From 4443594607c8877dab56891bdb138d69f1167232 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Tue, 22 Mar 2022 10:06:06 +0100 Subject: [PATCH 01/30] testing for simplevm --- .../app/main/service/user.py | 4 ++-- FlaskOpenRestyConfigurator/app/main/util/dto.py | 8 ++++---- .../app/main/util/validate.py | 2 +- examples/templates/cwlab%v01.conf | 2 +- examples/templates/cwlab%v02.conf | 2 +- examples/templates/guacamole%v01.conf | 2 +- examples/templates/guacamole%v02.conf | 2 +- examples/templates/guacamole%v03.conf | 2 +- examples/templates/jupyternotebook%v01.conf | 2 +- examples/templates/jupyternotebook%v02.conf | 2 +- examples/templates/jupyternotebook%v03.conf | 2 +- examples/templates/rstudio%v02.conf | 2 +- examples/templates/rstudio%v03.conf | 2 +- examples/templates/rstudio%v04.conf | 2 +- examples/templates/theiaide%v01.conf | 2 +- examples/templates/theiaide%v02.conf | 2 +- examples/templates/theiaide%v03.conf | 2 +- examples/templating_guide.md | 14 +++++++------- 18 files changed, 28 insertions(+), 28 deletions(-) diff --git a/FlaskOpenRestyConfigurator/app/main/service/user.py b/FlaskOpenRestyConfigurator/app/main/service/user.py index 4e8bbd1..07567e5 100644 --- a/FlaskOpenRestyConfigurator/app/main/service/user.py +++ b/FlaskOpenRestyConfigurator/app/main/service/user.py @@ -20,7 +20,7 @@ def get_users(backend_id): def add_user(backend_id, user_id): user_id_path = "{0}/{1}".format(user_path, backend_id) - user_file_name = "{0}@elixir-europe.org".format(user_id) + user_file_name = "{0}".format(user_id) if not os.path.exists(user_id_path): try: os.mkdir(user_id_path) @@ -45,7 +45,7 @@ def add_user(backend_id, user_id): def delete_user(backend_id, user_id): user_id_path = "{0}/{1}".format(user_path, backend_id) - user_file_name = "{0}@elixir-europe.org".format(user_id) + user_file_name = "{0}".format(user_id) user_file_path = "{0}/{1}".format(user_id_path, user_file_name) if not os.path.exists(user_id_path): logger.error("No user folder found for backend: {0}.".format(backend_id)) diff --git a/FlaskOpenRestyConfigurator/app/main/util/dto.py b/FlaskOpenRestyConfigurator/app/main/util/dto.py index 42f06ed..4936c1f 100644 --- a/FlaskOpenRestyConfigurator/app/main/util/dto.py +++ b/FlaskOpenRestyConfigurator/app/main/util/dto.py @@ -16,14 +16,14 @@ class BackendDto: backend = api.model('Backend', { 'id': fields.Integer(required=True, description="Unique ID of backend", example="78345"), - 'owner': fields.String(required=True, description="ELIXIR user who owns this backend. Field without @elixir.org suffix."), + 'owner': fields.String(required=True, description="User who owns this backend."), 'location_url': fields.String(required=True, description="Protected reverse-proxy path which leads to specific backend"), 'template': fields.String(required=True, description="Used backend template", example="rstudio"), 'template_version': fields.String(required=True, description="Template Version", example="v1") }) createBackend = api.model('CreateBackend', { - 'owner': fields.String(required=True, description="ELIXIR user who owns this backend. Field without @elixir.org suffix", example="21894723853fhdzug92"), + 'owner': fields.String(required=True, description="User who owns this backend.", example="21894723853fhdzug92"), 'user_key_url': fields.String(required=True, description="User set location url prefix", example="myFavoriteRstudio"), 'upstream_url': fields.String(required=True, description="Inject the full url (with protocol) for the real location of the backend service in the template.", example="http://localhost:7001/"), 'template': fields.String(required=True, description="Used backend template", example="rstudio"), @@ -35,8 +35,8 @@ class UserDto: api = Namespace('users', description="All user related endpoints. Users are people allowed to access a backend.", authorizations=authorizations) createUser = api.model('createUser', { - 'owner': fields.String(required=True, description="ELIXIR user who owns this backend. Field without @elixir.org suffix."), - 'user': fields.String(required=True, description="ELIXIR user who will be added to this backend. Field without @elixir.org suffix.") + 'owner': fields.String(required=True, description="User who owns this backend. "), + 'user': fields.String(required=True, description="User who will be added to this backend.") }) diff --git a/FlaskOpenRestyConfigurator/app/main/util/validate.py b/FlaskOpenRestyConfigurator/app/main/util/validate.py index 1278ad3..f0a7d08 100644 --- a/FlaskOpenRestyConfigurator/app/main/util/validate.py +++ b/FlaskOpenRestyConfigurator/app/main/util/validate.py @@ -11,7 +11,7 @@ def validatePostBackendContent(payload): #check owner owner = payload['owner'] if not re.fullmatch(ownerRegex, owner): - return {"error" : "The owner name can only contain alphabetics and numerics with at least 30 chars. Also no @elixir.org prefix at the end please!"} + return {"error" : "The owner name can only contain alphabetics and numerics with at least 30 chars."