Skip to content

Commit

Permalink
initial commit.
Browse files Browse the repository at this point in the history
  • Loading branch information
@jarosenb
jarosenb committed Dec 6, 2021
0 parents commit edc0ec4
Show file tree
Hide file tree
Showing 19 changed files with 1,658 additions and 0 deletions.
27 changes: 27 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
.idea
.ipynb_checkpoints
.mypy_cache
.vscode
.venv
__pycache__
.pytest_cache
htmlcov
dist
site
.coverage
coverage.xml
.netlify
test.db
log.txt
Pipfile.lock
env3.*
env
docs_build
venv
docs.zip
archive.zip
.DS_STORE

# vim temporary files
*~
.*.sw?
10 changes: 10 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
FROM python:3.10-buster

EXPOSE 8000

COPY ./requirements.txt requirements.txt
RUN pip install -r requirements.txt

COPY ./server/ /srv/www/server/

WORKDIR /srv/www/server
25 changes: 25 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Designsafe-CI Download Service

## Prerequisites for local development

- Docker and Docker Compose
- Poetry (https://python-poetry.org/docs/#installation)
- Python 3.10 installed locally
- Designsafe dev certificate authority configured as a trusted CA (refer to main portal readme)

## Local dev environment setup

1. Update your /etc/hosts file by adding this line: `127.0.0.1 ds-download.test`
2. Clone the Git repository and `cd` into it.
3. Run `poetry install` to install dependencies locally. If you receive an error about a Python version mismatch, run `poetry env use $PATH_TO_PYTHON_3.10_INSTALL`.
4. Build the dev image with `docker-compose -f docker-compose.dev.yml build server`
5. Run the server with `docker-compose -f docker-compose.dev.yml up`
6. Confirm that the server is running by accessing the test message at `https://ds-download.test`

## Updating dependencies

For simplicity the Dockerfile uses a `requirements.txt` exported from Poetry. To add a new dependency:

1. Run `poetry add $NEW_DEPENDENCY`.
2. Run `poetry export > requirements.txt` in the repository root.
3. Rebuild the dev image with `docker-compose -f docker-compose.dev.yml build server`
8 changes: 8 additions & 0 deletions conf/nginx/dhparam.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEApjSZLkhp8nD/TcVKn5fsnuWlzWY0TMnT5xCfKFB3UsPzCt5v1TAj
cDIhaLH7i7WY6PiHd8CyeTCzdB3poCDw+C0NwvztE6bPlW73XRPGDyo3p7TCXAux
P0R8mKR6dxWDsLZBsgfBsd1P7mBdzdJkfMs41c4rQAlW32LP2sitPR4/7TbC4FkW
BEqudWya22gblQhnEbKrce0ZEYcg112Nrzqg/66KLDmbr3gbPmR5RxuWGsk1HvrR
YiO07X7dNwtDCJUtJontyPADwxqQFLLyu37cX4i5vZ300E3GdO6odp3WdNw3fHbg
4zkLiUPOkQ9avJrAxXVGZUzj2rWO8KauiwIBAg==
-----END DH PARAMETERS-----
62 changes: 62 additions & 0 deletions conf/nginx/nginx.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
user nginx;
worker_processes 1;

error_log /dev/stderr info;
pid /var/run/nginx.pid;


events {
worker_connections 1024;
}


http {


include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /dev/stdout main;

sendfile on;
#tcp_nopush on;

keepalive_timeout 65;

server {
listen 80 default_server;
server_name ds-download.test;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl http2;
server_name ds-download.test;

charset utf-8;

client_max_body_size 500M;

# Extra slashes matter to Agave
merge_slashes off;

ssl_certificate /etc/ssl/ds-download.test.crt;
ssl_certificate_key /etc/ssl/ds-download.test.key;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

location / {
proxy_pass http://server:8000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
}

}
30 changes: 30 additions & 0 deletions conf/ssl/ca.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,51E70056687B304E

