From 8bd37c0ead6975f503300c6c1597330be1769e48 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 4 Jan 2023 07:40:37 +0100 Subject: [PATCH 1/6] added some notes to required variables to change --- README.md | 2 +- docker-compose.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4e96236..ed3aa43 100644 --- a/README.md +++ b/README.md @@ -109,7 +109,7 @@ Goto [`docker-compose.yml`](docker-compose.yml) for more advanced example. version: '3.9' x-dls-variables: &dls-variables - DLS_URL: localhost # REQUIRED + DLS_URL: localhost # REQUIRED, change to your ip or hostname DLS_PORT: 443 LEASE_EXPIRE_DAYS: 90 DATABASE: sqlite:////app/database/db.sqlite diff --git a/docker-compose.yml b/docker-compose.yml index 77dcc07..2ebd525 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ version: '3.9' x-dls-variables: &dls-variables - DLS_URL: localhost # REQUIRED + DLS_URL: localhost # REQUIRED, change to your ip or hostname DLS_PORT: 443 # must match nginx listen port LEASE_EXPIRE_DAYS: 90 DATABASE: sqlite:////app/database/db.sqlite From b839e6c2b33085f494a88d09c201e977b96cb467 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 4 Jan 2023 10:04:52 +0100 Subject: [PATCH 2/6] code styling - replaced 'json.loads' with 'json_loads' - shortened 'JSONResponse' to 'JSONr' - shortened 'HTMLResponse' to 'HTMLr' - replaced HTTPException with JsonResponses - added some error handing for invalid tokens --- app/main.py | 82 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 46 insertions(+), 36 deletions(-) diff --git a/app/main.py b/app/main.py index 7569522..d570b8e 100644 --- a/app/main.py +++ b/app/main.py @@ -6,16 +6,16 @@ from os.path import join, dirname from os import getenv as env from dotenv import load_dotenv -from fastapi import FastAPI, HTTPException +from fastapi import FastAPI from fastapi.requests import Request -import json +from json import loads as json_loads from datetime import datetime from dateutil.relativedelta import relativedelta from calendar import timegm -from jose import jws, jwk, jwt +from jose import jws, jwk, jwt, JWTError from jose.constants import ALGORITHMS from starlette.middleware.cors import CORSMiddleware -from starlette.responses import StreamingResponse, JSONResponse, HTMLResponse, Response, RedirectResponse +from starlette.responses import StreamingResponse, JSONResponse as JSONr, HTMLResponse as HTMLr, Response, RedirectResponse from sqlalchemy import create_engine from sqlalchemy.orm import sessionmaker @@ -78,12 +78,12 @@ async def _index(): @app.get('/-/health', summary='* Health') async def _health(request: Request): - return JSONResponse({'status': 'up'}) + return JSONr({'status': 'up'}) @app.get('/-/config', summary='* Config', description='returns environment variables.') async def _config(): - return JSONResponse({ + return JSONr({ 'VERSION': str(VERSION), 'COMMIT': str(COMMIT), 'DEBUG': str(DEBUG), @@ -91,7 +91,7 @@ async def _config(): 'DLS_PORT': str(DLS_PORT), 'SITE_KEY_XID': str(SITE_KEY_XID), 'INSTANCE_REF': str(INSTANCE_REF), - 'ALLOTMENT_REF': [ALLOTMENT_REF], + 'ALLOTMENT_REF': [str(ALLOTMENT_REF)], 'TOKEN_EXPIRE_DELTA': str(TOKEN_EXPIRE_DELTA), 'LEASE_EXPIRE_DELTA': str(LEASE_EXPIRE_DELTA), 'LEASE_RENEWAL_PERIOD': str(LEASE_RENEWAL_PERIOD), @@ -103,7 +103,7 @@ async def _config(): async def _readme(): from markdown import markdown content = load_file('../README.md').decode('utf-8') - return HTMLResponse(markdown(text=content, extensions=['tables', 'fenced_code', 'md_in_html', 'nl2br', 'toc'])) + return HTMLr(markdown(text=content, extensions=['tables', 'fenced_code', 'md_in_html', 'nl2br', 'toc'])) @app.get('/-/manage', summary='* Management UI') @@ -137,7 +137,7 @@ async def _manage(request: Request): ''' - return