16 changed files with 634 additions and 9 deletions
-
23server/Dockerfile
-
201server/LICENSE
-
6server/corvus/__init__.py
-
1server/corvus/api/__init__.py
-
4server/corvus/api/authentication_api.py
-
25server/corvus/api/user_api.py
-
20server/corvus/errors.py
-
101server/corvus/service/transformation_service.py
-
83server/corvus/service/user_service.py
-
106server/corvus/service/user_token_service.py
-
5server/corvus/utility/json_utility.py
-
16server/corvus/utility/session_utility.py
-
10server/manage.py
-
4server/tests/api/test_authentication_api.py
-
16server/tests/api/test_user_api.py
-
22server/tests/service/test_transformation_service.py
@ -0,0 +1,23 @@ |
|||
FROM python:3.6-slim-stretch |
|||
MAINTAINER Drew Short <warrick@sothr.com> |
|||
|
|||
ENV CORVUS_APP_DIRECTORY /opt/corvus |
|||
ENV CORVUS_CONFIG_DIRECTORY /srv/corvus/config |
|||
ENV CORVUS_DATA_DIRECTORY /srv/corvus/data |
|||
|
|||
RUN mkdir -p ${CORVUS_APP_DIRECTORY} \ |
|||
&& mkdir -p ${CORVUS_CONFIG_DIRECTORY} \ |
|||
&& mkdir -p ${CORVUS_DATA_DIRECTORY} \ |
|||
&& pip install pipenv gunicorn |
|||
|
|||
VOLUME ${CORVUS_CONFIG_DIRECTORY} |
|||
VOLUME ${CORVUS_DATA_DIRECTORY} |
|||
|
|||
COPY ./server/ ${CORVUS_APP_DIRECTORY}/ |
|||
|
|||
RUN cd ${CORVUS_APP_DIRECTORY} \ |
|||
&& pipenv install --system --deploy --ignore-pipfile |
|||
|
|||
WORKDIR ${CORVUS_APP_DIRECTORY} |
|||
|
|||
CMD ./entrypoint.sh |
|||
@ -0,0 +1,201 @@ |
|||
Apache License |
|||
Version 2.0, January 2004 |
|||
http://www.apache.org/licenses/ |
|||
|
|||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION |
|||
|
|||
1. Definitions. |
|||
|
|||
"License" shall mean the terms and conditions for use, reproduction, |
|||
and distribution as defined by Sections 1 through 9 of this document. |
|||
|
|||
"Licensor" shall mean the copyright owner or entity authorized by |
|||
the copyright owner that is granting the License. |
|||
|
|||
"Legal Entity" shall mean the union of the acting entity and all |
|||
other entities that control, are controlled by, or are under common |
|||
control with that entity. For the purposes of this definition, |
|||
"control" means (i) the power, direct or indirect, to cause the |
|||
direction or management of such entity, whether by contract or |
|||
otherwise, or (ii) ownership of fifty percent (50%) or more of the |
|||
outstanding shares, or (iii) beneficial ownership of such entity. |
|||
|
|||
"You" (or "Your") shall mean an individual or Legal Entity |
|||
exercising permissions granted by this License. |
|||
|
|||
"Source" form shall mean the preferred form for making modifications, |
|||
including but not limited to software source code, documentation |
|||
source, and configuration files. |
|||
|
|||
"Object" form shall mean any form resulting from mechanical |
|||
transformation or translation of a Source form, including but |
|||
not limited to compiled object code, generated documentation, |
|||
and conversions to other media types. |
|||
|
|||
"Work" shall mean the work of authorship, whether in Source or |
|||
Object form, made available under the License, as indicated by a |
|||
copyright notice that is included in or attached to the work |
|||
(an example is provided in the Appendix below). |
|||
|
|||
"Derivative Works" shall mean any work, whether in Source or Object |
|||
form, that is based on (or derived from) the Work and for which the |
|||
editorial revisions, annotations, elaborations, or other modifications |
|||
represent, as a whole, an original work of authorship. For the purposes |
|||
of this License, Derivative Works shall not include works that remain |
|||
separable from, or merely link (or bind by name) to the interfaces of, |
|||
the Work and Derivative Works thereof. |
|||
|
|||
"Contribution" shall mean any work of authorship, including |
|||
the original version of the Work and any modifications or additions |
|||
