len(name.strip()) < 1:
+      if method == "POST":
         parts = re.split(" +", content)
         if len(parts) > 2 and len(parts[2].strip()) > 0:
           name = parts[2].strip()
@@ -328,6 +314,7 @@ def ssh_api_keys():
     if not re.match(r"^[0-9A-Za-z_@:. -]+$", name):
       errors.append(f"Key name '{name}' must match \"^[0-9A-Za-z_@:. -]+$\"")
 
+    if method == "POST":
       if not content or len(content.strip()) < 1:
         errors.append("Content is required")
       else:
@@ -340,36 +327,24 @@ def ssh_api_keys():
       if len(errors) == 0:
         get_model().create_ssh_public_key(session["account"], name, content)
 
-    elif action == "delete_ssh_key":
+    elif method == "DELETE":
+
+      if len(errors) == 0:
         get_model().delete_ssh_public_key(session["account"], name)
 
-    elif action == "generate_api_token":
-      name = request.form["name"]
-      if name == '':
-          name = datetime.utcnow().strftime('%y-%m-%d %H:%M:%S')
-      token = b64encode(
-        get_model().generate_api_token(session["account"], name).encode('utf-8')
-      ).decode('utf-8')
-
-    elif action == "delete_api_token":
-      get_model().delete_api_token(session["account"], request.form["id"])
-
   for error in errors:
     flash(error)
 
-  ssh_keys_list=list(map(
+  keys_list=list(map(
     lambda x: dict(name=x['name'], content=f"{x['content'][:20]}...{x['content'][len(x['content'])-20:]}"), 
     get_model().list_ssh_public_keys_for_account(session["account"])
   ))
 
-  api_tokens_list = get_model().list_api_tokens(session["account"])
-
   return render_template(
-    "keys.html", 
+    "ssh-public-keys.html", 
     csrf_token = session["csrf-token"],
-    api_tokens=api_tokens_list, 
-    ssh_public_keys=ssh_keys_list,
-    generated_api_token=token,
+    ssh_public_keys=keys_list, 
+    has_ssh_public_keys=len(keys_list) > 0
   )
 
 def get_vms():
@@ -393,6 +368,7 @@ def get_vm_months_float(vm, as_of):
   return days / average_number_of_days_in_a_month
 
 def get_account_balance(vms, payments, as_of):
+
   vm_cost_dollars = 0.0
   for vm in vms:
     vm_months = get_vm_months_float(vm, as_of)
@@ -405,6 +381,7 @@ def get_account_balance(vms, payments, as_of):
 @bp.route("/account-balance")
 @account_required
 def account_balance():
+
   payment_sessions = get_model().list_payment_sessions_for_account(session['account'])
   for payment_session in payment_sessions:
     if payment_session['type'] == 'btcpay':

capsulflask/db.py

@@ -33,7 +33,7 @@ def init_app(app, is_running_server):
     result = re.search(r"^\d+_(up|down)", filename)
     if not result:
       app.logger.error(f"schemaVersion {filename} must match ^\\d+_(up|down). exiting.")
-      continue
+      exit(1)
     key = result.group()
     with open(join(schemaMigrationsPath, filename), 'rb') as file:
       schemaMigrations[key] = file.read().decode("utf8")
@@ -43,7 +43,7 @@ def init_app(app, is_running_server):
   hasSchemaVersionTable = False
   actionWasTaken = False
   schemaVersion = 0
-  desiredSchemaVersion = 19
+  desiredSchemaVersion = 18
 
   cursor = connection.cursor()
 
@@ -128,3 +128,4 @@ def close_db(e=None):
   if db_model is not None:
     db_model.cursor.close()
     current_app.config['PSYCOPG2_CONNECTION_POOL'].putconn(db_model.connection)
+

capsulflask/db_model.py

@@ -1,8 +1,8 @@
+
 import re
 
 # I was never able to get this type hinting to work correctly 
 # from psycopg2.extensions import connection as Psycopg2Connection, cursor as Psycopg2Cursor
-import hashlib
 from nanoid import generate
 from flask import current_app
 from typing import List
@@ -17,6 +17,7 @@ class DBModel:
     self.cursor = cursor
 
 
+
   #     ------    LOGIN     ---------     
 
 
@@ -43,16 +44,6 @@ class DBModel:
 
     return (token, ignoreCaseMatches)
     
-  def authenticate_token(self, token):
-    m = hashlib.md5()
-    m.update(token.encode('utf-8'))
-    hash_token = m.hexdigest()
-    self.cursor.execute("SELECT email FROM api_tokens WHERE token = %s", (hash_token, ))
-    result = self.cursor.fetchall()
-    if len(result) == 1:
-      return result[0]
-    return None
-    
   def consume_token(self, token):
     self.cursor.execute("SELECT email FROM login_tokens WHERE token = %s and created > (NOW() - INTERVAL '20 min')", (token, ))
     row = self.cursor.fetchone()
@@ -141,32 +132,6 @@ class DBModel:
     self.cursor.execute( "DELETE FROM ssh_public_keys where email = %s AND name = %s", (email, name) )
     self.connection.commit()
 
