In the last years I made a few python based projects and now I just copy-paste some solutions I found long time ago.
I belive in karma and what I got from Community I give back to Community with thanks.
Features or intended design rules
The server is designed to be as simple as possible.
The server use extensions or modules.
The server itself don't use SQL, but load and call module auth, which use SQL.
The auth module provide login, logout and readonly access to groups for other modules. A tipical example: module wiki use in config access groups, wiki admin groups and wiki publishers groups.
The server can check integrity of modules before execution (compare hash of files with values stored in hash.json) and refuse to execute tempered modules if option verify_hash_scripts is activated in server config (config.ini in server root).
Also the server can check integrity of config files (config.json) of each module before execution and refuse to execute module if hash does not match. This option is available if verify_hash_config is activated in server config.
By default, to allow easy install and config of server, both options, verify_hash_scripts and verify_hash_config, are not activated.
The modules module allow admins to edit modules config (config.json) and update hash file (hash.json).
The login process create a session cookie and store in session user name, user id and group list of logged user. The group list is used by other modules to check if user has access.
The server warn user that is using a cookie, an European Law from May 2011, and ask for confirmation.
The session cookie is encripted with fixed keys (useful for cluster of servers) or randomly generated keys at server startup (activate random_session_keys in server config).
Config editor of modules understands three type of properties:
user groups (a property with groups in name)
boolean values (a property with bool in name)
You may import compiled modules with nuitka: nuitka --module mymodule.py.
You can customize server menu changing menu.ini.
Server supports SSL and FCGI.
Server can run frozen (frozen Python module).
Test this server in a virtual machine and choose carefully SQL connection strings.
To start this server on Linux, first install python packages.
On Debian Linux for python2:
apt install build-essential apt install python-pip apt install python2.7-dev pip2 install --upgrade pip pip2 install bottle pip2 install sqlalchemy pip2 install markdown pip2 install pycrypto pip2 install beaker #install at least one webserver: pip2 install tornado pip2 install paste pip2 install waitress pip2 install cherrypy #for postgresql pip2 install psycopg2 #for ms sql apt install freetds-dev pip install pymssql
On Debian Linux for python3:
apt install build-essential apt install python3-pip apt install python3-dev pip3 install --upgrade pip pip3 install bottle pip3 install sqlalchemy pip3 install markdown pip3 install pycrypto pip3 install beaker #install at least one webserver: pip3 install tornado pip3 install paste pip3 install waitress pip3 install cherrypy #for postgresql pip3 install psycopg2 #for ms sql apt install freetds-dev pip3 install pymssql
Edit as you like config.ini and menu.ini then execute main.py .
After server starts, only Emergency Admin is available: visit /auth/login, ignore error (No module named 'some-python-module') and reload /auth/login page, Login as Emergency Admin, go /modules and edit config of auth module.
Update DSN to someting like postgresql://user:password@localhost/Database or mssql+pymssql://user:password@host/Database or sqlite+pysqlite:///auth.db or any other connection string understood by sqlalchemy.
Stop web server, create SQL tables with edited DSN by running modeldb.py in extensions/auth/ folder:
#inside server root folder cd extensions/auth/ python2 modeldb.py #or python3 modeldb.py cd ../wiki/ python2-3 modeldb.py cd ../todo/ python2-3 modeldb.py
Start server, login with Emergency Admin and test if users and groups are available.
Run modeldb.py for each module which use SQL (todo and wiki) and restart server.
If SQL connection succeed, auth module config should look like:
And wiki module config should look like:
If everything works as expected, login as admin with password admin and disable Emergency Admin from auth module config.
More pictures on blog announcement.
If you don't want to use Emergency Admin, you can change source code, manually edit config.json, edit modeldb.py to bypass hash check and run it to create SQL tables.
If in config.json the parameter initdb_bool is true, then modeldb.py will drop all SQL tables and recreate them on each run.
I advise you to set (in each module config) initdb_bool to false after you create SQL tables of that module.