to that Work or Derivative Works thereof, that is intentionally |
|||
submitted to Licensor for inclusion in the Work by the copyright owner |
|||
or by an individual or Legal Entity authorized to submit on behalf of |
|||
the copyright owner. For the purposes of this definition, "submitted" |
|||
means any form of electronic, verbal, or written communication sent |
|||
to the Licensor or its representatives, including but not limited to |
|||
communication on electronic mailing lists, source code control systems, |
|||
and issue tracking systems that are managed by, or on behalf of, the |
|||
Licensor for the purpose of discussing and improving the Work, but |
|||
excluding communication that is conspicuously marked or otherwise |
|||
designated in writing by the copyright owner as "Not a Contribution." |
|||
|
|||
"Contributor" shall mean Licensor and any individual or Legal Entity |
|||
on behalf of whom a Contribution has been received by Licensor and |
|||
subsequently incorporated within the Work. |
|||
|
|||
2. Grant of Copyright License. Subject to the terms and conditions of |
|||
this License, each Contributor hereby grants to You a perpetual, |
|||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable |
|||
copyright license to reproduce, prepare Derivative Works of, |
|||
publicly display, publicly perform, sublicense, and distribute the |
|||
Work and such Derivative Works in Source or Object form. |
|||
|
|||
3. Grant of Patent License. Subject to the terms and conditions of |
|||
this License, each Contributor hereby grants to You a perpetual, |
|||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable |
|||
(except as stated in this section) patent license to make, have made, |
|||
use, offer to sell, sell, import, and otherwise transfer the Work, |
|||
where such license applies only to those patent claims licensable |
|||
by such Contributor that are necessarily infringed by their |
|||
Contribution(s) alone or by combination of their Contribution(s) |
|||
with the Work to which such Contribution(s) was submitted. If You |
|||
institute patent litigation against any entity (including a |
|||
cross-claim or counterclaim in a lawsuit) alleging that the Work |
|||
or a Contribution incorporated within the Work constitutes direct |
|||
or contributory patent infringement, then any patent licenses |
|||
granted to You under this License for that Work shall terminate |
|||
as of the date such litigation is filed. |
|||
|
|||
4. Redistribution. You may reproduce and distribute copies of the |
|||
Work or Derivative Works thereof in any medium, with or without |
|||
modifications, and in Source or Object form, provided that You |
|||
meet the following conditions: |
|||
|
|||
(a) You must give any other recipients of the Work or |
|||
Derivative Works a copy of this License; and |
|||
|
|||
(b) You must cause any modified files to carry prominent notices |
|||
stating that You changed the files; and |
|||
|
|||
(c) You must retain, in the Source form of any Derivative Works |
|||
that You distribute, all copyright, patent, trademark, and |
|||
attribution notices from the Source form of the Work, |
|||
excluding those notices that do not pertain to any part of |
|||
the Derivative Works; and |
|||
|
|||
(d) If the Work includes a "NOTICE" text file as part of its |
|||
distribution, then any Derivative Works that You distribute must |
|||
include a readable copy of the attribution notices contained |
|||
within such NOTICE file, excluding those notices that do not |
|||
pertain to any part of the Derivative Works, in at least one |
|||
of the following places: within a NOTICE text file distributed |
|||
as part of the Derivative Works; within the Source form or |
|||
documentation, if provided along with the Derivative Works; or, |
|||
within a display generated by the Derivative Works, if and |
|||
wherever such third-party notices normally appear. The contents |