-  def list_api_tokens(self, email):
-    self.cursor.execute(
-      "SELECT id, token, name, created FROM api_tokens WHERE email = %s", 
-      (email, )
-    )
-    return list(map(
-      lambda x: dict(id=x[0], token=x[1], name=x[2], created=x[3]), 
-      self.cursor.fetchall()
-    ))
-
-  def generate_api_token(self, email, name):
-    token = generate()
-    m = hashlib.md5()
-    m.update(token.encode('utf-8'))
-    hash_token = m.hexdigest()
-    self.cursor.execute(
-      "INSERT INTO api_tokens (email, name, token) VALUES (%s, %s, %s)", 
-      (email, name, hash_token)
-    )
-    self.connection.commit()
-    return token
-
-  def delete_api_token(self, email, id_):
-    self.cursor.execute( "DELETE FROM api_tokens where email = %s AND id = %s", (email, id_))
-    self.connection.commit()
-
   def list_vms_for_account(self, email):
     self.cursor.execute(""" 
       SELECT vms.id, vms.public_ipv4, vms.public_ipv6, vms.size, vms.os, vms.created, vms.deleted, vm_sizes.dollars_per_month
@@ -514,3 +479,8 @@ class DBModel:
     #cursor.close()
 
     return to_return
+      
+
+
+
+

capsulflask/hub_model.py

@@ -215,11 +215,12 @@ class CapsulFlaskHub(VirtualizationInterface):
         # no need to do anything here since if it cant be parsed then generic_operation will handle it.
         pass
 
+    if error_message != "":
+      raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts} failed with {error_message}")
+      
     if number_of_assigned != 1:
       assigned_hosts_string = ", ".join(assigned_hosts)
       raise ValueError(f"expected create capsul operation {operation_id} to be assigned to one host, it was assigned to {number_of_assigned} ({assigned_hosts_string})")
-    if error_message != "":
-      raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts_string} failed with {error_message}")
       
 
   def destroy(self, email: str, id: str):

capsulflask/payment.py

@@ -48,6 +48,10 @@ def validate_dollars():
 def btcpay_payment():
   errors = list()
 
+  if current_app.config['BTCPAY_PRIVATE_KEY'] == "":
+    flash("BTCPay is not enabled on this server")
+    return redirect(url_for("console.account_balance"))
+
   if request.method == "POST":
     result = validate_dollars()
     errors = result[0]

capsulflask/publicapi.py

@@ -1,40 +0,0 @@
-import datetime
-
-from flask import Blueprint
-from flask import current_app
-from flask import jsonify
-from flask import request
-from flask import session
-from nanoid import generate
-
-from capsulflask.auth import account_required
-from capsulflask.db import get_model
-
-bp = Blueprint("publicapi", __name__, url_prefix="/api")
-
-@bp.route("/capsul/create", methods=["POST"])
-@account_required
-def capsul_create():
-    email = session["account"]
-    
-    from .console import _create,get_account_balance, get_payments, get_vms
-
-    vm_sizes = get_model().vm_sizes_dict()
-    operating_systems = get_model().operating_systems_dict()
-    public_keys_for_account = get_model().list_ssh_public_keys_for_account(session["account"])
-    account_balance = get_account_balance(get_vms(), get_payments(), datetime.datetime.utcnow())
-    capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
-
-    request.json['ssh_authorized_key_count'] = 1
-
-    id, errors = _create(
-      vm_sizes, 
-      operating_systems,
-      public_keys_for_account,
-      request.json)
-
-    if id is not None:
-        return jsonify(
-            id=id,
-        )
-    return jsonify(errors=errors)

capsulflask/schema_migrations/19_down_api_tokens.py

@@ -1,2 +0,0 @@
-DROP TABLE api_keys;
-UPDATE schemaversion SET version = 18;

capsulflask/schema_migrations/19_up_api_tokens.py

@@ -1,9 +0,0 @@
-CREATE TABLE api_tokens (
-  id                 SERIAL PRIMARY KEY,
-  email              TEXT REFERENCES accounts(email) ON DELETE RESTRICT,
-  name               TEXT NOT NULL,
-  created            TIMESTAMP NOT NULL DEFAULT NOW(),
-  token              TEXT NOT NULL
-);
-
-UPDATE schemaversion SET version = 19;

capsulflask/shell_scripts/capacity-avaliable.sh

@@ -3,7 +3,7 @@
 # check available RAM and IPv4s
 
 ram_bytes_to_allocate="$1"
-ram_bytes_available=$(grep -E "^(size|memory_available_bytes)" /proc/spl/kstat/zfs/arcstats | awk '{sum+=$3} END {printf "%.0f", sum}')
+ram_bytes_available="$(($(grep Available /proc/meminfo | grep -o '[0-9]*') * 1024))"
 ram_bytes_remainder="$((ram_bytes_available - ram_bytes_to_allocate))"
 
 if echo "$ram_bytes_to_allocate" | grep -vqE "^[0-9]+$"; then
@@ -11,8 +11,8 @@ if echo "$ram_bytes_to_allocate" | grep -vqE "^[0-9]+$"; then
   exit 1
 fi
 