} user_key_url = payload['user_key_url'] if not re.fullmatch(userKeyUrlRegex, user_key_url): diff --git a/examples/templates/cwlab%v01.conf b/examples/templates/cwlab%v01.conf index 42737bb..f46e933 100644 --- a/examples/templates/cwlab%v01.conf +++ b/examples/templates/cwlab%v01.conf @@ -14,7 +14,7 @@ end -- Protect this location and allow only one specific ELIXIR User - if (res.id_token.sub ~= "{{ owner }}@elixir-europe.org" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then + if (res.id_token.sub ~= "{{ owner }}" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then ngx.exit(ngx.HTTP_FORBIDDEN) end } diff --git a/examples/templates/cwlab%v02.conf b/examples/templates/cwlab%v02.conf index 6d5ae58..69f7243 100644 --- a/examples/templates/cwlab%v02.conf +++ b/examples/templates/cwlab%v02.conf @@ -31,7 +31,7 @@ end -- Protect this location and allow only one specific ELIXIR User - if (res.id_token.sub ~= "{{ owner }}@elixir-europe.org" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then + if (res.id_token.sub ~= "{{ owner }}" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then ngx.exit(ngx.HTTP_FORBIDDEN) end diff --git a/examples/templates/guacamole%v01.conf b/examples/templates/guacamole%v01.conf index 0a657f6..87b8bc3 100644 --- a/examples/templates/guacamole%v01.conf +++ b/examples/templates/guacamole%v01.conf @@ -14,7 +14,7 @@ location /{{ key_url }}/ { end -- Protect this location and allow only one specific ELIXIR User - if res.id_token.sub ~= "{{ owner }}@elixir-europe.org" then + if res.id_token.sub ~= "{{ owner }}" then ngx.exit(ngx.HTTP_FORBIDDEN) end } diff --git a/examples/templates/guacamole%v02.conf b/examples/templates/guacamole%v02.conf index 8047d8f..a6322a7 100644 --- a/examples/templates/guacamole%v02.conf +++ b/examples/templates/guacamole%v02.conf @@ -15,7 +15,7 @@ location /{{ key_url }}/ { end -- Protect this location and allow only one specific ELIXIR User - if (res.id_token.sub ~= "{{ owner }}@elixir-europe.org" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then + if (res.id_token.sub ~= "{{ owner }}" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then ngx.exit(ngx.HTTP_FORBIDDEN) end } diff --git a/examples/templates/guacamole%v03.conf b/examples/templates/guacamole%v03.conf index 28db7a1..11db89c 100644 --- a/examples/templates/guacamole%v03.conf +++ b/examples/templates/guacamole%v03.conf @@ -29,7 +29,7 @@ end -- Protect this location and allow only one specific ELIXIR User - if (res.id_token.sub ~= "{{ owner }}@elixir-europe.org" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then + if (res.id_token.sub ~= "{{ owner }} and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then ngx.exit(ngx.HTTP_FORBIDDEN) end diff --git a/examples/templates/jupyternotebook%v01.conf b/examples/templates/jupyternotebook%v01.conf index 13d66fb..5520449 100644 --- a/examples/templates/jupyternotebook%v01.conf +++ b/examples/templates/jupyternotebook%v01.conf @@ -13,7 +13,7 @@ location /{{ key_url }} { end -- Protect this location and allow only one specific ELIXIR User - if res.id_token.sub ~= "{{ owner }}@elixir-europe.org" then + if res.id_token.sub ~= "{{ owner }}" then ngx.exit(ngx.HTTP_FORBIDDEN) end } diff --git a/examples/templates/jupyternotebook%v02.conf b/examples/templates/jupyternotebook%v02.conf index 8ecfbf2..ff43a86 100644 --- a/examples/templates/jupyternotebook%v02.conf +++ b/examples/templates/jupyternotebook%v02.conf @@ -14,7 +14,7 @@ location /{{ key_url }} { end -- Protect this location and allow only one specific ELIXIR User - if (res.id_token.sub ~= "{{ owner }}@elixir-europe.org" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then + if (res.id_token.sub ~= "{{ owner }}" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then ngx.exit(ngx.HTTP_FORBIDDEN) end } diff --git a/examples/templates/jupyternotebook%v03.conf b/examples/templates/jupyternotebook%v03.conf index b3467d4..08b52f3 100644 --- a/examples/templates/jupyternotebook%v03.conf +++ b/examples/templates/jupyternotebook%v03.conf @@ -29,7 +29,7 @@ end -- Protect this location and allow only one specific ELIXIR User - if (res.id_token.sub ~= "{{ owner }}@elixir-europe.org" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then + if (res.id_token.sub ~= "{{ owner }}" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then ngx.exit(ngx.HTTP_FORBIDDEN) end diff --git a/examples/templates/rstudio%v02.conf b/examples/templates/rstudio%v02.conf index 5998d4b..c4de14e 100644 --- a/examples/templates/rstudio%v02.conf +++ b/examples/templates/rstudio%v02.conf @@ -11,7 +11,7 @@ end -- Protect this location and allow only one specific ELIXIR User - if res.id_token.sub ~= "{{ owner }}@elixir-europe.org" then + if res.id_token.sub ~= "{{ owner }}" then ngx.exit(ngx.HTTP_FORBIDDEN) end } diff --git a/examples/templates/rstudio%v03.conf b/examples/templates/rstudio%v03.conf index 82b4475..ab10668 100644 --- a/examples/templates/rstudio%v03.conf +++ b/examples/templates/rstudio%v03.conf @@ -14,7 +14,7 @@ end -- Protect this location and allow only one specific ELIXIR User - if (res.id_token.sub ~= "{{ owner }}@elixir-europe.org" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then + if (res.id_token.sub ~= "{{ owner }}" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then ngx.exit(ngx.HTTP_FORBIDDEN) end } diff --git a/examples/templates/rstudio%v04.conf b/examples/templates/rstudio%v04.conf index 8c46cd6..b2adfce 100644 --- a/examples/templates/rstudio%v04.conf +++ b/examples/templates/rstudio%v04.conf @@ -29,7 +29,7 @@ end -- Protect this location and allow only one specific ELIXIR User - if (res.id_token.sub ~= "{{ owner }}@elixir-europe.org" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then + if (res.id_token.sub ~= "{{ owner }}" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then ngx.exit(ngx.HTTP_FORBIDDEN) end diff --git a/examples/templates/theiaide%v01.conf b/examples/templates/theiaide%v01.conf index c23a181..814e0e2 100644 --- a/examples/templates/theiaide%v01.conf +++ b/examples/templates/theiaide%v01.conf @@ -12,7 +12,7 @@ end -- Protect this location and allow only one specific ELIXIR User - if res.id_token.sub ~= "{{ owner }}@elixir-europe.org" then + if res.id_token.sub ~= "{{ owner }}" then ngx.exit(ngx.HTTP_FORBIDDEN) end } diff --git