HTMLResponse(response) + return HTMLr(response) @app.get('/-/origins', summary='* Origins') @@ -150,7 +150,7 @@ async def _origins(request: Request, leases: bool = False): x['leases'] = list(map(lambda _: _.serialize(), Lease.find_by_origin_ref(db, origin.origin_ref))) response.append(x) session.close() - return JSONResponse(response) + return JSONr(response) @app.delete('/-/origins', summary='* Origins') @@ -170,14 +170,14 @@ async def _leases(request: Request, origin: bool = False): x['origin'] = session.query(Origin).filter(Origin.origin_ref == lease.origin_ref).first().serialize() response.append(x) session.close() - return JSONResponse(response) + return JSONr(response) @app.delete('/-/lease/{lease_ref}', summary='* Lease') async def _lease_delete(request: Request, lease_ref: str): if Lease.delete(db, lease_ref) == 1: return Response(status_code=201) - raise HTTPException(status_code=404, detail='lease not found') + return JSONr(status_code=404, content={'status': 404, 'detail': 'lease not found'}) # venv/lib/python3.9/site-packages/nls_core_service_instance/service_instance_token_manager.py @@ -229,7 +229,7 @@ async def _client_token(): # venv/lib/python3.9/site-packages/nls_services_auth/test/test_origins_controller.py @app.post('/auth/v1/origin', description='find or create an origin') async def auth_v1_origin(request: Request): - j, cur_time = json.loads((await request.body()).decode('utf-8')), datetime.utcnow() + j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow() origin_ref = j.get('candidate_origin_ref') logging.info(f'> [ origin ]: {origin_ref}: {j}') @@ -253,13 +253,13 @@ async def auth_v1_origin(request: Request): "sync_timestamp": cur_time.isoformat() } - return JSONResponse(response) + return JSONr(response) # venv/lib/python3.9/site-packages/nls_services_auth/test/test_origins_controller.py @app.post('/auth/v1/origin/update', description='update an origin evidence') async def auth_v1_origin_update(request: Request): - j, cur_time = json.loads((await request.body()).decode('utf-8')), datetime.utcnow() + j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow() origin_ref = j.get('origin_ref') logging.info(f'> [ update ]: {origin_ref}: {j}') @@ -279,14 +279,14 @@ async def auth_v1_origin_update(request: Request): "sync_timestamp": cur_time.isoformat() } - return JSONResponse(response) + return JSONr(response) # venv/lib/python3.9/site-packages/nls_services_auth/test/test_auth_controller.py # venv/lib/python3.9/site-packages/nls_core_auth/auth.py - CodeResponse @app.post('/auth/v1/code', description='get an authorization code') async def auth_v1_code(request: Request): - j, cur_time = json.loads((await request.body()).decode('utf-8')), datetime.utcnow() + j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow() origin_ref = j.get('origin_ref') logging.info(f'> [ code ]: {origin_ref}: {j}') @@ -311,22 +311,27 @@ async def auth_v1_code(request: Request): "prompts": None } - return JSONResponse(response) + return JSONr(response) # venv/lib/python3.9/site-packages/nls_services_auth/test/test_auth_controller.py # venv/lib/python3.9/site-packages/nls_core_auth/auth.py - TokenResponse @app.post('/auth/v1/token', description='exchange auth code and verifier for token') async def auth_v1_token(request: Request): - j, cur_time = json.loads((await request.body()).decode('utf-8')), datetime.utcnow() - payload = jwt.decode(token=j.get('auth_code'), key=jwt_decode_key) + j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow() + + try: + payload = jwt.decode(token=j.get('auth_code'), key=jwt_decode_key) + except JWTError as e: + return JSONr(status_code=400, content={'status': 400, 'title': 'invalid token', 'detail': str(e)}) origin_ref = payload.get('origin_ref') logging.info(f'> [ auth ]: {origin_ref}: {j}') # validate the code challenge - if payload.get('challenge') != b64enc(sha256(j.get('code_verifier').encode('utf-8')).digest()).rstrip(b'=').decode('utf-8'): - raise HTTPException(status_code=401, detail='expected challenge did not match verifier') + challenge = b64enc(sha256(j.get('code_verifier').encode('utf-8')).digest()).rstrip(b'=').decode('utf-8') + if payload.get('challenge') != challenge: + raise JSONr(status_code=401, content={'status': 401, 'detail': 'expected challenge did not match verifier'}) access_expires_on = cur_time + TOKEN_EXPIRE_DELTA @@ -349,13 +354,18 @@ async def auth_v1_token(request: Request): "sync_timestamp": cur_time.isoformat(), } - return JSONResponse(response) + return JSONr(response) # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py @app.post('/leasing/v1/lessor', description='request multiple leases (borrow) for current origin') async def leasing_v1_lessor(request: Request): - j, token, cur_time = json.loads((await request.body()).decode('utf-8')), __get_token(request), datetime.utcnow() + j, token, cur_time = json_loads((await request.body()).decode('utf-8')), __get_token(request), datetime.utcnow() + + try: + token = __get_token(request) + except JWTError: + return JSONr(status_code=401, content={'status': 401, 'detail': 'token is not valid'}) origin_ref = token.get('origin_ref') scope_ref_list = j.get('scope_ref_list') @@ -364,7 +374,7 @@ async def leasing_v1_lessor(request: Request): lease_result_list = [] for scope_ref in scope_ref_list: # if scope_ref not in [ALLOTMENT_REF]: - # raise HTTPException(status_code=500, detail=f'no service instances found for scopes: ["{scope_ref}"]') + # raise JSONr(status_code=500, detail=f'no service instances found for scopes: ["{scope_ref}"]') lease_ref = str(uuid4()) expires = cur_time + LEASE_EXPIRE_DELTA @@ -391,7 +401,7 @@ async def leasing_v1_lessor(request: Request): "prompts": None } - return JSONResponse(response) + return JSONr(response) # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py @@ -411,7 +421,7 @@ async def leasing_v1_lessor_lease(request: Request): "prompts": None } - return JSONResponse(response) + return JSONr(response) # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_single_controller.py @@ -425,7 +435,7 @@ async def leasing_v1_lease_renew(request: Request, lease_ref: str): entity = Lease.find_by_origin_ref_and_lease_ref(db, origin_ref, lease_ref) if entity is None: - raise HTTPException(status_code=404, detail='requested lease not available') + return JSONr(status_code=404, content={'status': 404, 'detail': 'requested lease not available'}) expires = cur_time + LEASE_EXPIRE_DELTA response = { @@ -439,7 +449,7 @@ async def leasing_v1_lease_renew(request: Request, lease_ref: str): Lease.renew(db, entity, expires, cur_time) - return JSONResponse(response) + return JSONr(response) # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_single_controller.py @@ -452,12 +462,12 @@ async def leasing_v1_lease_delete(request: Request, lease_ref: str): entity = Lease.find_by_lease_ref(db, lease_ref) if entity.origin_ref != origin_ref: - raise HTTPException(status_code=403, detail='access or operation forbidden') + return JSONr(status_code=403, content={'status': 403, 'detail': 'access or operation forbidden'}) if entity is None: - raise HTTPException(status_code=404, detail='requested lease not available') + return JSONr(status_code=404, content={'status': 404, 'detail': 'requested lease not available'}) if Lease.delete(db, lease_ref) == 0: - raise HTTPException(status_code=404, detail='lease not found') + return JSONr(status_code=404, content={'status': 404, 'detail': 'lease not found'}) response = { "lease_ref": lease_ref, @@ -465,7 +475,7 @@ async def leasing_v1_lease_delete(request: Request, lease_ref: str): "sync_timestamp": cur_time.isoformat(), } - return JSONResponse(response) + return JSONr(response) # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py @@ -486,12 +496,12 @@ async def leasing_v1_lessor_lease_remove(request: Request): "prompts": None } - return JSONResponse(response) + return JSONr(response) @app.post('/leasing/v1/lessor/shutdown', description='shutdown all leases') async def leasing_v1_lessor_shutdown(request: Request): - j, cur_time = json.loads((await request.body()).decode('utf-8')), datetime.utcnow() + j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow() token = j.get('token') token = jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False}) @@ -508,7 +518,7 @@ async def leasing_v1_lessor_shutdown(request: Request): "prompts": None } - return JSONResponse(response) + return JSONr(response) if __name__ == '__main__': From 6c9ea63dc14bc141e26f6d841ff5e95b911c29f3 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 4 Jan 2023 10:08:17 +0100 Subject: [PATCH 3/6] added variable for TOKEN_EXPIRE_DELTA --- README.md | 1 + app/main.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ed3aa43..e97b8df 100644 --- a/README.md +++ b/README.md @@ -290,6 +290,7 @@ After first success you have to replace `--issue` with `--renew`. | `DEBUG` | `false` | Toggles `fastapi` debug mode | | `DLS_URL` | `localhost` | Used in client-token to tell guest driver where dls instance is reachable | | `DLS_PORT` | `443` | Used in client-token to tell guest driver where dls instance is reachable | +| `TOKEN_EXPIRE_DAYS` | `1` | Client auth-token validity (used for authenticate client against api, **not `.tok` file!**) | | `LEASE_EXPIRE_DAYS` | `90` | Lease time in days | | `LEASE_RENEWAL_PERIOD` | `0.15` | The percentage of the lease period that must elapse before a licensed client can renew a license \*1 | | `DATABASE` | `sqlite:///db.sqlite` | See [official SQLAlchemy docs](https://docs.sqlalchemy.org/en/14/core/engines.html) | diff --git a/app/main.py b/app/main.py index d570b8e..d688768 100644 --- a/app/main.py +++ b/app/main.py @@ -40,7 +40,7 @@ INSTANCE_REF = str(env('INSTANCE_REF', '10000000-0000-0000-0000-000000000001')) ALLOTMENT_REF = str(env('ALLOTMENT_REF', '20000000-0000-0000-0000-000000000001')) INSTANCE_KEY_RSA = load_key(str(env('INSTANCE_KEY_RSA', join(dirname(__file__), 'cert/instance.private.pem')))) INSTANCE_KEY_PUB = load_key(str(env('INSTANCE_KEY_PUB', join(dirname(__file__), 'cert/instance.public.pem')))) -TOKEN_EXPIRE_DELTA = relativedelta(hours=1) # days=1 +TOKEN_EXPIRE_DELTA = relativedelta(days=int(env('TOKEN_EXPIRE_DAYS', 1)), hours=int(env('TOKEN_EXPIRE_HOURS', 0))) LEASE_EXPIRE_DELTA = relativedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0))) LEASE_RENEWAL_PERIOD = float(env('LEASE_RENEWAL_PERIOD', 0.15)) CORS_ORIGINS = str(env('CORS_ORIGINS', '')).split(',') if (env('CORS_ORIGINS')) else [f'https://{DLS_URL}'] From 32b05808c451f75575f205478d2a8da26585e9ad Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 4 Jan 2023 10:14:00 +0100 Subject: [PATCH 4/6] fixed "return" instead of "raise" --- app/main.