|||
of the NOTICE file are for informational purposes only and |
|||
do not modify the License. You may add Your own attribution |
|||
notices within Derivative Works that You distribute, alongside |
|||
or as an addendum to the NOTICE text from the Work, provided |
|||
that such additional attribution notices cannot be construed |
|||
as modifying the License. |
|||
|
|||
You may add Your own copyright statement to Your modifications and |
|||
may provide additional or different license terms and conditions |
|||
for use, reproduction, or distribution of Your modifications, or |
|||
for any such Derivative Works as a whole, provided Your use, |
|||
reproduction, and distribution of the Work otherwise complies with |
|||
the conditions stated in this License. |
|||
|
|||
5. Submission of Contributions. Unless You explicitly state otherwise, |
|||
any Contribution intentionally submitted for inclusion in the Work |
|||
by You to the Licensor shall be under the terms and conditions of |
|||
this License, without any additional terms or conditions. |
|||
Notwithstanding the above, nothing herein shall supersede or modify |
|||
the terms of any separate license agreement you may have executed |
|||
with Licensor regarding such Contributions. |
|||
|
|||
6. Trademarks. This License does not grant permission to use the trade |
|||
names, trademarks, service marks, or product names of the Licensor, |
|||
except as required for reasonable and customary use in describing the |
|||
origin of the Work and reproducing the content of the NOTICE file. |
|||
|
|||
7. Disclaimer of Warranty. Unless required by applicable law or |
|||
agreed to in writing, Licensor provides the Work (and each |
|||
Contributor provides its Contributions) on an "AS IS" BASIS, |
|||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or |
|||
implied, including, without limitation, any warranties or conditions |
|||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A |
|||
PARTICULAR PURPOSE. You are solely responsible for determining the |
|||
appropriateness of using or redistributing the Work and assume any |
|||
risks associated with Your exercise of permissions under this License. |
|||
|
|||
8. Limitation of Liability. In no event and under no legal theory, |
|||
whether in tort (including negligence), contract, or otherwise, |
|||
unless required by applicable law (such as deliberate and grossly |
|||
negligent acts) or agreed to in writing, shall any Contributor be |
|||
liable to You for damages, including any direct, indirect, special, |
|||
incidental, or consequential damages of any character arising as a |
|||
result of this License or out of the use or inability to use the |
|||
Work (including but not limited to damages for loss of goodwill, |
|||
work stoppage, computer failure or malfunction, or any and all |
|||
other commercial damages or losses), even if such Contributor |
|||
has been advised of the possibility of such damages. |
|||
|
|||
9. Accepting Warranty or Additional Liability. While redistributing |
|||
the Work or Derivative Works thereof, You may choose to offer, |
|||
and charge a fee for, acceptance of support, warranty, indemnity, |
|||
or other liability obligations and/or rights consistent with this |
|||
License. However, in accepting such obligations, You may act only |
|||
on Your own behalf and on Your sole responsibility, not on behalf |
|||
of any other Contributor, and only if You agree to indemnify, |
|||
defend, and hold each Contributor harmless for any liability |
|||
incurred by, or claims asserted against, such Contributor by reason |
|||
of your accepting any such warranty or additional liability. |
|||
|
|||
END OF TERMS AND CONDITIONS |
|||
|
|||
APPENDIX: How to apply the Apache License to your work. |
|||
|
|||
To apply the Apache License to your work, attach the following |
|||
