Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 1 | #! /usr/bin/env python3 |
| 2 | # |
| 3 | # Copyright (C) 2018 Garmin Ltd. |
| 4 | # |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 5 | # SPDX-License-Identifier: GPL-2.0-only |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 6 | # |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 7 | |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 8 | import os |
| 9 | import sys |
| 10 | import logging |
| 11 | import argparse |
| 12 | import sqlite3 |
Andrew Geissler | 5199d83 | 2021-09-24 16:47:35 -0500 | [diff] [blame] | 13 | import warnings |
Patrick Williams | ac13d5f | 2023-11-24 18:59:46 -0600 | [diff] [blame^] | 14 | |
Andrew Geissler | 5199d83 | 2021-09-24 16:47:35 -0500 | [diff] [blame] | 15 | warnings.simplefilter("default") |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 16 | |
Patrick Williams | ac13d5f | 2023-11-24 18:59:46 -0600 | [diff] [blame^] | 17 | sys.path.insert(0, os.path.join(os.path.dirname(os.path.dirname(__file__)), "lib")) |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 18 | |
| 19 | import hashserv |
Patrick Williams | ac13d5f | 2023-11-24 18:59:46 -0600 | [diff] [blame^] | 20 | from hashserv.server import DEFAULT_ANON_PERMS |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 21 | |
| 22 | VERSION = "1.0.0" |
| 23 | |
Patrick Williams | ac13d5f | 2023-11-24 18:59:46 -0600 | [diff] [blame^] | 24 | DEFAULT_BIND = "unix://./hashserve.sock" |
Brad Bishop | a34c030 | 2019-09-23 22:34:48 -0400 | [diff] [blame] | 25 | |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 26 | |
| 27 | def main(): |
Patrick Williams | ac13d5f | 2023-11-24 18:59:46 -0600 | [diff] [blame^] | 28 | parser = argparse.ArgumentParser( |
| 29 | description="Hash Equivalence Reference Server. Version=%s" % VERSION, |
| 30 | formatter_class=argparse.RawTextHelpFormatter, |
| 31 | epilog=""" |
| 32 | The bind address may take one of the following formats: |
| 33 | unix://PATH - Bind to unix domain socket at PATH |
| 34 | ws://ADDRESS:PORT - Bind to websocket on ADDRESS:PORT |
| 35 | ADDRESS:PORT - Bind to raw TCP socket on ADDRESS:PORT |
Brad Bishop | a34c030 | 2019-09-23 22:34:48 -0400 | [diff] [blame] | 36 | |
Patrick Williams | ac13d5f | 2023-11-24 18:59:46 -0600 | [diff] [blame^] | 37 | To bind to all addresses, leave the ADDRESS empty, e.g. "--bind :8686" or |
| 38 | "--bind ws://:8686". To bind to a specific IPv6 address, enclose the address in |
| 39 | "[]", e.g. "--bind [::1]:8686" or "--bind ws://[::1]:8686" |
| 40 | |
| 41 | Note that the default Anonymous permissions are designed to not break existing |
| 42 | server instances when upgrading, but are not particularly secure defaults. If |
| 43 | you want to use authentication, it is recommended that you use "--anon-perms |
| 44 | @read" to only give anonymous users read access, or "--anon-perms @none" to |
| 45 | give un-authenticated users no access at all. |
| 46 | |
| 47 | Setting "--anon-perms @all" or "--anon-perms @user-admin" is not allowed, since |
| 48 | this would allow anonymous users to manage all users accounts, which is a bad |
| 49 | idea. |
| 50 | |
| 51 | If you are using user authentication, you should run your server in websockets |
| 52 | mode with an SSL terminating load balancer in front of it (as this server does |
| 53 | not implement SSL). Otherwise all usernames and passwords will be transmitted |
| 54 | in the clear. When configured this way, clients can connect using a secure |
| 55 | websocket, as in "wss://SERVER:PORT" |
| 56 | """, |
| 57 | ) |
| 58 | |
| 59 | parser.add_argument( |
| 60 | "-b", |
| 61 | "--bind", |
| 62 | default=os.environ.get("HASHSERVER_BIND", DEFAULT_BIND), |
| 63 | help='Bind address (default $HASHSERVER_BIND, "%(default)s")', |
| 64 | ) |
| 65 | parser.add_argument( |
| 66 | "-d", |
| 67 | "--database", |
| 68 | default=os.environ.get("HASHSERVER_DB", "./hashserv.db"), |
