Implement ooniauth service

ooni · Mar 14, 2024 · 96370ef · 96370ef
1 parent 9c0b438
commit 96370ef
Show file tree

Hide file tree

Showing 16 changed files with 660 additions and 15 deletions.
diff --git a/ooniapi/common/src/common/config.py b/ooniapi/common/src/common/config.py
@@ -1,5 +1,3 @@
-import statsd
-
 from typing import List
 from pydantic_settings import BaseSettings
 
@@ -18,3 +16,5 @@ class Settings(BaseSettings):
     statsd_prefix: str = "ooniapi"
     jwt_encryption_key: str = "CHANGEME"
     prometheus_metrics_password: str = "CHANGEME"
+    session_expiry_days: int = 10
+    login_expiry_days: int = 10
diff --git a/ooniapi/common/src/common/routers.py b/ooniapi/common/src/common/routers.py
@@ -0,0 +1,14 @@
+from datetime import date, datetime
+from pydantic import BaseModel as PydandicBaseModel
+
+
+ISO_FORMAT_DATETIME = "%Y-%m-%dT%H:%M:%S.%fZ"
+ISO_FORMAT_DATE = "%Y-%m-%d"
+
+
+class BaseModel(PydandicBaseModel):
+    class Config:
+        json_encoders = {
+            datetime: lambda v: v.strftime(ISO_FORMAT_DATETIME),
+            date: lambda v: v.strftime(ISO_FORMAT_DATE),
+        }
diff --git a/ooniapi/services/ooniauth/LICENSE.txt b/ooniapi/services/ooniauth/LICENSE.txt
@@ -0,0 +1,26 @@
+Copyright 2022-present Open Observatory of Network Interference Foundation (OONI) ETS
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/ooniapi/services/ooniauth/Makefile b/ooniapi/services/ooniauth/Makefile
@@ -0,0 +1,64 @@
+SERVICE_NAME ?= ooniauth
+
+ECS_CONTAINER_NAME ?= ooniapi-service-$(SERVICE_NAME)
+IMAGE_NAME ?= ooni/api-$(SERVICE_NAME)
+DATE := $(shell python3 -c "import datetime;print(datetime.datetime.now(datetime.timezone.utc).strftime('%Y%m%d'))")
+GIT_FULL_SHA ?= $(shell git rev-parse HEAD)
+SHORT_SHA := $(shell echo ${GIT_FULL_SHA} | cut -c1-8)
+PKG_VERSION := $(shell hatch version)
+
+BUILD_LABEL := $(DATE)-$(SHORT_SHA)
+VERSION_LABEL = v$(PKG_VERSION)
+ENV_LABEL ?= latest
+
+print-labels:
+	echo "ECS_CONTAINER_NAME=${ECS_CONTAINER_NAME}"
+	echo "PKG_VERSION=${PKG_VERSION}"
+	echo "BUILD_LABEL=${BUILD_LABEL}"
+	echo "VERSION_LABEL=${VERSION_LABEL}"
+	echo "ENV_LABEL=${ENV_LABEL}"
+
+init:
+	hatch env create
+
+docker-build:
+	# We need to use tar -czh to resolve the common dir symlink
+	tar -czh . | docker build \
+		--build-arg BUILD_LABEL=${BUILD_LABEL} \
+		-t ${IMAGE_NAME}:${BUILD_LABEL} \
+		-t ${IMAGE_NAME}:${VERSION_LABEL} \
+		-t ${IMAGE_NAME}:${ENV_LABEL} \
+		-
+	echo "built image: ${IMAGE_NAME}:${BUILD_LABEL} (${IMAGE_NAME}:${VERSION_LABEL} ${IMAGE_NAME}:${ENV_LABEL})"
+
+docker-push:
+	# We need to use tar -czh to resolve the common dir symlink
+	docker push ${IMAGE_NAME}:${BUILD_LABEL}
+	docker push ${IMAGE_NAME}:${VERSION_LABEL}
+	docker push ${IMAGE_NAME}:${ENV_LABEL}
+
+docker-smoketest:
+	./scripts/docker-smoketest.sh ${IMAGE_NAME}:${BUILD_LABEL}
+
+imagedefinitions.json:
+	echo '[{"name":"${ECS_CONTAINER_NAME}","imageUri":"${IMAGE_NAME}:${BUILD_LABEL}"}]' > imagedefinitions.json
+
+test:
+	hatch run test
+
+test-cov:
+	hatch run test-cov
+
+build:
+	hatch build
+
+clean:
+	hatch clean
+	rm -f imagedefinitions.json
+	rm -rf build dist *eggs *.egg-info
+	rm -rf .venv
+
+run:
+	hatch run uvicorn $(SERVICE_NAME).main:app
+
+.PHONY: init test build clean docker print-labels
