forked from 3wordchant/capsul-flask
Compare commits
18 Commits
publicapi-
...
docker-api
| Author | SHA1 | Date | |
|---|---|---|---|
| 43fb2f9ed3 | |||
| 9e44f9be0c | |||
| 64febaceb9 | |||
| c4df5c238f | |||
| 44874b9056 | |||
| 630940c186 | |||
| e9934a8a6b | |||
| 6db163365c | |||
| 6b53c80a71 | |||
| 76ec57689f | |||
| 49dca12719 | |||
| 692d936f4a | |||
| 8a70e497d1 | |||
| 6041306a2a | |||
| 0d9d51c780 | |||
| 647a19bfa7 | |||
| 541bf7d2d7 | |||
| 3b978b781f |
14
.drone.yml
Normal file
14
.drone.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
kind: pipeline
|
||||
name: publish docker image
|
||||
steps:
|
||||
- name: build and publish
|
||||
image: plugins/docker
|
||||
settings:
|
||||
username:
|
||||
from_secret: docker_reg_username_3wc
|
||||
password:
|
||||
from_secret: docker_reg_passwd_3wc
|
||||
repo: 3wordchant/capsul-flask
|
||||
tags: latest
|
||||
|
||||
32
Dockerfile
Normal file
32
Dockerfile
Normal file
@ -0,0 +1,32 @@
|
||||
FROM python:3.8-alpine as build
|
||||
|
||||
RUN apk add gettext git gcc python3-dev musl-dev \
|
||||
libffi-dev zlib-dev jpeg-dev libjpeg postgresql-dev build-base \
|
||||
--virtual .build-dependencies
|
||||
|
||||
RUN mkdir -p /app/{code,venv}
|
||||
WORKDIR /app/code
|
||||
COPY Pipfile Pipfile.lock /app/code/
|
||||
|
||||
RUN python3 -m venv /app/venv
|
||||
RUN pip install pipenv setuptools
|
||||
ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
|
||||
RUN pip install wheel cppy
|
||||
# Install dependencies into the virtual environment with Pipenv
|
||||
RUN pipenv install --deploy --verbose
|
||||
|
||||
FROM python:3.8-alpine
|
||||
|
||||
RUN apk add --no-cache libpq libstdc++ libjpeg libvirt-client
|
||||
|
||||
COPY . /app/code/
|
||||
WORKDIR /app/code
|
||||
|
||||
COPY --from=build /app/venv /app/venv
|
||||
ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
|
||||
|
||||
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "-k", "gevent", "--worker-connections", "1000", "app:app"]
|
||||
|
||||
VOLUME /app/code
|
||||
|
||||
EXPOSE 5000
|
||||
1
Pipfile
1
Pipfile
@ -9,7 +9,6 @@ blinker = "==1.4"
|
||||
click = "==7.1.2"
|
||||
Flask = "==1.1.2"
|
||||
Flask-Mail = "==0.9.1"
|
||||
Flask-Testing = "==0.8.1"
|
||||
gunicorn = "==20.0.4"
|
||||
isort = "==4.3.21"
|
||||
itsdangerous = "==1.1.0"
|
||||
|
||||
4
app.py
4
app.py
@ -1,4 +1,2 @@
|
||||
|
||||
from capsulflask import create_app
|
||||
|
||||
create_app()
|
||||
from capsulflask import app
|
||||
|
||||
@ -8,7 +8,7 @@ import requests
|
||||
import sys
|
||||
|
||||
import stripe
|
||||
from dotenv import find_dotenv, dotenv_values
|
||||
from dotenv import load_dotenv, find_dotenv
|
||||
from flask import Flask
|
||||
from flask_mail import Mail, Message
|
||||
from flask import render_template
|
||||
@ -22,112 +22,106 @@ from capsulflask import hub_model, spoke_model, cli
|
||||
from capsulflask.btcpay import client as btcpay
|
||||
from capsulflask.http_client import MyHTTPClient
|
||||
|
||||
|
||||
class StdoutMockFlaskMail:
|
||||
def send(self, message: Message):
|
||||
current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")
|
||||
|
||||
def create_app():
|
||||
load_dotenv(find_dotenv())
|
||||
|
||||
config = {
|
||||
**dotenv_values(find_dotenv()),
|
||||
**os.environ, # override loaded values with environment variables
|
||||
}
|
||||
app = Flask(__name__)
|
||||
|
||||
app = Flask(__name__)
|
||||
app.config.from_mapping(
|
||||
|
||||
BASE_URL=os.environ.get("BASE_URL", default="http://localhost:5000"),
|
||||
SECRET_KEY=os.environ.get("SECRET_KEY", default="dev"),
|
||||
HUB_MODE_ENABLED=os.environ.get("HUB_MODE_ENABLED", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
|
||||
SPOKE_MODE_ENABLED=os.environ.get("SPOKE_MODE_ENABLED", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
|
||||
INTERNAL_HTTP_TIMEOUT_SECONDS=os.environ.get("INTERNAL_HTTP_TIMEOUT_SECONDS", default="300"),
|
||||
HUB_MODEL=os.environ.get("HUB_MODEL", default="capsul-flask"),
|
||||
SPOKE_MODEL=os.environ.get("SPOKE_MODEL", default="mock"),
|
||||
LOG_LEVEL=os.environ.get("LOG_LEVEL", default="INFO"),
|
||||
SPOKE_HOST_ID=os.environ.get("SPOKE_HOST_ID", default="baikal"),
|
||||
SPOKE_HOST_TOKEN=os.environ.get("SPOKE_HOST_TOKEN", default="changeme"),
|
||||
HUB_TOKEN=os.environ.get("HUB_TOKEN", default="changeme"),
|
||||
|
||||
