Initial commit

.gitea/workflows/sonarqube.yml

@@ -0,0 +1,24 @@
+on:
+  push:
+
+name: SonarQube Scan
+jobs:
+  sonarqube:
+    name: SonarQube Trigger
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checking out
+      uses: actions/checkout@v4
+      with:
+        # Disabling shallow clone is recommended for improving relevancy of reporting
+        fetch-depth: 0
+    - name: get repository name
+      run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV
+    - name: SonarQube Scan
+      uses: sonarsource/sonarqube-scan-action@v4
+      env:
+        SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+        SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
+      with:
+        args: >
+          -Dsonar.projectKey=${{ env.REPOSITORY_NAME }}

.gitignore

@@ -0,0 +1,177 @@
+# ---> Python
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+database/
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/#use-with-ide
+.pdm.toml
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+# ---> VisualStudioCode
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+

app/.dockerignore

@@ -0,0 +1,4 @@
+Dockerfile
+docker-compose.yml
+*.tar
+__pycache__/

app/Dockerfile

@@ -0,0 +1,18 @@
+# Using lightweight alpine image
+FROM python:3-alpine
+
+# Optimize Python behaviors for Docker
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+ENV PROMETHEUS_MULTIPROC_DIR=/dev/shm
+ENV PAPERSIZE=letter
+
+# Defining working directory and adding source code
+WORKDIR /template
+COPY . .
+
+# Install requirements
+RUN python -m pip install --no-cache-dir -r requirements.txt
+
+# Start app
+ENTRYPOINT [ "gunicorn" ]

app/app.py

@@ -0,0 +1,26 @@
+from flask import Flask
+import os
+
+from config import (
+    env_SECRET_KEY,
+    env_SECURE,
+    env_DEBUG,
+)
+from utils import logger
+from models import db
+from routes import routes, metrics
+
+app = Flask(__name__)
+app.secret_key = env_SECRET_KEY
+app.config["CORS_HEADERS"] = "Content-Type"
+app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///database.db"
+db.init_app(app)
+app.register_blueprint(routes)
+metrics.init_app(app)
+app.config["SESSION_COOKIE_SAMESITE"] = "Lax"
+app.config["SESSION_COOKIE_SECURE"] = env_SECURE
+
+logger.info("Worker ready")
+
+if __name__ == "__main__":
+    app.run(host="0.0.0.0", port=5000, debug=env_DEBUG)

app/config.py

@@ -0,0 +1,12 @@
+import os
+import tempfile
+
+env_DEBUG = os.environ.get("DEBUG", "").lower() == "true"
+
+env_SECURE = os.environ.get("SECURE", "").lower() == "true"
+env_SECRET_KEY = os.environ.get("SECRET_KEY", os.urandom(24))
+if not env_SECRET_KEY:
+    env_SECRET_KEY = os.urandom(24)
+
+path = tempfile.TemporaryDirectory(dir="/dev/shm")
+env_TEMP_DIR = path.name

app/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+    template:
+        container_name: template
+        image: git.bigun.dev/evan/template:stable
+        ports:
+            - 80:5000 # API
+            - 9200:9200 # Prometheus
+        restart: unless-stopped
+        volumes:
+            - /etc/localtime:/etc/localtime
+            - ./database:/template/instance
+        environment:
+            - DEBUG=FALSE # Enables debug route and Flask's debug mode
+            - SECRET_KEY="" # Should be a long random value, randomly regenerated every launch if not specified
+            - SECURE=FALSE # Set to True when using HTTPS

app/gunicorn.conf.py

@@ -0,0 +1,20 @@
+from prometheus_flask_exporter.multiprocess import GunicornPrometheusMetrics
+
+from config import env_DEBUG, env_TEMP_DIR
+
+accesslog = "-"
+access_log_format = '%({X-FORWARDED-FOR}i)s %(l)s %(t)s "%(r)s" %(s)s "%(a)s"'
+workers = 4
+bind = "0.0.0.0:5000"
+wsgi_app = "wsgi:app"
+worker_tmp_dir = env_TEMP_DIR
+if env_DEBUG:
+    loglevel = "debug"
+
+
+def when_ready(_):
+    GunicornPrometheusMetrics.start_http_server_when_ready(9200)
+
+
+def child_exit(_, worker):
+    GunicornPrometheusMetrics.mark_process_dead_on_child_exit(worker.pid)

app/models.py

@@ -0,0 +1,5 @@
+from datetime import datetime, timezone
+
+from flask_sqlalchemy import SQLAlchemy
+
+db = SQLAlchemy()

app/requirements.txt

@@ -0,0 +1,4 @@
+Flask==3.1.0
+flask_sqlalchemy==3.1.1
+gunicorn==23.0.0
+prometheus-flask-exporter==0.23.1

app/routes/__init__.py

@@ -0,0 +1,16 @@
+from prometheus_flask_exporter.multiprocess import GunicornPrometheusMetrics
+from flask import Blueprint
+
+metrics = GunicornPrometheusMetrics()
+
+by_path_counter = metrics.counter(
+    "by_path_counter",
+    "Request count by request paths",
+    labels={"path": lambda: request.path},
+)
+
+
+routes = Blueprint("routes", __name__)
+
+from .client import *  # Goes last to avoid circular imports
+from .static import *

app/routes/client.py

@@ -0,0 +1,10 @@
+from flask import jsonify, request
+
+from utils import (
+    logger,
+    validate_data_presence,
+)
+
+# from config import
+from . import routes as app
+from . import by_path_counter

app/routes/static.py

@@ -0,0 +1,4 @@
+from flask import current_app
+
+from . import routes as app
+from . import by_path_counter

app/utils.py

@@ -0,0 +1,49 @@
+from datetime import datetime, timedelta, timezone
+import json
+from urllib import parse
+import logging
+import re
+import typing as t
+
+import models
+
+logger = logging.getLogger("gunicorn.error")
+
+
+def str_none(x):
+    if x is None:
+        return ""
+    else:
+        return str(x)
+
+
+def string_validator(input_str: str):
+    # Decode the input string
+    decoded_str = parse.unquote(input_str)
+
+    # Sanitize the string
+    sanitized = re.sub(r"[\s]", "", decoded_str)
+    sanitized = re.sub(r'[<>"\'%;]', "", sanitized)
+
+    # Check length of the string
+    if len(sanitized) < 1:
+        return None
+
+    return sanitized
+
+
+def validate_data_presence(data: t.Dict[str, t.Any], keys: list[str]) -> bool:
+    """
+    Validate that all given keys are present in the data.
+
+    Args:
+        data (Dict[str, Any]): The JSON data to be validated.
+        keys (list[str]): A list of keys to look for in the data.
+
+    Returns:
+        bool: If any key is missing, returns False. Otherwise, returns True.
+    """
+    for key in keys:
+        if key not in data:
+            return False
+    return True

app/wsgi.py

@@ -0,0 +1,10 @@
+from werkzeug.middleware.proxy_fix import ProxyFix
+import logging
+
+from app import app
+
+gunicorn_logger = logging.getLogger("gunicorn.error")
+app.logger.handlers = gunicorn_logger.handlers
+app.logger.setLevel(gunicorn_logger.level)
+
+app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1)

renovate.json

@@ -0,0 +1,7 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+      "local>renovate/renovate-config:default.json"
+    ]
+  }
+