Add libvirt-client to Docker image

.. using server-side API tokens

.drone.yml

@@ -0,0 +1,14 @@
+---
+kind: pipeline
+name: publish docker image
+steps:
+  - name: build and publish
+    image: plugins/docker
+    settings:
+      username:
+        from_secret: docker_reg_username_3wc
+      password:
+        from_secret: docker_reg_passwd_3wc
+      repo: 3wordchant/capsul-flask
+      tags: latest
+

Dockerfile

@@ -0,0 +1,32 @@
+FROM python:3.8-alpine as build
+
+RUN apk add gettext git gcc python3-dev musl-dev \
+    libffi-dev zlib-dev jpeg-dev libjpeg postgresql-dev build-base \
+    --virtual .build-dependencies
+
+RUN mkdir -p /app/{code,venv}
+WORKDIR /app/code
+COPY Pipfile Pipfile.lock /app/code/
+
+RUN python3 -m venv /app/venv
+RUN pip install pipenv setuptools
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
+RUN pip install wheel cppy
+# Install dependencies into the virtual environment with Pipenv
+RUN pipenv install --deploy --verbose
+
+FROM python:3.8-alpine
+
+RUN apk add --no-cache libpq libstdc++ libjpeg libvirt-client
+
+COPY . /app/code/
+WORKDIR /app/code
+
+COPY --from=build /app/venv /app/venv
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
+
+CMD ["gunicorn", "--bind", "0.0.0.0:5000", "-k", "gevent", "--worker-connections", "1000", "app:app"]
+
+VOLUME /app/code
+
+EXPOSE 5000

Pipfile

@@ -9,7 +9,6 @@ blinker = "==1.4"
 click = "==7.1.2"
 Flask = "==1.1.2"
 Flask-Mail = "==0.9.1"
-Flask-Testing = "==0.8.1"
 gunicorn = "==20.0.4"
 isort = "==4.3.21"
 itsdangerous = "==1.1.0"

app.py

@@ -1,4 +1,2 @@
 
-from capsulflask import create_app
+from capsulflask import app
-
-create_app()

capsulflask/__init__.py

@@ -8,7 +8,7 @@ import requests
 import sys
 
 import stripe
-from dotenv import find_dotenv, dotenv_values
+from dotenv import load_dotenv, find_dotenv
 from flask import Flask
 from flask_mail import Mail, Message
 from flask import render_template
@@ -22,112 +22,106 @@ from capsulflask import hub_model, spoke_model, cli
 from capsulflask.btcpay import client as btcpay
 from capsulflask.http_client import MyHTTPClient
 
-
 class StdoutMockFlaskMail:
     def send(self, message: Message):
       current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")
 
-def create_app():
+load_dotenv(find_dotenv())
 
-  config = {
+app = Flask(__name__)
-      **dotenv_values(find_dotenv()),
-      **os.environ,  # override loaded values with environment variables
-  }
 
-  app = Flask(__name__)
+app.config.from_mapping(
+  
+  BASE_URL=os.environ.get("BASE_URL", default="http://localhost:5000"),
+  SECRET_KEY=os.environ.get("SECRET_KEY", default="dev"),
+  HUB_MODE_ENABLED=os.environ.get("HUB_MODE_ENABLED", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
+  SPOKE_MODE_ENABLED=os.environ.get("SPOKE_MODE_ENABLED", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
+  INTERNAL_HTTP_TIMEOUT_SECONDS=os.environ.get("INTERNAL_HTTP_TIMEOUT_SECONDS", default="300"),
+  HUB_MODEL=os.environ.get("HUB_MODEL", default="capsul-flask"),
+  SPOKE_MODEL=os.environ.get("SPOKE_MODEL", default="mock"),
+  LOG_LEVEL=os.environ.get("LOG_LEVEL", default="INFO"),
+  SPOKE_HOST_ID=os.environ.get("SPOKE_HOST_ID", default="baikal"),
+  SPOKE_HOST_TOKEN=os.environ.get("SPOKE_HOST_TOKEN", default="changeme"),
+  HUB_TOKEN=os.environ.get("HUB_TOKEN", default="changeme"),
 