a/examples/templates/theiaide%v02.conf b/examples/templates/theiaide%v02.conf index 7d032d4..3e8492d 100644 --- a/examples/templates/theiaide%v02.conf +++ b/examples/templates/theiaide%v02.conf @@ -14,7 +14,7 @@ end -- Protect this location and allow only one specific ELIXIR User - if (res.id_token.sub ~= "{{ owner }}@elixir-europe.org" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then + if (res.id_token.sub ~= "{{ owner }}" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then ngx.exit(ngx.HTTP_FORBIDDEN) end } diff --git a/examples/templates/theiaide%v03.conf b/examples/templates/theiaide%v03.conf index 458104a..7e079a1 100644 --- a/examples/templates/theiaide%v03.conf +++ b/examples/templates/theiaide%v03.conf @@ -30,7 +30,7 @@ end -- Protect this location and allow only one specific ELIXIR User - if (res.id_token.sub ~= "{{ owner }}@elixir-europe.org" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then + if (res.id_token.sub ~= "{{ owner }}" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then ngx.exit(ngx.HTTP_FORBIDDEN) end diff --git a/examples/templating_guide.md b/examples/templating_guide.md index 36b1fbc..2911786 100644 --- a/examples/templating_guide.md +++ b/examples/templating_guide.md @@ -39,7 +39,7 @@ This is an example Template for the research environment [RStudio](https://rstud end -- Protect this location and allow only one specific ELIXIR User - if res.id_token.sub ~= "{{ owner }}@elixir-europe.org" then + if res.id_token.sub ~= "{{ owner }}" then ngx.exit(ngx.HTTP_FORBIDDEN) end } @@ -60,19 +60,19 @@ FORC automatically reloads OpenResty after a change, so that those backends can In order to generate a backend from a template, you need to pass the following jinja2 variables: -| Variable | Description | Example | -| ------------- |:-------------:| -----:| -| key_url | The name of the URL subpath in which the service should be accessable. | myFavoriteRstudio | -| owner | Restrict access to service only to this ELIXIR AAI User (pass without @elixir mail prefix) | a9ffc9fb32e35f16d019a9acceeaa08e7ceehdue || +| Variable | Description | Example | +| ------------- |:-----------------------------------------------------------------------:| -----:| +| key_url | The name of the URL subpath in which the service should be accessable. | myFavoriteRstudio | +| owner | Restrict access to service only to this AAI User | a9ffc9fb32e35f16d019a9acceeaa08e7ceehdue || | location_url | The path to the service you would like to serve via FORC reverse proxy. | http://192.168.17.3:5000 | ### Example API Call -We want to register a new backend for an ELIXIR User with the following data: +We want to register a new backend for an User with the following data: * The research environment should be accessable via `https:///myRstudio`. FORC will actually add a unique ID as a suffix to avoid conflicts. The actual path would probably look like `/myRstudio_001/`. -* The owner has the ELIXIR ID `a9ffc9fb32e35f16d019a9acceeaa08e7ceehdue`. Again, don't pass in the rest of the ELIXIR ID (no @elixir-europe.org). Only this user is allowed to access the resource. +* The owner has the User ID `a9ffc9fb32e35f16d019a9acceeaa08e7ceehdue`. Only this user is allowed to access the resource. * The actual service is running at `http://192.168.17.3:5000`, we want to reverse proxy this location via FORC to the user. * The targeted service is a RStudio instance. * We want to use a specific version of the rstudio template: `v01`. From b1f87cff2be0aa156e01fb8ad0ab6d07798f02a5 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Tue, 22 Mar 2022 12:07:50 +0100 Subject: [PATCH 02/30] allow - --- FlaskOpenRestyConfigurator/app/main/util/validate.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/FlaskOpenRestyConfigurator/app/main/util/validate.py b/FlaskOpenRestyConfigurator/app/main/util/validate.py index f0a7d08..591d743 100644 --- a/FlaskOpenRestyConfigurator/app/main/util/validate.py +++ b/FlaskOpenRestyConfigurator/app/main/util/validate.py @@ -1,6 +1,6 @@ import re -ownerRegex = r"([a-z0-9]{30,})" +ownerRegex = r"([a-z0-9-]{30,})" userKeyUrlRegex = r"^[a-zA-Z0-9]{3,25}$" upstreamURLRegex = r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+" @@ -11,7 +11,7 @@ def validatePostBackendContent(payload): #check owner owner = payload['owner'] if not re.fullmatch(ownerRegex, owner): - return {"error" : "The owner name can only contain alphabetics and numerics with at least 30 chars."} + return {"error" : "The owner name can only contain alphabetics, numerics and - with at least 30 chars."} user_key_url = payload['user_key_url'] if not re.fullmatch(userKeyUrlRegex, user_key_url): From d2573a8f86c59c265ac2ee9f563b92b0b6cf91e4 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Wed, 12 Jul 2023 09:49:22 +0200 Subject: [PATCH 03/30] Update user.py --- FastapiOpenRestyConfigurator/app/main/service/user.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/FastapiOpenRestyConfigurator/app/main/service/user.py b/FastapiOpenRestyConfigurator/app/main/service/user.py index 9276e29..2fecef8 100644 --- a/FastapiOpenRestyConfigurator/app/main/service/user.py +++ b/FastapiOpenRestyConfigurator/app/main/service/user.py @@ -31,7 +31,7 @@ async def add_user(backend_id, user_id): backend_id = secure_filename(str(backend_id)) user_id = secure_filename(str(user_id)) user_id_path = f"{settings.FORC_USER_PATH}/{backend_id}" - user_file_name = f"{user_id}@elixir-europe.org" + user_file_name = f"{user_id}" if not os.path.exists(user_id_path): try: os.mkdir(user_id_path) @@ -56,7 +56,7 @@ async def delete_user(backend_id, user_id): backend_id = secure_filename(str(backend_id)) user_id = secure_filename(str(user_id)) user_id_path = f"{settings.FORC_USER_PATH}/{backend_id}" - user_file_name = f"{user_id}@elixir-europe.org" + user_file_name = f"{user_id}" user_file_path = f"{user_id_path}/{user_file_name}" if not os.path.exists(user_id_path): logger.exception(f"No user folder found for backend: {backend_id}.") From f2b4b605ff3aef9bab6c8186afed103f34b00cd1 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Wed, 12 Jul 2023 10:21:32 +0200 Subject: [PATCH 04/30] Update vscode%v03.conf --- examples/templates/vscode%v03.