2023-10-31 10:00:08 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
set -e
|
|
|
|
set -u
|
|
|
|
set -x
|
|
|
|
|
2024-02-02 18:36:57 +00:00
|
|
|
|
|
|
|
usage() {
|
|
|
|
cat <<END
|
|
|
|
ERROR: you need to map your idhub git repo volume to docker, suggested volume mapping is:
|
|
|
|
|
|
|
|
volumes:
|
|
|
|
- ./IdHub:/opt/idhub
|
|
|
|
END
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
|
|
|
inject_env_vars() {
|
|
|
|
# related https://www.kenmuse.com/blog/avoiding-dubious-ownership-in-dev-containers/
|
|
|
|
git config --global --add safe.directory "${idhub_dir}"
|
2024-03-06 17:53:34 +00:00
|
|
|
export COMMIT="commit: $(git log --pretty=format:'%h' -n 1)"
|
2024-03-08 09:09:43 +00:00
|
|
|
|
|
|
|
cat > status_data <<END
|
|
|
|
DOMAIN=${DOMAIN}
|
|
|
|
END
|
2024-02-02 18:36:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
deployment_strategy() {
|
|
|
|
# detect if existing deployment (TODO only works with sqlite)
|
|
|
|
if [ -f "${idhub_dir}/db.sqlite3" ]; then
|
|
|
|
echo "INFO: detected EXISTING deployment"
|
|
|
|
./manage.py migrate
|
2024-03-07 13:09:13 +00:00
|
|
|
|
|
|
|
# warn admin that it should re-enter password to keep the service working
|
|
|
|
./manage.py send_mail_admins
|
2024-02-02 18:36:57 +00:00
|
|
|
else
|
2024-03-18 09:05:16 +00:00
|
|
|
# this file helps all docker containers to guess number of hosts involved
|
|
|
|
# right now is only needed by new deployment for oidc
|
2024-03-18 13:28:30 +00:00
|
|
|
if [ -d "/sharedsecret" ]; then
|
|
|
|
touch /sharedsecret/${DOMAIN}
|
|
|
|
fi
|
2024-03-18 09:05:16 +00:00
|
|
|
|
2024-02-02 18:36:57 +00:00
|
|
|
# move the migrate thing in docker entrypoint
|
|
|
|
# inspired by https://medium.com/analytics-vidhya/django-with-docker-and-docker-compose-python-part-2-8415976470cc
|
|
|
|
echo "INFO detected NEW deployment"
|
|
|
|
./manage.py migrate
|
|
|
|
|
2024-02-07 11:43:52 +00:00
|
|
|
printf "This is DEVELOPMENT/PILOTS_EARLY DEPLOYMENT: including demo hardcoded data\n creating initial Datas\n" >&2
|
|
|
|
./manage.py initial_datas
|
2024-02-02 18:36:57 +00:00
|
|
|
|
2024-03-06 13:50:05 +00:00
|
|
|
if [ "${OIDC_ORGS:-}" ]; then
|
2024-02-07 11:43:52 +00:00
|
|
|
config_oidc4vp
|
|
|
|
fi
|
2024-02-02 18:36:57 +00:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2023-12-12 10:09:39 +00:00
|
|
|
_set() {
|
|
|
|
key="${1}"
|
|
|
|
value="${2}"
|
2024-03-06 13:50:05 +00:00
|
|
|
domain="${3}"
|
|
|
|
sqlite3 db.sqlite3 "update oidc4vp_organization set ${key}='${value}' where domain='${domain}';"
|
2023-12-12 10:09:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
_get() {
|
|
|
|
sqlite3 -json db.sqlite3 "select * from oidc4vp_organization;"
|
|
|
|
}
|
|
|
|
|
2024-03-18 09:05:16 +00:00
|
|
|
_lines () {
|
|
|
|
local myfile="${1}"
|
|
|
|
cat "${myfile}" | wc -l
|
|
|
|
}
|
|
|
|
|
2023-12-12 10:09:39 +00:00
|
|
|
config_oidc4vp() {
|
|
|
|
