Merge branch 'dev' into 'main'

1.3.5

See merge request oscar.krause/fastapi-dls!23

.PKGBUILD/PKGBUILD

@@ -11,6 +11,7 @@ license=('MIT')
 depends=('python' 'python-jose' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-pycryptodome' 'uvicorn' 'python-markdown' 'openssl')
 provider=("$pkgname")
 install="$pkgname.install"
+backup=('etc/default/fastapi-dls')
 source=('git+file:///builds/oscar.krause/fastapi-dls' # https://gitea.publichub.eu/oscar.krause/fastapi-dls.git
         "$pkgname.default"
         "$pkgname.service"

README.md

@@ -7,11 +7,31 @@ Compatibility tested with official DLS 2.0.1.
 This service can be used without internet connection.
 Only the clients need a connection to this service on configured port.
 
+**Official Links**
+
+- https://git.collinwebdesigns.de/oscar.krause/fastapi-dls
+- https://gitea.publichub.eu/oscar.krause/fastapi-dls
+- Docker Image `collinwebdesigns/fastapi-dls:latest`
+
+*All other repositories are forks! (which  is no bad - just for information and bug reports)*
+
+---
+
 [[_TOC_]]
 
-
 # Setup (Service)
 
+**System requirements**
+
+- 256mb ram
+- 4gb hdd
+
+Tested with Ubuntu 22.10 (from Proxmox templates), actually its consuming 100mb ram and 750mb hdd.
+
+**Prepare your system**
+
+- Make sure your timezone is set correct on you fastapi-dls server and your client
+
 ## Docker
 
 Docker-Images are available here:
@@ -49,10 +69,12 @@ Goto [`docker-compose.yml`](docker-compose.yml) for more advanced example (with
 version: '3.9'
 
 x-dls-variables: &dls-variables
+  TZ: Europe/Berlin # REQUIRED, set your timezone correctly on fastapi-dls AND YOUR CLIENTS !!!
   DLS_URL: localhost # REQUIRED, change to your ip or hostname
   DLS_PORT: 443
-  LEASE_EXPIRE_DAYS: 90
+  LEASE_EXPIRE_DAYS: 90  # 90 days is maximum
   DATABASE: sqlite:////app/database/db.sqlite
+  DEBUG: false
 
 services:
   dls:
@@ -65,7 +87,12 @@ services:
     volumes:
       - /opt/docker/fastapi-dls/cert:/app/cert
       - dls-db:/app/database
-
+    logging:  # optional, for those who do not need logs
+      driver: "json-file"
+      options:
+        max-file: 5
+        max-size: 10m
+            
 volumes:
   dls-db:
 ```
@@ -74,6 +101,8 @@ volumes:
 
 Tested on `Debian 11 (bullseye)`, Ubuntu may also work.
 
+**Make sure you are logged in as root.**
+
 **Install requirements**
 
 ```shell
@@ -98,7 +127,7 @@ chown -R www-data:www-data $WORKING_DIR
 
 ```shell
 WORKING_DIR=/opt/fastapi-dls/app/cert
-mkdir $WORKING_DIR
+mkdir -p $WORKING_DIR
 cd $WORKING_DIR
 # create instance private and public key for singing JWT's
 openssl genrsa -out $WORKING_DIR/instance.private.pem 2048 
@@ -115,11 +144,14 @@ This is only to test whether the service starts successfully.
 ```shell
 cd /opt/fastapi-dls/app
 su - www-data -c "/opt/fastapi-dls/venv/bin/uvicorn main:app --app-dir=/opt/fastapi-dls/app"
+# or
+sudo -u www-data -c "/opt/fastapi-dls/venv/bin/uvicorn main:app --app-dir=/opt/fastapi-dls/app"
 ```
 
 **Create config file**
 
 ```shell
+mkdir /etc/fastapi-dls
 cat <<EOF >/etc/fastapi-dls/env
 DLS_URL=127.0.0.1
 DLS_PORT=443
@@ -164,6 +196,108 @@ EOF
 Now you have to run `systemctl daemon-reload`. After that you can start service
 with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
 