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/templates/vscode%v03.conf b/examples/templates/vscode%v03.conf index 458104a..aae021b 100644 --- a/examples/templates/vscode%v03.conf +++ b/examples/templates/vscode%v03.conf @@ -30,7 +30,7 @@ end -- Protect this location and allow only one specific ELIXIR User - if (res.id_token.sub ~= "{{ owner }}@elixir-europe.org" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then + if (res.id_token.sub ~= "{{ owner }}" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then ngx.exit(ngx.HTTP_FORBIDDEN) end @@ -59,4 +59,4 @@ add_header Referrer-Policy "same-origin" always; access_log logs/code.access.log; error_log logs/code.error.log; - } \ No newline at end of file + } From 0be7a698320ba7084cdbacfe705a58dab3d28782 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Mon, 17 Jul 2023 14:46:14 +0200 Subject: [PATCH 05/30] refactored for preseving @ --- FastapiOpenRestyConfigurator/app/main/service/user.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/FastapiOpenRestyConfigurator/app/main/service/user.py b/FastapiOpenRestyConfigurator/app/main/service/user.py index 2fecef8..934fc62 100644 --- a/FastapiOpenRestyConfigurator/app/main/service/user.py +++ b/FastapiOpenRestyConfigurator/app/main/service/user.py @@ -29,7 +29,13 @@ async def get_users(backend_id): async def add_user(backend_id, user_id): backend_id = secure_filename(str(backend_id)) - user_id = secure_filename(str(user_id)) + if "@" in user_id: + user_id_parts = user_id.split("@") + user_id_part1 = secure_filename(user_id_parts[0]) + user_id_part2 = secure_filename(user_id_parts[1]) + user_id = f"{user_id_part1}@{user_id_part2}" + else: + user_id = secure_filename(str(user_id)) user_id_path = f"{settings.FORC_USER_PATH}/{backend_id}" user_file_name = f"{user_id}" if not os.path.exists(user_id_path): From 10f25011794c905863130f4ebc26c97beb0b2db7 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Tue, 18 Jul 2023 11:31:04 +0200 Subject: [PATCH 06/30] allowed @ in owner --- FastapiOpenRestyConfigurator/app/main/model/serializers.py | 7 +++---- FlaskOpenRestyConfigurator/app/main/util/validate.py | 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/FastapiOpenRestyConfigurator/app/main/model/serializers.py b/FastapiOpenRestyConfigurator/app/main/model/serializers.py index 8ecb092..0c7a036 100644 --- a/FastapiOpenRestyConfigurator/app/main/model/serializers.py +++ b/FastapiOpenRestyConfigurator/app/main/model/serializers.py @@ -25,7 +25,7 @@ }, ] -owner_regex = r"([a-z0-9\-]{30,})" +ownerRegex = r"([a-z0-9-@]{30,})" user_key_url_regex = r"^[a-zA-Z0-9]{3,25}$" upstream_url_regex = r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+" @@ -37,7 +37,7 @@ class BackendBase(BaseModel): owner: str = Field( ..., title="Owner", - description="Owner of the backend without the @elixir.org suffix.", + description="Owner of the backend", example="21894723853fhdzug92" ) template: str = Field( @@ -61,8 +61,7 @@ def owner_validation(cls, v): :return: Value or AssertionError. """ assert re.fullmatch(owner_regex, v), \ - "The owner name can only contain alphabetics and numerics with at least 30 chars. " \ - "Also no @elixir.org prefix at the end please!" + "The owner name can only contain alphabetics,numerics and @ with at least 30 chars." return v diff --git a/FlaskOpenRestyConfigurator/app/main/util/validate.py b/FlaskOpenRestyConfigurator/app/main/util/validate.py index 591d743..601dc47 100644 --- a/FlaskOpenRestyConfigurator/app/main/util/validate.py +++ b/FlaskOpenRestyConfigurator/app/main/util/validate.py @@ -1,6 +1,6 @@ import re -ownerRegex = r"([a-z0-9-]{30,})" +ownerRegex = r"([a-z0-9-@]{30,})" userKeyUrlRegex = r"^[a-zA-Z0-9]{3,25}$" upstreamURLRegex = r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+" @@ -11,7 +11,7 @@ def validatePostBackendContent(payload): #check owner owner = payload['owner'] if not re.fullmatch(ownerRegex, owner): - return {"error" : "The owner name can only contain alphabetics, numerics and - with at least 30 chars."} + return {"error" : "The owner name can only contain alphabetics, numerics and @ - with at least 30 chars."} user_key_url = payload['user_key_url'] if not re.fullmatch(userKeyUrlRegex, user_key_url): From 42a58cbbebd7ddee97e644f3a8a31673d493e425 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Tue, 18 Jul 2023 11:39:02 +0200 Subject: [PATCH 07/30] fixed regex --- FastapiOpenRestyConfigurator/app/main/model/serializers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FastapiOpenRestyConfigurator/app/main/model/serializers.py b/FastapiOpenRestyConfigurator/app/main/model/serializers.py index 0c7a036..42be02f 100644 --- a/FastapiOpenRestyConfigurator/app/main/model/serializers.py +++ b/FastapiOpenRestyConfigurator/app/main/model/serializers.py @@ -25,7 +25,7 @@ }, ] -ownerRegex = r"([a-z0-9-@]{30,})" +owner_regex = r"([a-z0-9-@]{30,})" user_key_url_regex = r"^[a-zA-Z0-9]{3,25}$" upstream_url_regex = r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+" From e63be2b0e2fd8b8ea80b0d45506892f5ba1b0738 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Tue, 18 Jul 2023 12:02:38 +0200 Subject: [PATCH 08/30] fixed regex --- .../app/main/model/serializers.