-  app.config.from_mapping(
+  # https://www.postgresql.org/docs/9.1/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
-    TESTING=config.get("TESTING", False),
+  # https://stackoverflow.com/questions/56332906/where-to-put-ssl-certificates-when-trying-to-connect-to-a-remote-database-using
-    BASE_URL=config.get("BASE_URL", "http://localhost:5000"),
+  # TLS example: sslmode=verify-full sslrootcert=letsencrypt-root-ca.crt host=db.example.com port=5432 user=postgres password=dev dbname=postgres
-    SECRET_KEY=config.get("SECRET_KEY", "dev"),
+  POSTGRES_CONNECTION_PARAMETERS=os.environ.get(
-    HUB_MODE_ENABLED=config.get("HUB_MODE_ENABLED", "True").lower() in ['true', '1', 't', 'y', 'yes'],
+    "POSTGRES_CONNECTION_PARAMETERS", 
-    SPOKE_MODE_ENABLED=config.get("SPOKE_MODE_ENABLED", "True").lower() in ['true', '1', 't', 'y', 'yes'],
+    default="host=localhost port=5432 user=postgres password=dev dbname=postgres"
-    INTERNAL_HTTP_TIMEOUT_SECONDS=config.get("INTERNAL_HTTP_TIMEOUT_SECONDS", "300"),
+  ),
-    HUB_MODEL=config.get("HUB_MODEL", "capsul-flask"),
-    SPOKE_MODEL=config.get("SPOKE_MODEL", "mock"),
-    LOG_LEVEL=config.get("LOG_LEVEL", "INFO"),
-    SPOKE_HOST_ID=config.get("SPOKE_HOST_ID", "baikal"),
-    SPOKE_HOST_TOKEN=config.get("SPOKE_HOST_TOKEN", "changeme"),
-    HUB_TOKEN=config.get("HUB_TOKEN", "changeme"),
 
-    # https://www.postgresql.org/docs/9.1/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
+  DATABASE_SCHEMA=os.environ.get("DATABASE_SCHEMA", default="public"),
-    # https://stackoverflow.com/questions/56332906/where-to-put-ssl-certificates-when-trying-to-connect-to-a-remote-database-using
-    # TLS example: sslmode=verify-full sslrootcert=letsencrypt-root-ca.crt host=db.example.com port=5432 user=postgres password=dev dbname=postgres
-    POSTGRES_CONNECTION_PARAMETERS=config.get(
-      "POSTGRES_CONNECTION_PARAMETERS", 
-      "host=localhost port=5432 user=postgres password=dev dbname=postgres"
-    ),
 
-    DATABASE_SCHEMA=config.get("DATABASE_SCHEMA", "public"),
+  MAIL_SERVER=os.environ.get("MAIL_SERVER", default=""),
+  MAIL_PORT=os.environ.get("MAIL_PORT", default="465"),
+  MAIL_USE_TLS=os.environ.get("MAIL_USE_TLS", default="False").lower() in ['true', '1', 't', 'y', 'yes'],
+  MAIL_USE_SSL=os.environ.get("MAIL_USE_SSL", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
+  MAIL_USERNAME=os.environ.get("MAIL_USERNAME", default=""),
+  MAIL_PASSWORD=os.environ.get("MAIL_PASSWORD", default=""),
+  MAIL_DEFAULT_SENDER=os.environ.get("MAIL_DEFAULT_SENDER", default="no-reply@capsul.org"),
+  ADMIN_EMAIL_ADDRESSES=os.environ.get("ADMIN_EMAIL_ADDRESSES", default="ops@cyberia.club"),
+  ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=os.environ.get("ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES", default="forest.n.johnson@gmail.com,capsul@cyberia.club"),
 
-    MAIL_SERVER=config.get("MAIL_SERVER", ""),
+  PROMETHEUS_URL=os.environ.get("PROMETHEUS_URL", default="https://prometheus.cyberia.club"),
-    MAIL_PORT=config.get("MAIL_PORT", "465"),
-    MAIL_USE_TLS=config.get("MAIL_USE_TLS", "False").lower() in ['true', '1', 't', 'y', 'yes'],
-    MAIL_USE_SSL=config.get("MAIL_USE_SSL", "True").lower() in ['true', '1', 't', 'y', 'yes'],
-    MAIL_USERNAME=config.get("MAIL_USERNAME", ""),
-    MAIL_PASSWORD=config.get("MAIL_PASSWORD", ""),
-    MAIL_DEFAULT_SENDER=config.get("MAIL_DEFAULT_SENDER", "no-reply@capsul.org"),
-    ADMIN_EMAIL_ADDRESSES=config.get("ADMIN_EMAIL_ADDRESSES", "ops@cyberia.club"),
-    ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=config.get("ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES", "forest.n.johnson@gmail.com,capsul@cyberia.club"),
 
-    PROMETHEUS_URL=config.get("PROMETHEUS_URL", "https://prometheus.cyberia.club"),
+  STRIPE_API_VERSION=os.environ.get("STRIPE_API_VERSION", default="2020-03-02"),
+  STRIPE_SECRET_KEY=os.environ.get("STRIPE_SECRET_KEY", default=""),
+  STRIPE_PUBLISHABLE_KEY=os.environ.get("STRIPE_PUBLISHABLE_KEY", default=""),
+  #STRIPE_WEBHOOK_SECRET=os.environ.get("STRIPE_WEBHOOK_SECRET", default="")
 
