fossiloauth << Previous Next >> fossilapp

foauth_config

config.py content:

import authomatic
from authomatic.providers import oauth2

# read client_id and client_secret from safe place other than put into script
# use scrum4 At mde to get credential data
# credential url: https://console.cloud.google.com
keyFile = open('./../scrum2_client_secret.txt', 'r')
with open('./../scrum2_client_secret.txt', 'r') as f:
    key = f.read().splitlines()

CONFIG = {
        'google': {
            'class_': oauth2.Google,
            'consumer_key': key[0],
            'consumer_secret': key[1],
            'scope': oauth2.Google.user_info_scope
        }
    }

domain_name = "c2.kmol.info"
default_repo = "pj2022"
repo_caps = "bfjk234C"
# for Windows 
#repo_path = "c:/pj2022/repo/"
# for Ubuntu
repo_path = "/home/wcm2021/repository/"
fossil_port = "5443"
flask_port = "8443"
uwsgi = True

# derived
default_repo_path = repo_path+default_repo+".fossil"
flask_url = "https://"+domain_name+":"+flask_port
flask_forum = "https://"+domain_name+":"+flask_port+"/forum"
login_url = "https://"+domain_name+":"+fossil_port+"/"+default_repo+"/login"
forum_url = "https://"+domain_name+":"+fossil_port+"/"+default_repo+"/forum"
CALLBACK_URL = flask_forum

wsgi.py

import fossiloauth
import config

uwsgi = config.uwsgi

domain_name = config.domain_name
port = config.flask_port

application = fossiloauth.app

if __name__ == "__main__":
    
    if uwsgi:
        application = fossiloauth.app
    else:
        domain_name = "127.0.0.1"
        fossiloauth.app.run(host=domain_name, port=port, ssl_context='adhoc')

templates/login.html:

## index.html
<%inherit file="base.html"/>

<%block name="header">
    <!-- this is some header content -->
</%block>

<!-- this is the body content. -->

    <a href="/index">Home</a>
    
    ## Check for errors.
    % if result.error:
        <h2>Damn that error: ${ result.error.message }</h2>
    % endif
    
    ## Welcome the user.
    % if result.user:
        <h1>Hi ${result.user.name}</h1>
        <h2>Your id is: ${ result.user.id }</h2>
        <h2>Your email is: ${ result.user.email }</h2>
    % endif

<!-- after GMail login process, use javascript to logout GMail account, and redirect to callbackurl  -->
<!-- use jinia2 template format -->
<script type="text/javascript">
window.location="https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=${CALLBACK_URL}";
</script>

/etc/nginx/sites-available/default

start nginx: sudo /etc/init.d/nginx start

stop nginx: sudo /etc/init.d/nginx stop

restart nginx: sudo /etc/init.d/nginx restart

server {
	listen 80 default_server;
	listen [::]:80 default_server;

        root /home/wcm2021/github/cmstemplate/;

	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

}

# 443 with uwsgi 
server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
   
    location / {
        include uwsgi_params;
        uwsgi_pass  127.0.0.1:8080;
    }
   
    ssl_certificate /etc/stunnel/fullchain.pem;
    ssl_certificate_key /etc/stunnel/privkey.pem;
    ssl_session_timeout 5m;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers on;
    try_files $uri $uri/ =404;
}

# 8443 with uwsgi for fossiloauth
server {
    listen 8443 ssl default_server;
    listen [::]:8443 ssl default_server;
   
    location / {
        include uwsgi_params;
        uwsgi_pass  127.0.0.1:8081;
    }
   
    ssl_certificate /etc/stunnel/fullchain.pem;
    ssl_certificate_key /etc/stunnel/privkey.pem;
    ssl_session_timeout 5m;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers on;
    try_files $uri $uri/ =404;
}

/home/wcm2021/uwsgi_ini/flask_oauth.ini

[uwsgi]
socket = :8081
uid = wcm2021
gid = wcm2021
plugins-dir = /usr/lib/uwsgi/plugins/
plugin = python3
master = true
process = 4
threads = 2
chdir = /home/wcm2021/fossiloauth
wsgi-file = /home/wcm2021/fossiloauth/wsgi.py

/home/wcm2021/uwsgi_ini/uwsgi.ini

[uwsgi]
socket = :8080
uid = wcm2021
gid = wcm2021
plugins-dir = /usr/lib/uwsgi/plugins/
plugin = python3
master = true
process = 4
threads = 2
chdir = /home/wcm2021/github/cmstemplate
wsgi-file = /home/wcm2021/github/cmstemplate/cmsimde/wsgi.py

/etc/systemd/system/cmsimde.service

列出 Ubuntu 中目前已經啟動的系統服務, 可以在終端機視窗中輸入:

service --status-all

enable cmsimde.service: sudo systemctl enable cmsimde

disable cmsimde.service: sudo systemctl disable cmsimde

start cmsimde.service: sudo systemctl start cmsimde

stop cmsimde.service: sudo systemctl stop cmsimde

restart cmsimde.service: sudo systemctl restart cmsimde

[Unit]
Description=uWSGI to serve CMSiMDE
After=network.target
   
[Service]
User=wcm2021
Group=wcm2021
WorkingDirectory=/home/wcm2021/uwsgi_ini
ExecStart=/usr/bin/uwsgi --emperor /home/wcm2021/uwsgi_ini
   
[Install]
WantedBy=multi-user.target

/etc/stunnel to start with system:

修改 /etc/default/stunnel4, 修改 ENABLED=1

然後以:

sudo /etc/init.d/stunnel4 restart

to restart

fossiloauth << Previous Next >> fossilapp