-# 20GB
-if [ "$ram_bytes_remainder" -le $((20 * 1024 * 1024 * 1024)) ]; then
+# 0.25GB
+if [ "$ram_bytes_remainder" -le $((1 * 1024 * 1024 * 1024 / 4)) ]; then
   echo "VM is requesting more RAM than $(hostname -f) has available."
   echo "Bytes requested: $ram_bytes_to_allocate"
   echo "Bytes available: $ram_bytes_available"

capsulflask/shell_scripts/create.sh

@@ -6,6 +6,7 @@
 
 vmname="$1"
 template_file="/tank/img/$2"
+qemu_tank_dir="/tank"
 vcpus="$3"
 memory="$4"
 pubkeys="$5"
@@ -50,40 +51,40 @@ if echo "$public_ipv4" | grep -vqE "^[0-9.]+$"; then
   exit 1
 fi
 
-disk="/tank/vm/$vmname.qcow2"
-cdrom="/tank/vm/$vmname.iso"
-xml="/tank/vm/$vmname.xml"
+disk="$vmname.qcow2"
+cdrom="$vmname.iso"
+xml="$vmname.xml"
 
 if [ -f /tank/vm/$vmname.qcow2 ]; then
     echo "Randomly generated name matched an existing VM! Odds are like one in a billion. Buy a lotto ticket."
     exit 1
 fi
 
-cp "$template_file" "$disk"
+cp "$template_file" "/tank/vm/$disk"
 cp /tank/config/cyberia-cloudinit.yml /tmp/cloudinit.yml
 echo "$pubkeys" | while IFS= read -r line; do
   echo "      - $line" >> /tmp/cloudinit.yml
 done
 
-cloud-localds "$cdrom" /tmp/cloudinit.yml
+cloud-localds "/tank/vm/$cdrom" /tmp/cloudinit.yml
 
-qemu-img resize "$disk" "$root_volume_size"
+qemu-img resize "/tank/vm/$disk" "$root_volume_size"
 virt-install \
     --memory "$memory" \
     --vcpus "$vcpus" \
     --name "$vmname" \
-    --disk "$disk",bus=virtio \
-    --disk "$cdrom",device=cdrom \
+    --disk "$qemu_tank_dir/vm/$disk",bus=virtio \
+    --disk "$qemu_tank_dir/vm/$cdrom",device=cdrom \
     --os-type Linux \
     --os-variant generic \
     --virt-type kvm \
     --graphics vnc,listen=127.0.0.1 \
-    --network network=$network_name,filterref=clean-traffic,model=virtio \
+    --network network=$network_name,model=virtio \
     --import \
-    --print-xml > "$xml"
+    --print-xml > "/tank/vm/$xml"
 
-chmod 0600 "$xml" "$disk" "$cdrom"
-virsh define "$xml"
+chmod 0600 "/tank/vm/$xml" "/tank/vm/$disk" "/tank/vm/$cdrom"
+virsh define "/tank/vm/$xml"
 virsh start "$vmname"
 
 echo "success"

capsulflask/templates/account-balance.html

@@ -46,7 +46,9 @@
             <a href="/payment/stripe">Add funds with Credit/Debit (stripe)</a>
             <ul><li>notice: stripe will load nonfree javascript </li></ul>
           </li>
+          {% if config['BTCPAY_PRIVATE_KEY'] != "" %}
           <li><a href="/payment/btcpay">Add funds with Bitcoin/Litecoin/Monero (btcpay)</a></li>
+          {% endif %}
     
           <li>Cash: email <a href="mailto:treasurer@cyberia.club">treasurer@cyberia.club</a></li>
         </ul>

capsulflask/templates/base.html

@@ -13,7 +13,7 @@
 <nav>
   <div class="row justify-space-between half-margin">
     <div>
-      <a href="/"><b>Capsul</b></a>💊
+      <a href="/"><b>YOLOCOLO</b></a>💊
     </div>
     <div>
       &nbsp;
@@ -27,11 +27,10 @@
   <div class="row justify-center half-margin wrap nav-links">
     <a href="/pricing">Pricing</a>
     <a href="/faq">FAQ</a>
-    <a href="/changelog">Changelog</a>
 