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/FastapiOpenRestyConfigurator/app/main/model/serializers.py b/FastapiOpenRestyConfigurator/app/main/model/serializers.py index 42be02f..d7e534c 100644 --- a/FastapiOpenRestyConfigurator/app/main/model/serializers.py +++ b/FastapiOpenRestyConfigurator/app/main/model/serializers.py @@ -54,15 +54,17 @@ class BackendBase(BaseModel): ) @validator("owner") - def owner_validation(cls, v): + def owner_validation(cls, owner): """ Validate owner string. - :param v: Value to assign to owner. + :param owner: Value to assign to owner. :return: Value or AssertionError. """ - assert re.fullmatch(owner_regex, v), \ - "The owner name can only contain alphabetics,numerics and @ with at least 30 chars." - return v + owner_regex = r'^[a-zA-Z0-9@]{30,}$' + if re.fullmatch(owner_regex, owner): + return owner + else: + raise AssertionError("The owner name can only contain alphabets, numerics, and '@' with at least 30 characters.") class BackendIn(BackendBase): @@ -149,7 +151,7 @@ class User(BaseModel): """ User model. """ - + user: str From 2ba9a5d25234de19cdf938ce7fc7e1991a90140b Mon Sep 17 00:00:00 2001 From: dweinholz Date: Tue, 18 Jul 2023 12:12:40 +0200 Subject: [PATCH 09/30] fixed regex --- FastapiOpenRestyConfigurator/app/main/model/serializers.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/FastapiOpenRestyConfigurator/app/main/model/serializers.py b/FastapiOpenRestyConfigurator/app/main/model/serializers.py index d7e534c..f4447db 100644 --- a/FastapiOpenRestyConfigurator/app/main/model/serializers.py +++ b/FastapiOpenRestyConfigurator/app/main/model/serializers.py @@ -25,7 +25,7 @@ }, ] -owner_regex = r"([a-z0-9-@]{30,})" +owner_regex = r'^[a-zA-Z0-9@]{30,}$' user_key_url_regex = r"^[a-zA-Z0-9]{3,25}$" upstream_url_regex = r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+" @@ -60,7 +60,6 @@ def owner_validation(cls, owner): :param owner: Value to assign to owner. :return: Value or AssertionError. """ - owner_regex = r'^[a-zA-Z0-9@]{30,}$' if re.fullmatch(owner_regex, owner): return owner else: From fb9cc3e96a43b5cbc35d08c935431d50d198a8d5 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Tue, 18 Jul 2023 14:18:09 +0200 Subject: [PATCH 10/30] fixed regex --- FastapiOpenRestyConfigurator/app/main/model/serializers.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/FastapiOpenRestyConfigurator/app/main/model/serializers.py b/FastapiOpenRestyConfigurator/app/main/model/serializers.py index f4447db..926498f 100644 --- a/FastapiOpenRestyConfigurator/app/main/model/serializers.py +++ b/FastapiOpenRestyConfigurator/app/main/model/serializers.py @@ -2,9 +2,10 @@ Serializers for incoming and outgoing models. """ import re - +import logging from pydantic import BaseModel, Field, validator +logger = logging.getLogger("validation") # Metadata for used tags. tags_metadata = [ { @@ -60,6 +61,7 @@ def owner_validation(cls, owner): :param owner: Value to assign to owner. :return: Value or AssertionError. """ + logger.info(f"Validate owner name -> {owner}") if re.fullmatch(owner_regex, owner): return owner else: From f7064d72a2aaeffb1112ec9beb7a78adb3989cc4 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Tue, 18 Jul 2023 14:25:38 +0200 Subject: [PATCH 11/30] fixed regex --- FastapiOpenRestyConfigurator/app/main/util/logging.py | 1 + 1 file changed, 1 insertion(+) diff --git a/FastapiOpenRestyConfigurator/app/main/util/logging.py b/FastapiOpenRestyConfigurator/app/main/util/logging.py index 8dc93d9..08f2a2b 100644 --- a/FastapiOpenRestyConfigurator/app/main/util/logging.py +++ b/FastapiOpenRestyConfigurator/app/main/util/logging.py @@ -26,6 +26,7 @@ "internal": {"handlers": ["default"], "level": settings.LOG_LEVEL}, "view": {"handlers": ["default"], "level": settings.LOG_LEVEL}, "service": {"handlers": ["default"], "level": settings.LOG_LEVEL}, + "validation": {"handlers": ["default"], "level": settings.LOG_LEVEL}, "util": {"handlers": ["default"], "level": settings.LOG_LEVEL} }, } From bc668d9e6f3edb007e0ece6ac41fc5ca6a6f67c6 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Tue, 18 Jul 2023 14:29:20 +0200 Subject: [PATCH 12/30] fixed regex --- FastapiOpenRestyConfigurator/app/main/util/logging.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/FastapiOpenRestyConfigurator/app/main/util/logging.py b/FastapiOpenRestyConfigurator/app/main/util/logging.py index 08f2a2b..8715ef7 100644 --- a/FastapiOpenRestyConfigurator/app/main/util/logging.py +++ b/FastapiOpenRestyConfigurator/app/main/util/logging.py @@ -21,6 +21,11 @@ "class": "logging.StreamHandler", "stream": "ext://sys.stderr", }, + "file": { + "formatter": "default", + "class": "logging.FileHandler", + "filename": "/var/log/all_forc_logs.log" + }, }, "loggers": { "internal": {"handlers": ["default"], "level": settings.LOG_LEVEL}, From 3d33a339fc52f775abf16c8030bd37d5970fa9eb Mon Sep 17 00:00:00 2001 From: dweinholz Date: Tue, 18 Jul 2023 14:35:20 +0200 Subject: [PATCH 13/30] fixed regex --- FastapiOpenRestyConfigurator/app/main/util/logging.