| 69 | help='Database file (default $HASHSERVER_DB, "%(default)s")', |
| 70 | ) |
| 71 | parser.add_argument( |
| 72 | "-l", |
| 73 | "--log", |
| 74 | default=os.environ.get("HASHSERVER_LOG_LEVEL", "WARNING"), |
| 75 | help='Set logging level (default $HASHSERVER_LOG_LEVEL, "%(default)s")', |
| 76 | ) |
| 77 | parser.add_argument( |
| 78 | "-u", |
| 79 | "--upstream", |
| 80 | default=os.environ.get("HASHSERVER_UPSTREAM", None), |
| 81 | help="Upstream hashserv to pull hashes from ($HASHSERVER_UPSTREAM)", |
| 82 | ) |
| 83 | parser.add_argument( |
| 84 | "-r", |
| 85 | "--read-only", |
| 86 | action="store_true", |
| 87 | help="Disallow write operations from clients ($HASHSERVER_READ_ONLY)", |
| 88 | ) |
| 89 | parser.add_argument( |
| 90 | "--db-username", |
| 91 | default=os.environ.get("HASHSERVER_DB_USERNAME", None), |
| 92 | help="Database username ($HASHSERVER_DB_USERNAME)", |
| 93 | ) |
| 94 | parser.add_argument( |
| 95 | "--db-password", |
| 96 | default=os.environ.get("HASHSERVER_DB_PASSWORD", None), |
| 97 | help="Database password ($HASHSERVER_DB_PASSWORD)", |
| 98 | ) |
| 99 | parser.add_argument( |
| 100 | "--anon-perms", |
| 101 | metavar="PERM[,PERM[,...]]", |
| 102 | default=os.environ.get("HASHSERVER_ANON_PERMS", ",".join(DEFAULT_ANON_PERMS)), |
| 103 | help='Permissions to give anonymous users (default $HASHSERVER_ANON_PERMS, "%(default)s")', |
| 104 | ) |
| 105 | parser.add_argument( |
| 106 | "--admin-user", |
| 107 | default=os.environ.get("HASHSERVER_ADMIN_USER", None), |
| 108 | help="Create default admin user with name ADMIN_USER ($HASHSERVER_ADMIN_USER)", |
| 109 | ) |
| 110 | parser.add_argument( |
| 111 | "--admin-password", |
| 112 | default=os.environ.get("HASHSERVER_ADMIN_PASSWORD", None), |
| 113 | help="Create default admin user with password ADMIN_PASSWORD ($HASHSERVER_ADMIN_PASSWORD)", |
| 114 | ) |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 115 | |
| 116 | args = parser.parse_args() |
| 117 | |
Patrick Williams | ac13d5f | 2023-11-24 18:59:46 -0600 | [diff] [blame^] | 118 | logger = logging.getLogger("hashserv") |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 119 | |
| 120 | level = getattr(logging, args.log.upper(), None) |
| 121 | if not isinstance(level, int): |
Patrick Williams | ac13d5f | 2023-11-24 18:59:46 -0600 | [diff] [blame^] | 122 | raise ValueError("Invalid log level: %s" % args.log) |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 123 | |
| 124 | logger.setLevel(level) |
| 125 | console = logging.StreamHandler() |
| 126 | console.setLevel(level) |
| 127 | logger.addHandler(console) |
| 128 | |
Patrick Williams | ac13d5f | 2023-11-24 18:59:46 -0600 | [diff] [blame^] | 129 | read_only = (os.environ.get("HASHSERVER_READ_ONLY", "0") == "1") or args.read_only |
| 130 | if "," in args.anon_perms: |
| 131 | anon_perms = args.anon_perms.split(",") |
| 132 | else: |
| 133 | anon_perms = args.anon_perms.split() |
| 134 | |
| 135 | server = hashserv.create_server( |
| 136 | args.bind, |
| 137 | args.database, |
| 138 | upstream=args.upstream, |
| 139 | read_only=read_only, |
| 140 | db_username=args.db_username, |
| 141 | db_password=args.db_password, |
| 142 | anon_perms=anon_perms, |
| 143 | admin_username=args.admin_user, |
| 144 | admin_password=args.admin_password, |
| 145 | ) |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 146 | server.serve_forever() |
| 147 | return 0 |
| 148 | |
Brad Bishop | a34c030 | 2019-09-23 22:34:48 -0400 | [diff] [blame] | 149 | |
Patrick Williams | ac13d5f | 2023-11-24 18:59:46 -0600 | [diff] [blame^] | 150 | if __name__ == "__main__": |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 151 | try: |
| 152 | ret = main() |
| 153 | except Exception: |
| 154 | ret = 1 |
| 155 | import traceback |
Patrick Williams | ac13d5f | 2023-11-24 18:59:46 -0600 | [diff] [blame^] | 156 | |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 157 | traceback.print_exc() |
| 158 | sys.exit(ret) |