Merge branch 'main' into dependabot/pip/fastapi-0.100.0

aeecleclair · Oct 20, 2023 · 30ca63b · 30ca63b
2 parents b2ce748 + f90d8df
commit 30ca63b
Show file tree

Hide file tree

Showing 91 changed files with 5,592 additions and 1,517 deletions.
diff --git a/.env b/.env
@@ -35,6 +35,9 @@ SMTP_USERNAME = ""
 SMTP_PASSWORD = ""
 SMTP_EMAIL = ""
 
+# Push notifications using Firebase Cloud Messaging
+USE_FIREBASE=false
+
 # Redis configuration #
 REDIS_HOST = "hyperion-redis" #May be left at "" during dev if you don't have a redis server running, in production it should be set to the name of the redis container
 REDIS_PORT = 6379

diff --git a/.env.test b/.env.test
@@ -7,7 +7,7 @@ SQLITE_DB = "test.db" # If set, the application use a SQLite database instead of
 # Authorization using JWT #
 ACCESS_TOKEN_SECRET_KEY="YWZOHliiI53lJMJc5BI_WbGbA4GF2T7Wbt1airIhOXEa3c021c4-1c55-4182-b141-7778bcc8fac4" # Note: modifing this token requires to update the common `test_check_settings_mocking` test
 RSA_PRIVATE_PEM_STRING = "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA1tpj3TZDkJakp2RygsM392pQbcmNBOGFT8FlETcRG/JVFT7k\niClJu+CVOJSVD0epfpYp93cYepfw74SezYnBCyuoLJ2yg5Qh4KlCrWmvwM7vhFIN\nx0xddIQi+Gm0T3dxGtv4Ga50TYX4SV4FE3ctJG9m3pyNF6POODp5tMJvShQWYTto\nW9qNhltZ8Z+14bq2INV/efpT47WuMT+VD/fa9/WwopAtgBcQOvq57fv5+DaPOIVR\n9BiP7F+pv+v6wQ373hI22QzCMsA4Whl+BmWFKcFoBDOBRjlW5VqhJWJkWZIRP0q+\nVAZHk2xJK+0YFc9jmaC+ExMtuyHYK0RnQK/8LQIDAQABAoIBABxJ8v4sZ+cAvrs/\nkYhAFf1gpShfck7jNr9SknEa1Aje9m7usf5vmULAhkVF4v55DAsb0HjB2JpDqTiQ\nOKyNZ7qFzAXb2aZTecZv4tScZsS3OngsqZ3FI0T1JPmaSWBxNJY5wkf3XV7btd5L\nH9X5ShtTA7Np33XuXneu01mGhEq3boLro+vfXMHV5QHyle1F4LUFWEqtP0UmZ5wA\nrro0Y7pA8R88tu5X4iWEjQPnAsbRixwFQ9LNMD8+40e1UIguobRySnP5umErHaIh\nKui7ZijLjbZh/dPS0IfpgahL1K6s9XhT3mD9WMvAvMkNtLewHIZZukG45mOQBrjF\nvvyYxoECgYEA+EY6YimGw0IKnUuf+5uZRXST7kDMENz1Flkcj8oZvo47hdX8/lDN\ni0y7gm3VNfHAK2R2KZPmSbtXA0DvS7kmx1/CFcmwkaakhuU5dyCHldWwSaTME3IE\nxjSZfTvlAiq9i6nUflgfkKo3Bdsiq8TYOUAv25S2SwYDH9Tx0fQwwGECgYEA3Ynt\nCHc8e4YRlGT65UQmEZ8cptmqVRyY4ClMU1xht7Pn0G1JwKRraiEL5/LndwscWf3h\nDygQuArJ28pp4d22FEW1LeXozXYUjJoz3anIA45IZ1OihS7Cx7tJB51/QNJeFdF4\nEX/XHaVukHyYSsAxkwCUYOw3cSgZOSEddL5Wf00CgYEA7JlIlDmMwtFR+jqSmJ3c\n//Kr8zZvAnb/Xa/IZ0MrK4yyLsYR1m48o06Ztx9iO4lKIFAZx1+563QL5P7hzOEC\nkqev90GA8hzD2AXksKEgdOrymAvjq3hSEm0YBN+qS1ldzxYmec0TL7L2wq7lqJnr\nkQuZUAG1g2OUYKZ3WSUDvKECgYEAv24NSkFuG/avfiD7w9xtYNCye2KekskROLG2\n6FltfsWQTEQDdNkekChaF2WHqRAKwaBlNymRuNZpsuhnMerZCQ9rDWwbDF86RnyA\n0MuCr7/kxJQ6XQcY/GnTIydu7F5bOlM0gzqKcW2f6m4fUohczf+0N0QmbDsQAJOi\n1lwadgkCgYEA3tkCBJIPTQecfjWiLqSocS6SrwXU+r3Jw6kI3/IB6ban/nsFdHSb\nnADST7f2zZatN6XALwsLU7f2R09R39ub0AJPyfToxo7MngR1rvaUYooF3rLlaU32\n8DqGvGpLkZkwbtcDmcX1zQoHjUo7RvoShZoapr59ihfrkiiEsXOkuGw=\n-----END RSA PRIVATE KEY-----\n"
-AUTH_CLIENTS=[["5507cc3a-fd29-11ec-b939-0242ac120002", null, "AppAuthClient"]]
+AUTH_CLIENTS=[["5507cc3a-fd29-11ec-b939-0242ac120002", null, ["http://127.0.0.1:8000/docs"], "AppAuthClient"]]
 