app.config.from_mapping(
|
||||
TESTING=config.get("TESTING", False),
|
||||
BASE_URL=config.get("BASE_URL", "http://localhost:5000"),
|
||||
SECRET_KEY=config.get("SECRET_KEY", "dev"),
|
||||
HUB_MODE_ENABLED=config.get("HUB_MODE_ENABLED", "True").lower() in ['true', '1', 't', 'y', 'yes'],
|
||||
SPOKE_MODE_ENABLED=config.get("SPOKE_MODE_ENABLED", "True").lower() in ['true', '1', 't', 'y', 'yes'],
|
||||
INTERNAL_HTTP_TIMEOUT_SECONDS=config.get("INTERNAL_HTTP_TIMEOUT_SECONDS", "300"),
|
||||
HUB_MODEL=config.get("HUB_MODEL", "capsul-flask"),
|
||||
SPOKE_MODEL=config.get("SPOKE_MODEL", "mock"),
|
||||
LOG_LEVEL=config.get("LOG_LEVEL", "INFO"),
|
||||
SPOKE_HOST_ID=config.get("SPOKE_HOST_ID", "baikal"),
|
||||
SPOKE_HOST_TOKEN=config.get("SPOKE_HOST_TOKEN", "changeme"),
|
||||
HUB_TOKEN=config.get("HUB_TOKEN", "changeme"),
|
||||
# https://www.postgresql.org/docs/9.1/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
|
||||
# https://stackoverflow.com/questions/56332906/where-to-put-ssl-certificates-when-trying-to-connect-to-a-remote-database-using
|
||||
# TLS example: sslmode=verify-full sslrootcert=letsencrypt-root-ca.crt host=db.example.com port=5432 user=postgres password=dev dbname=postgres
|
||||
POSTGRES_CONNECTION_PARAMETERS=os.environ.get(
|
||||
"POSTGRES_CONNECTION_PARAMETERS",
|
||||
default="host=localhost port=5432 user=postgres password=dev dbname=postgres"
|
||||
),
|
||||
|
||||
# https://www.postgresql.org/docs/9.1/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
|
||||
# https://stackoverflow.com/questions/56332906/where-to-put-ssl-certificates-when-trying-to-connect-to-a-remote-database-using
|
||||
# TLS example: sslmode=verify-full sslrootcert=letsencrypt-root-ca.crt host=db.example.com port=5432 user=postgres password=dev dbname=postgres
|
||||
POSTGRES_CONNECTION_PARAMETERS=config.get(
|
||||
"POSTGRES_CONNECTION_PARAMETERS",
|
||||
"host=localhost port=5432 user=postgres password=dev dbname=postgres"
|
||||
),
|
||||
DATABASE_SCHEMA=os.environ.get("DATABASE_SCHEMA", default="public"),
|
||||
|
||||
DATABASE_SCHEMA=config.get("DATABASE_SCHEMA", "public"),
|
||||
MAIL_SERVER=os.environ.get("MAIL_SERVER", default=""),
|
||||
MAIL_PORT=os.environ.get("MAIL_PORT", default="465"),
|
||||
MAIL_USE_TLS=os.environ.get("MAIL_USE_TLS", default="False").lower() in ['true', '1', 't', 'y', 'yes'],
|
||||
MAIL_USE_SSL=os.environ.get("MAIL_USE_SSL", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
|
||||
MAIL_USERNAME=os.environ.get("MAIL_USERNAME", default=""),
|
||||
MAIL_PASSWORD=os.environ.get("MAIL_PASSWORD", default=""),
|
||||
MAIL_DEFAULT_SENDER=os.environ.get("MAIL_DEFAULT_SENDER", default="no-reply@capsul.org"),
|
||||
ADMIN_EMAIL_ADDRESSES=os.environ.get("ADMIN_EMAIL_ADDRESSES", default="ops@cyberia.club"),
|
||||
ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=os.environ.get("ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES", default="forest.n.johnson@gmail.com,capsul@cyberia.club"),
|
||||
|
||||
MAIL_SERVER=config.get("MAIL_SERVER", ""),
|
||||
MAIL_PORT=config.get("MAIL_PORT", "465"),
|
||||
MAIL_USE_TLS=config.get("MAIL_USE_TLS", "False").lower() in ['true', '1', 't', 'y', 'yes'],
|
||||
MAIL_USE_SSL=config.get("MAIL_USE_SSL", "True").lower() in ['true', '1', 't', 'y', 'yes'],
|
||||
MAIL_USERNAME=config.get("MAIL_USERNAME", ""),
|
||||
MAIL_PASSWORD=config.get("MAIL_PASSWORD", ""),
|
||||
MAIL_DEFAULT_SENDER=config.get("MAIL_DEFAULT_SENDER", "no-reply@capsul.org"),
|
||||
ADMIN_EMAIL_ADDRESSES=config.get("ADMIN_EMAIL_ADDRESSES", "ops@cyberia.club"),
|
||||
ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=config.get("ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES", "forest.n.johnson@gmail.com,capsul@cyberia.club"),
|
||||
PROMETHEUS_URL=os.environ.get("PROMETHEUS_URL", default="https://prometheus.cyberia.club"),
|
||||
|
||||
PROMETHEUS_URL=config.get("PROMETHEUS_URL", "https://prometheus.cyberia.club"),
|
||||
STRIPE_API_VERSION=os.environ.get("STRIPE_API_VERSION", default="2020-03-02"),
|
||||
STRIPE_SECRET_KEY=os.environ.get("STRIPE_SECRET_KEY", default=""),
|
||||
STRIPE_PUBLISHABLE_KEY=os.environ.get("STRIPE_PUBLISHABLE_KEY", default=""),
|
||||
#STRIPE_WEBHOOK_SECRET=os.environ.get("STRIPE_WEBHOOK_SECRET", default="")
|
||||
|
||||
STRIPE_API_VERSION=config.get("STRIPE_API_VERSION", "2020-03-02"),
|
||||