-    STRIPE_API_VERSION=config.get("STRIPE_API_VERSION", "2020-03-02"),
+  BTCPAY_PRIVATE_KEY=os.environ.get("BTCPAY_PRIVATE_KEY", default="").replace("\\n", "\n"),
-    STRIPE_SECRET_KEY=config.get("STRIPE_SECRET_KEY", ""),
+  BTCPAY_URL=os.environ.get("BTCPAY_URL", default="https://btcpay.cyberia.club")
-    STRIPE_PUBLISHABLE_KEY=config.get("STRIPE_PUBLISHABLE_KEY", ""),
+)
-    #STRIPE_WEBHOOK_SECRET=config.get("STRIPE_WEBHOOK_SECRET", "")
 
-    BTCPAY_PRIVATE_KEY=config.get("BTCPAY_PRIVATE_KEY", "").replace("\\n", "\n"),
+app.config['HUB_URL'] = os.environ.get("HUB_URL", default=app.config['BASE_URL'])
-    BTCPAY_URL=config.get("BTCPAY_URL", "https://btcpay.cyberia.club")
-  )
 
-  app.config['HUB_URL'] = config.get("HUB_URL", app.config['BASE_URL'])
+class SetLogLevelToDebugForHeartbeatRelatedMessagesFilter(logging.Filter):
-
+  def isHeartbeatRelatedString(self, thing):
-  class SetLogLevelToDebugForHeartbeatRelatedMessagesFilter(logging.Filter):
+    # thing_string = "<error>"
-    def isHeartbeatRelatedString(self, thing):
+    is_in_string = False
-      # thing_string = "<error>"
+    try:
-      is_in_string = False
+      thing_string = "%s" % thing
-      try:
+      is_in_string = 'heartbeat-task' in thing_string or 'hub/heartbeat' in thing_string or 'spoke/heartbeat' in thing_string
-        thing_string = "%s" % thing
+    except:
-        is_in_string = 'heartbeat-task' in thing_string or 'hub/heartbeat' in thing_string or 'spoke/heartbeat' in thing_string
+      pass
-      except:
+    # self.warning("isHeartbeatRelatedString(%s): %s", thing_string, is_in_string )
-        pass
+    return is_in_string
-      # self.warning("isHeartbeatRelatedString(%s): %s", thing_string, is_in_string )
-      return is_in_string
-
-    def filter(self, record):
-      if app.config['LOG_LEVEL'] == "DEBUG":
-        return True
-
-      if self.isHeartbeatRelatedString(record.msg):
-        return False
-      for arg in record.args:
-        if self.isHeartbeatRelatedString(arg):
-          return False
 
+  def filter(self, record):
+    if app.config['LOG_LEVEL'] == "DEBUG":
       return True
 
-  logging_dict_config({
+    if self.isHeartbeatRelatedString(record.msg):
-    'version': 1,
+      return False
-    'formatters': {'default': {
+    for arg in record.args:
-      'format': '[%(asctime)s] %(levelname)s in %(module)s: %(message)s',
+      if self.isHeartbeatRelatedString(arg):
-    }},
+        return False
-    'filters': {
+
-      'setLogLevelToDebugForHeartbeatRelatedMessages': {
+    return True
-          '()': SetLogLevelToDebugForHeartbeatRelatedMessagesFilter,
+
-      }
+logging_dict_config({
-    },
+  'version': 1,
-    'handlers': {'wsgi': {
+  'formatters': {'default': {
-      'class': 'logging.StreamHandler',
+    'format': '[%(asctime)s] %(levelname)s in %(module)s: %(message)s',
-      'stream': 'ext://flask.logging.wsgi_errors_stream',
+  }},
-      'formatter': 'default',
+  'filters': {
-      'filters': ['setLogLevelToDebugForHeartbeatRelatedMessages']
+    'setLogLevelToDebugForHeartbeatRelatedMessages': {
-    }},
+        '()': SetLogLevelToDebugForHeartbeatRelatedMessagesFilter,
-    'root': {
-      'level': app.config['LOG_LEVEL'],
-      'handlers': ['wsgi']
     }
-  })
+  },
+  'handlers': {'wsgi': {
+    'class': 'logging.StreamHandler',
+    'stream': 'ext://flask.logging.wsgi_errors_stream',
+    'formatter': 'default',
+    'filters': ['setLogLevelToDebugForHeartbeatRelatedMessages']
+  }},
+  'root': {
+    'level': app.config['LOG_LEVEL'],
+    'handlers': ['wsgi']
+  }
+})
 
 # app.logger.critical("critical")
 # app.logger.error("error")
@@ -135,61 +129,57 @@ def create_app():
 # app.logger.info("info")
 # app.logger.debug("debug")
 
-  stripe.api_key = app.config['STRIPE_SECRET_KEY']
+stripe.api_key = app.config['STRIPE_SECRET_KEY']
-  stripe.api_version = app.config['STRIPE_API_VERSION']
+stripe.api_version = app.config['STRIPE_API_VERSION']
 