boilerplate notice, with the fields enclosed by brackets "{}" |
|||
replaced with your own identifying information. (Don't include |
|||
the brackets!) The text should be enclosed in the appropriate |
|||
comment syntax for the file format. We also recommend that a |
|||
file or class name and description of purpose be included on the |
|||
same "printed page" as the copyright notice for easier |
|||
identification within third-party archives. |
|||
|
|||
Copyright 2018 Drew Short |
|||
|
|||
Licensed under the Apache License, Version 2.0 (the "License"); |
|||
you may not use this file except in compliance with the License. |
|||
You may obtain a copy of the License at |
|||
|
|||
http://www.apache.org/licenses/LICENSE-2.0 |
|||
|
|||
Unless required by applicable law or agreed to in writing, software |
|||
distributed under the License is distributed on an "AS IS" BASIS, |
|||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
See the License for the specific language governing permissions and |
|||
limitations under the License. |
|||
@ -1,2 +1,3 @@ |
|||
"""API blueprint exports.""" |
|||
from corvus.api.authentication_api import AUTH_BLUEPRINT |
|||
from corvus.api.user_api import USER_BLUEPRINT |
|||
@ -0,0 +1,25 @@ |
|||
"""User API blueprint and endpoint definitions.""" |
|||
from flask import Blueprint, abort |
|||
|
|||
from corvus.api.decorators import return_json |
|||
from corvus.api.model import APIResponse |
|||
from corvus.middleware import authentication_middleware |
|||
from corvus.service import user_service |
|||
|
|||
USER_BLUEPRINT = Blueprint( |
|||
name='user', import_name=__name__, url_prefix='/user') |
|||
|
|||
|
|||
@USER_BLUEPRINT.route('/<name>', methods=['GET']) |
|||
@return_json |
|||
@authentication_middleware.require_token_auth |
|||
def get_user(name: str) -> APIResponse: |
|||
""" |
|||
Get a token for continued authentication. |
|||
|
|||
:return: A login token for continued authentication |
|||
""" |
|||
user = user_service.find_by_name(name) |
|||
if user is not None: |
|||
return APIResponse(user, 200) |
|||
return abort(404) |
|||
@ -0,0 +1,20 @@ |
|||
"""Error definitions for Corvus.""" |
|||
from typing import Dict |
|||
|
|||
|
|||
class BaseError(RuntimeError): |
|||
"""Corvus Base Error Class.""" |
|||
|
|||
def __init__( |
|||
self, |
|||
message: str = 'Unknown error', |
|||
extra_fields: Dict[str, str] = None) -> None: |
|||
"""Populate The Error Definition.""" |
|||
super().__init__(message) |
|||
self.extra_fields = extra_fields |
|||
|
|||
|
|||
class ValidationError(BaseError): |
|||
"""Corvus Validation Error.""" |
|||
|
|||
pass |
|||
@ -0,0 +1,101 @@ |
|||
"""Handle Model Serialization.""" |
|||
import logging |
|||
from typing import Dict, Callable, Any, List, Optional, Type |
|||
|
|||
from corvus import errors |
|||
from corvus.db import db |
|||
|
|||
LOGGER = logging.getLogger(__name__) |
|||
|
|||
|
|||
class BaseTransformer: |
|||
"""Base Model serializer.""" |
|||
|
|||
type: Type[db.Model] |
|||
|
|||
def __init__(self, model: Type[db.Model]) -> None: |
|||
"""Initialize the base serializer.""" |
|||
self._fields: Dict[str, Callable[[db.Model], Any]] = {} |
|||
self.model = model |
|||
|
|||
def serialize(self, options: Optional[List[str]]) -> Any: |
|||
"""Convert Model field and factories to dicts.""" |
|||
field_factories = self._serializers() |
|||
if not options: |
|||
options = list(field_factories.keys()) |
|||
ret = {} |
|||
for key in options: |
|||
if key not in field_factories: |
|||
raise errors.ValidationError( |
|||
'Invalid key: %r. Valid keys: %r.' % ( |
|||
key, list(sorted(field_factories.keys())))) |
|||
factory = field_factories[key] |
|||
val = factory() |
|||
if val is not None: |
|||
ret[key] = val |
|||
return ret |
|||
|
|||
def deserialize(self, |
|||
json_model: dict, |
|||
options: Optional[List[str]]) -> Any: |
|||
"""Convert dict to Model.""" |
|||
field_factories = self._deserializers() |