STRIPE_SECRET_KEY=config.get("STRIPE_SECRET_KEY", ""),
|
||||
STRIPE_PUBLISHABLE_KEY=config.get("STRIPE_PUBLISHABLE_KEY", ""),
|
||||
#STRIPE_WEBHOOK_SECRET=config.get("STRIPE_WEBHOOK_SECRET", "")
|
||||
BTCPAY_PRIVATE_KEY=os.environ.get("BTCPAY_PRIVATE_KEY", default="").replace("\\n", "\n"),
|
||||
BTCPAY_URL=os.environ.get("BTCPAY_URL", default="https://btcpay.cyberia.club")
|
||||
)
|
||||
|
||||
BTCPAY_PRIVATE_KEY=config.get("BTCPAY_PRIVATE_KEY", "").replace("\\n", "\n"),
|
||||
BTCPAY_URL=config.get("BTCPAY_URL", "https://btcpay.cyberia.club")
|
||||
)
|
||||
app.config['HUB_URL'] = os.environ.get("HUB_URL", default=app.config['BASE_URL'])
|
||||
|
||||
app.config['HUB_URL'] = config.get("HUB_URL", app.config['BASE_URL'])
|
||||
|
||||
class SetLogLevelToDebugForHeartbeatRelatedMessagesFilter(logging.Filter):
|
||||
def isHeartbeatRelatedString(self, thing):
|
||||
# thing_string = "<error>"
|
||||
is_in_string = False
|
||||
try:
|
||||
thing_string = "%s" % thing
|
||||
is_in_string = 'heartbeat-task' in thing_string or 'hub/heartbeat' in thing_string or 'spoke/heartbeat' in thing_string
|
||||
except:
|
||||
pass
|
||||
# self.warning("isHeartbeatRelatedString(%s): %s", thing_string, is_in_string )
|
||||
return is_in_string
|
||||
|
||||
def filter(self, record):
|
||||
if app.config['LOG_LEVEL'] == "DEBUG":
|
||||
return True
|
||||
|
||||
if self.isHeartbeatRelatedString(record.msg):
|
||||
return False
|
||||
for arg in record.args:
|
||||
if self.isHeartbeatRelatedString(arg):
|
||||
return False
|
||||
class SetLogLevelToDebugForHeartbeatRelatedMessagesFilter(logging.Filter):
|
||||
def isHeartbeatRelatedString(self, thing):
|
||||
# thing_string = "<error>"
|
||||
is_in_string = False
|
||||
try:
|
||||
thing_string = "%s" % thing
|
||||
is_in_string = 'heartbeat-task' in thing_string or 'hub/heartbeat' in thing_string or 'spoke/heartbeat' in thing_string
|
||||
except:
|
||||
pass
|
||||
# self.warning("isHeartbeatRelatedString(%s): %s", thing_string, is_in_string )
|
||||
return is_in_string
|
||||
|
||||
def filter(self, record):
|
||||
if app.config['LOG_LEVEL'] == "DEBUG":
|
||||
return True
|
||||
|
||||
logging_dict_config({
|
||||
'version': 1,
|
||||
'formatters': {'default': {
|
||||
'format': '[%(asctime)s] %(levelname)s in %(module)s: %(message)s',
|
||||
}},
|
||||
'filters': {
|
||||
'setLogLevelToDebugForHeartbeatRelatedMessages': {
|
||||
'()': SetLogLevelToDebugForHeartbeatRelatedMessagesFilter,
|
||||
}
|
||||
},
|
||||
'handlers': {'wsgi': {
|
||||
'class': 'logging.StreamHandler',
|
||||
'stream': 'ext://flask.logging.wsgi_errors_stream',
|
||||
'formatter': 'default',
|
||||
'filters': ['setLogLevelToDebugForHeartbeatRelatedMessages']
|
||||
}},
|
||||
'root': {
|
||||
'level': app.config['LOG_LEVEL'],
|
||||
'handlers': ['wsgi']
|
||||
if self.isHeartbeatRelatedString(record.msg):
|
||||
return False
|
||||
for arg in record.args:
|
||||
if self.isHeartbeatRelatedString(arg):
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
logging_dict_config({
|
||||
'version': 1,
|
||||
'formatters': {'default': {
|
||||
'format': '[%(asctime)s] %(levelname)s in %(module)s: %(message)s',
|
||||
}},
|
||||
'filters': {
|
||||
'setLogLevelToDebugForHeartbeatRelatedMessages': {
|
||||
'()': SetLogLevelToDebugForHeartbeatRelatedMessagesFilter,
|
||||
}
|
||||
})
|
||||
},
|
||||
'handlers': {'wsgi': {
|
||||
'class': 'logging.StreamHandler',
|
||||
'stream': 'ext://flask.logging.wsgi_errors_stream',
|
||||
'formatter': 'default',
|
||||
'filters': ['setLogLevelToDebugForHeartbeatRelatedMessages']
|
||||
}},
|
||||
'root': {
|
||||
'level': app.config['LOG_LEVEL'],
|
||||
'handlers': ['wsgi']
|
||||
}
|
||||
})
|
||||
|
||||
# app.logger.critical("critical")
|
||||
# app.logger.error("error")
|
||||
@ -135,61 +129,57 @@ def create_app():
|
||||
# app.logger.info("info")
|
||||
# app.logger.debug("debug")
|
||||
|
||||
stripe.api_key = app.config['STRIPE_SECRET_KEY']
|
||||
stripe.api_version = app.config['STRIPE_API_VERSION']
|
||||
stripe.api_key = app.config['STRIPE_SECRET_KEY']
|
||||
stripe.api_version = app.config['STRIPE_API_VERSION']
|
||||
|
||||
if app.config['MAIL_SERVER'] != "":
|
||||
app.config['FLASK_MAIL_INSTANCE'] = Mail(app)
|
||||
else:
|
||||
app.logger.warning("No MAIL_SERVER configured. capsul will simply print emails to stdout.")
