From fe40b4d64fd5567ba71fea7b463ac2b039d5a380 Mon Sep 17 00:00:00 2001
From: Andreas Berthoud <andreasberthoud@gmail.com>
Date: Tue, 10 Aug 2021 20:52:32 +0200
Subject: [PATCH] Several cleanup's to get the full stack running

---
 README.md                                   | 28 ++++++++++++++-
 backend/docker-compose-prod.yml             | 38 ---------------------
 backend/monsun_backend/__init__.py          | 27 ++++++++++++---
 backend/monsun_backend/defaults/config.yml  |  5 +++
 backend/monsun_backend/endpoints/admin.py   |  2 +-
 backend/monsun_backend/endpoints/command.py |  7 ++--
 backend/nginx.conf                          |  4 +--
 backend/requirements.txt                    |  1 +
 8 files changed, 63 insertions(+), 49 deletions(-)
 delete mode 100644 backend/docker-compose-prod.yml

diff --git a/README.md b/README.md
index 283cbed..bd41a2a 100644
--- a/README.md
+++ b/README.md
@@ -39,4 +39,30 @@ GATT concepts: https://learn.adafruit.com/introduction-to-bluetooth-low-energy/g
 
 ### Client
 
-[ble-client-seq.puml](ble-client-seq.puml)
\ No newline at end of file
+[ble-client-seq.puml](ble-client-seq.puml)
+
+## Backend
+
+### DEBUG config
+
+VS Code:
+```json
+"configurations": [
+    {
+        "name": "Python: Flask",
+        "type": "python",
+        "request": "launch",
+        "module": "flask",
+        "env": {
+            "FLASK_APP": "backend/wsgi.py",
+            "FLASK_ENV": "development",
+            "FLASK_DEBUG": "0",
+            "SECRET": "\\\x10#\xd9\x89,2|hBN\xe4\xdf\xe0\xf7W"
+        },
+        "args": [
+            "run",
+        ],
+        "jinja": true
+    }
+]
+```
diff --git a/backend/docker-compose-prod.yml b/backend/docker-compose-prod.yml
deleted file mode 100644
index d13d040..0000000
--- a/backend/docker-compose-prod.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-version: "3"
-
-services:
-  monsun_postgres:
-    image: postgres
-    container_name: monsun_postgres
-    restart: always
-    logging:
-      driver: json-file
-      options:
-        max-size: "200k"
-        max-file: "10"
-    volumes:
-      - ./db-data:/var/lib/postgresql/data
-    env_file: prod.env
-
-  monsun_backend:
-    image: registry.berthoud.dev/monsun_backend
-    container_name: monsun_backend
-    restart: always
-    logging:
-      driver: json-file
-      options:
-        max-size: "200k"
-        max-file: "10"
-    ports:
-      - 30010:80
-    volumes:
-      - ./config:/var/config/
-    depends_on:
-      - monsun_postgres
-    environment:
-      POSTGRES_HOST: monsun_postgres
-    env_file: prod.env
-    devices:
-      - "/dev/ttyACM0:/dev/tty.client"
-
-    command: ["bash", "./wait-for-it.sh", "monsun_postgres:5432", "-t", "60", "--", "./docker-entrypoint.sh"]
diff --git a/backend/monsun_backend/__init__.py b/backend/monsun_backend/__init__.py
index 2c0f96b..392cb7a 100644
--- a/backend/monsun_backend/__init__.py
+++ b/backend/monsun_backend/__init__.py
@@ -1,12 +1,10 @@
 import logging
+import os
 from logging.config import dictConfig
 
 from flask_api import FlaskAPI
+from flask_cors import CORS
 from flask_marshmallow import Marshmallow
-
-"""https://blog.miguelgrinberg.com/post/how-to-add-flask-migrate-to-an-existing-project"""  # noqa
-import os
-
 from flask_migrate import Migrate
 from flask_security import Security
 from sqlalchemy import create_engine
@@ -18,6 +16,7 @@ from . import command_execution
 from . import database
 from . import error
 from . import models
+from .container import get_initialize_container
 from .endpoints import admin
 from .endpoints import command
 from .endpoints import login
@@ -47,6 +46,9 @@ migrate = Migrate()
 
 def create_app() -> FlaskAPI:
     app = FlaskAPI(__name__)
+
+    container_ = get_initialize_container()
+
     app.register_blueprint(command.bp)
     app.register_blueprint(login.bp)
     app.register_blueprint(logout.bp)
@@ -86,10 +88,25 @@ def create_app() -> FlaskAPI:
     logger = logging.getLogger("monsun_backend.init")
     _exception_logger = logging.getLogger("monsun_backend.exception")
 
-    app.secret_key = os.getenv("SECRET")
+    if os.getenv("MONSUN_DEBUG"):
+        logger.debug("=== MONSUN DEBUG MODE ===")
+        CORS(
+            app,
+            origins=["http://localhost:4200"],
+            supports_credentials=True,
+        )
+
     app.config.update(
+        SECRET_KEY=os.getenv("SECRET"),
         SQLALCHEMY_TRACK_MODIFICATIONS=False,
         SQLALCHEMY_DATABASE_URI=os.getenv("DATABASE_URI"),
+        SESSION_COOKIE_SECURE=container_.config.session_cookie_secure(required=True),
+        SESSION_COOKIE_HTTPONLY=container_.config.session_cookie_httponly(
+            required=True,
+        ),
+        SESSION_COOKIE_SAMESITE=container_.config.session_cookie_samesite(
+            required=True,
+        ),
     )
 
     logger.info(f"DATABASE_URI: {os.getenv('DATABASE_URI')}")
diff --git a/backend/monsun_backend/defaults/config.yml b/backend/monsun_backend/defaults/config.yml
index 1e32306..0c542fa 100644
--- a/backend/monsun_backend/defaults/config.yml
+++ b/backend/monsun_backend/defaults/config.yml
@@ -5,3 +5,8 @@ serial_reconnection_wait_timeout: 1
 admin_user_email: andreasberthoud@gmail.com
 admin_user_password: password
 roles: []
+
+session_cookie_secure: False
+session_cookie_httponly: False
+session_cookie_samesite: Lax
+session_cookie_domain: None
diff --git a/backend/monsun_backend/endpoints/admin.py b/backend/monsun_backend/endpoints/admin.py
index 2ac4525..730dd07 100644
--- a/backend/monsun_backend/endpoints/admin.py
+++ b/backend/monsun_backend/endpoints/admin.py
@@ -10,6 +10,6 @@ bp = blueprints.Blueprint("admin", __name__)
     rule="/admin",
     methods=["GET"],
 )
-@access.admin_permission.require(http_exception=status.HTTP_403_FORBIDDEN)
+@access.admin_permission.require(http_exception=status.HTTP_401_UNAUTHORIZED)
 def admin():
     return "success", 200
diff --git a/backend/monsun_backend/endpoints/command.py b/backend/monsun_backend/endpoints/command.py
index c509d2c..29b6724 100644
--- a/backend/monsun_backend/endpoints/command.py
+++ b/backend/monsun_backend/endpoints/command.py
@@ -21,7 +21,7 @@ bp = blueprints.Blueprint("command", __name__)
 
 
 @bp.route("/<role>/command", methods=["POST", "GET"])
-@access.admin_permission.require(http_exception=status.HTTP_403_FORBIDDEN)
+@access.admin_permission.require(http_exception=status.HTTP_401_UNAUTHORIZED)
 def command(role: str):
     logger = _logger.getChild(f"{role}/command")
 
@@ -50,7 +50,10 @@ def command(role: str):
         )
     except KeyError:
         logger.error(f"role {role} does not exist")
-        return Response(status=status.HTTP_400_BAD_REQUEST)
+        return Response(
+            f"role '{role}' does not exist",
+            status=status.HTTP_400_BAD_REQUEST,
+        )
 
     if response is None:
         return Response(status=status.HTTP_408_REQUEST_TIMEOUT)
diff --git a/backend/nginx.conf b/backend/nginx.conf
index 0c42b0b..583b64a 100644
--- a/backend/nginx.conf
+++ b/backend/nginx.conf
@@ -26,8 +26,8 @@ http {
     index   index.html index.htm;
 
     server {
-        listen       80 default_server;
-        listen       [::]:80 default_server;
+        listen       5000 default_server;
+        listen       [::]:5000 default_server;
         server_name  localhost;
         root         /var/www/html;
 
diff --git a/backend/requirements.txt b/backend/requirements.txt
index 7a4b393..732b2c0 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -1,6 +1,7 @@
 dependency-injector[yaml]>=4.34.0,<5
 email_validator
 flask-api>=3.0.post1,<4
+flask-cors
 flask-migrate
 flask-script
 flask-sqlalchemy