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/FastapiOpenRestyConfigurator/app/main/util/logging.py b/FastapiOpenRestyConfigurator/app/main/util/logging.py index 8715ef7..ac2f748 100644 --- a/FastapiOpenRestyConfigurator/app/main/util/logging.py +++ b/FastapiOpenRestyConfigurator/app/main/util/logging.py @@ -28,10 +28,10 @@ }, }, "loggers": { - "internal": {"handlers": ["default"], "level": settings.LOG_LEVEL}, - "view": {"handlers": ["default"], "level": settings.LOG_LEVEL}, - "service": {"handlers": ["default"], "level": settings.LOG_LEVEL}, - "validation": {"handlers": ["default"], "level": settings.LOG_LEVEL}, - "util": {"handlers": ["default"], "level": settings.LOG_LEVEL} + "internal": {"handlers": ["default", "file"], "level": settings.LOG_LEVEL}, + "view": {"handlers": ["default", "file"], "level": settings.LOG_LEVEL}, + "service": {"handlers": ["default", "file"], "level": settings.LOG_LEVEL}, + "validation": {"handlers": ["default", "file"], "level": settings.LOG_LEVEL}, + "util": {"handlers": ["default", "file"], "level": settings.LOG_LEVEL} }, } From 316590d8b4223f0370d364e4990a555e7aa8ce07 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Tue, 18 Jul 2023 14:39:49 +0200 Subject: [PATCH 14/30] fixed regex --- FastapiOpenRestyConfigurator/app/main/model/serializers.py | 2 +- FlaskOpenRestyConfigurator/app/main/util/validate.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/FastapiOpenRestyConfigurator/app/main/model/serializers.py b/FastapiOpenRestyConfigurator/app/main/model/serializers.py index 926498f..e302a6a 100644 --- a/FastapiOpenRestyConfigurator/app/main/model/serializers.py +++ b/FastapiOpenRestyConfigurator/app/main/model/serializers.py @@ -26,7 +26,7 @@ }, ] -owner_regex = r'^[a-zA-Z0-9@]{30,}$' +owner_regex = r'^[a-zA-Z0-9@-]{30,}$' user_key_url_regex = r"^[a-zA-Z0-9]{3,25}$" upstream_url_regex = r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+" diff --git a/FlaskOpenRestyConfigurator/app/main/util/validate.py b/FlaskOpenRestyConfigurator/app/main/util/validate.py index 601dc47..7e4ccca 100644 --- a/FlaskOpenRestyConfigurator/app/main/util/validate.py +++ b/FlaskOpenRestyConfigurator/app/main/util/validate.py @@ -1,6 +1,6 @@ import re -ownerRegex = r"([a-z0-9-@]{30,})" +ownerRegex = r'^[a-zA-Z0-9@-]{30,}$' userKeyUrlRegex = r"^[a-zA-Z0-9]{3,25}$" upstreamURLRegex = r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+" From da42ada5efef77d3194e19bc8ae57443a6f5b12a Mon Sep 17 00:00:00 2001 From: dweinholz Date: Tue, 18 Jul 2023 14:44:21 +0200 Subject: [PATCH 15/30] fixed regex --- FastapiOpenRestyConfigurator/app/main/model/serializers.py | 2 +- FlaskOpenRestyConfigurator/app/main/util/validate.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/FastapiOpenRestyConfigurator/app/main/model/serializers.py b/FastapiOpenRestyConfigurator/app/main/model/serializers.py index e302a6a..56683ad 100644 --- a/FastapiOpenRestyConfigurator/app/main/model/serializers.py +++ b/FastapiOpenRestyConfigurator/app/main/model/serializers.py @@ -26,7 +26,7 @@ }, ] -owner_regex = r'^[a-zA-Z0-9@-]{30,}$' +owner_regex = r'^[a-zA-Z0-9@.-]{30,}$' user_key_url_regex = r"^[a-zA-Z0-9]{3,25}$" upstream_url_regex = r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+" diff --git a/FlaskOpenRestyConfigurator/app/main/util/validate.py b/FlaskOpenRestyConfigurator/app/main/util/validate.py index 7e4ccca..49fb5c5 100644 --- a/FlaskOpenRestyConfigurator/app/main/util/validate.py +++ b/FlaskOpenRestyConfigurator/app/main/util/validate.py @@ -1,6 +1,6 @@ import re -ownerRegex = r'^[a-zA-Z0-9@-]{30,}$' +ownerRegex = r'^[a-zA-Z0-9@.-]{30,}$' userKeyUrlRegex = r"^[a-zA-Z0-9]{3,25}$" upstreamURLRegex = r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+" From 8c475d9d4695de6a997441e7524a4316bd1cdcd3 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Thu, 3 Aug 2023 09:41:08 +0200 Subject: [PATCH 16/30] added emgb --- examples/templates/emgb%v01.conf | 62 ++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 examples/templates/emgb%v01.conf diff --git a/examples/templates/emgb%v01.conf b/examples/templates/emgb%v01.conf new file mode 100644 index 0000000..aae021b --- /dev/null +++ b/examples/templates/emgb%v01.conf @@ -0,0 +1,62 @@ + # PROTECT FIRST THEIA CONTAINER + location /{{ key_url }}/ { + set $session_cipher none; # don't need to encrypt the session content, it's an opaque identifier + set $session_storage shm; # use shared memory + set $session_cookie_persistent on; # persist cookie between browser sessions + set $session_cookie_renew 3500; # new cookie every hour + set $session_cookie_lifetime 86400; # lifetime for persistent cookies + set $session_name sess_auth; # name of the cookie to store the session identifier in + + set $session_shm_store sessions; # name of the dict to store sessions in + # See https://github.com/bungle/lua-resty-session#shared-dictionary-storage-adapter for the following options + set $session_shm_uselocking off; + set $session_shm_lock_exptime 3; + set $session_shm_lock_timeout 2; + set $session_shm_lock_step 0.001; + set $session_shm_lock_ratio 1; + set $session_shm_lock_max_step 0.5; + + set $user_path '{{ forc_backend_path }}/users/{{backend_id}}/'; + # Run this lua block, which checks if we are authenticated (again) und filters request by JWT (via id_token.sub) + access_by_lua_block { + local user_service = require("user_service") + -- Start actual openid authentication procedure + local res, err = require("resty.openidc").authenticate(opts2) + -- If it fails for some reason, escape via HTTP 500 + if err then + ngx.status = 500 + ngx.say(err) + ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) + end + + -- Protect this location and allow only one specific ELIXIR User + if (res.id_token.sub ~= "{{ owner }}" and not user_service.file_exists(ngx.var.user_path .. res.id_token.sub)) then + ngx.exit(ngx.HTTP_FORBIDDEN) + end + + ngx.req.set_header("X-Auth-Audience", res.id_token.aud) + ngx.req.set_header("X-Auth-Email", res.id_token.email) + ngx.req.set_header("X-Auth-ExpiresIn", res.id_token.exp) + ngx.req.set_header("X-Auth-Name", res.id_token.name) + ngx.req.set_header("X-Auth-Subject", res.id_token.sub) + ngx.req.set_header("X-Auth-Userid", res.id_token.preferred_username) + ngx.req.set_header("X-Auth-Username", res.id_token.preferred_username) + ngx.req.set_header("X-Auth-Locale", res.id_token.locale) + } + + # After check via lua-oidc is done, start reverse proxying this backend by configuring a billion headers. + rewrite /{{ key_url }}/(.