88m1pH67TPX3CQPZGcweXFtUMuMaY2K2JMs+B2Vn9xCiETWJKe2HuNgxK1y2Tv9W
9tifKUohyl0rr9HNpgk2mmN33YmpTl2FahGpsOfqMVxiy4vRpZ8NfIj76GyZieLi
+nCw2us6W9vIyFUpPC7CHRpBexKP9cnwJdLoyol4FVt0gQdB3P6Dh7QEGuiD7glv
sA8LU0+GOftD6caJiOnVJ5GeYDupWmc9EBip8Bqs4V57GkcaIL5rR7ZUilN4Gqqh
CeKV65miB8fv5Sezp98xNlHwkmhZ/xHXu6412G4gL3NfaSW09Pze/WV7OpE26syy
aUlcymlrnt231kaxJ5ETBU+yD71hapHxEpEzJfdw9drvagqz8LgiJqQnumwJ0n+j
Ls7tq9aVL6ibceUVtUXVq8Sd9+hUdQiLERX3XLi+ByatRt2xu8/+QlseyEK2K4ke
EhZddEhihwdn8iNwbOf77qqX3pWy8Z36Nm0YMzzruTJDeZiPXbs9B95McS18LR4o
FIM/kCHnUzIhCVdm5/1u455EJ/djv6XqCbS/w2LLXEyVHIGNPr8gAewTdE1afwmC
OAJzF2ejunMO34ewE5JsLJvRGkGbHySmfQxXIb2f9Id/rXadoIUm+lx9xOadYR0w
12DpAl0tlArzTt2bvQKBxc3i24xYySPK0cAT/X3innipEGLKqZtbke5Yj7zsR43G
nmH92b8w7LI4RcoFdxlOKA9oOHDQjYvBqn/XZQ7E6D0Vi4hZXme93HxkTpC8jjmj
0YPJrpWqefFnG2vAmlSEJKvlGDxdmEhEHzd1QFQFFxbxVeH2EpdtrzPwsIEZIEgU
C40webdOvD0egpB2tzmGrshyt4LRyXcnlBrwJqH67scTCHm3+uZsuSegqrRgEy5m
AbMwnERDyU+0iv6c58NXf1vz2BK2CjTj6WRYg2Ol/W2BqEE3bNgwEfA0y5cLIjNK
WXszWnr7cFc3MGE0EJz4a1hkzalc+UT0mX/26ZRVWFf4m0WJM9rbY/bDGpwGH77w
odJiVaK7B/5lZRzlO1xrY6rMW3aYYnnvRMsY6G6hdHTyvZjlmzNmVCQ2IK1NeVkX
4E4Meq3X/UVbEqqZd/1JM/Ji5jOL08Djb+AWHpmTkU+uEFyuxgFRaWwv2/FCBDql
qjXuiCgUMWRR7L54LB6a0N39UFonZLNOStmqfZzMHjkEANGm47AAGYLiPiGVDXpg
5Eb2IOlyI8VX9zafECXcONecTOXmVPrZMZ6gRZwGu/FOATVFAjAdZRw/sLDRDudX
kM2EB4dn1m8JHSA+y0esi4+ak2YTnOz5FuUKP0qIuuWp+MB8+PZsETwEZhdBunUe
vy24h334f6GDZcpWyXBLK1ieSDYpAgQ+7c+Dnh3un8Iu8nnBH9qJCJQiHieCi0Rt
bhFpFklWQ4+n8lpH3CyhftgicwPk+l9SQWxyOjoZ9gcouFEppS6FzemEO/u3mwmG
0ubgNrXJrPHeMu9PS7gViruzhcHYqMVQ5nnqQ04DU9mgD3P8N83xCtR4+cOK8J73
JIqaXuZ+1RrS+RtScJXGtkc2m+0BGRhu3wCFHLQBMozkZmWcxgd5fKD1RdXCiPZP
-----END RSA PRIVATE KEY-----
20 changes: 20 additions & 0 deletions conf/ssl/ca.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDPjCCAiYCCQDB5Acq+TCXRzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJV
UzELMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjENMAsGA1UECgwEVEFDQzEM
MAoGA1UECwwDV01BMRcwFQYDVQQDDA5EZXNpZ25TYWZlLmRldjAeFw0yMTA0MDEx
OTE0MzhaFw0yMjA0MDExOTE0MzlaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJU
WDEPMA0GA1UEBwwGQXVzdGluMQ0wCwYDVQQKDARUQUNDMQwwCgYDVQQLDANXTUEx