+## openSUSE Leap (manual method using `git clone` and python virtual environment)
+
+Tested on `openSUSE Leap 15.4`, openSUSE Tumbleweed may also work.
+
+**Install requirements**
+
+```shell
+zypper in -y python310 python3-virtualenv python3-pip
+```
+
+**Install FastAPI-DLS**
+
+```shell
+BASE_DIR=/opt/fastapi-dls
+SERVICE_USER=dls
+mkdir -p ${BASE_DIR}
+cd ${BASE_DIR}
+git clone https://git.collinwebdesigns.de/oscar.krause/fastapi-dls .
+python3.10 -m venv venv
+source venv/bin/activate
+pip install -r requirements.txt
+deactivate
+useradd -r ${SERVICE_USER} -M -d /opt/fastapi-dls
+chown -R ${SERVICE_USER} ${BASE_DIR}
+```
+
+**Create keypair and webserver certificate**
+
+```shell
+CERT_DIR=${BASE_DIR}/app/cert
+SERVICE_USER=dls
+mkdir ${CERT_DIR}
+cd ${CERT_DIR}
+# create instance private and public key for singing JWT's
+openssl genrsa -out ${CERT_DIR}/instance.private.pem 2048 
+openssl rsa -in ${CERT_DIR}/instance.private.pem -outform PEM -pubout -out ${CERT_DIR}/instance.public.pem
+# create ssl certificate for integrated webserver (uvicorn) - because clients rely on ssl
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout  ${CERT_DIR}/webserver.key -out ${CERT_DIR}/webserver.crt
+chown -R ${SERVICE_USER} ${CERT_DIR}
+```
+
+**Test Service**
+
+This is only to test whether the service starts successfully.
+
+```shell
+BASE_DIR=/opt/fastapi-dls
+SERVICE_USER=dls
+cd ${BASE_DIR}
+su - ${SERVICE_USER} -c "${BASE_DIR}/venv/bin/uvicorn main:app --app-dir=${BASE_DIR}/app"
+```
+
+**Create config file**
+
+```shell
+BASE_DIR=/opt/fastapi-dls
+cat <<EOF >/etc/fastapi-dls/env
+# Adjust DSL_URL as needed (accessing from LAN won't work with 127.0.0.1)
+DLS_URL=127.0.0.1
+DLS_PORT=443
+LEASE_EXPIRE_DAYS=90
+DATABASE=sqlite:///${BASE_DIR}/app/db.sqlite
+
+EOF
+```
+
+**Create service**
+
+```shell
+BASE_DIR=/opt/fastapi-dls
+SERVICE_USER=dls
+cat <<EOF >/etc/systemd/system/fastapi-dls.service
+[Unit]
+Description=Service for fastapi-dls vGPU licensing service
+After=network.target
+
+[Service]
+User=${SERVICE_USER}
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+WorkingDirectory=${BASE_DIR}/app
+EnvironmentFile=/etc/fastapi-dls/env
+ExecStart=${BASE_DIR}/venv/bin/uvicorn main:app \\
+  --env-file /etc/fastapi-dls/env \\
+  --host \$DLS_URL --port \$DLS_PORT \\
+  --app-dir ${BASE_DIR}/app \\
+  --ssl-keyfile ${BASE_DIR}/app/cert/webserver.key \\
+  --ssl-certfile ${BASE_DIR}/app/cert/webserver.crt \\
+  --proxy-headers
+Restart=always
+KillSignal=SIGQUIT
+Type=simple
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target
+
+EOF
+```
+
+Now you have to run `systemctl daemon-reload`. After that you can start service
+with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
+
 ## Debian/Ubuntu (using `dpkg`)
 
 Packages are available here:
@@ -348,10 +482,6 @@ Shows current runtime environment variables and their values.
 
 HTML rendered README.md.
 
-### `GET /-/docs`, `GET /-/redoc`
-
-OpenAPI specifications rendered from `GET /-/openapi.json`.
-
 ### `GET /-/manage`
 
 Shows a very basic UI to delete origins or leases.
@@ -536,5 +666,4 @@ The error message can safely be ignored (since we have no license limitation :P)
 
 Thanks to vGPU community and all who uses this project and report bugs.
 
-Special thanks to @samicrusader who created build file for ArchLinux.
-
+Special thanks to @samicrusader who created build file for ArchLinux and @cyrus who wrote the section for openSUSE.

app/main.py

@@ -22,12 +22,13 @@ from sqlalchemy.orm import sessionmaker
 from util import load_key, load_file
 from orm import Origin, Lease, init as db_init, migrate
 
-logger = logging.getLogger()
 load_dotenv('../version.env')
 
+TZ = datetime.now().astimezone().tzinfo
+
 VERSION, COMMIT, DEBUG = env('VERSION', 'unknown'), env('COMMIT', 'unknown'), bool(env('DEBUG', False))
 
-config = dict(openapi_url='/-/openapi.json', docs_url='/-/docs', redoc_url='/-/redoc')
+config = dict(openapi_url=None, docs_url=None, redoc_url=None)  # dict(openapi_url='/-/openapi.json', docs_url='/-/docs', redoc_url='/-/redoc')
 app = FastAPI(title='FastAPI-DLS', description='Minimal Delegated License Service (DLS).', version=VERSION, **config)
 db = create_engine(str(env('DATABASE', 'sqlite:///db.sqlite')))
 db_init(db), migrate(db)
@@ -44,6 +45,7 @@ TOKEN_EXPIRE_DELTA = relativedelta(days=int(env('TOKEN_EXPIRE_DAYS', 1)), hours=
 LEASE_EXPIRE_DELTA = relativedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
 LEASE_RENEWAL_PERIOD = float(env('LEASE_RENEWAL_PERIOD', 0.15))
 LEASE_RENEWAL_DELTA = timedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
+CLIENT_TOKEN_EXPIRE_DELTA = relativedelta(years=12)
 CORS_ORIGINS = str(env('CORS_ORIGINS', '')).split(',') if (env('CORS_ORIGINS')) else [f'https://{DLS_URL}']
 
 jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
@@ -58,6 +60,8 @@ app.add_middleware(
     allow_headers=['*'],
 )
 
+logging.basicConfig()
+logger = logging.getLogger(__name__)
 logger.setLevel(logging.DEBUG if DEBUG else logging.INFO)
 
 
@@ -97,6 +101,7 @@ async def _config():
         'LEASE_EXPIRE_DELTA': str(LEASE_EXPIRE_DELTA),
         'LEASE_RENEWAL_PERIOD': str(LEASE_RENEWAL_PERIOD),
         'CORS_ORIGINS': str(CORS_ORIGINS),
+        'TZ': str(TZ),
     })
 
 
@@ -192,7 +197,7 @@ async def _lease_delete(request: Request, lease_ref: str):
 @app.get('/-/client-token', summary='* Client-Token', description='creates a new messenger token for this service instance')
 async def _client_token():
     cur_time = datetime.utcnow()
-    exp_time = cur_time + relativedelta(years=12)
+    exp_time = cur_time + CLIENT_TOKEN_EXPIRE_DELTA
 
     payload = {
         "jti": str(uuid4()),
@@ -529,6 +534,18 @@ async def leasing_v1_lessor_shutdown(request: Request):
     return JSONr(response)
 
