(1) Obtain JWT_SECRET_KEY from current_app (2) Fix Dockerfile pipenv install

Author: khteh

Dockerfile

@@ -5,7 +5,7 @@ ADD src src
 ADD Pipfile Pipfile
 ADD Pipfile.lock Pipfile.lock
 RUN pip install pipenv
-RUN pipenv install
-RUN openssl req -new -newkey rsa:4096 -x509 -nodes -days 365 -keyout server.key -out server.crt -subj "/C=SG/ST=Singapore/L=Singapore /O=Kok How Pte. Ltd./OU=PythonFlaskRestAPI/CN=localhost/emailAddress=funcoolgeek@gmail.com" -passin pass:PythonFlaskRestAPI
+RUN pipenv install --system --deploy --ignore-pipfile
+RUN openssl req -new -newkey rsa:4096 -x509 -nodes -days 365 -keyout server.key -out server.crt -subj "/C=SG/ST=Singapore/L=Singapore /O=Kok How Pte. Ltd./OU=PythonRestAPI/CN=localhost/emailAddress=funcoolgeek@gmail.com" -passin pass:PythonRestAPI
 EXPOSE 8080 4433
 ENTRYPOINT [ "hypercorn",  "--quic-bind", "0.0.0.0:4433", "--certfile", "server.crt", "--keyfile", "server.key", "--bind", "0.0.0.0:8080", "src.main:app" ]

Pipfile.lock

@@ -0,0 +1,3 @@
+#!/bin/bash
+docker build -t khteh/pythonrestapi .
+docker push khteh/pythonrestapi:latest

build.sh

@@ -1,14 +1,14 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: python-config
+  name: pythonrestapi
 data:
   config.json: |
     {
-        "ENV": "development",
+        "ENVIRONMENT": "development",
         "DEBUG": true,
         "TESTING": true,
-        "SECRET_KEY": "PythonFlaskRestAPI",
+        "SECRET_KEY": "PythonRestAPI",
         "SQLALCHEMY_TRACK_MODIFICATIONS": false,
         "HEALTHZ": {
                     "live": "src.app.liveness",

manifests/config.yml

@@ -2,7 +2,8 @@
 	"ENV": "development",
         "DEBUG": true,
         "TESTING": true,
-        "SECRET_KEY": "PythonFlaskRestAPI",
+        "SECRET_KEY": "PythonRestAPI",
+        "JWT_SECRET_KEY": "PythonRestAPI",
         "SQLALCHEMY_DATABASE_URI": "mysql+pymysql://guest:P*ssw0rd@localhost:30001/library",
         "DB_USERNAME": "guest",
         "DB_PASSWORD": "P*ssw0rd",