FzAVBgNVBAMMDkRlc2lnblNhZmUuZGV2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAsdoemOyzpdziKCiETeFtk/XhjLbbIHty3H4Hnns6Ev6GY1tFbmK4
BFRibo5M0wKX/aQky6R2ZbfJS2NJ6ruiqUeWOxeiDk73JHLsAYZjC9SYuVt0pbhE
r1sAflWDDWkPvmlnO3/IUSqMI9TXSNoMXy+jKciswg7qXc2aRw0IHiEGxgu2Rx17
V0A3xCk/2oheSu5U59wthWMc/pRvvjx9FsGtT/J1QEdkZTHpB64APUP9deRWw7YP
hpEuzn9DWnl+29nrulxJeQI4Ev5lrZVc6yWxzCU0+UuYiLr+mUp7AbnOq5hpvFc3
eBR/NCGgPSeR5lwPOtNiANzVoVM70ML/7QIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQCfrjp/RmKGc12+1xdNR8Uy73TgDphJ6LaHENZ9r1eDtBbPzMaN1dLaK0pfHJ01
25nypZ4nHLwRSzfyVWasYSg+jiu9xYCWcXtZ0T0bJtBUHnjsD93bUXkIwgZs0IDc
W6WsRLf/nCCpKADNt+3yfSGX2Av9P+sWlwPKNbUru3vYXLdGxQDd7yuk2EATY8Qc
yokYRORoS4jL3KB5qR62PkUTm0dkEucz4zB1oo3yribP7r7BkumYVWyd5dMzlYgy
7f6RL/EWGXDMPJO36ID4kEgTyehqqyJtuCjf1ngTlSF1qIm/OfzMjFgIWiB0gnoX
L2Pt7chJewGvOhQ1hPbASUhq
-----END CERTIFICATE-----
1 change: 1 addition & 0 deletions conf/ssl/ca.srl
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
A1D9817B150321B9
24 changes: 24 additions & 0 deletions conf/ssl/ds-download.test.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIJAKHZgXsVAyG5MA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJUWDEPMA0GA1UEBwwGQXVzdGluMQ0wCwYDVQQKDARU
QUNDMQwwCgYDVQQLDANXTUExFzAVBgNVBAMMDkRlc2lnblNhZmUuZGV2MB4XDTIx
MTIwMzIxMTQ0MVoXDTI0MDMwNzIxMTQ0MVowYzELMAkGA1UEBhMCVVMxCzAJBgNV
BAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xDTALBgNVBAoMBFRBQ0MxDDAKBgNVBAsM
A1dNQTEZMBcGA1UEAwwQZHMtZG93bmxvYWQudGVzdDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALQ9eVOw5gtgyp/Upgk4TKsjNxMEPzVOboLIIakwaPnh
gTHrV0YicCn+NXLlnChxdxdOV/DYwLwTDFUatr4Zmp4HWJz1Xgu593uggvZ+voNI
HBejBReAOmI3feLFSd8W2x8JI05A5QoxW/adewyhlgCI/gF2DuQzF4bxOnqt5cF1
l02J8ezjjQvZ2j2JYFHVBBNlhRkg2pnrT+gLa5NthiabR0/UlJ7MWVb4+dc9HYvI
+YMw+zXCYk0v5gRhgYF5DR5oEDfsqs8NVlAB9djmQ9vSk6A/24uKHQkO7fEdR7W0
PyWUCrZW615f+st04AA3RJqUoYncxnEZoTHQGvGSCkECAwEAAaOBtTCBsjB7BgNV
HSMEdDByoWWkYzBhMQswCQYDVQQGEwJVUzELMAkGA1UECAwCVFgxDzANBgNVBAcM
BkF1c3RpbjENMAsGA1UECgwEVEFDQzEMMAoGA1UECwwDV01BMRcwFQYDVQQDDA5E