-  if app.config['MAIL_SERVER'] != "":
+if app.config['MAIL_SERVER'] != "":
-    app.config['FLASK_MAIL_INSTANCE'] = Mail(app)
+  app.config['FLASK_MAIL_INSTANCE'] = Mail(app)
-  else:
+else:
-    app.logger.warning("No MAIL_SERVER configured. capsul will simply print emails to stdout.")
+  app.logger.warning("No MAIL_SERVER configured. capsul will simply print emails to stdout.")
-    app.config['FLASK_MAIL_INSTANCE'] = StdoutMockFlaskMail()
+  app.config['FLASK_MAIL_INSTANCE'] = StdoutMockFlaskMail()
 
-  app.config['HTTP_CLIENT'] = MyHTTPClient(timeout_seconds=int(app.config['INTERNAL_HTTP_TIMEOUT_SECONDS']))
+app.config['HTTP_CLIENT'] = MyHTTPClient(timeout_seconds=int(app.config['INTERNAL_HTTP_TIMEOUT_SECONDS']))
 
-  try:
+try:
-    app.config['BTCPAY_CLIENT'] = btcpay.Client(api_uri=app.config['BTCPAY_URL'], pem=app.config['BTCPAY_PRIVATE_KEY'])
+  app.config['BTCPAY_CLIENT'] = btcpay.Client(api_uri=app.config['BTCPAY_URL'], pem=app.config['BTCPAY_PRIVATE_KEY'])
-  except:
+except:
-    app.logger.warning("unable to create btcpay client. Capsul will work fine except cryptocurrency payments will not work. The error was: " + my_exec_info_message(sys.exc_info()))
+  app.logger.warning("unable to create btcpay client. Capsul will work fine except cryptocurrency payments will not work. The error was: " + my_exec_info_message(sys.exc_info()))
 
 # only start the scheduler and attempt to migrate the database if we are running the app.
 # otherwise we are running a CLI command.
-  command_line = ' '.join(sys.argv)
+command_line = ' '.join(sys.argv)
-  is_running_server = (
+is_running_server = ('flask run' in command_line) or ('gunicorn' in command_line)
-    ('flask run' in command_line) or
-    ('gunicorn' in command_line) or
-    ('test' in command_line)
-  )
 
-  app.logger.info(f"is_running_server: {is_running_server}")
+app.logger.info(f"is_running_server: {is_running_server}")
 
-  if app.config['HUB_MODE_ENABLED']:
+if app.config['HUB_MODE_ENABLED']:
-    if app.config['HUB_MODEL'] == "capsul-flask":
+  if app.config['HUB_MODEL'] == "capsul-flask":
-      app.config['HUB_MODEL'] = hub_model.CapsulFlaskHub()
+    app.config['HUB_MODEL'] = hub_model.CapsulFlaskHub()
 
-      # debug mode (flask reloader) runs two copies of the app. When running in debug mode,
+    # debug mode (flask reloader) runs two copies of the app. When running in debug mode,
-      # we only want to start the scheduler one time.
+    # we only want to start the scheduler one time.
-      if is_running_server and (not app.debug or config.get('WERKZEUG_RUN_MAIN') == 'true'):
+    if is_running_server and (not app.debug or os.environ.get('WERKZEUG_RUN_MAIN') == 'true'):
-        scheduler = BackgroundScheduler()
+      scheduler = BackgroundScheduler()
-        heartbeat_task_url = f"{app.config['HUB_URL']}/hub/heartbeat-task"
+      heartbeat_task_url = f"{app.config['HUB_URL']}/hub/heartbeat-task"
-        heartbeat_task_headers = {'Authorization': f"Bearer {app.config['HUB_TOKEN']}"}
+      heartbeat_task_headers = {'Authorization': f"Bearer {app.config['HUB_TOKEN']}"}
-        heartbeat_task = lambda: requests.post(heartbeat_task_url, headers=heartbeat_task_headers)
+      heartbeat_task = lambda: requests.post(heartbeat_task_url, headers=heartbeat_task_headers)
-        scheduler.add_job(name="heartbeat-task", func=heartbeat_task, trigger="interval", seconds=5)
+      scheduler.add_job(name="heartbeat-task", func=heartbeat_task, trigger="interval", seconds=5)
-        scheduler.start()
+      scheduler.start()
 
-        atexit.register(lambda: scheduler.shutdown())
+      atexit.register(lambda: scheduler.shutdown())
 
-    else:
+  else:
-      app.config['HUB_MODEL'] = hub_model.MockHub()
+    app.config['HUB_MODEL'] = hub_model.MockHub()
 
-    from capsulflask import db
+  from capsulflask import db
-    db.init_app(app, is_running_server)
+  db.init_app(app, is_running_server)
 
   from capsulflask import (
     auth, landing, console, payment, metrics, cli, hub_api, publicapi, admin
   )
 
-  app.register_blueprint(auth.bp)
   app.register_blueprint(landing.bp)
+  app.register_blueprint(auth.bp)
   app.register_blueprint(console.bp)
   app.register_blueprint(payment.bp)
   app.register_blueprint(metrics.bp)
@@ -200,57 +190,57 @@ def create_app():
 
   app.add_url_rule("/", endpoint="index")
 
