Refactor containers and begin Vue ui development

.dockerignore

@@ -10,3 +10,5 @@ docs
 db.cnf
 *.md
 pytest.ini
+README.md
+node_modules

.gitignore

@@ -8,10 +8,10 @@ staticfiles
 media
 www
 *.env
-db.cnf
-db-test.cnf
+env.*
 *.DS_Store
 data
+sql/
 *.sql
 
 # Elastic Beanstalk Files
@@ -29,3 +29,5 @@ TODO*
 dalme/media
 
 .ebignore
+
+node_modules/

config/dev/Dockerfile.ui

@@ -0,0 +1,14 @@
+FROM node:15-buster-slim
+
+WORKDIR /opt/ui
+ENV PATH /opt/dalme_ui/node_modules/.bin:$PATH
+
+COPY ./dalme_ui .
+RUN chown -R node:node . && chmod -R 755 .
+USER node
+
+RUN yarn install --silent
+RUN yarn cache clean --force
+
+CMD ["yarn", "dev"]
+STOPSIGNAL SIGINT

config/dev/Dockerfile.web

@@ -0,0 +1,53 @@
+FROM python:3.7-slim-buster
+
+ENV PYTHONUNBUFFERED 1
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV LANG=en_US.UTF-8
+
+RUN adduser \
+    --disabled-password \
+    --gecos "Whisky" \
+    --uid 1001 \
+    --gid 0 \
+    --home /home/whisky whisky && \
+    chmod 1777 /home/whisky
+
+RUN rm -rf /var/lib/apt/lists/*
+RUN apt-get update && \
+    apt-get install -y \
+    build-essential \
+    default-libmysqlclient-dev \
+    libcurl4-openssl-dev \
+    libssl-dev \
+    libxml2-dev \
+    libxmlsec1-dev \
+    libxmlsec1-openssl \
+    vim \
+    xmlsec1
+RUN apt-get clean
+
+WORKDIR /opt/app
+COPY ./manage.py .
+COPY ./requirements.txt ./requirements-dev.txt .
+RUN pip install --no-cache-dir --upgrade pip
+RUN pip install --no-cache-dir -r ./requirements-dev.txt
+
+COPY dalme ./dalme
+COPY dalme_api ./dalme_api
+COPY dalme_app ./dalme_app
+COPY dalme_public ./dalme_public
+COPY dalme_purl ./dalme_purl
+COPY templates ./templates
+COPY static ./static
+COPY ssl-certs ./ssl-certs
+
+COPY ./config/dev/gunicorn.conf.py .
+COPY ./config/dev/wait-for-it.sh .
+RUN chmod u+x ./wait-for-it.sh
+
+RUN mkdir -p /var/log/django && \
+    touch /var/log/django/dalme_app.log && \
+    chmod 777 /var/log/django/dalme_app.log
+
+CMD ["./wait-for-it.sh", "db:3306", "--", "gunicorn", "-c", "gunicorn.conf.py", "dalme.wsgi"]
+STOPSIGNAL SIGINT

config/dev/entrypoint.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+if [ -v MIGRATE ]; then
+  echo "Running migrations..."
+  python manage.py migrate
+fi
+
+echo "Starting $@"
+exec "$@"

.mysql/my.cnf → config/dev/my.cnf

@@ -1,8 +1,8 @@
-[mysql]
-default-character-set=utf8
-
-[mysqld]
-default-authentication-plugin=mysql_native_password
-skip-character-set-client-handshake
-character-set-server=utf8
-collation-server=utf8_unicode_ci
+[mysql]
+default-character-set=utf8
+
+[mysqld]
+default-authentication-plugin=mysql_native_password
+skip-character-set-client-handshake
+character-set-server=utf8
+collation-server=utf8_unicode_ci