diff --git a/ooniapi/services/ooniauth/README.md b/ooniapi/services/ooniauth/README.md
@@ -0,0 +1,21 @@
+# ooniauth
+
+[![PyPI - Version](https://img.shields.io/pypi/v/ooniauth.svg)](https://pypi.org/project/ooniauth)
+[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/ooniauth.svg)](https://pypi.org/project/ooniauth)
+
+-----
+
+**Table of Contents**
+
+- [Installation](#installation)
+- [License](#license)
+
+## Installation
+
+```console
+pip install ooniauth
+```
+
+## License
+
+`ooniauth` is distributed under the terms of the [MIT](https://spdx.org/licenses/MIT.html) license.
diff --git a/ooniapi/services/ooniauth/pyproject.toml b/ooniapi/services/ooniauth/pyproject.toml
@@ -0,0 +1,93 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "ooniauth"
+dynamic = ["version"]
+description = ''
+readme = "README.md"
+requires-python = ">=3.8"
+license = "BSD-3-Clause"
+authors = [{ name = "OONI", email = "[email protected]" }]
+keywords = []
+classifiers = [
+  "Development Status :: 4 - Beta",
+  "Programming Language :: Python",
+  "Programming Language :: Python :: 3.8",
+  "Programming Language :: Python :: 3.9",
+  "Programming Language :: Python :: 3.10",
+  "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3.12",
+  "Programming Language :: Python :: Implementation :: CPython",
+  "Programming Language :: Python :: Implementation :: PyPy",
+]
+dependencies = [
+  "fastapi ~= 0.108.0",
+  "clickhouse-driver ~= 0.2.6",
+  "sqlalchemy ~= 2.0.27",
+  "ujson ~= 5.9.0",
+  "urllib3 ~= 2.1.0",
+  "python-dateutil ~= 2.8.2",
+  "pydantic-settings ~= 2.1.0",
+  "uvicorn ~= 0.25.0",
+  "psycopg2 ~= 2.9.9",
+  "httpx ~= 0.26.0",
+  "pyjwt ~= 2.8.0",
+  "alembic ~= 1.13.1",
+  "prometheus-fastapi-instrumentator ~= 6.1.0",
+  "prometheus-client",
+]
+
+[project.urls]
+Documentation = "https://docs.ooni.org/"
+Issues = "https://github.com/ooni/backend/issues"
+Source = "https://github.com/ooni/backend"
+
+[tool.hatch.version]
+path = "src/ooniauth/__about__.py"
+
+[tool.hatch.build.targets.sdist]
+include = ["BUILD_LABEL"]
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/ooniauth"]
+artifacts = ["BUILD_LABEL"]
+
+[tool.hatch.envs.default]
+dependencies = [
+  "pytest",
+  "pytest-cov",
+  "click",
+  "black",
+  "pytest-postgresql",
+  "pytest-asyncio",
+]
+path = ".venv/"
+
+[tool.hatch.envs.default.scripts]
+test = "pytest {args:tests}"
+test-cov = "pytest -s --full-trace --log-level=INFO  --log-cli-level=INFO -v --setup-show --cov=./ --cov-report=xml --cov-report=html --cov-report=term {args:tests}"
+cov-report = ["coverage report"]
+cov = ["test-cov", "cov-report"]
+
+[[tool.hatch.envs.all.matrix]]
+python = ["3.8", "3.9", "3.10", "3.11", "3.12"]
+
+[tool.hatch.envs.types]
+dependencies = ["mypy>=1.0.0"]
+[tool.hatch.envs.types.scripts]
+check = "mypy --install-types --non-interactive {args:src/ooniauth tests}"
+
+[tool.coverage.run]
+source_pkgs = ["ooniauth", "tests"]
+branch = true
+parallel = true
+omit = ["src/ooniauth/__about__.py"]
+
+[tool.coverage.paths]
+ooniauth = ["src/ooniauth", "*/ooniauth/src/ooniauth"]
+tests = ["tests", "*/ooniauth/tests"]
+
+[tool.coverage.report]
+exclude_lines = ["no cov", "if __name__ == .__main__.:", "if TYPE_CHECKING:"]
diff --git a/ooniapi/services/ooniauth/src/ooniauth/__about__.py b/ooniapi/services/ooniauth/src/ooniauth/__about__.py
@@ -0,0 +1,4 @@
+# SPDX-FileCopyrightText: 2024-present Arturo Filastò <[email protected]>
+#
+# SPDX-License-Identifier: MIT
+__version__ = "0.0.1"
diff --git a/ooniapi/services/ooniauth/src/ooniauth/__init__.py b/ooniapi/services/ooniauth/src/ooniauth/__init__.py
@@ -0,0 +1,3 @@
+# SPDX-FileCopyrightText: 2024-present Arturo Filastò <[email protected]>
+#
+# SPDX-License-Identifier: MIT
diff --git a/ooniapi/services/ooniauth/src/ooniauth/common b/ooniapi/services/ooniauth/src/ooniauth/common
@@ -0,0 +1 @@
+../../../../common/src/common
diff --git a/ooniapi/services/ooniauth/src/ooniauth/dependencies.py b/ooniapi/services/ooniauth/src/ooniauth/dependencies.py
@@ -0,0 +1,12 @@
+from typing import Annotated
+from clickhouse_driver import Client as ClickhouseClient
+from fastapi import Depends
+
+from .common.dependencies import get_settings
+from .common.config import Settings
+
+
+def get_clickhouse_client(
+    settings: Annotated[Settings, Depends(get_settings)]
+) -> ClickhouseClient:
+    return ClickhouseClient.from_url(settings.clickhouse_url)
diff --git a/ooniapi/services/ooniauth/src/ooniauth/main.py b/ooniapi/services/ooniauth/src/ooniauth/main.py
@@ -0,0 +1,89 @@
+import logging
+from contextlib import asynccontextmanager
+
+from fastapi import Depends, FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+
+from pydantic import BaseModel
+
+from prometheus_fastapi_instrumentator import Instrumentator
+
+from .routers import ooniauth
+
+from .common.dependencies import get_settings
+from .common.version import get_build_label, get_pkg_version
+from .common.metrics import mount_metrics
+
+
+pkg_name = "ooniauth"
+
+pkg_version = get_pkg_version(pkg_name)
+build_label = get_build_label(pkg_name)
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    settings = get_settings()
+    logging.basicConfig(level=getattr(logging, settings.log_level.upper()))
+    mount_metrics(app, instrumentor.registry)
+    yield
+
+
+app = FastAPI(lifespan=lifespan)
+
+instrumentor = Instrumentator().instrument(
+    app, metric_namespace="ooniapi", metric_subsystem="oonirun"
+)
+
+# TODO: temporarily enable all
+origins = ["*"]
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=origins,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+app.include_router(ooniauth.router, prefix="/api")
+
+
+@app.get("/version")
+async def version():
+    return {"version": pkg_version, "build_label": build_label}
+
+
+class HealthStatus(BaseModel):
+    status: str
+    errors: list[str] = []
+    version: str
+    build_label: str
+
+
+@app.get("/health")
+async def health(
+    settings=Depends(get_settings),
+):
+    errors = []
+
+    if settings.jwt_encryption_key == "CHANGEME":
+        errors.append("bad_jwt_secret")
+
+    if settings.prometheus_metrics_password == "CHANGEME":
+        errors.append("bad_prometheus_password")
+
+    status = "ok"
+    if len(errors) > 0:
+        status = "fail"
+
+    return {
+        "status": status,
+        "errors": errors,
+        "version": pkg_version,
+        "build_label": build_label,
+    }
+
+
+@app.get("/")
+async def root():
+    return {"message": "Hello OONItarian!"}