-  if app.config['SPOKE_MODE_ENABLED']:
-    if app.config['SPOKE_MODEL'] == "shell-scripts":
-      app.config['SPOKE_MODEL'] = spoke_model.ShellScriptSpoke()
-    else:
-      app.config['SPOKE_MODEL'] = spoke_model.MockSpoke()
-
-    from capsulflask import spoke_api
-
-    app.register_blueprint(spoke_api.bp)
-
-  @app.after_request
-  def security_headers(response):
-    response.headers['X-Frame-Options'] = 'SAMEORIGIN'
-    if 'Content-Security-Policy' not in response.headers:
-      response.headers['Content-Security-Policy'] = "default-src 'self'"
-    response.headers['X-Content-Type-Options'] = 'nosniff'
-    return response
 
 
-  @app.context_processor
+if app.config['SPOKE_MODE_ENABLED']:
-  def override_url_for():
+  if app.config['SPOKE_MODEL'] == "shell-scripts":
-    """
+    app.config['SPOKE_MODEL'] = spoke_model.ShellScriptSpoke()
-    override the url_for function built into flask 
+  else:
-    with our own custom implementation that busts the cache correctly when files change 
+    app.config['SPOKE_MODEL'] = spoke_model.MockSpoke()
-    """
+
-    return dict(url_for=url_for_with_cache_bust)
+  from capsulflask import spoke_api
+
+  app.register_blueprint(spoke_api.bp)
+
+@app.after_request
+def security_headers(response):
+  response.headers['X-Frame-Options'] = 'SAMEORIGIN'
+  if 'Content-Security-Policy' not in response.headers:
+    response.headers['Content-Security-Policy'] = "default-src 'self'"
+  response.headers['X-Content-Type-Options'] = 'nosniff'
+  return response
 
 
-  def url_for_with_cache_bust(endpoint, **values):
+@app.context_processor
-    """
+def override_url_for():
-    Add a query parameter based on the hash of the file, this acts as a cache bust
+  """
-    """
+  override the url_for function built into flask 
-    
+  with our own custom implementation that busts the cache correctly when files change 
-    if endpoint == 'static':
+  """
-      filename = values.get('filename', None)
+  return dict(url_for=url_for_with_cache_bust)
-      if filename:
+
-        if 'STATIC_FILE_HASH_CACHE' not in current_app.config:
+
-          current_app.config['STATIC_FILE_HASH_CACHE'] = dict()
+def url_for_with_cache_bust(endpoint, **values):
-        
+  """
-        if filename not in current_app.config['STATIC_FILE_HASH_CACHE']:
+  Add a query parameter based on the hash of the file, this acts as a cache bust
-          filepath = os.path.join(current_app.root_path, endpoint, filename)
+  """
-          #print(filepath)
+  
-          if os.path.isfile(filepath) and os.access(filepath, os.R_OK):
+  if endpoint == 'static':
+    filename = values.get('filename', None)
+    if filename:
+      if 'STATIC_FILE_HASH_CACHE' not in current_app.config:
+        current_app.config['STATIC_FILE_HASH_CACHE'] = dict()
+      
+      if filename not in current_app.config['STATIC_FILE_HASH_CACHE']:
+        filepath = os.path.join(current_app.root_path, endpoint, filename)
+        #print(filepath)
+        if os.path.isfile(filepath) and os.access(filepath, os.R_OK):
+          
+          with open(filepath, 'rb') as file:
+            hasher = hashlib.md5()
+            hasher.update(file.read())
+            current_app.config['STATIC_FILE_HASH_CACHE'][filename] = hasher.hexdigest()[-6:]
             
-            with open(filepath, 'rb') as file:
+      values['q'] = current_app.config['STATIC_FILE_HASH_CACHE'][filename]
-              hasher = hashlib.md5()
-              hasher.update(file.read())
-              current_app.config['STATIC_FILE_HASH_CACHE'][filename] = hasher.hexdigest()[-6:]
-              
-        values['q'] = current_app.config['STATIC_FILE_HASH_CACHE'][filename]
 
-    return url_for(endpoint, **values)
+  return url_for(endpoint, **values)
-
-  return app

capsulflask/auth.py

@@ -41,6 +41,7 @@ def account_required(view):
 
     return wrapped_view
 
+
 def admin_account_required(view):
     """View decorator that redirects non-admin users to the login page."""
 