# populate your config
|
|
|
|
data="$(_get)"
|
2024-03-18 09:05:16 +00:00
|
|
|
echo "${data}" | jq --arg domain "${DOMAIN}" '{ ($domain): .}' > /sharedsecret/${DOMAIN}
|
2023-12-12 10:09:39 +00:00
|
|
|
|
2024-03-18 09:05:16 +00:00
|
|
|
while true; do
|
|
|
|
echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose
|
|
|
|
## break when no empty files left
|
|
|
|
if ! wc -l /sharedsecret/* | awk '{print $1;}' | grep -qE '^0$'; then
|
|
|
|
break
|
|
|
|
fi
|
|
|
|
sleep 1
|
|
|
|
done
|
2023-12-12 10:09:39 +00:00
|
|
|
# get other configs
|
|
|
|
for host in /sharedsecret/*; do
|
2024-03-06 13:50:05 +00:00
|
|
|
# we are flexible on querying for DOMAIN: the first one based on regex
|
|
|
|
target_domain="$(cat "${host}" | jq -r 'keys[0]')"
|
|
|
|
if [ "${target_domain}" != "${DOMAIN}" ]; then
|
|
|
|
filtered_data="$(cat "${host}" | jq --arg domain "${DOMAIN}" 'first(.[][] | select(.domain | test ($domain)))')"
|
2023-12-15 08:31:50 +00:00
|
|
|
client_id="$(echo "${filtered_data}" | jq -r '.client_id')"
|
|
|
|
client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')"
|
2023-12-12 10:09:39 +00:00
|
|
|
|
2024-03-06 13:50:05 +00:00
|
|
|
_set my_client_id ${client_id} ${target_domain}
|
|
|
|
_set my_client_secret ${client_secret} ${target_domain}
|
2023-12-15 08:31:50 +00:00
|
|
|
fi
|
2023-12-12 10:09:39 +00:00
|
|
|
done
|
|
|
|
}
|
|
|
|
|
2024-03-21 13:31:45 +00:00
|
|
|
runserver() {
|
|
|
|
if [ ! "${DEBUG:-}" = "true" ]; then
|
|
|
|
./manage.py collectstatic
|
2024-03-26 17:35:36 +00:00
|
|
|
if [ "${EXPERIMENTAL:-}" = "true" ]; then
|
|
|
|
# reloading on source code changing is a debugging future, maybe better then use debug
|
|
|
|
# src https://stackoverflow.com/questions/12773763/gunicorn-autoreload-on-source-change/24893069#24893069
|
|
|
|
# gunicorn with 1 worker, with more than 1 worker this is not expected to work
|
|
|
|
gunicorn --access-logfile - --error-logfile - -b :${PORT} trustchain_idhub.wsgi:application
|
|
|
|
else
|
|
|
|
./manage.py runserver 0.0.0.0:${PORT}
|
|
|
|
fi
|
2024-03-21 13:31:45 +00:00
|
|
|
else
|
|
|
|
./manage.py runserver 0.0.0.0:${PORT}
|
|
|
|
fi
|
|
|
|
}
|
2023-10-31 10:00:08 +00:00
|
|
|
|
2024-03-21 12:54:11 +00:00
|
|
|
check_app_is_there() {
|
2023-12-01 09:10:11 +00:00
|
|
|
if [ ! -f "./manage.py" ]; then
|
2024-02-02 18:36:57 +00:00
|
|
|
usage
|
2023-12-01 09:10:11 +00:00
|
|
|
fi
|
2024-03-21 12:54:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
main() {
|
|
|
|
idhub_dir='/opt/idhub'
|
|
|
|
cd "${idhub_dir}"
|
|
|
|
|
|
|
|
check_app_is_there
|
2023-12-01 09:10:11 +00:00
|
|
|
|
2024-02-02 18:36:57 +00:00
|
|
|
deployment_strategy
|
2023-11-16 16:03:19 +00:00
|
|
|
|
2024-02-02 18:36:57 +00:00
|
|
|
inject_env_vars
|
2023-10-31 10:00:08 +00:00
|
|
|
|
2024-03-21 13:31:45 +00:00
|
|
|
runserver
|
2023-10-31 10:00:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
main "${@}"
|