manifests/config_local.json

@@ -0,0 +1,57 @@
+  library.sql: "-- MySQL dump 10.13  Distrib 8.0.26, for Linux (x86_64)\n--\n-- Host:
+    localhost    Database: library\n-- ------------------------------------------------------\n--
+    Server version\t8.0.26\n\n/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT
+    */;\n/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;\n/*!40101
+    SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;\n/*!50503 SET NAMES utf8mb4
+    */;\n/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;\n/*!40103 SET TIME_ZONE='+00:00'
+    */;\n/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;\n/*!40014
+    SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;\n/*!40101
+    SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;\n/*!40111 SET
+    @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;\n\n--\n-- Table structure for table
+    `alembic_version`\n--\n\nDROP TABLE IF EXISTS `alembic_version`;\n/*!40101 SET
+    @saved_cs_client     = @@character_set_client */;\n/*!50503 SET character_set_client
+    = utf8mb4 */;\nCREATE TABLE `alembic_version` (\n  `version_num` varchar(32) NOT
+    NULL,\n  PRIMARY KEY (`version_num`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
+    COLLATE=utf8mb4_0900_ai_ci;\n/*!40101 SET character_set_client = @saved_cs_client
+    */;\n\n--\n-- Dumping data for table `alembic_version`\n--\n\nLOCK TABLES `alembic_version`
+    WRITE;\n/*!40000 ALTER TABLE `alembic_version` DISABLE KEYS */;\nINSERT INTO `alembic_version`
+    VALUES ('c8fac49602e6');\n/*!40000 ALTER TABLE `alembic_version` ENABLE KEYS */;\nUNLOCK
+    TABLES;\n\n--\n-- Table structure for table `authors`\n--\n\nDROP TABLE IF EXISTS
+    `authors`;\n/*!40101 SET @saved_cs_client     = @@character_set_client */;\n/*!50503
+    SET character_set_client = utf8mb4 */;\nCREATE TABLE `authors` (\n  `id` int NOT
+    NULL AUTO_INCREMENT,\n  `firstname` varchar(128) NOT NULL,\n  `lastname` varchar(128)
+    NOT NULL,\n  `email` varchar(255) NOT NULL,\n  `phone` varchar(15) DEFAULT NULL,\n
+    \ `created_at` datetime DEFAULT NULL,\n  `modified_at` datetime DEFAULT NULL,\n
+    \ PRIMARY KEY (`id`),\n  UNIQUE KEY `ix_authors_email` (`email`),\n  UNIQUE KEY
+    `ix_authors_phone` (`phone`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;\n/*!40101
+    SET character_set_client = @saved_cs_client */;\n\n--\n-- Dumping data for table
+    `authors`\n--\n\nLOCK TABLES `authors` WRITE;\n/*!40000 ALTER TABLE `authors`
+    DISABLE KEYS */;\n/*!40000 ALTER TABLE `authors` ENABLE KEYS */;\nUNLOCK TABLES;\n\n--\n--
+    Table structure for table `books`\n--\n\nDROP TABLE IF EXISTS `books`;\n/*!40101
+    SET @saved_cs_client     = @@character_set_client */;\n/*!50503 SET character_set_client
+    = utf8mb4 */;\nCREATE TABLE `books` (\n  `id` int NOT NULL AUTO_INCREMENT,\n  `title`
+    varchar(128) NOT NULL,\n  `isbn` varchar(255) NOT NULL,\n  `page_count` int NOT
+    NULL,\n  `created_at` datetime DEFAULT NULL,\n  `modified_at` datetime DEFAULT
+    NULL,\n  `author_id` int NOT NULL,\n  PRIMARY KEY (`id`),\n  KEY `author_id` (`author_id`),\n
+    \ CONSTRAINT `books_ibfk_1` FOREIGN KEY (`author_id`) REFERENCES `authors` (`id`)\n)
+    ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;\n/*!40101 SET
+    character_set_client = @saved_cs_client */;\n\n--\n-- Dumping data for table `books`\n--\n\nLOCK
+    TABLES `books` WRITE;\n/*!40000 ALTER TABLE `books` DISABLE KEYS */;\n/*!40000
+    ALTER TABLE `books` ENABLE KEYS */;\nUNLOCK TABLES;\n\n--\n-- Table structure
+    for table `users`\n--\n\nDROP TABLE IF EXISTS `users`;\n/*!40101 SET @saved_cs_client
+    \    = @@character_set_client */;\n/*!50503 SET character_set_client = utf8mb4
+    */;\nCREATE TABLE `users` (\n  `id` int NOT NULL AUTO_INCREMENT,\n  `firstname`
+    varchar(128) NOT NULL,\n  `lastname` varchar(128) NOT NULL,\n  `email` varchar(255)
+    NOT NULL,\n  `phone` varchar(15) DEFAULT NULL,\n  `password` varchar(128) DEFAULT
+    NULL,\n  `created_at` datetime DEFAULT NULL,\n  `modified_at` datetime DEFAULT
+    NULL,\n  PRIMARY KEY (`id`),\n  UNIQUE KEY `ix_users_email` (`email`),\n  UNIQUE
+    KEY `ix_users_phone` (`phone`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;\n/*!40101
+    SET character_set_client = @saved_cs_client */;\n\n--\n-- Dumping data for table
+    `users`\n--\n\nLOCK TABLES `users` WRITE;\n/*!40000 ALTER TABLE `users` DISABLE
+    KEYS */;\n/*!40000 ALTER TABLE `users` ENABLE KEYS */;\nUNLOCK TABLES;\n/*!40103
+    SET TIME_ZONE=@OLD_TIME_ZONE */;\n\n/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;\n/*!40014
+    SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;\n/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS
+    */;\n/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;\n/*!40101
+    SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;\n/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION
+    */;\n/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;\n\n-- Dump completed on 2021-09-27
+    10:45:57\n"