|
||||
app.config['FLASK_MAIL_INSTANCE'] = StdoutMockFlaskMail()
|
||||
if app.config['MAIL_SERVER'] != "":
|
||||
app.config['FLASK_MAIL_INSTANCE'] = Mail(app)
|
||||
else:
|
||||
app.logger.warning("No MAIL_SERVER configured. capsul will simply print emails to stdout.")
|
||||
app.config['FLASK_MAIL_INSTANCE'] = StdoutMockFlaskMail()
|
||||
|
||||
app.config['HTTP_CLIENT'] = MyHTTPClient(timeout_seconds=int(app.config['INTERNAL_HTTP_TIMEOUT_SECONDS']))
|
||||
app.config['HTTP_CLIENT'] = MyHTTPClient(timeout_seconds=int(app.config['INTERNAL_HTTP_TIMEOUT_SECONDS']))
|
||||
|
||||
try:
|
||||
app.config['BTCPAY_CLIENT'] = btcpay.Client(api_uri=app.config['BTCPAY_URL'], pem=app.config['BTCPAY_PRIVATE_KEY'])
|
||||
except:
|
||||
app.logger.warning("unable to create btcpay client. Capsul will work fine except cryptocurrency payments will not work. The error was: " + my_exec_info_message(sys.exc_info()))
|
||||
try:
|
||||
app.config['BTCPAY_CLIENT'] = btcpay.Client(api_uri=app.config['BTCPAY_URL'], pem=app.config['BTCPAY_PRIVATE_KEY'])
|
||||
except:
|
||||
app.logger.warning("unable to create btcpay client. Capsul will work fine except cryptocurrency payments will not work. The error was: " + my_exec_info_message(sys.exc_info()))
|
||||
|
||||
# only start the scheduler and attempt to migrate the database if we are running the app.
|
||||
# otherwise we are running a CLI command.
|
||||
command_line = ' '.join(sys.argv)
|
||||
is_running_server = (
|
||||
('flask run' in command_line) or
|
||||
('gunicorn' in command_line) or
|
||||
('test' in command_line)
|
||||
)
|
||||
command_line = ' '.join(sys.argv)
|
||||
is_running_server = ('flask run' in command_line) or ('gunicorn' in command_line)
|
||||
|
||||
app.logger.info(f"is_running_server: {is_running_server}")
|
||||
app.logger.info(f"is_running_server: {is_running_server}")
|
||||
|
||||
if app.config['HUB_MODE_ENABLED']:
|
||||
if app.config['HUB_MODEL'] == "capsul-flask":
|
||||
app.config['HUB_MODEL'] = hub_model.CapsulFlaskHub()
|
||||
if app.config['HUB_MODE_ENABLED']:
|
||||
if app.config['HUB_MODEL'] == "capsul-flask":
|
||||
app.config['HUB_MODEL'] = hub_model.CapsulFlaskHub()
|
||||
|
||||
# debug mode (flask reloader) runs two copies of the app. When running in debug mode,
|
||||
# we only want to start the scheduler one time.
|
||||
if is_running_server and (not app.debug or config.get('WERKZEUG_RUN_MAIN') == 'true'):
|
||||
scheduler = BackgroundScheduler()
|
||||
heartbeat_task_url = f"{app.config['HUB_URL']}/hub/heartbeat-task"
|
||||
heartbeat_task_headers = {'Authorization': f"Bearer {app.config['HUB_TOKEN']}"}
|
||||
heartbeat_task = lambda: requests.post(heartbeat_task_url, headers=heartbeat_task_headers)
|
||||
scheduler.add_job(name="heartbeat-task", func=heartbeat_task, trigger="interval", seconds=5)
|
||||
scheduler.start()
|
||||
# debug mode (flask reloader) runs two copies of the app. When running in debug mode,
|
||||
# we only want to start the scheduler one time.
|
||||
if is_running_server and (not app.debug or os.environ.get('WERKZEUG_RUN_MAIN') == 'true'):
|
||||
scheduler = BackgroundScheduler()
|
||||
heartbeat_task_url = f"{app.config['HUB_URL']}/hub/heartbeat-task"
|
||||
heartbeat_task_headers = {'Authorization': f"Bearer {app.config['HUB_TOKEN']}"}
|
||||
heartbeat_task = lambda: requests.post(heartbeat_task_url, headers=heartbeat_task_headers)
|
||||
scheduler.add_job(name="heartbeat-task", func=heartbeat_task, trigger="interval", seconds=5)
|
||||
scheduler.start()
|
||||
|
||||
atexit.register(lambda: scheduler.shutdown())
|
||||
atexit.register(lambda: scheduler.shutdown())
|
||||
|
||||
else:
|
||||
app.config['HUB_MODEL'] = hub_model.MockHub()
|
||||
else:
|
||||
app.config['HUB_MODEL'] = hub_model.MockHub()
|
||||
|
||||
from capsulflask import db
|
||||
db.init_app(app, is_running_server)
|
||||
from capsulflask import db
|
||||
db.init_app(app, is_running_server)
|
||||
|
||||
from capsulflask import (
|
||||
auth, landing, console, payment, metrics, cli, hub_api, publicapi, admin
|
||||
)
|
||||
|
||||
app.register_blueprint(auth.bp)
|
||||
app.register_blueprint(landing.bp)
|
||||
app.register_blueprint(auth.bp)
|
||||
app.register_blueprint(console.bp)
|
||||
app.register_blueprint(payment.bp)
|
||||
app.register_blueprint(metrics.bp)
|
||||
@ -200,57 +190,57 @@ def create_app():
|
||||
|
||||
app.add_url_rule("/", endpoint="index")
|
||||
|
||||
if app.config['SPOKE_MODE_ENABLED']:
|
||||
if app.config['SPOKE_MODEL'] == "shell-scripts":
|
||||
app.config['SPOKE_MODEL'] = spoke_model.ShellScriptSpoke()
|
||||
else:
|
||||
app.config['SPOKE_MODEL'] = spoke_model.MockSpoke()
|
||||
|
||||
from capsulflask import spoke_api
|
||||
|
||||
app.register_blueprint(spoke_api.bp)
|
||||
|
||||
@app.after_request
|
||||
def security_headers(response):
|
||||
response.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
||||
if 'Content-Security-Policy' not in response.headers:
|
||||
response.headers['Content-Security-Policy'] = "default-src 'self'"
|
||||
response.headers['X-Content-Type-Options'] = 'nosniff'
|
||||
return response
|
||||
|
||||
|
||||
@app.context_processor
|
||||
def override_url_for():
|
||||
"""
|
||||
override the url_for function built into flask
|
||||
with our own custom implementation that busts the cache correctly when files change
|
||||
"""
|
||||
return dict(url_for=url_for_with_cache_bust)
|
||||
if app.config['SPOKE_MODE_ENABLED']:
|
||||
if app.config['SPOKE_MODEL'] == "shell-scripts":
|
||||
app.config['SPOKE_MODEL'] = spoke_model.ShellScriptSpoke()
|
||||
else:
|
||||
app.config['SPOKE_MODEL'] = spoke_model.MockSpoke()
|
||||
|
||||
from capsulflask import spoke_api
|
||||
|
||||
app.register_blueprint(spoke_api.bp)
|
||||
|
||||
@app.after_request
|
||||
def security_headers(response):
|
||||
response.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
||||
if 'Content-Security-Policy' not in response.headers:
|
||||
response.headers['Content-Security-Policy'] = "default-src 'self'"
|
||||
response.headers['X-Content-Type-Options'] = 'nosniff'
|
||||
return response
|
||||
|
||||
|
||||
def url_for_with_cache_bust(endpoint, **values):
|
||||
"""
|
||||
Add a query parameter based on the hash of the file, this acts as a cache bust
|
||||
"""
|
||||
|
||||
if endpoint == 'static':
|
||||
filename = values.get('filename', None)
|
||||
if filename:
|
||||
if 'STATIC_FILE_HASH_CACHE' not in current_app.config:
|
||||
current_app.config['STATIC_FILE_HASH_CACHE'] = dict()
|
||||
|
||||
if filename not in current_app.config['STATIC_FILE_HASH_CACHE']:
|
||||
filepath = os.path.join(current_app.root_path, endpoint, filename)
|
||||
#print(filepath)
|
||||
if os.path.isfile(filepath) and os.access(filepath, os.R_OK):
|
||||
@app.context_processor
|
||||
def override_url_for():
|
||||
"""
|
||||
override the url_for function built into flask
|
||||
with our own custom implementation that busts the cache correctly when files change
|
||||
"""
|
||||
return dict(url_for=url_for_with_cache_bust)
|
||||
|
||||
|
||||
def url_for_with_cache_bust(endpoint, **values):
|
||||
"""
|
||||
Add a query parameter based on the hash of the file, this acts as a cache bust
|
||||
"""
|
||||
|
||||
if endpoint == 'static':
|
||||
filename = values.get('filename', None)
|
||||
if filename:
|
||||
if 'STATIC_FILE_HASH_CACHE' not in current_app.config:
|
||||
current_app.config['STATIC_FILE_HASH_CACHE'] = dict()
|
||||
|
||||
if filename not in current_app.config['STATIC_FILE_HASH_CACHE']:
|
||||
filepath = os.path.join(current_app.root_path, endpoint, filename)
|
||||
#print(filepath)
|
||||
if os.path.isfile(filepath) and os.access(filepath, os.R_OK):
|
||||
|
||||
with open(filepath, 'rb') as file:
|
||||
hasher = hashlib.md5()
|
||||
hasher.update(file.read())
|
||||
current_app.config['STATIC_FILE_HASH_CACHE'][filename] = hasher.hexdigest()[-6:]
|
||||
|
||||
with open(filepath, 'rb') as file:
|
||||
hasher = hashlib.md5()
|
||||
hasher.update(file.read())
|
||||
current_app.config['STATIC_FILE_HASH_CACHE'][filename] = hasher.hexdigest()[-6:]
|
||||
|
||||
values['q'] = current_app.config['STATIC_FILE_HASH_CACHE'][filename]
|
||||
values['q'] = current_app.config['STATIC_FILE_HASH_CACHE'][filename]
|
||||
|
||||
return url_for(endpoint, **values)
|
||||
|
||||
return app
|
||||
return url_for(endpoint, **values)
|
||||
|
||||
@ -41,6 +41,7 @@ def account_required(view):
|
||||
|
||||
return wrapped_view
|
||||
|
||||
|
||||
def admin_account_required(view):
|
||||
"""View decorator that redirects non-admin users to the login page."""