|||
if not options: |
|||
options = list(field_factories.keys()) |
|||
for key in options: |
|||
if key not in field_factories: |
|||
raise errors.ValidationError( |
|||
'Invalid key: %r. Valid keys: %r.' % ( |
|||
key, list(sorted(field_factories.keys())))) |
|||
factory = field_factories[key] |
|||
try: |
|||
value = json_model[key] |
|||
if value is not None: |
|||
factory(self.model, value) |
|||
except KeyError as key_error: |
|||
LOGGER.error( |
|||
'Unable to transform field: %s %s', key, key_error) |
|||
return self.model |
|||
|
|||
def _serializers(self) -> Dict[str, Callable[[], Any]]: |
|||
"""Field definitions.""" |
|||
raise NotImplementedError() |
|||
|
|||
def _deserializers( |
|||
self) -> Dict[str, Callable[[db.Model, Any], None]]: |
|||
"""Field definitions.""" |
|||
raise NotImplementedError() |
|||
|
|||
|
|||
_model_transformers: Dict[str, Type[BaseTransformer]] = {} |
|||
|
|||
|
|||
def register_transformer( |
|||
model_name: str, model_serializer: Type[BaseTransformer]) -> None: |
|||
"""Add a model to the serializer mapping.""" |
|||
_model_transformers[model_name] = model_serializer |
|||
|
|||
|
|||
def serialize_model(model_obj: db.Model, |
|||
options: Optional[List[str]] = None) -> Any: |
|||
"""Lookup a Model and hand off to the serializer.""" |
|||
try: |
|||
return _model_transformers[ |
|||
type(model_obj).__name__](model_obj).serialize(options) |
|||
except KeyError: |
|||
raise NotImplementedError( |
|||
'{} has no registered serializers'.format(model_obj.__name__)) |
|||
|
|||
|
|||
def deserialize_model( |
|||
model_type: str, |
|||
json_model_object: dict, |
|||
options: Optional[List[str]] = None) -> Type[db.Model]: |
|||
"""Lookup a Model and hand it off to the deserializer.""" |
|||
try: |
|||
transformer = _model_transformers[model_type] |
|||
return transformer( |
|||
transformer.type()).deserialize(json_model_object, options) |
|||
except KeyError: |
|||
raise NotImplementedError( |
|||
'{} has no registered serializers'.format(model_type)) |
|||
@ -0,0 +1,16 @@ |
|||
"""Session specific utilities.""" |
|||
from typing import Any |
|||
|
|||
from flask.sessions import SecureCookieSessionInterface |
|||
|
|||
|
|||
class DisableSessionInterface(SecureCookieSessionInterface): |
|||
"""Make sure no session data is transmitted or stored.""" |
|||
|
|||
def should_set_cookie(self, app: Any, session: Any) -> bool: |
|||
"""Disable default cookie generation.""" |
|||
return False |
|||
|
|||
def save_session(self, app: Any, session: Any, response: Any) -> Any: |
|||
"""Prevent creating session from requests.""" |
|||
return None |
|||
@ -0,0 +1,16 @@ |
|||
from flask.testing import FlaskClient |
|||
|
|||
from tests.conftest import AuthActions |
|||
|
|||
|
|||
def test_get_user_happy_path(auth: AuthActions, client: FlaskClient): |
|||
auth.login() |
|||
auth_header = auth.get_authorization_header_token() |
|||
result = client.get( |
|||
'/user/{}'.format(client.application.config['test_username']), |
|||
headers={ |
|||
auth_header[0]: auth_header[1] |
|||
}) |
|||
assert result.status_code == 200 |
|||
assert result.json is not None |
|||
assert result.json['name'] == client.application.config['test_username'] |
|||
@ -0,0 +1,22 @@ |
|||
from corvus.model import UserToken |
|||
from corvus.service.transformation_service import ( |
|||
serialize_model, |
|||
deserialize_model |
|||
) |
|||
|
|||
|
|||
def test_serialize_model(): |
|||
user_token = UserToken() |
|||
user_token.token = 'test' |
|||
result = serialize_model(user_token) |
|||
assert result is not None |
|||
assert result['token'] == 'test' |
|||
|
|||
|
|||
def test_deserialize_model(): |
|||
user_token_json = { |
|||
'token': 'test' |
|||
} |
|||
result = deserialize_model('UserToken', user_token_json) |
|||
assert result is not None |
|||
assert result.token == 'test' |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue