Merge pull request #3 from jhnnsrs/dev

Dev

Dockerfile

@@ -4,11 +4,15 @@ LABEL maintainer="jhnnsrs@gmail.com"
 
 # Install dependencies
 RUN pip install poetry rich
+
+# Configure poetry
+RUN poetry config virtualenvs.create false 
 ENV PYTHONUNBUFFERED=1
 
+
 # Copy dependencies
 COPY pyproject.toml /
-RUN poetry config virtualenvs.create false 
+COPY poetry.lock /
 RUN poetry install
 
 

README.md

@@ -1,3 +1,49 @@
-# lok server
+# Lok
 
-s
+[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/arkitektio/lok-server/)
+![Maintainer](https://img.shields.io/badge/maintainer-jhnnsrs-blue)
+[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
+
+
+Lok is a central backend to manage and authorize User and Applications in a distributed
+settings. Loks provides endpoints for apps to configure themselvers (through the Fakts protocol)
+and in a second step to authenticate and authorize users. For the latter it is build on top of [Oauth2](https://oauth.net/2/)
+and [OpenID Connect](https://openid.net/connect/). It then provides a central authentication and authorization
+service for applications to register and authenticate users, and issues JWT token for accessing services.
+
+As JWT are cryptographically signed, they can be verified by any service, and do not require
+a central session store. 
+
+This distributed and scalable authentication and authorization system, was developed as the backbone for the
+Arkitekt platform, but can be used as a standalone service for any application.
+
+## Features
+
+- [x] Application Registration (Authentication of apps based on various Flows)
+- [x] App Configuration (apps can retrieve their configuration from the server)
+- [x] User Authentication and Authorization
+- [x] User and Application Management
+- [x] Distibuted Authentication
+- [x] Social Features (Comments) 
+- [x] User Profiles
+
+All features are exposed through a GraphQL API, which can be used to interact with the system.
+
+
+## Next Features
+
+Lok is currently undergoing a major rewrite, to make it more modular and easier to extend. This rewrite
+will transition the system to a more modular architecture based on modern [Django](https://www.djangoproject.com/) and
+the awesome [Strawberry GraphQL](https://strawberry.rocks/) library.
+
+Additionally to the listed
+features above, the following features are planned:
+
+- [ ] More diverse App Registration Flows (e.g. for Websites)
+- [ ] Social Login (Login with Orcid, Github, Google,... )
+- [ ] User Profiles with social account information
+- [ ] Notificaition Backend (with Mobile Push Notifications)
+- [ ] More Security Features (e.g. 2FA)
+
+
+While this rewrite is ongoing, the current version of Lok will remain the main repository for Lok, and the new version will be merged into this repository once the new version is ready for production. Development is happening in the [lok-server-next](https://gihtub.com/arkitektio/lok-server-next) repository.

herre/settings.py

@@ -41,7 +41,7 @@
 AWS_QUERYSTRING_EXPIRE = 3600
 
 
-AWS_STORAGE_BUCKET_NAME = conf.minio.buckets[0].name
+AWS_STORAGE_BUCKET_NAME = conf.minio.buckets.media
 AWS_DEFAULT_ACL = "private"
 AWS_S3_USE_SSL = True
 AWS_S3_SECURE_URLS = False  # Should resort to True if using in Production behind TLS
@@ -50,6 +50,7 @@
 CORS_ORIGIN_ALLOW_ALL = True
 
 INSTALLED_APPS = [
+    "daphne",
     "registration",
     "django.contrib.admin",
     "django.contrib.auth",
@@ -69,6 +70,7 @@
     "health_check.db",
     "accounts",
     "lord",
+    "komment",
     "graphene_django",
     "django_probes",
     "crispy_forms",
@@ -83,15 +85,15 @@
 SUPERUSERS = [
     {
         "USERNAME": conf.django.admin.username,
-        "EMAIL": conf.django.admin.email,
+        "EMAIL": "fake@fake.com",
         "PASSWORD": conf.django.admin.password,
     }
 ]
 
 LOKUSERS = [
     {
         "USERNAME": su.username,
-        "EMAIL": su.email,
+        "EMAIL": su.get("email", None),
         "PASSWORD": su.password,
         "GROUPS": su.get("groups", []),
     }

infos/graphql/queries/release.py

@@ -12,27 +12,36 @@ class Arguments:
         id = graphene.ID(description="The FaktApp ID")
         identifier = graphene.String(description="Unique app name for user")
         version = graphene.String(description="Unique app name for user")
-        client_id = graphene.ID(description="The client id of one associated oauth2 application")
-
-    def resolve(root, info, *args, name=None, identifier=None, version=None, id=None, client_id=None):
+        client_id = graphene.ID(
+            description="The client id of one associated oauth2 application"
+        )
+
+    def resolve(
+        root,
+        info,
+        *args,
+        name=None,
+        identifier=None,
+        version=None,
+        id=None,
+        client_id=None
+    ):
         if id:
             return models.Release.objects.get(id=id)
         if client_id:
             return models.Client.objects.get(client_id=client_id).release
-        
-        return models.Release.objects.get(identifier=identifier, version=version)
+
+        return models.Release.objects.get(app__identifier=identifier, version=version)
 
     class Meta:
         list = False
         type = types.Release
         operation = "release"
 
 
-
 class ReleaseQuery(BalderQuery):
-
     class Meta:
         list = True
         type = types.Release
         filter = filters.ReleaseFilter
-        operation = "releases"
+        operation = "releases"

infos/management/commands/ensureapps.py

@@ -27,11 +27,11 @@ def handle(self, *args, **options):
         apps = settings.ENSURED_APPS or []
 
         for app in apps:
-            tenant = get_user_model().objects.get(username=app["TENANT"])
+            tenant = get_user_model().objects.get(username=str(app["TENANT"]))
 
             manifest = models.Manifest(
-                identifier=app["IDENTIFIER"],
-                version=app["VERSION"],
+                identifier=str(app["IDENTIFIER"]),
+                version=str(app["VERSION"]),
                 scopes=app["SCOPES"],
                 redirect_uris=app["REDIRECT_URIS"],
 
@@ -42,15 +42,15 @@ def handle(self, *args, **options):
                     manifest,
                     tenant,
                     tenant,
-                    client_id=app["CLIENT_ID"],
-                    client_secret=app["CLIENT_SECRET"],
-                    token=app["TOKEN"],
+                    client_id=str(app["CLIENT_ID"]),
+                    client_secret=str(app["CLIENT_SECRET"]),
+                    token=str(app["TOKEN"]),
                 )
             else:
                 models.create_public_client(
                     manifest,
                     tenant,
-                    client_id=app["CLIENT_ID"],
-                    client_secret=app["CLIENT_SECRET"],
-                    token=app["TOKEN"],
+                    client_id=str(app["CLIENT_ID"]),
+                    client_secret=str(app["CLIENT_SECRET"]),
+                    token=str(app["TOKEN"]),
                 )

komment/admin.py

@@ -0,0 +1,5 @@
+from django.contrib import admin
+from komment.models import Comment
+
+
+admin.site.register(Comment)

komment/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class KommentConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'komment'

komment/balder.py

@@ -0,0 +1,3 @@
+import komment.graphql.mutations
+import komment.graphql.subscriptions
+import komment.graphql.queries

komment/enums.py

@@ -0,0 +1,7 @@
+from django.apps import apps
+import logging
+import graphene
+from django.conf import settings
+
+logger = logging.getLogger(__name__)
+

komment/graphql/__init__.py

@@ -0,0 +1,3 @@
+from .mutations import *
+from .queries import *
+from .subscriptions import *

komment/graphql/mutations/__init__.py

@@ -0,0 +1 @@
+from .comment import *