|
||||
|
||||
|
||||
@ -237,11 +237,16 @@ def _create(vm_sizes, operating_systems, public_keys_for_account, server_data):
|
||||
|
||||
if len(errors) == 0:
|
||||
id = make_capsul_id()
|
||||
get_model().create_vm(
|
||||
email=session["account"],
|
||||
id=id,
|
||||
size=size,
|
||||
os=os,
|
||||
ssh_authorized_keys=list(map(lambda x: x["name"], posted_keys))
|
||||
)
|
||||
current_app.config["HUB_MODEL"].create(
|
||||
email = session["account"],
|
||||
id=id,
|
||||
os=os,
|
||||
size=size,
|
||||
template_image_file_name=operating_systems[os]['template_image_file_name'],
|
||||
vcpus=vm_sizes[size]['vcpus'],
|
||||
memory_mb=vm_sizes[size]['memory_mb'],
|
||||
@ -259,7 +264,6 @@ def create():
|
||||
public_keys_for_account = get_model().list_ssh_public_keys_for_account(session["account"])
|
||||
account_balance = get_account_balance(get_vms(), get_payments(), datetime.utcnow())
|
||||
capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
|
||||
errors = list()
|
||||
|
||||
if request.method == "POST":
|
||||
if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
|
||||
@ -270,6 +274,8 @@ def create():
|
||||
public_keys_for_account,
|
||||
request.form)
|
||||
if len(errors) == 0:
|
||||
for error in errors:
|
||||
flash(error)
|
||||
return redirect(f"{url_for('console.index')}?created={id}")
|
||||
|
||||
affordable_vm_sizes = dict()
|
||||
@ -280,9 +286,6 @@ def create():
|
||||
if vm_size["dollars_per_month"] <= account_balance+0.25:
|
||||
affordable_vm_sizes[key] = vm_size
|
||||
|
||||
for error in errors:
|
||||
flash(error)
|
||||
|
||||
if not capacity_avaliable:
|
||||
current_app.logger.warning(f"when capsul capacity is restored, send an email to {session['account']}")
|
||||
|
||||
|
||||
@ -43,7 +43,7 @@ def init_app(app, is_running_server):
|
||||
hasSchemaVersionTable = False
|
||||
actionWasTaken = False
|
||||
schemaVersion = 0
|
||||
desiredSchemaVersion = 19
|
||||
desiredSchemaVersion = 18
|
||||
|
||||
cursor = connection.cursor()
|
||||
|
||||
|
||||
@ -160,10 +160,7 @@ def can_claim_create(payload, host_id) -> (str, str):
|
||||
if allocated_network_name is None or allocated_ipv4_address is None:
|
||||
return "", f"host \"{host_id}\" does not have any avaliable IP addresses on any of its networks."
|
||||
|
||||
# payload["network_name"] = allocated_network_name
|
||||
# hard-code the network name for now until we can fix the phantom dhcp lease issues.
|
||||
|
||||
payload["network_name"] = 'public3'
|
||||
payload["network_name"] = allocated_network_name
|
||||
payload["public_ipv4"] = allocated_ipv4_address
|
||||
|
||||
return payload, ""
|
||||
|
||||
2
capsulflask/schema_migrations/17_down_api_tokens.py
Normal file
2
capsulflask/schema_migrations/17_down_api_tokens.py
Normal file
@ -0,0 +1,2 @@
|
||||
DROP TABLE api_keys;
|
||||
UPDATE schemaversion SET version = 16;
|
||||
9
capsulflask/schema_migrations/17_up_api_tokens.py
Normal file
9
capsulflask/schema_migrations/17_up_api_tokens.py
Normal file
@ -0,0 +1,9 @@
|
||||
CREATE TABLE api_tokens (
|
||||
id SERIAL PRIMARY KEY,
|
||||
email TEXT REFERENCES accounts(email) ON DELETE RESTRICT,
|
||||
name TEXT NOT NULL,
|
||||
created TIMESTAMP NOT NULL DEFAULT NOW(),
|
||||
token TEXT NOT NULL
|
||||
);
|
||||
|
||||
UPDATE schemaversion SET version = 17;
|
||||
@ -1,2 +1,2 @@
|
||||
DROP TABLE api_keys;
|
||||
UPDATE schemaversion SET version = 18;
|
||||
UPDATE schemaversion SET version = 16;
|
||||
|
||||
@ -6,4 +6,4 @@ CREATE TABLE api_tokens (
|
||||
token TEXT NOT NULL
|
||||
);
|
||||
|
||||
UPDATE schemaversion SET version = 19;
|
||||
UPDATE schemaversion SET version = 17;
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
from flask import url_for, session
|
||||
|
||||
from capsulflask.db import get_model
|
||||
from capsulflask.tests_base import BaseTestCase
|
||||
|
||||
|
||||
class LoginTests(BaseTestCase):
|
||||
render_templates = False
|
||||
|
||||
def test_login_request(self):
|
||||
with self.client as client:
|
||||
response = client.get(url_for("auth.login"))
|
||||
self.assert_200(response)
|
||||
|
||||
# FIXME test generated login link
|
||||
|
||||
def test_login_magiclink(self):
|
||||
token, ignoreCaseMatches = get_model().login('test@example.com')
|
||||
|
||||
with self.client as client:
|
||||
response = client.get(url_for("auth.magiclink", token=token))
|
||||
self.assertRedirects(response, url_for("console.index"))
|
||||
self.assertEqual(session['account'], 'test@example.com')
|
||||
@ -1,170 +0,0 @@
|
||||
from unittest.mock import patch
|
||||
|
||||
from flask import url_for
|
||||
|
||||
from capsulflask.hub_model import MockHub
|
||||
from capsulflask.db import get_model
|
||||
from capsulflask.tests_base import BaseTestCase
|
||||
|
||||
|
||||
class ConsoleTests(BaseTestCase):
|
||||
capsul_data = {
|
||||
"size": "f1-xs",
|
||||
"os": "debian10",
|
||||
"ssh_authorized_key_count": 1,
|
||||
"ssh_key_0": "key"
|
||||
}
|
||||
|
||||
ssh_key_data = {
|
||||
"name": "key2",
|
||||
"action": "upload_ssh_key",
|
||||
"content": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDntq1t8Ddsa2q4p+PM7W4CLYYmxakokRRVLlf7AQlsTJFPsgBe9u0zuoOaKDMkBr0dlnuLm4Eub1Mj+BrdqAokto0YDiAnxUKRuYQKuHySKK8bLkisi2k47jGBDikx/jihgiuFTawo1mYsJJepC7PPwZGsoCImJEgq1L+ug0p3Zrj3QkUx4h25MpCSs2yvfgWjDyN8hEC76O42P+4ETezYrzrd1Kj26hdzHRnrxygvIUOtfau+5ydlaz8xQBEPrEY6/+pKDuwtXg1pBL7GmoUxBXVfHQSgq5s9jIJH+G0CR0ZoHMB25Ln4X/bsCQbLOu21+IGYKSDVM5TIMLtkKUkERQMVWvnpOp1LZKir4dC0m7SW74wpA8+2b1IsURIr9ARYGJpCEv1Q1Wz/X3yTf6Mfey7992MjUc9HcgjgU01/+kYomoXHprzolk+22Gjfgo3a4dRIoTY82GO8kkUKiaWHvDkkVURCY5dpteLA05sk3Z9aRMYsNXPLeOOPfzTlDA0="
|
||||
}
|
||||
|
||||
def test_index(self):
|
||||
self._login('test@example.com')
|
||||
with self.client as client:
|
||||
response = client.get(url_for("console.index"))
|
||||
self.assert_200(response)
|
||||
|
||||
def test_create_loads(self):
|
||||
self._login('test@example.com')
|
||||
with self.client as client:
|
||||
response = client.get(url_for("console.create"))
|
||||
self.assert_200(response)
|
||||
|
||||
def test_create_fails_capacity(self):
|
||||
with self.client as client:
|
||||
client.get(url_for("console.create"))
|
||||
csrf_token = self.get_context_variable('csrf_token')
|
||||
|
||||
data = self.capsul_data
|
||||
data['csrf-token'] = csrf_token
|
||||
|
||||
# Override MockHub.capacity_avaliable to always return False
|
||||
with patch.object(MockHub, 'capacity_avaliable', return_value=False) as mock_method:
|
||||
self.app.config["HUB_MODEL"] = MockHub()
|
||||
|
||||
client.post(url_for("console.create"), data=data)
|
||||
capacity_message = \
|
||||
'\n host(s) at capacity. no capsuls can be created at this time. sorry. \n '
|
||||
self.assert_message_flashed(capacity_message, category='message')
|
||||
|
||||
self.assertEqual(
|
||||
len(get_model().list_vms_for_account('test@example.com')),
|
||||
0
|
||||
)
|
||||
mock_method.assert_called_with(512 * 1024 * 1024)
|
||||
|
||||
def test_create_fails_invalid(self):
|
||||
with self.client as client:
|
||||
client.get(url_for("console.create"))
|
||||
csrf_token = self.get_context_variable('csrf_token')
|
||||
|
||||
data = self.capsul_data
|
||||
data['csrf-token'] = csrf_token
|
||||
data['os'] = ''
|
||||
client.post(url_for("console.create"), data=data)
|
||||
|
||||
self.assert_message_flashed(
|
||||
'OS is required',
|
||||
category='message'
|
||||
)
|
||||
|
||||
self.assertEqual(
|
||||
len(get_model().list_vms_for_account('test@example.com')),
|
||||
0
|
||||
)
|
||||
|
||||
def test_create_succeeds(self):
|
||||
with self.client as client:
|
||||
client.get(url_for("console.create"))
|
||||
csrf_token = self.get_context_variable('csrf_token')
|
||||
|
||||
data = self.capsul_data
|
||||
data['csrf-token'] = csrf_token
|
||||
response = client.post(url_for("console.create"), data=data)
|
||||
|
||||
# FIXME: mock create doesn't create, see #83
|
||||
# vms = get_model().list_vms_for_account('test@example.com')
|
||||
# self.assertEqual(
|
||||
# len(vms),
|
||||
# 1
|
||||
# )
|
||||
#
|
||||
# vm_id = vms[0].id
|
||||
#
|
||||
# self.assertRedirects(
|
||||
# response,
|
||||
# url_for("console.index") + f'?{vm_id}'
|
||||
# )
|
||||
|
||||
def test_keys_loads(self):
|
||||
self._login('test@example.com')
|
||||
with self.client as client:
|
||||
response = client.get(url_for("console.ssh_api_keys"))
|
||||
self.assert_200(response)
|
||||
keys = self.get_context_variable('ssh_public_keys')
|
||||
self.assertEqual(keys[0]['name'], 'key')
|
||||
|
||||
def test_keys_add_ssh_fails_invalid(self):
|
||||
self._login('test@example.com')
|
||||
with self.client as client:
|
||||
client.get(url_for("console.ssh_api_keys"))
|
||||
csrf_token = self.get_context_variable('csrf_token')
|
||||
|
||||
data = self.ssh_key_data
|
||||
data['csrf-token'] = csrf_token
|
||||
|
||||
data_invalid_content = data
|
||||
data_invalid_content['content'] = 'foo'
|
||||
client.post(
|
||||
url_for("console.ssh_api_keys"),
|
||||
data=data_invalid_content
|
||||
)
|
||||
|
||||
self.assert_message_flashed(
|
||||
'Content must match "^(ssh|ecdsa)-[0-9A-Za-z+/_=@:. -]+$"',
|
||||
category='message'
|
||||
)
|
||||
|
||||
data_missing_content = data
|
||||
data_missing_content['content'] = ''
|
||||
client.post(url_for("console.ssh_api_keys"), data=data_missing_content)
|
||||
|
||||
self.assert_message_flashed(
|
||||
'Content is required', category='message'
|
||||
)
|
||||
|
||||
def test_keys_add_ssh_fails_duplicate(self):
|
||||
self._login('test@example.com')
|
||||
with self.client as client:
|
||||
client.get(url_for("console.ssh_api_keys"))
|
||||
csrf_token = self.get_context_variable('csrf_token')
|
||||
|
||||
data = self.ssh_key_data
|
||||
data['csrf-token'] = csrf_token
|
||||
data['name'] = 'key'
|
||||
client.post(url_for("console.ssh_api_keys"), data=data)
|
||||
|
||||
self.assert_message_flashed(
|
||||
'A key with that name already exists',
|
||||
category='message'
|
||||
)
|
||||
|
||||
data = self.ssh_key_data
|
||||
data['csrf-token'] = csrf_token
|
||||
data['name'] = 'key'
|
||||
client.post(url_for("console.ssh_api_keys"), data=data)
|
||||
|
||||
self.assert_message_flashed(
|
||||
'A key with that name already exists',
|
||||
category='message'
|
||||
)
|
||||
|
||||
def setUp(self):
|
||||
self._login('test@example.com')
|
||||
get_model().create_ssh_public_key('test@example.com', 'key', 'foo')
|
||||
|
||||
def tearDown(self):
|
||||
get_model().delete_ssh_public_key('test@example.com', 'key')
|
||||
@ -1,14 +0,0 @@
|
||||
from capsulflask.tests_base import BaseTestCase
|
||||
|
||||
|
||||
class LandingTests(BaseTestCase):
|
||||
#: Do not render templates, we're only testing logic here.