ZXNpZ25TYWZlLmRldoIJAMHkByr5MJdHMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgTw
MBsGA1UdEQQUMBKCEGRzLWRvd25sb2FkLnRlc3QwDQYJKoZIhvcNAQELBQADggEB
ACDiODPboLMf7PlTTydGzeGf2RHKSHgy4J/WLnrPasC9ipCdyXPAKHhwnKi2NYgB
QYhZVpSnvGTgL/vyV9eZQF/rpGRX/rFYsEdkA8IBFCITYy92awv+bTRrx17bN23a
VQ2AH4XNnUF1CWcIe9vu8fBuJC9FkGm3L5ka6mCr2u+dVQRmLX3wgE1EdULf9a8q
oVTka7m74ypcufXVOtN3ZwbGUxDbcuURIZGDX0Qk8l8/bBjJq1uNf4AwQ+i6dRWl
BkD3Jxb+wtWDbuR+nqOqJEnWcvh55Cci6p1Eugwf2jc/R8WREKFlp6kJIc78866R
NeY3KmNcwk3hw8Ht7vFdylg=
-----END CERTIFICATE-----
17 changes: 17 additions & 0 deletions conf/ssl/ds-download.test.csr
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICqDCCAZACAQAwYzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlRYMQ8wDQYDVQQH
DAZBdXN0aW4xDTALBgNVBAoMBFRBQ0MxDDAKBgNVBAsMA1dNQTEZMBcGA1UEAwwQ
ZHMtZG93bmxvYWQudGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ALQ9eVOw5gtgyp/Upgk4TKsjNxMEPzVOboLIIakwaPnhgTHrV0YicCn+NXLlnChx
dxdOV/DYwLwTDFUatr4Zmp4HWJz1Xgu593uggvZ+voNIHBejBReAOmI3feLFSd8W
2x8JI05A5QoxW/adewyhlgCI/gF2DuQzF4bxOnqt5cF1l02J8ezjjQvZ2j2JYFHV
BBNlhRkg2pnrT+gLa5NthiabR0/UlJ7MWVb4+dc9HYvI+YMw+zXCYk0v5gRhgYF5
DR5oEDfsqs8NVlAB9djmQ9vSk6A/24uKHQkO7fEdR7W0PyWUCrZW615f+st04AA3
RJqUoYncxnEZoTHQGvGSCkECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQB7q2nE
qt9+ogswekFTyzQonuA1CH+ajywXjTb16KQvdkRkeuJujgfxtSc96lYx68a2xI++
Kzt+xRBeu5Cub3N3xHIGYwVgfaoeTw0aGOzV7fOxWivSqf6J4Gm/ZnayPI2mmQad
f4ChXRlV5F5MijgY1fTnT7/mmFU+/bA3hUDZTGLYns2qPALg1pP0KaThvTlsTKen
q1x1WJAZpTTpA5u0cCp6nYhv11UKcizT25qmnFZwiMUhg/v8u2YoW7+ATsLb+S0G
5sbQ7QppTdYEwqCR8KbrrMPTbSD/HsV83zB/woYTfXKqNIuTlefSwD9vmzVJCiQ9
PTVt16OUV4Xa2S5q
-----END CERTIFICATE REQUEST-----
7 changes: 7 additions & 0 deletions conf/ssl/ds-download.test.ext
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = ds-download.test
27 changes: 27 additions & 0 deletions conf/ssl/ds-download.test.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAtD15U7DmC2DKn9SmCThMqyM3EwQ/NU5ugsghqTBo+eGBMetX
RiJwKf41cuWcKHF3F05X8NjAvBMMVRq2vhmangdYnPVeC7n3e6CC9n6+g0gcF6MF
F4A6Yjd94sVJ3xbbHwkjTkDlCjFb9p17DKGWAIj+AXYO5DMXhvE6eq3lwXWXTYnx
7OONC9naPYlgUdUEE2WFGSDametP6Atrk22GJptHT9SUnsxZVvj51z0di8j5gzD7