 # OIDC #
 # Host or url of the API, used for Openid connect discovery endpoint
@@ -34,6 +34,9 @@ SMTP_USERNAME = ""
 SMTP_PASSWORD = ""
 SMTP_EMAIL = ""
 
+# Push notifications using Firebase Cloud Messaging
+USE_FIREBASE=false
+
 # Redis configuration #
 REDIS_HOST = "localhost"
 REDIS_PORT = 6379

diff --git a/.github/workflows/lintandformat.yml b/.github/workflows/lintandformat.yml
@@ -12,7 +12,7 @@ jobs:
 
     steps:
       - name: Check out the code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Setup Python (faster than using Python container)
       - name: Setup Python

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -14,11 +14,11 @@ jobs:
 
     steps:
       - name: Check out the code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Docker metadata
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ${{ secrets.DOCKER_REGISTRY_IDENTIFER }}/hyperion
           tags: |
@@ -27,17 +27,17 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ secrets.DOCKER_REGISTRY_URL }}
           username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
           password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
 
       - name: Build and push app
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           platforms: linux/amd64 #,linux/arm64

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -4,6 +4,9 @@ name: Test
 on:
   pull_request:
     types: [opened, edited, ready_for_review, synchronize]
+  push:
+    branches:
+      - main
 
 jobs:
   test:
@@ -30,7 +33,7 @@ jobs:
 
     steps:
       - name: Check out the code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Setup Python (faster than using Python container)
       - name: Setup Python
@@ -53,4 +56,9 @@ jobs:
           key: pytest_cache-${{ github.head_ref }}
 
       - name: Run unit tests
-        run: python -m pytest
+        run: python -m pytest --cov
+
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@v3
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.gitignore b/.gitignore
@@ -11,6 +11,9 @@ data/
 # Dotenv file
 .env
 
+# Firebase secrets
+firebase.json
+
 # macOS
 .DS_Store
 
@@ -22,4 +25,7 @@ data/
 logs/
 
 # Migrations scripts
-migrations/versions/*.py
+migrations/versions/*.py
+
+# Pytest-cov
+.coverage
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
@@ -0,0 +1,9 @@
+{
+    "recommendations": [
+        "ms-python.python",
+        "ms-python.flake8",
+        "ms-python.black-formatter",
+        "ms-python.isort",
+        "ms-python.mypy-type-checker",
+    ]
+}
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -1,5 +1,4 @@
 {
-    "python.linting.flake8Enabled": true,
     "editor.formatOnSave": true,
     "editor.tabSize": 4,
     "editor.insertSpaces": true,
@@ -8,7 +7,6 @@
     "editor.codeActionsOnSave": {
         "source.organizeImports": true
     },
-    "python.linting.mypyEnabled": true,
     // We don't want VS Code to find our dotenv file, as the IDE is not cappable of parsing it correctly.
     // When using the debugger, VS Code pass the porly parsed file as environnement variables, letting to Pydantic validation erros
     "python.envFile": "${workspaceFolder}/",

diff --git a/README.md b/README.md
@@ -135,3 +135,15 @@ POSTGRES_USER = "hyperion"
 POSTGRES_PASSWORD = "pass"
 POSTGRES_DB = "hyperion"
 ```
+
+## Configure Firebase notifications
+
+Hyperion support push notification using Firebase Messaging service.
+
+To enable the service:
+
+1. Add `USE_FIREBASE=true` to dotenv file
+2. Create a service account on Firebase console:
+   1. Go to [Google cloud, IAM and administration, Service account](https://console.cloud.google.com/iam-admin/serviceaccounts) and add a new Service Account with Messaging API capabilities.
+   2. Choose _Manage keys_ and create a new JSON key.
+   3. Rename the file `firebase.json` and add it at Hyperion root
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Vulnerabilities Scope
+
+Reported vulnerabilities should concern the latest release or the latest commit of one of the open branches.
+Issues related to old versions will not be treated as a priority by the ECLAIR team.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| latest-release  | :white_check_mark: |
+| latest-commit  | :white_check_mark: |
+| *       | :x:                |
+
+## Reporting a Vulnerability
+
+Security issues should be reported to the ECLAIR team by email to [email protected], or using the "Private vulnerability reporting" feature of GitHub.
+We will inspect your report quickly, and you'll receive a response within 48 hours indicating the next steps in handling your report.
+
+Do not disclose any information related to vulnerabilities you may discover before getting approval from the ECLAIR team.
diff --git a/app/api.py b/app/api.py
@@ -4,31 +4,36 @@
 
 from app.endpoints import (
     admin,
+    advert,
     amap,
     associations,
     auth,
-    bdebooking,
+    booking,
     calendar,
     campaign,
     cinema,
     core,
     groups,
     loan,
+    notification,
     raffle,
     users,
 )
 
 api_router = APIRouter()
+
 api_router.include_router(admin.router)
+api_router.include_router(advert.router)
 api_router.include_router(amap.router)
 api_router.include_router(associations.router)
 api_router.include_router(auth.router)
-api_router.include_router(bdebooking.router)
+api_router.include_router(booking.router)
 api_router.include_router(calendar.router)
 api_router.include_router(campaign.router)
-api_router.include_router(groups.router)
+api_router.include_router(cinema.router)
 api_router.include_router(core.router)
-api_router.include_router(users.router)
+api_router.include_router(groups.router)
 api_router.include_router(loan.router)
-api_router.include_router(cinema.router)
+api_router.include_router(notification.router)
 api_router.include_router(raffle.router)
+api_router.include_router(users.router)
diff --git a/app/app.py b/app/app.py
@@ -16,7 +16,7 @@
 from app import api
 from app.core.config import Settings
 from app.core.log import LogConfig
-from app.cruds import cruds_groups
+from app.cruds import cruds_core, cruds_groups
 from app.database import Base
 from app.dependencies import (
     get_db_engine,
@@ -27,21 +27,91 @@
 from app.models import models_core
 from app.utils.redis import limiter
 from app.utils.types.groups_type import GroupType
+from app.utils.types.module_list import ModuleList
+
+
+async def create_db_tables(engine, drop_db, hyperion_error_logger):
+    """Create db tables
+    Alembic should be used for any migration, this function can only create new tables and ensure that the necessary groups are available
+    """
+    async with engine.begin() as conn:
+        try:
+            if drop_db:
+                await conn.run_sync(Base.metadata.drop_all)
+            await conn.run_sync(Base.metadata.create_all)
+        except Exception as error:
+            hyperion_error_logger.fatal(
+                f"Startup: Could not create tables in the database: {error}"
+            )
+
+
+async def initialize_groups(SessionLocal, hyperion_error_logger):
+    """Add the necessary groups for account types"""
+    async with SessionLocal() as db:
+        for id in GroupType:
+            exists = await cruds_groups.get_group_by_id(group_id=id, db=db)
+            # We don't want to recreate the groups if they already exist
+            if not exists:
+                group = models_core.CoreGroup(
+                    id=id, name=id.name, description="Group type"
+                )
+
+                try:
+                    db.add(group)
+                    await db.commit()
+                except IntegrityError as error:
+                    hyperion_error_logger.fatal(
+                        f"Startup: Could not add group {group.name}<{group.id}> in the database: {error}"
+                    )
+                    await db.rollback()
+
+
+async def initialize_module_visibility(SessionLocal, hyperion_error_logger):
+    """Add the default module visibilities for Titan"""
+    async with SessionLocal() as db:
+        # Is run to create default module visibilies or when the table is empty
+        haveBeenInitialized = (
+            len(await cruds_core.get_all_module_visibility_membership(db)) > 0
+        )
+        if haveBeenInitialized:
+            return
+        for module in ModuleList:
+            for default_group_id in module.value.default_allowed_groups_ids:
+                module_visibility_exists = await cruds_core.get_module_visibility(
+                    root=module.value.root, group_id=default_group_id, db=db
+                )
+
+                # We don't want to recreate the module visibility if they already exist
+                if not module_visibility_exists:
+                    module_visibility = models_core.ModuleVisibility(
+                        root=module.value.root, allowed_group_id=default_group_id.value
+                    )
+                    try:
+                        db.add(module_visibility)
+                        await db.commit()
+                    except IntegrityError as error:
+                        hyperion_error_logger.fatal(
+                            f"Startup: Could not add module visibility {module.root}<{default_group_id}> in the database: {error}"
+                        )
+                        await db.rollback()
 
 
 # We wrap the application in a function to be able to pass the settings and drop_db parameters
 # The drop_db parameter is used to drop the database tables before creating them again
 def get_application(settings: Settings, drop_db: bool = False) -> FastAPI:
+    LogConfig().initialize_loggers(settings=settings)
+
     hyperion_access_logger = logging.getLogger("hyperion.access")
     hyperion_security_logger = logging.getLogger("hyperion.security")
     hyperion_error_logger = logging.getLogger("hyperion.error")
 
-    LogConfig().initialize_loggers(settings=settings)
-
     # Create folder for calendars
     if not os.path.exists("data/ics/"):
         os.makedirs("data/ics/")
 
+    if not os.path.exists("data/core/"):
+        os.makedirs("data/core/")
+
     # Creating a lifespan which will be called when the application starts then shuts down
     # https://fastapi.tiangolo.com/advanced/events/
     @asynccontextmanager
@@ -57,40 +127,13 @@ async def startup(app: FastAPI):
             hyperion_error_logger.info("Redis client not configured")
 
         engine = get_db_engine(settings=settings)
-
-        # Create db tables #
-        # Alembic should be used for any migration, this function can only create new tables and ensure that the necessary groups are available
-        async with engine.begin() as conn:
-            try:
-                if drop_db:
-                    await conn.run_sync(Base.metadata.drop_all)
-                await conn.run_sync(Base.metadata.create_all)
-            except Exception as error:
-                hyperion_error_logger.fatal(
-                    f"Startup: Could not create tables in the database: {error}"
-                )
+        await create_db_tables(engine, drop_db, hyperion_error_logger)
 
         SessionLocal = app.dependency_overrides.get(
             get_session_maker, get_session_maker
         )()
-        # Add the necessary groups for account types
-        async with SessionLocal() as db:
-            for id in GroupType:
-                exists = await cruds_groups.get_group_by_id(group_id=id, db=db)
-                # We don't want to recreate the groups if they already exist
-                if not exists:
-                    group = models_core.CoreGroup(
-                        id=id, name=id.name, description="Group type"
-                    )
-
-                    try:
-                        db.add(group)
-                        await db.commit()
-                    except IntegrityError as error:
-                        hyperion_error_logger.fatal(
-                            f"Startup: Could not add group {group.name}<{group.id}> in the database: {error}"
-                        )
-                        await db.rollback()
+        await initialize_groups(SessionLocal, hyperion_error_logger)
+        await initialize_module_visibility(SessionLocal, hyperion_error_logger)
 
         yield
         hyperion_error_logger.info("Shutting down")