|
||||
render_templates = False
|
||||
|
||||
def test_landing(self):
|
||||
pages = ['/', 'pricing', 'faq', 'about-ssh', 'changelog', 'support']
|
||||
|
||||
with self.client as client:
|
||||
for page in pages:
|
||||
response = client.get(page)
|
||||
self.assert_200(response)
|
||||
@ -1,45 +0,0 @@
|
||||
from base64 import b64encode
|
||||
import requests
|
||||
|
||||
from flask import url_for
|
||||
|
||||
from capsulflask.db import get_model
|
||||
from capsulflask.tests_base import BaseLiveServerTestCase
|
||||
|
||||
|
||||
class PublicAPITests(BaseLiveServerTestCase):
|
||||
def test_server_is_up_and_running(self):
|
||||
response = requests.get(self.get_server_url())
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
def test_capsul_create_succeeds(self):
|
||||
response = requests.post(
|
||||
self.get_server_url() +
|
||||
url_for('publicapi.capsul_create'),
|
||||
headers={'Authorization': self.token},
|
||||
json={
|
||||
'size': 'f1-xs',
|
||||
'os': 'openbsd68',
|
||||
'ssh_key_0': 'key'
|
||||
}
|
||||
)
|
||||
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
# FIXME: mock create doesn't create, see #83
|
||||
# vms = get_model().list_vms_for_account('test@example.com')
|
||||
#
|
||||
# self.assertEqual(
|
||||
# len(vms),
|
||||
# 1
|
||||
# )
|
||||
|
||||
def setUp(self):
|
||||
get_model().create_ssh_public_key('test@example.com', 'key', 'foo')
|
||||
self.token = b64encode(
|
||||
get_model().generate_api_token('test@example.com', 'apikey').encode('utf-8')
|
||||
).decode('utf-8')
|
||||
|
||||
def tearDown(self):
|
||||
get_model().delete_ssh_public_key('test@example.com', 'key')
|
||||
get_model().delete_api_token('test@example.com', 1)
|
||||
@ -1,35 +0,0 @@
|
||||
import os
|
||||
from nanoid import generate
|
||||
|
||||
from flask_testing import TestCase, LiveServerTestCase
|
||||
|
||||
from capsulflask import create_app
|
||||
from capsulflask.db import get_model
|
||||
|
||||
|
||||
class BaseSharedTestCase(object):
|
||||
def create_app(self):
|
||||
# Use default connection paramaters
|
||||
os.environ['POSTGRES_CONNECTION_PARAMETERS'] = "host=localhost port=5432 user=postgres password=dev dbname=capsulflask_test"
|
||||
os.environ['TESTING'] = '1'
|
||||
os.environ['SPOKE_MODEL'] = 'mock'
|
||||
os.environ['HUB_MODEL'] = 'mock'
|
||||
return create_app()
|
||||
|
||||
def setUp(self):
|
||||
pass
|
||||
|
||||
def tearDown(self):
|
||||
pass
|
||||
|
||||
|
||||
class BaseTestCase(BaseSharedTestCase, TestCase):
|
||||
def _login(self, user_email):
|
||||
get_model().login(user_email)
|
||||
with self.client.session_transaction() as session:
|
||||
session['account'] = user_email
|
||||
session['csrf-token'] = generate()
|
||||
|
||||
|
||||
class BaseLiveServerTestCase(BaseSharedTestCase, LiveServerTestCase):
|
||||
pass
|
||||
29
docker-compose.yml
Normal file
29
docker-compose.yml
Normal file
@ -0,0 +1,29 @@
|
||||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: 3wordchant/capsul-flask:latest
|
||||
build: .
|
||||
volumes:
|
||||
- "./:/app/code"
|
||||
depends_on:
|
||||
- db
|
||||
ports:
|
||||
- "5000:5000"
|
||||
environment:
|
||||
- "POSTGRES_CONNECTION_PARAMETERS=host=db port=5432 user=capsul password=capsul dbname=capsul"
|
||||
# The image uses gunicorn by default, let's override it with Flask's
|
||||
# built-in development server
|
||||
command: ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
|
||||
db:
|
||||
image: "postgres:9.6.5"
|
||||
volumes:
|
||||
- "postgres:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: capsul
|
||||
POSTGRES_PASSWORD: capsul
|
||||
POSTGRES_DB: capsul
|
||||
|
||||
volumes:
|
||||
postgres:
|
||||
Reference in New Issue
Block a user