config/dev/nginx/nginx.conf

@@ -0,0 +1,48 @@
+upstream dalme.web {
+  server dalme.web:8443 fail_timeout=0;
+}
+
+upstream dalme.ui {
+  server dalme.ui:3000;
+}
+
+server {
+  listen 443 ssl;
+  ssl_certificate /var/certs/dev-localhost.cert;
+  ssl_certificate_key /var/certs/dev-localhost.key;
+  server_name localhost;
+  client_max_body_size 4G;
+  keepalive_timeout 5;
+
+  location /www/static/ {
+    alias /static/;
+  }
+
+  location /ui {
+    proxy_pass http://dalme.ui;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_redirect off;
+    proxy_buffering off;
+  }
+
+  location /ui/hmr {
+    proxy_pass http://dalme.ui;
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header Upgrade $http_upgrade;
+  }
+
+  location / {
+    proxy_pass https://dalme.web;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Host $http_host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_redirect off;
+    proxy_buffering off;
+   }
+ }

dalme/devSettings.py

@@ -1,5 +1,4 @@
 import os
-import dj_database_url
 import elasticsearch
 from requests_aws4auth import AWS4Auth
 from django.contrib.messages import constants as messages
@@ -9,6 +8,7 @@
 
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 PROJECT_ROOT = os.path.dirname(os.path.abspath(__file__))
+DOCKER_ROOT = "/app"
 
 SECRET_KEY = os.environ.get('SECRET_KEY', '')
 AWS_ACCESS_KEY_ID = os.environ.get('AWS_ACCESS_KEY_ID', '')
@@ -30,67 +30,54 @@
 
 DEBUG = True
 
-API_ENDPOINT = 'https://data.127.0.0.1.xip.io:8443'
-PURL_ENDPOINT = 'https://purl.127.0.0.1.xip.io:8443'
-DB_ENDPOINT = 'https://db.127.0.0.1.xip.io:8443'
-
-ALLOWED_HOSTS = [
-    '127.0.0.1:8000',
-    '127.0.0.1',
-    'localhost',
-    '.127.0.0.1.xip.io',
-    '.127.0.0.1.xip.io:8443',
-    'db.127.0.0.1.xip.io:8443',
-    'db.127.0.0.1.xip.io',
-    'data.127.0.0.1.xip.io:8443',
-    'data.127.0.0.1.xip.io',
-    'purl.127.0.0.1.xip.io:8443',
-    'purl.127.0.0.1.xip.io'
-]
+HOST_SCHEME = 'https://'
+PARENT_HOST = '127.0.0.1.xip.io:8000'
+DEFAULT_HOST = 'public'
+
+DB_ENDPOINT = 'https://db.127.0.0.1.xip.io:8000'
+API_ENDPOINT = 'https://data.127.0.0.1.xip.io:8000'
+PURL_ENDPOINT = 'https://purl.127.0.0.1.xip.io:8000'
+
+ALLOWED_HOSTS = ['.127.0.0.1.xip.io']
 
+USE_HTTPS = True
 SECURE_SSL_REDIRECT = True
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
-USE_X_FORWARDED_HOST = True
 SECURE_REFERRER_POLICY = 'origin-when-cross-origin'
+USE_X_FORWARDED_HOST = True
 
+CSRF_COOKIE_SECURE = True
 SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_DOMAIN = '.127.0.0.1.xip.io'
 SESSION_COOKIE_DOMAIN = '.127.0.0.1.xip.io'
+CSRF_TRUSTED_ORIGINS = ['.127.0.0.1.xip.io:8000']
 
-CSRF_COOKIE_SECURE = True
-CSRF_TRUSTED_ORIGINS = [
-    '.127.0.0.1.xip.io',
-    '.127.0.0.1.xip.io:8443',
-    'data.127.0.0.1.xip.io',
-    'data.127.0.0.1.xip.io:8443',
-    'db.127.0.0.1.xip.io',
-    'db.127.0.0.1.xip.io:8443',
-    '127.0.0.1.xip.io',
-    '127.0.0.1.xip.io:8443',
-    'purl.127.0.0.1.xip.io:8443',
-    'purl.127.0.0.1.xip.io'
-]
-CSRF_COOKIE_DOMAIN = '.127.0.0.1.xip.io'
+CSRF_COOKIE_SAMESITE = 'None'
+SESSION_COOKIE_SAMESITE = 'None'
+CSRF_COOKIE_HTTPONLY = False
+# SESSION_COOKIE_HTTPONLY = True
 