manifests/library.yml

@@ -1,3 +1,3 @@
 #!/bin/bash
 openssl req -new -newkey rsa:4096 -x509 -nodes -days 365 -keyout server.key -out server.crt -subj "/C=SG/ST=Singapore/L=Singapore /O=Kok How Pte. Ltd./OU=PythonFlaskRestAPI/CN=localhost/emailAddress=funcoolgeek@gmail.com" -passin pass:PythonFlaskRestAPI
-hypercorn --quic-bind 0.0.0.0:4433 --certfile server.crt --keyfile server.key --bind 0.0.0.0:8080 src.main:app
+pipenv run hypercorn --quic-bind 0.0.0.0:4433 --certfile server.crt --keyfile server.key --bind 0.0.0.0:8080 src.main:app

quart.sh

@@ -2,7 +2,7 @@
 This script runs the application using a development server.
 It contains the definition of routes and views for the application.
 """
-import quart.flask_patch, json, logging
+import quart.flask_patch, json, logging, os
 from quart import Quart, request
 from flask_healthz import HealthError
 from datetime import datetime

src/app.py

@@ -1,5 +1,5 @@
 import jwt, os, sys, datetime, logging
-from flask import request, json, Response, Blueprint, g, render_template, flash, session, abort
+from quart import request, json, Response, Blueprint, g, render_template, flash, session, abort, current_app
 from flask_oidc import OpenIDConnect
 from functools import wraps
 from ..models.UserModel import UserModel
@@ -15,7 +15,7 @@ def generate_token(user_id):
         Generate Token
         """
         #print(f"generate_token(): user_id: {user_id}")
-        if not os.getenv("JWT_SECRET_KEY"):
+        if not current_app.config["JWT_SECRET_KEY"]:
             raise Exception("Invalid user id!")
         if user_id:
             try:
@@ -30,7 +30,7 @@ def generate_token(user_id):
                     "user_id": user_id
 					# https://stackoverflow.com/questions/28418360/jwt-json-web-token-audience-aud-versus-client-id-whats-the-difference
                 }
-                return jwt.encode(payload, os.getenv("JWT_SECRET_KEY"), "HS512")
+                return jwt.encode(payload, current_app.config["JWT_SECRET_KEY"], "HS512")
             except Exception as e:
                 print("generate_token() exception!")
                 print(type(e))    # the exception instance
@@ -48,7 +48,7 @@ def decode_token(token):
         result = {"data": {}, "error": {}}
         if token:
             try:
-                payload = jwt.decode(token, os.getenv("JWT_SECRET_KEY"), "HS512", audience="urn:PythonFlaskRestAPI")
+                payload = jwt.decode(token, current_app.config["JWT_SECRET_KEY"], "HS512", audience="urn:PythonFlaskRestAPI")
                 result["data"] = {"user_id": payload["user_id"]}
                 return result
             except jwt.ExpiredSignatureError as expired:
@@ -99,4 +99,4 @@ def wrapped_require_role(*args, **kwargs):
                 else:
                     return abort(403)
             return wrapped_require_role
-        return decorated_require_role
+        return decorated_require_role

src/common/Authentication.py

@@ -13,6 +13,7 @@
 Healthz(app, no_log=True)
 csrf = CSRFProtect(app)
 bcrypt.init_app(app)
+logging.basicConfig(format='%(asctime)s %(levelname)-8s %(message)s', level=logging.INFO, datefmt='%Y-%m-%d %H:%M:%S')	
 #oidc.init_app(app)
 
 numberRegex = "^(\d)+$"
@@ -105,5 +106,4 @@
 print(f"Valid phone: {phone}") if re.match(phoneRegex, phone) else print(f"Invalid phone: {phone}")		
 phone = "+123-"
 print(f"Valid phone: {phone}") if re.match(phoneRegex, phone) else print(f"Invalid phone: {phone}")			
-logging.basicConfig(format='%(asctime)s %(levelname)-8s %(message)s', level=logging.INFO, datefmt='%Y-%m-%d %H:%M:%S')	
 #app.run(HOST, PORT)