 
+@app.on_event('startup')
+async def app_on_startup():
+    logger.info(f'''
+    Using timezone: {str(TZ)}. Make sure this is correct and match your clients!
+    
+    Your clients renew their license every {str(Lease.calculate_renewal(LEASE_RENEWAL_PERIOD, LEASE_RENEWAL_DELTA))}.
+    If the renewal fails, the license is {str(LEASE_RENEWAL_DELTA)} valid.
+    
+    Your client-token file (.tok) is valid for {str(CLIENT_TOKEN_EXPIRE_DELTA)}.
+    ''')
+
+
 if __name__ == '__main__':
     import uvicorn
 

app/orm.py

@@ -1,10 +1,9 @@
 from datetime import datetime, timedelta
 from dateutil.relativedelta import relativedelta
 
-from sqlalchemy import Column, VARCHAR, CHAR, ForeignKey, DATETIME, update, and_, inspect
-from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy import Column, VARCHAR, CHAR, ForeignKey, DATETIME, update, and_, inspect, text
 from sqlalchemy.engine import Engine
-from sqlalchemy.orm import sessionmaker
+from sqlalchemy.orm import sessionmaker, declarative_base
 
 Base = declarative_base()
 
@@ -57,12 +56,12 @@ class Origin(Base):
         session.close()
 
     @staticmethod
-    def delete(engine: Engine, origins: ["Origin"] = None) -> int:
+    def delete(engine: Engine, origin_refs: [str] = None) -> int:
         session = sessionmaker(bind=engine)()
-        if origins is None:
+        if origin_refs is None:
             deletions = session.query(Origin).delete()
         else:
-            deletions = session.query(Origin).filter(Origin.origin_ref in origins).delete()
+            deletions = session.query(Origin).filter(Origin.origin_ref in origin_refs).delete()
         session.commit()
         session.close()
         return deletions
@@ -170,6 +169,14 @@ class Lease(Base):
         renew = delta.total_seconds() * LEASE_RENEWAL_PERIOD
         renew = datetime.timedelta(seconds=renew)
         expires = delta - renew  # 19.2
+
+        import datetime
+        LEASE_RENEWAL_PERIOD=0.15  # 15%
+        delta = datetime.timedelta(days=90)
+        renew = delta.total_seconds() * LEASE_RENEWAL_PERIOD
+        renew = datetime.timedelta(seconds=renew)
+        expires = delta - renew  # 76 days, 12:00:00 hours
+
         """
         renew = delta.total_seconds() * renewal_period
         renew = timedelta(seconds=renew)
@@ -182,7 +189,7 @@ def init(engine: Engine):
     session = sessionmaker(bind=engine)()
     for table in tables:
         if not db.dialect.has_table(engine.connect(), table.__tablename__):
-            session.execute(str(table.create_statement(engine)))
+            session.execute(text(str(table.create_statement(engine))))
             session.commit()
     session.close()
 

docker-compose.yml

@@ -14,6 +14,7 @@ services:
     environment:
       <<: *dls-variables
     volumes:
+      - /etc/timezone:/etc/timezone:ro
       - /opt/docker/fastapi-dls/cert:/app/cert  # instance.private.pem, instance.public.pem
       - db:/app/database
     entrypoint: ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--app-dir", "/app", "--proxy-headers"]
@@ -30,6 +31,7 @@ services:
       - "80:80"  # for "/leasing/v1/lessor/shutdown" used by windows guests, can't be changed!
       - "443:443"  # first part must match "DLS_PORT"
     volumes:
+      - /etc/timezone:/etc/timezone:ro
       - /opt/docker/fastapi-dls/cert:/opt/cert
     healthcheck:
       test: ["CMD", "curl", "--insecure", "--fail", "https://localhost/-/health"]

requirements.txt

@@ -1,8 +1,8 @@
 fastapi==0.89.1
 uvicorn[standard]==0.20.0
 python-jose==3.3.0
-pycryptodome==3.16.0
+pycryptodome==3.17
 python-dateutil==2.8.2
-sqlalchemy==1.4.46
+sqlalchemy==2.0.0
 markdown==3.4.1
-python-dotenv==0.21.0
+python-dotenv==0.21.1

version.env

@@ -1 +1 @@
-VERSION=1.3.3
+VERSION=1.3.5