*) /$1 break; + proxy_pass {{ location_url }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + client_max_body_size 0; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; + add_header Referrer-Policy "same-origin" always; + access_log logs/code.access.log; + error_log logs/code.error.log; + } From 847c205d15945ca2c9e7106e812a10eed80294bc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 10 Aug 2023 06:22:04 +0000 Subject: [PATCH 17/30] feat(Dependencies): Update dependency gunicorn to v21 | datasource | package | from | to | | ---------- | -------- | ------ | ------ | | pypi | gunicorn | 20.1.0 | 21.2.0 | --- FastapiOpenRestyConfigurator/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FastapiOpenRestyConfigurator/requirements.txt b/FastapiOpenRestyConfigurator/requirements.txt index 87bea46..a0e5e62 100644 --- a/FastapiOpenRestyConfigurator/requirements.txt +++ b/FastapiOpenRestyConfigurator/requirements.txt @@ -3,4 +3,4 @@ uvicorn==0.23.2 werkzeug==2.3.6 Jinja2==3.1.2 python-dotenv==1.0.0 -gunicorn==20.1.0 \ No newline at end of file +gunicorn==21.2.0 \ No newline at end of file From f2062fe28a7c7bbbabf0865dd318eb428057cd6a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:20:11 +0000 Subject: [PATCH 18/30] feat(Dependencies): Update dependency fastapi to v0.101.1 | datasource | package | from | to | | ---------- | ------- | ------- | ------- | | pypi | fastapi | 0.101.0 | 0.101.1 | --- FastapiOpenRestyConfigurator/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FastapiOpenRestyConfigurator/requirements.txt b/FastapiOpenRestyConfigurator/requirements.txt index a0e5e62..3a0a4ee 100644 --- a/FastapiOpenRestyConfigurator/requirements.txt +++ b/FastapiOpenRestyConfigurator/requirements.txt @@ -1,4 +1,4 @@ -fastapi==0.101.0 +fastapi==0.101.1 uvicorn==0.23.2 werkzeug==2.3.6 Jinja2==3.1.2 From e581d0c474b4cf0030d6b3ea382c327919968f0a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 26 Aug 2023 02:41:43 +0000 Subject: [PATCH 19/30] feat(Dependencies): Update python Docker tag to v3.11.5 | datasource | package | from | to | | ---------- | ------- | ------ | ------ | | docker | python | 3.11.4 | 3.11.5 | --- .python-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.python-version b/.python-version index 0c7d5f5..9ac3804 100755 --- a/.python-version +++ b/.python-version @@ -1 +1 @@ -3.11.4 +3.11.5 From 5469e028a3d35d75b80db66007fb863c665d3876 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 26 Aug 2023 19:10:44 +0000 Subject: [PATCH 20/30] feat(Dependencies): Update dependency fastapi to v0.103.0 | datasource | package | from | to | | ---------- | ------- | ------- | ------- | | pypi | fastapi | 0.101.1 | 0.103.0 | --- FastapiOpenRestyConfigurator/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FastapiOpenRestyConfigurator/requirements.txt b/FastapiOpenRestyConfigurator/requirements.txt index 3a0a4ee..9ec74a9 100644 --- a/FastapiOpenRestyConfigurator/requirements.txt +++ b/FastapiOpenRestyConfigurator/requirements.txt @@ -1,4 +1,4 @@ -fastapi==0.101.1 +fastapi==0.103.0 uvicorn==0.23.2 werkzeug==2.3.6 Jinja2==3.1.2 From 1be4acb2c9ac8e7ee7d3a8afbc05441e8f7a5720 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 28 Aug 2023 06:32:03 +0000 Subject: [PATCH 21/30] feat(Dependencies): Update dependency werkzeug to v2.3.7 | datasource | package | from | to | | ---------- | -------- | ----- | ----- | | pypi | werkzeug | 2.3.6 | 2.3.7 | --- FastapiOpenRestyConfigurator/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FastapiOpenRestyConfigurator/requirements.txt b/FastapiOpenRestyConfigurator/requirements.txt index 9ec74a9..43bf4da 100644 --- a/FastapiOpenRestyConfigurator/requirements.txt +++ b/FastapiOpenRestyConfigurator/requirements.txt @@ -1,6 +1,6 @@ fastapi==0.103.0 uvicorn==0.23.2 -werkzeug==2.3.6 +werkzeug==2.3.7 Jinja2==3.1.2 python-dotenv==1.0.0 gunicorn==21.2.0 \ No newline at end of file From 3226fbdddecc024a2c318e45d46718ee61202231 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Wed, 30 Aug 2023 15:57:41 +0200 Subject: [PATCH 22/30] fixed req --- FastapiOpenRestyConfigurator/requirements.txt | 4 ---- 1 file changed, 4 deletions(-) diff --git a/FastapiOpenRestyConfigurator/requirements.txt b/FastapiOpenRestyConfigurator/requirements.txt index c6d0654..7fdcba0 100644 --- a/FastapiOpenRestyConfigurator/requirements.txt +++ b/FastapiOpenRestyConfigurator/requirements.txt @@ -3,9 +3,5 @@ uvicorn==0.23.2 werkzeug==2.3.7 Jinja2==3.1.2 python-dotenv==1.0.0 -<<<<<<< HEAD gunicorn==21.2.0 -======= -gunicorn==20.1.0 pydantic-settings ->>>>>>> master From db052f3b1c5123fa84f089936db8e88676888f6a Mon Sep 17 00:00:00 2001 From: dweinholz Date: Thu, 31 Aug 2023 09:27:22 +0200 Subject: [PATCH 23/30] Update requirements.txt --- FastapiOpenRestyConfigurator/requirements.txt | 4 ---- 1 file changed, 4 deletions(-) diff --git a/FastapiOpenRestyConfigurator/requirements.txt b/FastapiOpenRestyConfigurator/requirements.txt index c6d0654..7fdcba0 100644 --- a/FastapiOpenRestyConfigurator/requirements.txt +++ b/FastapiOpenRestyConfigurator/requirements.txt @@ -3,9 +3,5 @@ uvicorn==0.23.2 werkzeug==2.3.7 Jinja2==3.1.2 python-dotenv==1.0.0 -<<<<<<< HEAD gunicorn==21.2.0 -======= -gunicorn==20.1.0 pydantic-settings ->>>>>>> master From 84d8116542d2d17543db55eab01c1362a9b4d69e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 