NcJiTS/mBGGBgXkNHmgQN+yqzw1WUAH12OZD29KToD/bi4odCQ7t8R1HtbQ/JZQK
tlbrXl/6y3TgADdEmpShidzGcRmhMdAa8ZIKQQIDAQABAoIBAQCASISzGWQSUxjE
e4CVbVm8MLtBMLOgSCuFr9WtasQ8ndDra7pZM6era8A0/9GOQ3vkvaD/zfYXpmMP
q4zHbsfKlCXwyP7fz8OiXRL5SCpmnAtKk3/LQzvKrf5OSecS/lyFEWbsimm6QHlY
5KswyU1PIjHPbmyY5Pho1gauTFkLwGe+VEvBDJLXjtGM2U4LcdInKuaSh+r5wM2P
w+h+5+BNj1juUPkyhrUraAJ8h8cC+i2vpOAdSAqCtm5KmTWT8rCJvDwwjspPEUDQ
gV+vSG26x3CwP56Ay98Vl8XTftpFU711e5FkMvZna6hKY/d1PL8mMr2G6f+ZiggO
gCbf6LLBAoGBAO5BOQmDDTCUKhGEj5ja/56rplXXtb/++rxsQ+V4QI5qPN40MV3X
I8qiCtrocZUSA36KMExoIDq2S9mCQH/RHKPe89RWt08D6x/QePgVsOINhoD/YKhU
TigxhkFXyqvHCQa1Uu1y6mAtvCBtK9H7y9gkC++VhHo6TdKl3vUzzOpJAoGBAMGq
F6di+EB3N25udl0BFtGDW6PRgSiRta9xbnKq8bLmTnhP8lt+X8pNnNWzL4KC4ukH
ns0NvxcEJsZvG/6uM99FR0ClCQUGXCGUCGI+V7HRbhYhsjg5aTaZiKT8N6sjqG8A
Z0ZfKkwNCZAlEDax9RVp+6BYM3Jawdp0CLIMYuA5AoGBAKGwacDmy0C4jIQu7jTS
Cr/nxY5kQdf2drsAzmMgZM9BkeVKjmYc5xFRPwSo0sxT2UM7DOQNljHCHV+TYapc
g49Ccz8bSnO5OQvyMuZJ8iy2+Rz6MuKJtDDayz31EnnZLWr8CzdR0XVMFGv9Ksvq
kcAxVlhVo/4/KylVoCXP7bThAoGBAKqJC1c8kXrDAC7gWp4/TUalM1coL2H4HVMm
wal72mY847CSRcpHmDZe7dJIfXehpgqpyS6sAi9UWoi2YqJ75/Wd3caRDUY9eXeg
EVnhp/tPfm9CsNtNwtZvkKIn7yVmuvU0F70iI+7gNCGYYZSoVDbNIuTphjQWs0mY
j+epfJARAoGAe+8H3nZhEaQO+FQQe5jpOccWHqb6+s65a/uiSyeNrqU6u52OQPmm
ZG0ZH8Qq4FFjz/Dep5RBMWf3gQG5ztqMMeGTqUW1vQ9G7t2EL8xr4q9RQw7ziqoa
JNif6077q7t7g030ahDKRe0JcjZIMTPkpSMZTpWqvGM/mxyaidmdDd4=
-----END RSA PRIVATE KEY-----
25 changes: 25 additions & 0 deletions docker-compose.dev.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
version: '3.8'
services:
server:
build: .
command: uvicorn main:app --host 0.0.0.0 --reload
container_name: ds_download_server
volumes:
- ./server/:/srv/www/server/
ports:
- 8000:8000

nginx:
image: nginx
volumes:
- ./conf/nginx/nginx.conf:/etc/nginx/nginx.conf
- ./conf/ssl/ds-download.test.crt:/etc/ssl/ds-download.test.crt
- ./conf/ssl/ds-download.test.key:/etc/ssl/ds-download.test.key
- ./conf/nginx/dhparam.pem:/etc/ssl/dhparam.pem
ports:
- 80:80
- 443:443
container_name: ds_download_nginx
depends_on:
- cms
- django
Loading

0 comments on commit edc0ec4

Please sign in to comment.