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/main.py b/app/main.py index d688768..3bb2a3a 100644 --- a/app/main.py +++ b/app/main.py @@ -331,7 +331,7 @@ async def auth_v1_token(request: Request): # validate the code challenge challenge = b64enc(sha256(j.get('code_verifier').encode('utf-8')).digest()).rstrip(b'=').decode('utf-8') if payload.get('challenge') != challenge: - raise JSONr(status_code=401, content={'status': 401, 'detail': 'expected challenge did not match verifier'}) + return JSONr(status_code=401, content={'status': 401, 'detail': 'expected challenge did not match verifier'}) access_expires_on = cur_time + TOKEN_EXPIRE_DELTA @@ -374,7 +374,7 @@ async def leasing_v1_lessor(request: Request): lease_result_list = [] for scope_ref in scope_ref_list: # if scope_ref not in [ALLOTMENT_REF]: - # raise JSONr(status_code=500, detail=f'no service instances found for scopes: ["{scope_ref}"]') + # return JSONr(status_code=500, detail=f'no service instances found for scopes: ["{scope_ref}"]') lease_ref = str(uuid4()) expires = cur_time + LEASE_EXPIRE_DELTA From 5f5569a0c7e3f078a4ecb656d8c317e097784b41 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 4 Jan 2023 11:02:54 +0100 Subject: [PATCH 5/6] improved debian installation --- .DEBIAN/env.default | 27 ++++++++++++ .DEBIAN/fastapi-dls.service | 25 +++++++++++ .DEBIAN/postinst | 87 +++++-------------------------------- .gitlab-ci.yml | 6 ++- 4 files changed, 69 insertions(+), 76 deletions(-) create mode 100644 .DEBIAN/env.default create mode 100644 .DEBIAN/fastapi-dls.service diff --git a/.DEBIAN/env.default b/.DEBIAN/env.default new file mode 100644 index 0000000..835f29e --- /dev/null +++ b/.DEBIAN/env.default @@ -0,0 +1,27 @@ +# Toggle debug mode +#DEBUG=false + +# Where the client can find the DLS server +DLS_URL=127.0.0.1 +DLS_PORT=443 + +# CORS configuration +## comma separated list without spaces +#CORS_ORIGINS="https://$DLS_URL:$DLS_PORT" + +# Lease expiration in days +LEASE_EXPIRE_DAYS=90 +LEASE_RENEWAL_PERIOD=0.2 + +# Database location +## https://docs.sqlalchemy.org/en/14/core/engines.html +DATABASE=sqlite:////etc/fastapi-dls/db.sqlite + +# UUIDs for identifying the instance +#SITE_KEY_XID="00000000-0000-0000-0000-000000000000" +#INSTANCE_REF="10000000-0000-0000-0000-000000000001" +#ALLOTMENT_REF="20000000-0000-0000-0000-000000000001" + +# Site-wide signing keys +INSTANCE_KEY_RSA=/etc/fastapi-dls/instance.private.pem +INSTANCE_KEY_PUB=/etc/fastapi-dls/instance.public.pem diff --git a/.DEBIAN/fastapi-dls.service b/.DEBIAN/fastapi-dls.service new file mode 100644 index 0000000..368d494 --- /dev/null +++ b/.DEBIAN/fastapi-dls.service @@ -0,0 +1,25 @@ +[Unit] +Description=Service for fastapi-dls +Documentation=https://git.collinwebdesigns.de/oscar.krause/fastapi-dls +After=network.target + +[Service] +User=www-data +Group=www-data +AmbientCapabilities=CAP_NET_BIND_SERVICE +WorkingDirectory=/usr/share/fastapi-dls/app +EnvironmentFile=/etc/fastapi-dls/env +ExecStart=uvicorn main:app \ + --env-file /etc/fastapi-dls/env \ + --host $DLS_URL --port $DLS_PORT \ + --app-dir /usr/share/fastapi-dls/app \ + --ssl-keyfile /etc/fastapi-dls/webserver.key \ + --ssl-certfile /etc/fastapi-dls/webserver.crt \ + --proxy-headers +Restart=always +KillSignal=SIGQUIT +Type=simple +NotifyAccess=all + +[Install] +WantedBy=multi-user.target diff --git a/.DEBIAN/postinst b/.DEBIAN/postinst index d4ceee0..5624d34 100644 --- a/.DEBIAN/postinst +++ b/.DEBIAN/postinst @@ -3,89 +3,26 @@ WORKING_DIR=/usr/share/fastapi-dls CONFIG_DIR=/etc/fastapi-dls -echo "> Create config directory ..." -mkdir -p $CONFIG_DIR - -# normally we would define services in `conffiles` and as separate file, but we like to keep thinks simple. -echo "> Install service ..." -cat </etc/systemd/system/fastapi-dls.service -[Unit] -Description=Service for fastapi-dls -Documentation=https://git.collinwebdesigns.de/oscar.krause/fastapi-dls -After=network.target - -[Service] -User=www-data -Group=www-data -AmbientCapabilities=CAP_NET_BIND_SERVICE -WorkingDirectory=$WORKING_DIR/app -EnvironmentFile=$CONFIG_DIR/env -ExecStart=uvicorn main:app \\ - --env-file /etc/fastapi-dls/env \\ - --host \$DLS_URL --port \$DLS_PORT \\ - --app-dir $WORKING_DIR/app \\ - --ssl-keyfile /etc/fastapi-dls/webserver.key \\ - --ssl-certfile /etc/fastapi-dls/webserver.crt \\ - --proxy-headers -Restart=always -KillSignal=SIGQUIT -Type=simple -NotifyAccess=all - -[Install] -WantedBy=multi-user.target - -EOF - -systemctl daemon-reload - -# normally we would define configfiles in `conffiles` and as separate file, but we like to keep thinks simple. -if [[ ! -f $CONFIG_DIR/env ]]; then - echo "> Writing initial config ..." - touch $CONFIG_DIR/env - cat <$CONFIG_DIR/env -# Toggle debug mode -#DEBUG=false - -# Where the client can find the DLS server -DLS_URL=127.0.0.1 -DLS_PORT=443 - -# CORS configuration -## comma separated list without spaces -#CORS_ORIGINS="https://$DLS_URL:$DLS_PORT" - -# Lease expiration in days -LEASE_EXPIRE_DAYS=90 - -# Database location -## https://docs.sqlalchemy.org/en/14/core/engines.html -DATABASE=sqlite:///$CONFIG_DIR/db.sqlite - -# UUIDs for identifying the instance -#SITE_KEY_XID="00000000-0000-0000-0000-000000000000" -#INSTANCE_REF="00000000-0000-0000-0000-000000000000" - -# Site-wide signing keys -INSTANCE_KEY_RSA=$CONFIG_DIR/instance.private.pem -INSTANCE_KEY_PUB=$CONFIG_DIR/instance.public.pem - -EOF +if [[ ! -f $CONFIG_DIR/instance.private.pem ]]; then + echo "> Create dls-instance keypair ..." + openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048 + openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem +else + echo "> Create dls-instance keypair skipped! (exists)" fi -echo "> Create dls-instance keypair ..." -openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048 -openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem - while true; do - read -p "> Do you wish to create self-signed webserver certificate? [Y/n]" yn - yn=${yn:-y} # ${parameter:-word} If parameter is unset or null, the expansion of word is substituted. Otherwise, the value of parameter is substituted. + [[ -f $CONFIG_DIR/webserver.key ]] && default_answer="N" || default_answer="Y" + [[ $default_answer == "Y" ]] && V="Y/n" || V="y/N" + read -p "> Do you wish to create self-signed webserver certificate? [${V}]" yn + yn=${yn:-$default_answer} # ${parameter:-word} If parameter is unset or null, the expansion of word is substituted. Otherwise, the value of parameter is substituted. case $yn in [Yy]*) + echo "> Generating keypair ..." openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $CONFIG_DIR/webserver.key -out $CONFIG_DIR/webserver.crt break ;; - [Nn]*) break ;; + [Nn]*) echo "> Generating keypair skipped! (exists)"; break ;; *) echo "Please answer [y] or [n]." ;; esac done diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6f0e7a8..95b343a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -46,7 +46,10 @@ build:apt: - cp README.md version.env build/usr/share/fastapi-dls # create conf file - mkdir -p build/etc/fastapi-dls - - touch build/etc/fastapi-dls/env + - cp .DEBIAN/env.default build/etc/fastapi-dls/env + # create service file + - mkdir -p build/etc/systemd/system + - cp .DEBIAN/fastapi-dls.service build/etc/systemd/system # cd into "build/" - cd build/ script: @@ -142,6 +145,7 @@ test: --proxy-headers & - FASTAPI_DLS_PID=$! - echo "Started service with pid $FASTAPI_DLS_PID" + - cat /etc/fastapi-dls/env # testing service - if [ "`curl --insecure -s https://127.0.0.1/-/health | jq .status`" != "up" ]; then echo "Success"; else "Error"; fi # cleanup From 52ffedffc72306edcf1ded258e9cd4e9c2654202 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 4 Jan 2023 11:14:26 +0100 Subject: [PATCH 6/6] code styling --- .DEBIAN/postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.DEBIAN/postinst b/.DEBIAN/postinst index 5624d34..fbf9b82 100644 --- a/.DEBIAN/postinst +++ b/.DEBIAN/postinst @@ -52,7 +52,7 @@ cat <