     {% if session["account"] %} 
       <a href="/console">Capsuls</a>
-      <a href="/console/keys">SSH &amp; API Keys</a>
+      <a href="/console/ssh">SSH Public Keys</a>
       <a href="/console/account-balance">Account Balance</a>
     {% endif %}
 
@@ -47,11 +46,12 @@
 </main>
 {% block subcontent %}{% endblock %}
 <footer>
-  (c) Attribution-ShareAlike 4.0 International <br/>
-  &nbsp;&nbsp;&nbsp;&nbsp;A service by Cyberia Computer Club 2020-<span class="bigtext">∞</span> <br/>
-  <br/>
-  <br/>
-  <a href="https://giit.cyberia.club/~forest/capsul-flask/tree/master/capsulflask{% block pagesource %}{% endblock %}">View page source</a>
+  This server runs <a
+    href="https://giit.cyberia.club/~forest/capsul-flask">capsul-flask</a> by
+  Cyberia Computer Club, available under the <a
+    href="https://creativecommons.org/licenses/by-sa/4.0/">Attribution-ShareAlike
+    4.0 International</a> licence.<br/><br/>
+  <a href="https://git.autonomic.zone/3wordchant/capsul-flask/src/branch/yolocolo/capsulflask{% block pagesource %}{% endblock %}">View page source</a>
 </footer>
 </body>
 </html>

capsulflask/templates/capsul-detail.html

@@ -101,7 +101,7 @@
       </div>
       <div class="row justify-start">
         <label class="align" for="ssh_authorized_keys">SSH Authorized Keys</label>
-        <a id="ssh_authorized_keys" href="/console/keys">{{ vm['ssh_authorized_keys'] }}</a>
+        <a id="ssh_authorized_keys" href="/console/ssh">{{ vm['ssh_authorized_keys'] }}</a>
       </div>
       
     </div>

capsulflask/templates/create-capsul.html

@@ -31,7 +31,7 @@
     <p>(At least one month of funding is required)</p>
   {% elif no_ssh_public_keys %}
     <p>You don't have any ssh public keys yet.</p> 
-    <p>You must <a href="/console/keys">upload one</a> before you can create a Capsul.</p>
+    <p>You must <a href="/console/ssh">upload one</a> before you can create a Capsul.</p>
   {% elif not capacity_avaliable %}
     <p>Host(s) at capacity. No capsuls can be created at this time. sorry. </p> 
   {% else %}

capsulflask/templates/faq.html

@@ -10,81 +10,32 @@
 <p>
  <ul>
    <li>
-     Which instance type should I buy?
-     <p>There are no hard rules for this sort of thing, but here are some guidelines:</p>
-     <p>f1-xs: blog, vpn, bot, cgit</p>
-     <p>f1-s: a bot, owncloud, gitea, popular blog</p>
-     <p>f1-m: docker host, build system</p>
-     <p>f1-l: large webservice, rotund java app</p>
-     <p>f1-x: gitlab (wow such memory very devops</p>
-     <p>f1-xx: something gargantuan</p>
-   </li>
-   <li>
-     How do I log in?
-     <p>ssh to the ip provided to you using the cyberian user.</p>
-     <pre class='code'>$ ssh cyberian@1.2.3.4</pre>
-   </li>
-   <li>
-     How do I change to the root user?
-     <p>The cyberian user has passwordless sudo access by default. This should work:</p>
-     <pre class='code'>
-# Linux
-$ sudo su -
-
-# OpenBSD
-$ doas su -</pre>
-   </li>
-   <li>
-     Do you offer reverse DNS?
-     <p>We do, but right now it's a manual process. Shoot us an email and we'll get it done.</p>
-   </li>
-   <li>
-    What if I don't pay / don't maintain my payments?
-    <p>Your VM will eventually be deleted.
-       Capsul will send you a few inoffensive reminders as that termination date approaches.
+     What is this?
+     <p>
+      This is a <strong>technical demo</strong> of <a
+       href="https://giit.cyberia.club/~forest/capsul-flask">Capsul</a>, for the
+      as-yet-untitled <a href="https://coops.tech">Cotech</a> server hosting
+      initiative, which you can <a
+      href="https://community.coops.tech/t/call-for-input-v2-co-op-vps-survey/2802/9">read
+     about on the Cotech forum</a>.
      </p>
    </li>
    <li>
-    Besides my virtual machines and payments, what information do you keep about me?
-     <p>We associate an email address with every VM so that we can track payment and respond to support requests.</p>
-     <p>If you pay with a credit card, Stripe stores some additional details about you that we literally cannot delete.</p>
+     What do you mean, "technical demo"?
+     <p>No backups</p>
+     <p>No service level agreement</p>
+     <p>"Best effort" support</p>
    </li>
    <li>
-     What can I do with my VM?
-     <p>Make it into a mailserver, a tor relay, a VPN host, whatever you'd like - we do have one small request, though.</p>
-     <p>Crypto mining on capsul is currently considered obnoxious behavior, because the hashrates on our CPUs is so low and because mining crypto consumes entire processor cores that could have otherwise been shared between many dozens of other users.</p>
-     <p>In the future, if we have plentiful CPU resources, we may come out with a tier more suitable for mining - maybe a high cpu tier or similar, where each VM gets a full dedicated core and sharing them is not anticipated.</p>
-     <p>We will never snoop on your traffic or inspect what's going on inside of our customer virtual machines - we don't want to. We hope that you'll extend us a similar courtesy and try not to use too much of our shared CPU resources. Capsul is currently a shared (resource-wise) world, and we all must live in it together!</p>
-     <p>Also, mandatory: our systems exist within the USA, and as such those systems are bound by US law.</p>
+     Where can I get this, but, more reliable?
+     <p>Cyberia, the authors of this platform, run the canonical instance, <a
+      href="https://capsul.org">Capsul.org</a>, on hardware they own. Please
+     send them your money! (cash, crypto, or card accepted).</p>
    </li>
    <li>
-     Can you recover my passwords/insert new keys?
-     <p>Can we? Technically yes. Will we? No, never. It would violate the trust that our users have in us.
-     We have no interest in touching client VMs after they're running.
-     We promise to keep your machines running smoothly.
-     If you lose access to your VM, that's on you.</p>
-   </li>
-   <li>
-     Do you offer refunds?
-     <p>Not now, but email us and we can probably figure something out.</p>
-   </li>
-   <li>
-    Where do the VMs run? Is it on a machine that you guys own/control?
-     <p>Capsul runs on a server named Baikal which Cyberia built from scratch & mailed to a datacenter
-      in Georgia called CyberWurx. CyberWurx staff installed it for us in a rack space that
-      Cyberia pays for. </p>
-   </li>
-   <li>
-     Do you offer support?
-     <p>Yep, see <a href="/support">our support page</a>.</p>
-   </li>
-   <li>
-     Do you have an SLA?
-     <p>No, but we normally respond pretty quickly.</p>
-   </li>
-   <li>
-    Will you implement feature X?
-    <p>Maybe! Email <a href="mailto:ops@cyberia.club">ops@cyberia.club</a> and ask us about it.</p>
+     How do I use this system?
+     <p>Please see <a href="https://capsul.org/faq">the official Capsul FAQ
+       page</a>.</p>
    </li>
  </ul>
 </p>

capsulflask/templates/index.html

@@ -1,31 +1,26 @@
 {% extends 'base.html' %}
 
-
 {% block content %}
-  <h1>CAPSUL</h1>
+  <h1>
   <pre>
-       .-.  
-      /:::\ 
-     /::::/ 
-    / `-:/  
-   /    /   
-   \   /    
-    `"`     
+             _                 _
+ _   _  ___ | | ___   ___ ___ | | ___
+| | | |/ _ \| |/ _ \ / __/ _ \| |/ _ \
+| |_| | (_) | | (_) | (_| (_) | | (_) |
+ \__, |\___/|_|\___/ \___\___/|_|\___/
+ |___/
+
   </pre>
-  <span>Simple, fast, private compute by <a href="https://cyberia.club">cyberia.club</a></span>
+  <span>Co-operative hosting using <a href="https://cyberia.club">Cyberia</a>'s Capsul</span>
 {% endblock %}
 
 {% block subcontent %}
 <p>
  <ul>
-   <li>Low friction: simply log in with your email address and fund your account with Credit/Debit or Cryptocurrency</li>
-   <li>All root disks are backed up at no charge</li>
-   <li>All storage is fast, local, and solid-state</li>
-   <li>All network connections are low latency</li>
-   <li>Supported by amazing volunteers from Cyberia</li>
-   <li>Upfront prices, no confusing billing</li>
-   <li>Operated by a Minnesota non-profit organization that will never exploit you</li>
-   <li>We donate a portion of our proceeds to likeminded hacker groups around the globe</li>
+   <li>Sign up for an account!</li>
+   <li>Add some funds!</li>
+   <li>Create a VPS!</li>
+   <li>Give your feedback!</li>
  </ul>           
 </p>
 {% endblock %}

capsulflask/templates/ssh-public-keys.html

@@ -1,18 +1,17 @@
 {% extends 'base.html' %}
 
-{% block title %}SSH & API Keys{% endblock %}
+{% block title %}SSH Public Keys{% endblock %}
 
 {% block content %}
 <div class="row third-margin">
   <h1>SSH PUBLIC KEYS</h1>
 </div>
 <div class="row third-margin"><div>
-    {% if ssh_public_keys|length > 0 %} <hr/> {% endif %}
+  {% if has_ssh_public_keys %} <hr/> {% endif %}
   
   {% for ssh_public_key in ssh_public_keys %}
     <form method="post">
       <input type="hidden" name="method" value="DELETE"></input> 
-      <input type="hidden" name="action" value="delete_ssh_key"></input>
       <input type="hidden" name="name" value="{{ ssh_public_key['name'] }}"></input> 
       <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
       <div class="row">
@@ -23,14 +22,13 @@
     </form>
   {% endfor %}
 
-  {% if ssh_public_keys|length > 0 %} <hr/> {% endif %}
+  {% if has_ssh_public_keys %} <hr/> {% endif %}
 
   <div class="third-margin">
     <h1>UPLOAD A NEW SSH PUBLIC KEY</h1>
   </div>
   <form method="post">
     <input type="hidden" name="method" value="POST"></input>
-    <input type="hidden" name="action" value="upload_ssh_key"></input>
     <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
     <div class="row justify-start">
       <label class="align" for="content">File Contents</label>
@@ -56,51 +54,6 @@
     </div>
   </form>
 </div></div>
-<hr/>
-<div class="row third-margin">
-  <h1>API KEYS</h1>
-</div>
-<div class="row third-margin"><div>
-  {% if generated_api_token %}
-    <hr/>
-    Generated key:
-    <span class="code">{{ generated_api_token }}</span>
-  {% endif %}
-  {% if api_tokens|length >0 %} <hr/>{% endif %}
-  {% for api_token in api_tokens %}
-    <form method="post">
-      <input type="hidden" name="method" value="DELETE"></input> 
-      <input type="hidden" name="action" value="delete_api_token"></input>
-      <input type="hidden" name="id" value="{{ api_token['id'] }}"></input> 
-      <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
-      <div class="row">
-        <span class="code">{{ api_token['name'] }}</span>
-        created {{ api_token['created'].strftime("%b %d %Y") }}
-        <input type="submit" value="Delete">
-      </div>
-    </form>
-  {% endfor %}
-  {% if api_tokens|length >0 %} <hr/>{% endif %}
-
-  <div class="third-margin">
-    <h1>GENERATE A NEW API KEY</h1>
-  </div>
-  <form method="post">
-    <input type="hidden" name="method" value="POST"></input>
-    <input type="hidden" name="action" value="generate_api_token"></input>
-    <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
-    <div class="smalltext">
-      <p>Generate a new API key, to integrate with other systems.</p>
-    </div>
-    <div class="row justify-start">
-      <label class="align" for="name">Key Name</label>
-      <input type="text" id="name" name="name"></input> (defaults to creation time)
-    </div>
-    <div class="row justify-end">
-      <input type="submit" value="Generate">
-    </div>
-  </form>
-</div></div>
 {% endblock %}
 
 {% block pagesource %}/templates/ssh-public-keys.html{% endblock %}

capsulflask/tests/test_auth.py

@@ -1,23 +0,0 @@
-from flask import url_for, session
-
-from capsulflask.db import get_model
-from capsulflask.tests_base import BaseTestCase
-
-
-class LoginTests(BaseTestCase):
-    render_templates = False
-
-    def test_login_request(self):
-        with self.client as client:
-            response = client.get(url_for("auth.login"))
-            self.assert_200(response)
-
-            # FIXME test generated login link
-
-    def test_login_magiclink(self):
-        token, ignoreCaseMatches = get_model().login('test@example.com')
-
-        with self.client as client:
-            response = client.get(url_for("auth.magiclink", token=token))
-            self.assertRedirects(response, url_for("console.index"))
-            self.assertEqual(session['account'], 'test@example.com')

capsulflask/tests/test_console.py

@@ -1,170 +0,0 @@
-from unittest.mock import patch
-
-from flask import url_for
-
-from capsulflask.hub_model import MockHub
-from capsulflask.db import get_model
-from capsulflask.tests_base import BaseTestCase
-
-
-class ConsoleTests(BaseTestCase):
-    capsul_data = {
-        "size": "f1-xs",
-        "os": "debian10",
-        "ssh_authorized_key_count": 1,
-        "ssh_key_0": "key"
-    }
-
-    ssh_key_data = {
-        "name": "key2",
-        "action": "upload_ssh_key",
-        "content": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDntq1t8Ddsa2q4p+PM7W4CLYYmxakokRRVLlf7AQlsTJFPsgBe9u0zuoOaKDMkBr0dlnuLm4Eub1Mj+BrdqAokto0YDiAnxUKRuYQKuHySKK8bLkisi2k47jGBDikx/jihgiuFTawo1mYsJJepC7PPwZGsoCImJEgq1L+ug0p3Zrj3QkUx4h25MpCSs2yvfgWjDyN8hEC76O42P+4ETezYrzrd1Kj26hdzHRnrxygvIUOtfau+5ydlaz8xQBEPrEY6/+pKDuwtXg1pBL7GmoUxBXVfHQSgq5s9jIJH+G0CR0ZoHMB25Ln4X/bsCQbLOu21+IGYKSDVM5TIMLtkKUkERQMVWvnpOp1LZKir4dC0m7SW74wpA8+2b1IsURIr9ARYGJpCEv1Q1Wz/X3yTf6Mfey7992MjUc9HcgjgU01/+kYomoXHprzolk+22Gjfgo3a4dRIoTY82GO8kkUKiaWHvDkkVURCY5dpteLA05sk3Z9aRMYsNXPLeOOPfzTlDA0="
-    }
-
-    def test_index(self):
-        self._login('test@example.com')
-        with self.client as client:
-            response = client.get(url_for("console.index"))
-            self.assert_200(response)
-
-    def test_create_loads(self):
-        self._login('test@example.com')
-        with self.client as client:
-            response = client.get(url_for("console.create"))
-            self.assert_200(response)
-
-    def test_create_fails_capacity(self):
-        with self.client as client:
-            client.get(url_for("console.create"))
-            csrf_token = self.get_context_variable('csrf_token')
-
-            data = self.capsul_data
-            data['csrf-token'] = csrf_token
-
-            # Override MockHub.capacity_avaliable to always return False
-            with patch.object(MockHub, 'capacity_avaliable', return_value=False) as mock_method:
-                self.app.config["HUB_MODEL"] = MockHub()
-
-                client.post(url_for("console.create"), data=data)
-                capacity_message = \
-                    '\n      host(s) at capacity. no capsuls can be created at this time. sorry. \n    '
-                self.assert_message_flashed(capacity_message, category='message')
-
-                self.assertEqual(
-                    len(get_model().list_vms_for_account('test@example.com')),
-                    0
-                )
-            mock_method.assert_called_with(512 * 1024 * 1024)
-
-    def test_create_fails_invalid(self):
-        with self.client as client:
-            client.get(url_for("console.create"))
-            csrf_token = self.get_context_variable('csrf_token')
-
-            data = self.capsul_data
-            data['csrf-token'] = csrf_token
-            data['os'] = ''
-            client.post(url_for("console.create"), data=data)
-
-            self.assert_message_flashed(
-                'OS is required', 
-                category='message'
-            )
-
-            self.assertEqual(
-                len(get_model().list_vms_for_account('test@example.com')),
-                0
-            )
-
-    def test_create_succeeds(self):
-        with self.client as client:
-            client.get(url_for("console.create"))
-            csrf_token = self.get_context_variable('csrf_token')
-
-            data = self.capsul_data
-            data['csrf-token'] = csrf_token
-            response = client.post(url_for("console.create"), data=data)
-
-            # FIXME: mock create doesn't create, see #83
-            # vms = get_model().list_vms_for_account('test@example.com')
-            # self.assertEqual(
-            #     len(vms),
-            #     1 
-            # )
-            #
-            # vm_id = vms[0].id
-            #
-            # self.assertRedirects(
-            #     response, 
-            #     url_for("console.index") + f'?{vm_id}'
-            # )
-
-    def test_keys_loads(self):
-        self._login('test@example.com')
-        with self.client as client:
-            response = client.get(url_for("console.ssh_api_keys"))
-            self.assert_200(response)
-            keys = self.get_context_variable('ssh_public_keys')
-            self.assertEqual(keys[0]['name'], 'key')
-
-    def test_keys_add_ssh_fails_invalid(self):
-        self._login('test@example.com')
-        with self.client as client:
-            client.get(url_for("console.ssh_api_keys"))
-            csrf_token = self.get_context_variable('csrf_token')
-
-            data = self.ssh_key_data
-            data['csrf-token'] = csrf_token
-
-            data_invalid_content = data
-            data_invalid_content['content'] = 'foo'
-            client.post(
-                url_for("console.ssh_api_keys"),
-                data=data_invalid_content
-            )
-
-            self.assert_message_flashed(
-                'Content must match "^(ssh|ecdsa)-[0-9A-Za-z+/_=@:. -]+$"',
-                category='message'
-            )
-
-            data_missing_content = data
-            data_missing_content['content'] = ''
-            client.post(url_for("console.ssh_api_keys"), data=data_missing_content)
-
-            self.assert_message_flashed(
-                'Content is required', category='message'
-            )
-
-    def test_keys_add_ssh_fails_duplicate(self):
-        self._login('test@example.com')
-        with self.client as client:
-            client.get(url_for("console.ssh_api_keys"))
-            csrf_token = self.get_context_variable('csrf_token')
-
-            data = self.ssh_key_data
-            data['csrf-token'] = csrf_token
-            data['name'] = 'key'
-            client.post(url_for("console.ssh_api_keys"), data=data)
-
-            self.assert_message_flashed(
-                'A key with that name already exists',
-                category='message'
-            )
-
-            data = self.ssh_key_data
-            data['csrf-token'] = csrf_token
-            data['name'] = 'key'
-            client.post(url_for("console.ssh_api_keys"), data=data)
-
-            self.assert_message_flashed(
-                'A key with that name already exists',
-                category='message'
-            )
-
-    def setUp(self):
-        self._login('test@example.com')
-        get_model().create_ssh_public_key('test@example.com', 'key', 'foo') 
-
-    def tearDown(self):
-        get_model().delete_ssh_public_key('test@example.com', 'key') 

capsulflask/tests/test_landing.py

@@ -1,14 +0,0 @@
-from capsulflask.tests_base import BaseTestCase
-
-
-class LandingTests(BaseTestCase):
-    #: Do not render templates, we're only testing logic here.
-    render_templates = False
-
-    def test_landing(self):
-        pages = ['/', 'pricing', 'faq', 'about-ssh', 'changelog', 'support']
-
-        with self.client as client:
-            for page in pages:
-                response = client.get(page)
-                self.assert_200(response)

capsulflask/tests/test_publicapi.py

@@ -1,45 +0,0 @@
-from base64 import b64encode
-import requests
-
-from flask import url_for
-
-from capsulflask.db import get_model
-from capsulflask.tests_base import BaseLiveServerTestCase
-
-
-class PublicAPITests(BaseLiveServerTestCase):
-    def test_server_is_up_and_running(self):
-        response = requests.get(self.get_server_url())
-        self.assertEqual(response.status_code, 200)
-
-    def test_capsul_create_succeeds(self):
-        response = requests.post(
-            self.get_server_url() +
-            url_for('publicapi.capsul_create'),
-            headers={'Authorization': self.token},
-            json={
-                'size': 'f1-xs',
-                'os': 'openbsd68',
-                'ssh_key_0': 'key'
-            }
-        )
-
-        self.assertEqual(response.status_code, 200)
-
-        # FIXME: mock create doesn't create, see #83
-        # vms = get_model().list_vms_for_account('test@example.com')
-        # 
-        # self.assertEqual(
-        #     len(vms),
-        #     1
-        # )
-
-    def setUp(self):
-        get_model().create_ssh_public_key('test@example.com', 'key', 'foo') 
-        self.token = b64encode(
-            get_model().generate_api_token('test@example.com', 'apikey').encode('utf-8')
-        ).decode('utf-8')
-
-    def tearDown(self):
-        get_model().delete_ssh_public_key('test@example.com', 'key') 
-        get_model().delete_api_token('test@example.com', 1)

capsulflask/tests_base.py

@@ -1,35 +0,0 @@
-import os
-from nanoid import generate
-
-from flask_testing import TestCase, LiveServerTestCase
-
-from capsulflask import create_app
-from capsulflask.db import get_model
-
-
-class BaseSharedTestCase(object):
-    def create_app(self):
-        # Use default connection paramaters
-        os.environ['POSTGRES_CONNECTION_PARAMETERS'] = "host=localhost port=5432 user=postgres password=dev dbname=capsulflask_test"
-        os.environ['TESTING'] = '1'
-        os.environ['SPOKE_MODEL'] = 'mock'
-        os.environ['HUB_MODEL'] = 'mock'
-        return create_app()
-
-    def setUp(self):
-        pass
-
-    def tearDown(self):
-        pass
-
-
-class BaseTestCase(BaseSharedTestCase, TestCase):
-    def _login(self, user_email):
-        get_model().login(user_email)
-        with self.client.session_transaction() as session:
-            session['account'] = user_email
-            session['csrf-token'] = generate()
-
-
-class BaseLiveServerTestCase(BaseSharedTestCase, LiveServerTestCase):
-    pass

docker-compose.yml

@@ -0,0 +1,38 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: 3wordchant/capsul-flask:latest
+    build: .
+    volumes:
+      - "./:/app/code"
+      - "../tank:/tank"
+      - "/var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock"
+    depends_on:
+      - db
+    ports:
+      - "5000:5000"
+    environment:
+      - "POSTGRES_CONNECTION_PARAMETERS=host=db port=5432 user=capsul password=capsul dbname=capsul"
+      - SPOKE_MODEL=shell-scripts
+        #- FLASK_DEBUG=1
+      - BASE_URL=http://localhost:5000
+      - ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=3wc.capsul@doesthisthing.work
+      - VIRSH_DEFAULT_CONNECT_URI=qemu:///system
+    # The image uses gunicorn by default, let's override it with Flask's
+    # built-in development server
+    command: ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
+    devices:
+      - "/dev/kvm:/dev/kvm"
+  db:
+    image: "postgres:9.6.5-alpine"
+    volumes:
+      - "postgres:/var/lib/postgresql/data"
+    environment:
+      POSTGRES_USER: capsul
+      POSTGRES_PASSWORD: capsul
+      POSTGRES_DB: capsul
+
+volumes:
+  postgres: