Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* first commit for backend-only flask api * Switch to Quart, use async/await * add signaling server * uuid for study_id * minor updates * try updating cloudbuild and other files to fix dev deployment * add missing awaits * set url for usage in dev in sfkit cli * Split runtime and dev dependencies * Add Dockerfile with a dummy test * Add GitHub workflow to build the image with Dockerfile * Fix Docker tag/label handling in GitHub workflow * Fix pr event tag * Set GitHub workflow trigger paths * Fix Docker repo name using GitHub repo name * Add missing *.py and hypercorn to Docker image * remove multiprocessing where it is not longer usable * Add image name+tag according to Terra guidelines * first pass at image build * fix image repo name * fix PR comment step * forgot a dollar sign * how about this? * empty commit to trigger ci * updates for unusual branching strategies * Fix signaling server for testing * [DDO-3243] Remove Github workflow file from PR trigger paths * Partially revert #d0d0847f * Freeze dependencies * don't wait on cp0 for proxy, as cp0 may not use proxy * update startup-script to use sfkit-proxy * small fixes to startup script * add more error logging for signaling server * take 2 at fixing signalling messages * take 3 at fixing signalling messages * take 4 * take 5 * take 6 * take 7 * take 8 * take 9 * take 10 * take 11 * update signalling server according to fixes in sfkit-proxy * Improve GCP auth in the Terra GH workflow * [github] Add Cron trigger for Terra workflow * [github] Auto-cancel previous build_push_terra workflow runs * add formatting check for study_id for extra protection against path-injection, as per CodeQL * use simplified startup-script with docker for cp0 * add some configurations to startup-script * minor improvement to startup script * work on startup script * try sudo to debug startup script * automatically stop cp0 when user-configured study finishes * Set APP_VERSION at Terra image build time * Rename APP_VERSION to BUILD_VERSION * Add APP_VERSION to Docker build * update to allow proper version reporting and auto deploy to terra dev environment on merge * only try to deploy commits to dev branch to dev * Set default Websocket port to 8080 * Rename WebSocket Origin var * Return firebaseProjectId from /createCustomToken * Turn on FLASK_DEBUG only in Cloud Run development by default * Restore Broadbot token * add status and version endpoints * separate appVersion and buildVersion * Parse allowed CORS origin from SFKIT_API_URL (#15) * Parse allowed CORS origin from SFKIT_API_URL * Set frontend origins via CORS_ORIGINS env var * Use * by default in CORS_ORIGINS * [sfkit] Fix Failure upon autodeploy to terra dev environments (#16) * fix outputs * only auto deploy on merge to dev * no server header for hypercorn (#17) * Fix Hypercorn config copy and add Curl to Dockerfile (#18) * Fix Hypercorn config copy in Dockerfile * Add Curl to Dockerfile for development * Add localhost dev origin (#19) * Add localhost dev origin (attempt 2) (#20) * Add localhost dev origin * Fix comma split for Cloud Run set-env-vars * Add localhost dev origin (attempt 3) (#21) * Add localhost dev origin * Fix comma split for Cloud Run set-env-vars * Fix comma split for Cloud Run set-env-vars once again * Fix commas once again * Add localhost dev origin (attempt 4) (#22) * Add localhost dev origin * Fix comma split for Cloud Run set-env-vars * Fix comma split for Cloud Run set-env-vars once again * Fix commas once again * Fix set-env-vars once again * Fix cloudbuild commas (#23) * Add localhost dev origin * Fix comma split for Cloud Run set-env-vars * Fix comma split for Cloud Run set-env-vars once again * Fix commas once again * Fix set-env-vars once again * Fix set-env-vars once again... * Remove extra quote * Fix CORS origin list conversion (#24) * modify auth to allow terra login (#25) * Use FIREBASE_PROJECT_ID for Firestore database (#26) * Use FIREBASE_PROJECT_ID for Firestore database * Use project keyword for AsyncClient * await auth; check firestore on creation (#27) * Set Firebase App project ID (#28) * Fix FIREBASE_PROJECT_ID constant import (#29) * Use custom FIRESTORE_DATABASE name (#30) * Bump cryptography from 41.0.5 to 41.0.6 (#31) Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.5 to 41.