Encrypt api key and add readme for docker (#107)

Author: gcharis

.env.test

@@ -1,6 +1,7 @@
 ENV=test
 APP_NAME=Whitebox | Test
 APP_NAME_CRON=Whitebox | Test
+SECRET_KEY=3beae33e30bcdaf6b172e17dc8f26341
 
 DATABASE_URL=postgresql://postgres:postgres@localhost:5432/test
 

README.md

@@ -102,6 +102,39 @@ docker compose up postgres -d
 mkdocs serve -f docs/mkdocs/mkdocs.yml -a localhost:8001
 ```
 
+# Deploy Whitebox
+## Using docker
+
+Whitebox uses postgres as its database. They need to run in the same docker network. An example docker-compose file is located in the `examples` folder. Make sure you replace the SECRET_KEY with one of your own. Look below for more info.
+
+  ```bash
+  docker-compose -f examples/docker-compose/docker-compose.yml up
+  ```
+
+If you just need to run Whitebox, make sure you set the `DATABASE_URL` in the environment.
+
+  ```bash
+  docker run -dp 8000:8000 sqdhub/whitebox:main -e DATABASE_URL=postgresql://user:password@host:port/db_name
+  ```
+To save the api key encrypted in the database, provide a SECRET_KEY variable in the environment that is consisted of a 16 bytes string. 
+  ```bash
+  python -c "from secrets import token_hex; print(token_hex(16))"
+  ```
+***Save this token somewhere safe.***
+
+The api key can be retrieved directly from the postgres database:
+
+  ```bash
+  API_KEY=$(docker exec <postgres_container_id> /bin/sh -c "psql -U postgres -c \"SELECT api_key FROM users WHERE username='admin';\" -tA")
+
+  echo $API_KEY
+  ```
+If you've set the `SECRET_KEY` in the environment get the decrypted key using:
+
+  ```bash
+  docker exec <whitebox_container_id> /usr/local/bin/python scripts/decrypt_api_key.py $API_KEY
+  ```
+
 # Contributing
 
 We happily welcome contributions to Whitebox. You can start by opening a new issue!

docker-compose.yml …amples/docker-compose/docker-compose.ymldocker-compose.yml renamed to examples/docker-compose/docker-compose.yml docker-compose.yml renamed to examples/docker-compose/docker-compose.yml

@@ -1,4 +1,5 @@
 version: "3.10"
+name: Whitebox
 services:
   postgres:
     image: postgres:15
@@ -15,18 +16,26 @@ services:
       - "5432:5432"
     volumes:
       - wb_data:/var/lib/postgresql/data
+    networks:
+      - whitebox
 
   whitebox:
-    profiles: ["whitebox"]
     image: sqdhub/whitebox:main
     restart: unless-stopped
     environment:
       - APP_NAME=Whitebox | Docker
       - DATABASE_URL=postgresql://postgres:postgres@postgres:5432/postgres
+      - SECRET_KEY=<add_your_own>
     ports:
       - "8000:8000"
     depends_on:
       - postgres
+    networks:
+      - whitebox
 
 volumes:
   wb_data:
+
+networks:
+  whitebox:
+    name: whitebox

helm_charts/whitebox/artifacthub-repo.yml

@@ -0,0 +1,4 @@
+repositoryID: 5276bf98-7f0a-407d-ba4d-5b3083801cd6
+owners: 
+  - name: Squaredev
+    email: hello@squaredev.io

requirements.txt

@@ -117,7 +117,7 @@ python-jose==3.3.0
 python-multipart==0.0.5
 pytz==2022.5
 pyu2f==0.1.5
-PyYAML==5.1
+PyYAML==5.3.1
 requests==2.28.1
 requests-mock==1.10.0
 requests-oauthlib==1.3.1

scripts/decrypt_api_key.py

@@ -0,0 +1,14 @@
+import os
+import sys
+
+sys.path.append(os.getcwd())
+
+from whitebox.utils.passwords import decrypt_api_key
+from whitebox.core.settings import get_settings
+
+value = sys.argv[1]
+settings = get_settings()
+
+if __name__ == "__main__":
+    api_key = decrypt_api_key(value, settings.SECRET_KEY.encode())
+    print(api_key)

whitebox/api/v1/__init__.py

@@ -1,7 +1,6 @@
 from fastapi import APIRouter
 from .health import health_router
 
-from .users import users_router
 from .models import models_router
 from .dataset_rows import dataset_rows_router
 from .inference_rows import inference_rows_router
@@ -17,7 +16,6 @@
 v1 = "/v1"
 
 v1_router.include_router(health_router, prefix=v1)
-v1_router.include_router(users_router, prefix=v1)
 v1_router.include_router(models_router, prefix=v1)
 v1_router.include_router(dataset_rows_router, prefix=v1)
 v1_router.include_router(inference_rows_router, prefix=v1)

whitebox/api/v1/users.py

@@ -6,9 +6,8 @@
 from whitebox.schemas.user import UserCreateDto
 
 from whitebox import crud
-from whitebox.utils.passwords import hash_password
+from whitebox.utils.passwords import encrypt_api_key
 from whitebox.utils.logger import cronLogger as logger
-import os
 
 from secrets import token_hex
 
@@ -32,13 +31,20 @@ async def connect():
     """
     Base.metadata.create_all(engine)
     db = SessionLocal()
-    if not os.getenv("ENV") == "test":
-        admin_exists = crud.users.get_first_by_filter(db=db, username="admin")
-        if not admin_exists:
-            api_key = token_hex(32)
-            obj_in = UserCreateDto(username="admin", api_key=hash_password(api_key))
-            crud.users.create(db=db, obj_in=obj_in)
-            logger.info(f"Created username: admin, API key: {api_key}")
+
+    admin_exists = crud.users.get_first_by_filter(db=db, username="admin")
+    if not admin_exists:
+        plain_api_key = token_hex(32)
+        secret_key = settings.SECRET_KEY
+        api_key = (
+            encrypt_api_key(plain_api_key, secret_key.encode())
+            if secret_key
+            else plain_api_key
+        )
+
+        obj_in = UserCreateDto(username="admin", api_key=api_key)
+        crud.users.create(db=db, obj_in=obj_in)
+        logger.info(f"Created username: admin, API key: {plain_api_key}")
     await database.connect()
 
 

whitebox/core/db.py

@@ -9,6 +9,7 @@ class Settings(BaseSettings):
     DATABASE_URL: str = ""
     VERSION: str = ""
     MODEL_PATH: str = ""
+    SECRET_KEY: str = ""
 
     class Config:
         env_file = f".env.{os.getenv('ENV')}" or ".env.dev"