capsulflask/console.py

@@ -237,11 +237,16 @@ def _create(vm_sizes, operating_systems, public_keys_for_account, server_data):
 
   if len(errors) == 0:
     id = make_capsul_id()
+    get_model().create_vm(
+      email=session["account"], 
+      id=id, 
+      size=size, 
+      os=os,
+      ssh_authorized_keys=list(map(lambda x: x["name"], posted_keys))
+    )
     current_app.config["HUB_MODEL"].create(
       email = session["account"],
       id=id,
-      os=os,
-      size=size,
       template_image_file_name=operating_systems[os]['template_image_file_name'],
       vcpus=vm_sizes[size]['vcpus'],
       memory_mb=vm_sizes[size]['memory_mb'],
@@ -259,7 +264,6 @@ def create():
   public_keys_for_account = get_model().list_ssh_public_keys_for_account(session["account"])
   account_balance = get_account_balance(get_vms(), get_payments(), datetime.utcnow())
   capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
-  errors = list()
 
   if request.method == "POST":
     if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
@@ -270,6 +274,8 @@ def create():
       public_keys_for_account,
       request.form)
     if len(errors) == 0: 
+      for error in errors:
+        flash(error)
       return redirect(f"{url_for('console.index')}?created={id}")
   
   affordable_vm_sizes = dict()
@@ -280,9 +286,6 @@ def create():
     if vm_size["dollars_per_month"] <= account_balance+0.25:
       affordable_vm_sizes[key] = vm_size
 
-  for error in errors:
-    flash(error)
-
   if not capacity_avaliable:
     current_app.logger.warning(f"when capsul capacity is restored, send an email to {session['account']}")
 

capsulflask/db.py

@@ -43,7 +43,7 @@ def init_app(app, is_running_server):
   hasSchemaVersionTable = False
   actionWasTaken = False
   schemaVersion = 0
-  desiredSchemaVersion = 19
+  desiredSchemaVersion = 18
 
   cursor = connection.cursor()
 

capsulflask/hub_api.py

@@ -160,10 +160,7 @@ def can_claim_create(payload, host_id) -> (str, str):
   if allocated_network_name is None or allocated_ipv4_address is None:
     return "", f"host \"{host_id}\" does not have any avaliable IP addresses on any of its networks."
 
-  # payload["network_name"] = allocated_network_name
+  payload["network_name"] = allocated_network_name
-  # hard-code the network name for now until we can fix the phantom dhcp lease issues.
-
-  payload["network_name"] = 'public3'
   payload["public_ipv4"] = allocated_ipv4_address
 
   return payload, ""

capsulflask/schema_migrations/17_down_api_tokens.py

@@ -0,0 +1,2 @@
+DROP TABLE api_keys;
+UPDATE schemaversion SET version = 16;

capsulflask/schema_migrations/17_up_api_tokens.py

@@ -0,0 +1,9 @@
+CREATE TABLE api_tokens (
+  id                 SERIAL PRIMARY KEY,
+  email              TEXT REFERENCES accounts(email) ON DELETE RESTRICT,
+  name               TEXT NOT NULL,
+  created            TIMESTAMP NOT NULL DEFAULT NOW(),
+  token              TEXT NOT NULL
+);
+
+UPDATE schemaversion SET version = 17;

capsulflask/schema_migrations/19_down_api_tokens.py

@@ -1,2 +1,2 @@
 DROP TABLE api_keys;
-UPDATE schemaversion SET version = 18;
+UPDATE schemaversion SET version = 16;

capsulflask/schema_migrations/19_up_api_tokens.py

@@ -6,4 +6,4 @@ CREATE TABLE api_tokens (
   token              TEXT NOT NULL
 );
 
-UPDATE schemaversion SET version = 19;
+UPDATE schemaversion SET version = 17;

capsulflask/tests/test_auth.py

@@ -1,23 +0,0 @@
-from flask import url_for, session
-
-from capsulflask.db import get_model
-from capsulflask.tests_base import BaseTestCase
-
-
-class LoginTests(BaseTestCase):
-    render_templates = False
-
-    def test_login_request(self):
-        with self.client as client:
-            response = client.get(url_for("auth.login"))
-            self.assert_200(response)
-
-            # FIXME test generated login link
-
-    def test_login_magiclink(self):
-        token, ignoreCaseMatches = get_model().login('test@example.com')
-
-        with self.client as client:
-            response = client.get(url_for("auth.magiclink", token=token))
-            self.assertRedirects(response, url_for("console.index"))
-            self.assertEqual(session['account'], 'test@example.com')

