From c2971949642bf0bc55ad520a055a8252b0045f66 Mon Sep 17 00:00:00 2001 From: Khalim Conn-Kowlessar Date: Mon, 17 Jul 2023 18:05:54 +0100 Subject: [PATCH 1/4] changed logger --- backend/app/dependencies.py | 7 ++++--- backend/app/utils.py | 7 ------- backend/requirements/base.txt | 3 +-- 3 files changed, 5 insertions(+), 12 deletions(-) diff --git a/backend/app/dependencies.py b/backend/app/dependencies.py index 62b379f9..722fdabf 100644 --- a/backend/app/dependencies.py +++ b/backend/app/dependencies.py @@ -5,12 +5,12 @@ from Crypto.Protocol.KDF import HKDF from Crypto.Hash import SHA256 from typing import Any import json -# import logging +import logging from app.config import get_settings -from app.utils import logger -# logger = logging.getLogger(__name__) +logger = logging.getLogger(__name__) +logger.setLevel(logging.INFO) api_key_header = APIKeyHeader(name=get_settings().API_KEY_NAME, auto_error=False) @@ -97,6 +97,7 @@ def validate_jwt_token(token: str = Depends(oauth2_scheme)): async def validate_token(token: str = Depends(oauth2_scheme), request: Request = None): + print("VALIDATING - PRINT") logger.info("Validating token") logger.info(token) logger.info("Secret") diff --git a/backend/app/utils.py b/backend/app/utils.py index 415960be..4780a5ca 100644 --- a/backend/app/utils.py +++ b/backend/app/utils.py @@ -3,13 +3,6 @@ import csv from io import StringIO import string import secrets -from aws_lambda_powertools import Logger, Metrics, Tracer -from aws_lambda_powertools.metrics import MetricUnit # noqa: F401 - - -logger: Logger = Logger() -metrics: Metrics = Metrics() -tracer: Tracer = Tracer() def read_csv_from_s3(bucket_name, filepath): diff --git a/backend/requirements/base.txt b/backend/requirements/base.txt index 6708f024..11cd3326 100644 --- a/backend/requirements/base.txt +++ b/backend/requirements/base.txt @@ -26,5 +26,4 @@ uvloop==0.17.0 watchfiles==0.19.0 websockets==11.0.3 boto3 -pycryptodome -aws-lambda-powertools \ No newline at end of file +pycryptodome \ No newline at end of file From 7dc369b0881fdb933fdb12db49f1b46e386592b6 Mon Sep 17 00:00:00 2001 From: Khalim Conn-Kowlessar Date: Mon, 17 Jul 2023 18:50:29 +0100 Subject: [PATCH 2/4] removed pycryptdome --- backend/app/dependencies.py | 25 +++++++++++-------------- backend/app/plan/router.py | 4 ++-- backend/app/utils.py | 5 +++++ backend/docker/Dockerfile.lambda | 11 +++++++++++ backend/requirements/base.txt | 3 +-- 5 files changed, 30 insertions(+), 18 deletions(-) create mode 100644 backend/docker/Dockerfile.lambda diff --git a/backend/app/dependencies.py b/backend/app/dependencies.py index 722fdabf..078f36a5 100644 --- a/backend/app/dependencies.py +++ b/backend/app/dependencies.py @@ -1,16 +1,13 @@ from fastapi import Depends, HTTPException, status, Request from fastapi.security import APIKeyHeader, OAuth2PasswordBearer from jose import JWTError, jwe, jwt -from Crypto.Protocol.KDF import HKDF -from Crypto.Hash import SHA256 +from cryptography.hazmat.primitives.kdf.hkdf import HKDF +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.backends import default_backend from typing import Any import json -import logging from app.config import get_settings - - -logger = logging.getLogger(__name__) -logger.setLevel(logging.INFO) +from app.utils import logger api_key_header = APIKeyHeader(name=get_settings().API_KEY_NAME, auto_error=False) @@ -43,14 +40,14 @@ def get_user(user_id: str): def get_derived_encryption_key(secret: str) -> Any: context = str.encode("NextAuth.js Generated Encryption Key") - return HKDF( - master=secret.encode(), - key_len=32, - salt="".encode(), - hashmod=SHA256, - num_keys=1, - context=context, + hkdf = HKDF( + algorithm=hashes.SHA256(), + length=32, + salt=b"", + info=context, + backend=default_backend() ) + return hkdf.derive(secret.encode()) def get_token_payload(token: str, secret: str) -> dict[str, Any]: diff --git a/backend/app/plan/router.py b/backend/app/plan/router.py index 430ba8cd..e0c975b3 100644 --- a/backend/app/plan/router.py +++ b/backend/app/plan/router.py @@ -1,9 +1,9 @@ from fastapi import APIRouter, Depends from app.dependencies import validate_token from app.plan.schemas import PlanTriggerRequest -from app.utils import read_csv_from_s3 +from app.utils import read_csv_from_s3, logger from app.config import get_settings -from app.utils import logger + router = APIRouter( prefix="/plan", diff --git a/backend/app/utils.py b/backend/app/utils.py index 4780a5ca..77d220ae 100644 --- a/backend/app/utils.py +++ b/backend/app/utils.py @@ -3,6 +3,11 @@ import csv from io import StringIO import string import secrets +import logging + + +logger = logging.getLogger(__name__) +logger.setLevel(logging.INFO) def read_csv_from_s3(bucket_name, filepath): diff --git a/backend/docker/Dockerfile.lambda b/backend/docker/Dockerfile.lambda new file mode 100644 index 00000000..4d54befe --- /dev/null +++ b/backend/docker/Dockerfile.lambda @@ -0,0 +1,11 @@ +FROM python:3.10.12-slim-buster + +WORKDIR /var/task + +# Install python dependencies +COPY ./requirements/base.txt ./requirements/base.txt +RUN pip install --upgrade pip +RUN pip install -r requirements/base.txt + +# Copy project +COPY . . diff --git a/backend/requirements/base.txt b/backend/requirements/base.txt index 11cd3326..923f17f9 100644 --- a/backend/requirements/base.txt +++ b/backend/requirements/base.txt @@ -25,5 +25,4 @@ uvicorn==0.22.0 uvloop==0.17.0 watchfiles==0.19.0 websockets==11.0.3 -boto3 -pycryptodome \ No newline at end of file +boto3 \ No newline at end of file From 1bb3fe5b120111025bfaaa913895c30aadbac21c Mon Sep 17 00:00:00 2001 From: Khalim Conn-Kowlessar Date: Mon, 17 Jul 2023 19:23:09 +0100 Subject: [PATCH 3/4] downgrade cryptography --- backend/docker/Dockerfile | 2 +- backend/docker/Dockerfile.lambda | 11 ----------- backend/docker/lambda.Dockerfile | 22 ++++++++++++++++++++++ backend/requirements/base.txt | 2 +- backend/test_event.json | 9 +++++++++ 5 files changed, 33 insertions(+), 13 deletions(-) delete mode 100644 backend/docker/Dockerfile.lambda create mode 100644 backend/docker/lambda.Dockerfile create mode 100644 backend/test_event.json diff --git a/backend/docker/Dockerfile b/backend/docker/Dockerfile index 933ebce7..d35fd40e 100644 --- a/backend/docker/Dockerfile +++ b/backend/docker/Dockerfile @@ -1,5 +1,5 @@ # Pull base image -FROM python:3.10.12-slim-buster +FROM public.ecr.aws/lambda/python:3.10 # Set environment variables ENV PYTHONDONTWRITEBYTECODE 1 diff --git a/backend/docker/Dockerfile.lambda b/backend/docker/Dockerfile.lambda deleted file mode 100644 index 4d54befe..00000000 --- a/backend/docker/Dockerfile.lambda +++ /dev/null @@ -1,11 +0,0 @@ -FROM python:3.10.12-slim-buster - -WORKDIR /var/task - -# Install python dependencies -COPY ./requirements/base.txt ./requirements/base.txt -RUN pip install --upgrade pip -RUN pip install -r requirements/base.txt - -# Copy project -COPY . . diff --git a/backend/docker/lambda.Dockerfile b/backend/docker/lambda.Dockerfile new file mode 100644 index 00000000..f64eec03 --- /dev/null +++ b/backend/docker/lambda.Dockerfile @@ -0,0 +1,22 @@ +FROM public.ecr.aws/lambda/python:3.10 + +# Set environment variables +ENV PYTHONDONTWRITEBYTECODE 1 +ENV PYTHONUNBUFFERED 1 + +# Set work directory +WORKDIR /app + +# Install system dependencies +#RUN apt-get update && apt-get install -y netcat-openbsd + +# Install python dependencies +COPY ./requirements/base.txt ./requirements/base.txt +RUN pip install --upgrade pip +RUN pip install -r requirements/base.txt + +# Copy project +COPY . . + +# command to run on container start +CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"] diff --git a/backend/requirements/base.txt b/backend/requirements/base.txt index 923f17f9..5a1693c4 100644 --- a/backend/requirements/base.txt +++ b/backend/requirements/base.txt @@ -1,7 +1,7 @@ anyio==3.7.1 cffi==1.15.1 click==8.1.3 -cryptography==41.0.1 +cryptography==37.0.4 ecdsa==0.18.0 exceptiongroup==1.1.2 fastapi==0.99.1 diff --git a/backend/test_event.json b/backend/test_event.json new file mode 100644 index 00000000..19fe7aba --- /dev/null +++ b/backend/test_event.json @@ -0,0 +1,9 @@ +{ + "httpMethod": "POST", + "path": "/v1/plan/trigger", + "headers": { + "x-api-key": "4QPwbB6hEdUloDVtbBJCUTfGBdBgWwpeavWQ7t5Z", + "Authorization": "Bearer 4QPwbB6hEdUloDVtbBJCUTfGBdBgWwpeavWQ7t5Z" + }, + "body": "{\"goal\": \"epc\", \"goal_value\": \"c\", \"portfolio_id\": 1, \"trigger_file_path\": \"test\", \"housing_type\": \"social\"}" +} From a850d6ff8825b80da4a07ec9c69237e5eb60a485 Mon Sep 17 00:00:00 2001 From: Khalim Conn-Kowlessar Date: Mon, 17 Jul 2023 19:54:18 +0100 Subject: [PATCH 4/4] testing docker configs --- backend/docker/Dockerfile | 2 +- backend/serverless.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/docker/Dockerfile b/backend/docker/Dockerfile index d35fd40e..fb95e87e 100644 --- a/backend/docker/Dockerfile +++ b/backend/docker/Dockerfile @@ -1,5 +1,5 @@ # Pull base image -FROM public.ecr.aws/lambda/python:3.10 +FROM lambci/lambda:build-python3.10 # Set environment variables ENV PYTHONDONTWRITEBYTECODE 1 diff --git a/backend/serverless.yml b/backend/serverless.yml index 81c0653f..a0fcb555 100644 --- a/backend/serverless.yml +++ b/backend/serverless.yml @@ -28,6 +28,7 @@ custom: useDocker: true dockerSsh: true fileName: requirements/base.txt + dockerRunCmdExtraArgs: ['--platform', 'linux/amd64'] customDomain: domainName: api.${self:provider.environment.DOMAIN_NAME} createRoute53Record: true