 CORS_ALLOW_ALL_ORIGINS = False
 CORS_ALLOW_CREDENTIALS = True
 CORS_ALLOWED_ORIGINS = [
-    'https://*.127.0.0.1.xip.io:8443',
-    'https://*.127.0.0.1.xip.io',
-    'https://127.0.0.1.xip.io:8443',
-    'http://127.0.0.1.xip.io',
-    'https://data.127.0.0.1.xip.io:8443',
-    'http://data.127.0.0.1.xip.io',
-    'https://db.127.0.0.1.xip.io:8443',
-    'http://db.127.0.0.1.xip.io',
-    'https://purl.127.0.0.1.xip.io:8443',
-    'http://purl.127.0.0.1.xip.io'
+    'https://127.0.0.1.xip.io/',
+    'https://db.127.0.0.1.xip.io/',
+    'https://data.127.0.0.1.xip.io/',
+    'https://purl.127.0.0.1.xip.io/',
+    'https://127.0.0.1.xip.io:8000/',
+    'https://db.127.0.0.1.xip.io:8000/',
+    'https://data.127.0.0.1.xip.io:8000/',
+    'https://purl.127.0.0.1.xip.io:8000/',
+]
+CORS_EXPOSE_HEADERS = [
+    'Content-Type',
+    'X-CSRFToken',
+    # TODO: Is this right/necessary?
+    'Access-Control-Allow-Origin: *'
 ]
 
 ROOT_HOSTCONF = 'dalme.hosts'
 ROOT_URLCONF = 'dalme.devUrls'
-DEFAULT_HOST = 'public'
-PARENT_HOST = '127.0.0.1.xip.io:8443'
-HOST_SCHEME = 'https://'
 
 INSTALLED_APPS = [
     'django.contrib.admin',
@@ -142,10 +129,10 @@
     INSTALLED_APPS += ['django_extensions']
 
 MIDDLEWARE = [
-    'dalme_app.utils.SubdomainRedirectMiddleware',
-    'django_hosts.middleware.HostsRequestMiddleware',
     'corsheaders.middleware.CorsMiddleware',
     'django.middleware.security.SecurityMiddleware',
+    'dalme_app.utils.SubdomainRedirectMiddleware',
+    'django_hosts.middleware.HostsRequestMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
@@ -167,6 +154,7 @@
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
+                'django.template.context_processors.csrf',
                 'django.template.context_processors.debug',
                 'django.template.context_processors.request',
                 'django.contrib.auth.context_processors.auth',
@@ -195,26 +183,26 @@
 ]
 
 awsauth = AWS4Auth(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, 'es')
-LOGIN_URL = 'https://db.127.0.0.1.xip.io:8443/accounts/login/'
-LOGIN_REDIRECT_URL = '/'
-LOGOUT_REDIRECT_URL = 'https://dalme.org'
+LOGIN_URL = 'https://db.127.0.0.1.xip.io:8000/accounts/login/'
+LOGIN_REDIRECT_URL = '/ui/'
+LOGOUT_REDIRECT_URL = 'https://127.0.0.1.xip.io:8000/'
 
 SAML_IDP_CONFIG = {
     'debug': DEBUG,
     'xmlsec_binary': get_xmlsec_binary(['/opt/local/bin', '/usr/bin/xmlsec1']),
-    'entityid': 'https://127.0.0.1.xip.io:8443/idp/metadata',
+    'entityid': 'https://127.0.0.1.xip.io:8000/idp/metadata',
     'description': 'DALME SAML Identity Provider Setup',
     'service': {
         'idp': {
             'name': 'DALME SAML Identity Provider',
             'endpoints': {
                 'single_sign_on_service': [
-                    ('https://127.0.0.1.xip.io:8443/idp/sso/post/', saml2.BINDING_HTTP_POST),
-                    ('https://127.0.0.1.xip.io:8443/idp/sso/redirect/', saml2.BINDING_HTTP_REDIRECT),
+                    ('https://127.0.0.1.xip.io:8000/idp/sso/post/', saml2.BINDING_HTTP_POST),
+                    ('https://127.0.0.1.xip.io:8000/idp/sso/redirect/', saml2.BINDING_HTTP_REDIRECT),
                 ],
                 "single_logout_service": [
-                    ("https://127.0.0.1.xip.io:8443/idp/slo/post/", saml2.BINDING_HTTP_POST),
-                    ("https://127.0.0.1.xip.io:8443/idp/slo/redirect/", saml2.BINDING_HTTP_REDIRECT)
+                    ("https://127.0.0.1.xip.io:8000/idp/slo/post/", saml2.BINDING_HTTP_POST),
+                    ("https://127.0.0.1.xip.io:8000/idp/slo/redirect/", saml2.BINDING_HTTP_REDIRECT)
                 ],
             },
             'name_id_format': [NAMEID_FORMAT_EMAILADDRESS, NAMEID_FORMAT_UNSPECIFIED],
@@ -225,12 +213,12 @@
     },
 
     # Signing
-    'key_file': PROJECT_ROOT + '/ssl-certs/dam.dalme.org.pem',
-    'cert_file': PROJECT_ROOT + '/ssl-certs/dam.dalme.org.cert',
+    'key_file': f'{DOCKER_ROOT}/ssl-certs/dev-localhost.key',
+    'cert_file': f'{DOCKER_ROOT}/ssl-certs/dev-localhost.cert',
     # Encryption
     'encryption_keypairs': [{
-        'key_file': PROJECT_ROOT + '/ssl-certs/dam.dalme.org.pem',
-        'cert_file': PROJECT_ROOT + '/ssl-certs/dam.dalme.org.cert',
+        'key_file': f'{DOCKER_ROOT}/ssl-certs/dev-localhost.key',
+        'cert_file': f'{DOCKER_ROOT}/ssl-certs/dev-localhost.cert',
     }],
     'valid_for': 365 * 24,
 }
@@ -240,8 +228,13 @@
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.mysql',
+        'HOST': os.environ['MYSQL_HOST'],
+        'NAME': os.environ['MYSQL_DATABASE'],
+        'USER': os.environ['MYSQL_USER'],
+        'PASSWORD': os.environ['MYSQL_PASSWORD'],
+        'PORT': os.environ['MYSQL_PORT'],
+        'CONN_MAX_AGE': 500,
         'OPTIONS': {
-            'read_default_file': os.path.join(BASE_DIR, 'db.cnf'),
             'sql_mode': 'traditional',
         },
         'TEST': {
@@ -257,9 +250,6 @@
     }
 }
 
-db_from_env = dj_database_url.config(conn_max_age=500)
-DATABASES['default'].update(db_from_env)
-
 ELASTICSEARCH_DSL = {
     'default': {
         'host': AWS_ES_ENDPOINT,
@@ -340,9 +330,9 @@
     'compressor.finders.CompressorFinder',
 )
 
+COMPRESS_ENABLED = False
+COMPRESS_OFFLINE = False
 COMPRESS_STORAGE = 'compressor.storage.BrotliCompressorFileStorage'
-COMPRESS_ENABLED = True
-COMPRESS_OFFLINE = True
 COMPRESS_FILTERS = {
     'css': ['compressor.filters.cssmin.rCSSMinFilter'],
     'js': ['compressor.filters.jsmin.JSMinFilter']