capsulflask/tests/test_console.py

@@ -1,170 +0,0 @@
-from unittest.mock import patch
-
-from flask import url_for
-
-from capsulflask.hub_model import MockHub
-from capsulflask.db import get_model
-from capsulflask.tests_base import BaseTestCase
-
-
-class ConsoleTests(BaseTestCase):
-    capsul_data = {
-        "size": "f1-xs",
-        "os": "debian10",
-        "ssh_authorized_key_count": 1,
-        "ssh_key_0": "key"
-    }
-
-    ssh_key_data = {
-        "name": "key2",
-        "action": "upload_ssh_key",
-        "content": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDntq1t8Ddsa2q4p+PM7W4CLYYmxakokRRVLlf7AQlsTJFPsgBe9u0zuoOaKDMkBr0dlnuLm4Eub1Mj+BrdqAokto0YDiAnxUKRuYQKuHySKK8bLkisi2k47jGBDikx/jihgiuFTawo1mYsJJepC7PPwZGsoCImJEgq1L+ug0p3Zrj3QkUx4h25MpCSs2yvfgWjDyN8hEC76O42P+4ETezYrzrd1Kj26hdzHRnrxygvIUOtfau+5ydlaz8xQBEPrEY6/+pKDuwtXg1pBL7GmoUxBXVfHQSgq5s9jIJH+G0CR0ZoHMB25Ln4X/bsCQbLOu21+IGYKSDVM5TIMLtkKUkERQMVWvnpOp1LZKir4dC0m7SW74wpA8+2b1IsURIr9ARYGJpCEv1Q1Wz/X3yTf6Mfey7992MjUc9HcgjgU01/+kYomoXHprzolk+22Gjfgo3a4dRIoTY82GO8kkUKiaWHvDkkVURCY5dpteLA05sk3Z9aRMYsNXPLeOOPfzTlDA0="
-    }
-
-    def test_index(self):
-        self._login('test@example.com')
-        with self.client as client:
-            response = client.get(url_for("console.index"))
-            self.assert_200(response)
-
-    def test_create_loads(self):
-        self._login('test@example.com')
-        with self.client as client:
-            response = client.get(url_for("console.create"))
-            self.assert_200(response)
-
-    def test_create_fails_capacity(self):
-        with self.client as client:
-            client.get(url_for("console.create"))
-            csrf_token = self.get_context_variable('csrf_token')
-
-            data = self.capsul_data
-            data['csrf-token'] = csrf_token
-
-            # Override MockHub.capacity_avaliable to always return False
-            with patch.object(MockHub, 'capacity_avaliable', return_value=False) as mock_method:
-                self.app.config["HUB_MODEL"] = MockHub()
-
-                client.post(url_for("console.create"), data=data)
-                capacity_message = \
-                    '\n      host(s) at capacity. no capsuls can be created at this time. sorry. \n    '
-                self.assert_message_flashed(capacity_message, category='message')
-
-                self.assertEqual(
-                    len(get_model().list_vms_for_account('test@example.com')),
-                    0
-                )
-            mock_method.assert_called_with(512 * 1024 * 1024)
-
-    def test_create_fails_invalid(self):
-        with self.client as client:
-            client.get(url_for("console.create"))
-            csrf_token = self.get_context_variable('csrf_token')
-
-            data = self.capsul_data
-            data['csrf-token'] = csrf_token
-            data['os'] = ''
-            client.post(url_for("console.create"), data=data)
-
-            self.assert_message_flashed(
-                'OS is required', 
-                category='message'
-            )
-
-            self.assertEqual(
-                len(get_model().list_vms_for_account('test@example.com')),
-                0
-            )
-
-    def test_create_succeeds(self):
-        with self.client as client:
-            client.get(url_for("console.create"))
-            csrf_token = self.get_context_variable('csrf_token')
-
-            data = self.capsul_data
-            data['csrf-token'] = csrf_token
-            response = client.post(url_for("console.create"), data=data)
-
-            # FIXME: mock create doesn't create, see #83
-            # vms = get_model().list_vms_for_account('test@example.com')
-            # self.assertEqual(
-            #     len(vms),
-            #     1 
-            # )
-            #
-            # vm_id = vms[0].id
-            #
-            # self.assertRedirects(
-            #     response, 
-            #     url_for("console.index") + f'?{vm_id}'
-            # )
-
-    def test_keys_loads(self):
-        self._login('test@example.com')
-        with self.client as client:
-            response = client.get(url_for("console.ssh_api_keys"))
-            self.assert_200(response)
-            keys = self.get_context_variable('ssh_public_keys')
-            self.assertEqual(keys[0]['name'], 'key')
-
-    def test_keys_add_ssh_fails_invalid(self):
-        self._login('test@example.com')
-        with self.client as client:
-            client.get(url_for("console.ssh_api_keys"))
-            csrf_token = self.get_context_variable('csrf_token')
-
-            data = self.ssh_key_data
-            data['csrf-token'] = csrf_token
-
-            data_invalid_content = data
-            data_invalid_content['content'] = 'foo'
-            client.post(
-                url_for("console.ssh_api_keys"),
-                data=data_invalid_content
-            )
-
-            self.assert_message_flashed(
-                'Content must match "^(ssh|ecdsa)-[0-9A-Za-z+/_=@:. -]+$"',
-                category='message'
-            )
-
-            data_missing_content = data
-            data_missing_content['content'] = ''
-            client.post(url_for("console.ssh_api_keys"), data=data_missing_content)
-
-            self.assert_message_flashed(
-                'Content is required', category='message'
-            )
-
-    def test_keys_add_ssh_fails_duplicate(self):
-        self._login('test@example.com')
-        with self.client as client:
-            client.get(url_for("console.ssh_api_keys"))
-            csrf_token = self.get_context_variable('csrf_token')
-
-            data = self.ssh_key_data
-            data['csrf-token'] = csrf_token
-            data['name'] = 'key'
-            client.post(url_for("console.ssh_api_keys"), data=data)
-
-            self.assert_message_flashed(
-                'A key with that name already exists',
-                category='message'
-            )
-
-            data = self.ssh_key_data
-            data['csrf-token'] = csrf_token
-            data['name'] = 'key'
-            client.post(url_for("console.ssh_api_keys"), data=data)
-
-            self.assert_message_flashed(
-                'A key with that name already exists',
-                category='message'
-            )
-
-    def setUp(self):
-        self._login('test@example.com')
-        get_model().create_ssh_public_key('test@example.com', 'key', 'foo') 
-
-    def tearDown(self):
-        get_model().delete_ssh_public_key('test@example.com', 'key') 