2 Sep 2023 18:07:31 +0000 Subject: [PATCH 24/30] feat(Dependencies): Update dependency fastapi to v0.103.1 | datasource | package | from | to | | ---------- | ------- | ------- | ------- | | pypi | fastapi | 0.103.0 | 0.103.1 | --- FastapiOpenRestyConfigurator/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FastapiOpenRestyConfigurator/requirements.txt b/FastapiOpenRestyConfigurator/requirements.txt index 7fdcba0..fdb5d31 100644 --- a/FastapiOpenRestyConfigurator/requirements.txt +++ b/FastapiOpenRestyConfigurator/requirements.txt @@ -1,4 +1,4 @@ -fastapi==0.103.0 +fastapi==0.103.1 uvicorn==0.23.2 werkzeug==2.3.7 Jinja2==3.1.2 From 8bf224ad6b1dd8d2d94ee24fe524ece87aae6f55 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 28 Sep 2023 23:01:51 +0000 Subject: [PATCH 25/30] feat(Dependencies): Update dependency fastapi to v0.103.2 | datasource | package | from | to | | ---------- | ------- | ------- | ------- | | pypi | fastapi | 0.103.1 | 0.103.2 | --- FastapiOpenRestyConfigurator/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FastapiOpenRestyConfigurator/requirements.txt b/FastapiOpenRestyConfigurator/requirements.txt index fdb5d31..e1abb00 100644 --- a/FastapiOpenRestyConfigurator/requirements.txt +++ b/FastapiOpenRestyConfigurator/requirements.txt @@ -1,4 +1,4 @@ -fastapi==0.103.1 +fastapi==0.103.2 uvicorn==0.23.2 werkzeug==2.3.7 Jinja2==3.1.2 From feedecbe941baa27289db2ae065511c52437022b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 03:32:11 +0000 Subject: [PATCH 26/30] feat(Dependencies): Update python Docker tag to v3.11.6 | datasource | package | from | to | | ---------- | ------- | ------ | ------ | | docker | python | 3.11.5 | 3.11.6 | --- .python-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.python-version b/.python-version index 9ac3804..375f5ca 100755 --- a/.python-version +++ b/.python-version @@ -1 +1 @@ -3.11.5 +3.11.6 From 6eb7c976aeb9ae32b968dce9b1bfa49a924c4250 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 07:09:33 +0000 Subject: [PATCH 27/30] feat(Dependencies): Update python Docker tag to v3.12.0 | datasource | package | from | to | | ---------- | ------- | ------ | ------ | | docker | python | 3.11.6 | 3.12.0 | --- .python-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.python-version b/.python-version index 375f5ca..92536a9 100755 --- a/.python-version +++ b/.python-version @@ -1 +1 @@ -3.11.6 +3.12.0 From f1d18a03a3dbf094349cf7a13accbbf91b394656 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 4 Oct 2023 10:05:40 +0000 Subject: [PATCH 28/30] feat(Dependencies): Update actions/checkout action to v4 | datasource | package | from | to | | ----------- | ---------------- | ---- | -- | | github-tags | actions/checkout | v3 | v4 | --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 2c0ed14..2662671 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL From 8e7c182330c8a0dc86f2ffc9f20c66b8f12d28e0 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Mon, 9 Oct 2023 12:05:29 +0200 Subject: [PATCH 29/30] fixed backend file names --- FastapiOpenRestyConfigurator/app/main/service/backend.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/FastapiOpenRestyConfigurator/app/main/service/backend.py b/FastapiOpenRestyConfigurator/app/main/service/backend.py index 78f697e..a7a83f7 100644 --- a/FastapiOpenRestyConfigurator/app/main/service/backend.py +++ b/FastapiOpenRestyConfigurator/app/main/service/backend.py @@ -21,8 +21,8 @@ async def random_with_n_digits(n): - range_start = 10**(n-1) - range_end = (10**n)-1 + range_start = 10 ** (n - 1) + range_end = (10 ** n) - 1 return randint(range_start, range_end) @@ -95,7 +95,7 @@ async def create_backend(payload: BackendIn): raise InternalServerError("Server tried to create duplicate backend.") # create backend file in filesystem - filename = f"{payload.id}%{payload.owner}%{payload.location_url}%{payload.template}%{payload.template_version}.conf" + filename = f"{payload.id}%{payload.owner.split('@')[0]}%{payload.location_url}%{payload.template}%{payload.template_version}.conf" with open(f"{settings.FORC_BACKEND_PATH}/{filename}", 'w') as backend_file: backend_file.write(backend_file_contents) From 7526c84eda2b7e879f4ae1e574ac1648c3d46aaa Mon Sep 17 00:00:00 2001 From: dweinholz Date: Mon, 9 Oct 2023 12:48:20 +0200 Subject: [PATCH 30/30] fixed regex --- FastapiOpenRestyConfigurator/app/main/service/backend.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/FastapiOpenRestyConfigurator/app/main/service/backend.py b/FastapiOpenRestyConfigurator/app/main/service/backend.py index a7a83f7..f655a5c 100644 --- a/FastapiOpenRestyConfigurator/app/main/service/backend.py +++ b/FastapiOpenRestyConfigurator/app/main/service/backend.py @@ -17,12 +17,11 @@ logger = logging.getLogger("service") settings = get_settings() -file_regex = r"(\d*)%([a-z0-9\-]*)%([^%]*)%([^%]*)%([^%]*)\.conf" - +file_regex = r"(\d*)%([a-z0-9\-\@]*)%([^%]*)%([^%]*)%([^%]*)\.conf" async def random_with_n_digits(n): - range_start = 10 ** (n - 1) - range_end = (10 ** n) - 1 + range_start = 10**(n-1) + range_end = (10**n)-1 return randint(range_start, range_end) @@ -95,7 +94,7 @@ async def create_backend(payload: BackendIn): raise InternalServerError("Server tried to create duplicate backend.") # create backend file in filesystem - filename = f"{payload.id}%{payload.owner.split('@')[0]}%{payload.location_url}%{payload.template}%{payload.template_version}.conf" + filename = f"{payload.id}%{payload.owner}%{payload.location_url}%{payload.template}%{payload.template_version}.conf" with open(f"{settings.FORC_BACKEND_PATH}/{filename}", 'w') as backend_file: backend_file.write(backend_file_contents)