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@41.0.5...41.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Set Firebase app for custom Firebase token creation (#32) * Detect service account email for Firebase App (#33) * Detect service account email for Firebase App * Add logging message for Firebase app options * Use optional TARGET_SERVICE_ACCOUNT impersonation (#34) * Use optional TARGET_SERVICE_ACCOUNT impersonation * Revert to Firebase app reference * Fix Google Auth import (#35) * Fix Google Auth import * Fix Firebase credential object * Attempt to fix Google impersonated_credentials import (#36) * Set serviceAccountId for TARGET_SERVICE_ACCOUNT (#37) * Always reference FIREBASE_PROJECT_ID when setting up Firebase and Firestore (#38) * Log impersonated Firebase token without signature (#39) * Log impersonated Firebase token without signature * Add more logging * Disable TARGET_SERVICE_ACCOUNT for now (#40) * Re-enable impersonation (#41) * Re-enable impersonation * Add extra logging * Remove and cleanup impersonation (#42) * Remove and cleanup impersonation * Don't set Firestore database if FIRESTORE_DATABASE isn't set * Revert to using FIREBASE_PROJECT_ID (#43) * Revert Firebase project ID assignment (#44) * Unrevert project ID setting and return database name from /createCustomToken (#45) * Return database name from /createCustomToken * Unrevert 8614d7f * Fix Firestore database name returned from /createCustomToken (#46) * Fix Firestore database name returned from /createCustomToken * Rename Firestore database key in return result * Parse user ID universally and improve Auth header validation (#47) * Parse user ID universally and improve Auth header validation * Fix auth header verification * Consolidate user db lookup * Cache user IDs to speed up lookup * Consolidate user ID parsing and use userSubjectId for Terra * Streamline verification of auth header for Signaling and CLI APIs * Fix missing db ref * Move verify_auth_key and AUTH_HEADER into auth.py * Populate PUBLIC_KEYS only in non-Terra env * Guard against possible confusion of user_id with auth_keys * Put Bearer token prefix into a constant * Put AZURE_B2C_JWKS_URL and AZURE_B2C_CLIENT_ID into env vars * Add comment about Azure vars vs Terra * Use id instead of userSubjectId for the new Sam API * Pass Terra auth header as-is without parsing to Sam * Rename Terra and B2C user verification functions * Rename verify_auth_key -> get_auth_key_user * Add support for CLI auth with Terra (#48) * Add support for CLI auth with Terra * Improve error message for missing auth header * Fix default Firestore database ID (#49) * Fix default Firestore database ID * Fix await for _get_terra_user * Set log level via LOG_LEVEL env var and add auth user debug logging (#50) * Add more logging (#51) * Externalize all env vars into constants.py (#52) * Externalize all env vars into constants.py * Optimize imports * Add back deepcopy import * Fix log format and level for Terra/Kubernetes (#53) * Step up DEBUG logging level to avoid too much verbosity (#54) * Step up DEBUG logging level to avoid too much verbosity * Return an instance of Logger subclass * Improve debug logging (#55) * Add separate database for non-terra dev (#56) * Get CLI username from user ID and study_id from query param for Terra (#57) * Get CLI username from user ID and study_id from query param for Terra * Organize imports * Restore previous formatting * Fix whitespace * Refactor study access checks * Add global HttpException error handler * Raise HTTP errors from authentication * Refactor cli.py to remove boilerplate and improve input validation * Validate msg before retrieving study * Simplify msg parsing * Remove redundant auth checks * Remove redundant logging message * Always raise Unauthrized in auth.py * Launch terra cp0 (#60) * Improve study access checks * Override error description only when present * Refactor Sam request and auth header handling * Automatically register service account when running on Terra * Implement submit_terra_workflow() through Rawls * Fix auth header handling and generate SA token properly (#61) * Fix auth header handling and generate SA token properly * Fix Rawls submissions path * Fix HeaderTypes -> Headers (#62) * remove jinja dependency; simplify email invitation logic (#59) * remove jinja dependency; simplify email invitation logic * fix accept_invitation logic * Fix register_service_account() invocation (#63) * Fix Terra Service Account registration (#64) * Fix register_service_account() invocation * Fix Terra Service Account registration * Remove async def * Fix get_service_account_headers() implementation (#65) * Add error description to register_terra_service_account() (#66) * Fix Sam status check for existing Terra SA * Revert and provide error description * Temp log SA on error (#67) * Fix Sam registration body (#68) * Fix Sam registration request body * Log successful response from Sam * minor bug fixes and security improvements; fix accepting invitation to study (#69) * Fix Terra request headers assignment (#70) * Improve API exception reporting (#71) * Refactor API exception handling through HTTPException (#72) * Refactor API exception handling through HTTPException * Move HTTPException handler into api_utils * Cosmetic fix * Remove redundant async * Revert to using dedicated APIException class (#73) * Revert "Refactor API exception handling through HTTPException (#72)" This reverts commit 3c9809c. * Parse out error message in APIException * Fix parameters and error handling for Terra workflow submission (#74) * Fix parameters and error handling for Terra workflow submission * Add status code to APIException * Await Terra workflow submission before returning response * Fix response type conversion in APIException (#75) * Fix APIException semantics (#76) * prevent repeat study titles; minor formatting (#77) * add endpoint to get_study_options for terra cli (#78) * fix bug in previous commit (#79) * fix wrong parameter in function (#80) * Make auth key automatically (#81) * fix wrong parameter in function * make auth_key automatically on study creation or joining * Auto-detect CP0 id on Terra (#82) * Auto-detect CP0 id on Terra * Formalize user ID keys and fix /get_study_options user_id for non-Terra * Fix ID key imports (#83) * Fix user_id detection in /get_study_options (#84) * Fix user_id detection in /get_study_options * Fix user_id setting without study_id * lots of reformatting and some small bug fixes (#85) * try to fix transactions (#86) * try to fix transactions again (#87) * fix awaiting for file (#88) * Improve signaling logging (#89) * Improve signaling logging * Use warning for party disconnect * fix task initialization for users (#90) * set HOME env variable; handle SENDGRID_API_KEY env variable (#91) * improve cloud run logging (#92) * improve cloud run logging * use source instead of bash so that env variable changes are maintained * fix task resetting when restarting study * source profile to fix startup scripts (#93) * add logging for errors in signaling server (#94) * Fix SFKIT_API_URL for Cloud Run and remove extra logging (#95) * add debug logging for signaling server * Log Signaling server origin * Remove extra error logging in /ice * Use manual Websocket origin check * Add dummy websocket connection message * Set SFKIT_API_URL for Cloud Run deployment * Use SFKIT_API_URL in google_cloud_compute * Add more pointed logging * Add test /ice_status endpoint * Use the same route for HTTP ICE status * Rename ice status route * Cleanup * Cleanup --------- Co-authored-by: Denis Loginov <denis@broadinstitute.org> * Fix WebSocket connection issues due to CORS (#96) * Fix WebSocket connection issues due to CORS * Log allowed origins (#97) * Log allowed origins * Remove comma * allow anonymous users to create studies (on non-terra) (#98) * Bump cryptography from 41.0.6 to 42.0.0 (#99) Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.6 to 42.0.0. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@41.0.6...42.0.0) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add sf-relate; minor bug fixes (#100) * don't hardcode SFKIT_API_URL as much; minor formatting (#102) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Denis Loginov <denis@broadinstitute.org> Co-authored-by: mflinn-broad <mflinn@broadinstitute.org> Co-authored-by: dinvlad <137337+dinvlad@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information