capsulflask/tests/test_landing.py

@@ -1,14 +0,0 @@
-from capsulflask.tests_base import BaseTestCase
-
-
-class LandingTests(BaseTestCase):
-    #: Do not render templates, we're only testing logic here.
-    render_templates = False
-
-    def test_landing(self):
-        pages = ['/', 'pricing', 'faq', 'about-ssh', 'changelog', 'support']
-
-        with self.client as client:
-            for page in pages:
-                response = client.get(page)
-                self.assert_200(response)

capsulflask/tests/test_publicapi.py

@@ -1,45 +0,0 @@
-from base64 import b64encode
-import requests
-
-from flask import url_for
-
-from capsulflask.db import get_model
-from capsulflask.tests_base import BaseLiveServerTestCase
-
-
-class PublicAPITests(BaseLiveServerTestCase):
-    def test_server_is_up_and_running(self):
-        response = requests.get(self.get_server_url())
-        self.assertEqual(response.status_code, 200)
-
-    def test_capsul_create_succeeds(self):
-        response = requests.post(
-            self.get_server_url() +
-            url_for('publicapi.capsul_create'),
-            headers={'Authorization': self.token},
-            json={
-                'size': 'f1-xs',
-                'os': 'openbsd68',
-                'ssh_key_0': 'key'
-            }
-        )
-
-        self.assertEqual(response.status_code, 200)
-
-        # FIXME: mock create doesn't create, see #83
-        # vms = get_model().list_vms_for_account('test@example.com')
-        # 
-        # self.assertEqual(
-        #     len(vms),
-        #     1
-        # )
-
-    def setUp(self):
-        get_model().create_ssh_public_key('test@example.com', 'key', 'foo') 
-        self.token = b64encode(
-            get_model().generate_api_token('test@example.com', 'apikey').encode('utf-8')
-        ).decode('utf-8')
-
-    def tearDown(self):
-        get_model().delete_ssh_public_key('test@example.com', 'key') 
-        get_model().delete_api_token('test@example.com', 1)

capsulflask/tests_base.py

@@ -1,35 +0,0 @@
-import os
-from nanoid import generate
-
-from flask_testing import TestCase, LiveServerTestCase
-
-from capsulflask import create_app
-from capsulflask.db import get_model
-
-
-class BaseSharedTestCase(object):
-    def create_app(self):
-        # Use default connection paramaters
-        os.environ['POSTGRES_CONNECTION_PARAMETERS'] = "host=localhost port=5432 user=postgres password=dev dbname=capsulflask_test"
-        os.environ['TESTING'] = '1'
-        os.environ['SPOKE_MODEL'] = 'mock'
-        os.environ['HUB_MODEL'] = 'mock'
-        return create_app()
-
-    def setUp(self):
-        pass
-
-    def tearDown(self):
-        pass
-
-
-class BaseTestCase(BaseSharedTestCase, TestCase):
-    def _login(self, user_email):
-        get_model().login(user_email)
-        with self.client.session_transaction() as session:
-            session['account'] = user_email
-            session['csrf-token'] = generate()
-
-
-class BaseLiveServerTestCase(BaseSharedTestCase, LiveServerTestCase):
-    pass

docker-compose.yml

@@ -0,0 +1,29 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: 3wordchant/capsul-flask:latest
+    build: .
+    volumes:
+      - "./:/app/code"
+    depends_on:
+      - db
+    ports:
+      - "5000:5000"
+    environment:
+      - "POSTGRES_CONNECTION_PARAMETERS=host=db port=5432 user=capsul password=capsul dbname=capsul"
+    # The image uses gunicorn by default, let's override it with Flask's
+    # built-in development server
+    command: ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
+  db:
+    image: "postgres:9.6.5"
+    volumes:
+      - "postgres:/var/lib/postgresql/data"
+    environment:
+      POSTGRES_USER: capsul
+      POSTGRES_PASSWORD: capsul
+      POSTGRES_DB: capsul
+
+volumes:
+  postgres: