ssh_scan_api 0.0.1.pre2 → 0.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 9e017981463ad9f0f6b8603541368d0cbbc21824
-  data.tar.gz: 640d3e218c081b0bd08c4dba5ecc722b14831d6e
+SHA256:
+  metadata.gz: 986e1fa32154fb3713c610f3339be18b71a9d4fa2306f7eebd7b427ebd0dc737
+  data.tar.gz: 785a82839c62ffe80e18576c6d0dbc47c1690c387f2f338ee32314b727cf8b02
 SHA512:
-  metadata.gz: 09771fd4bed338ff605c8c499a9e7fc6b762e01793cc87ff050b53a58f13a90c2760681b919a4fc704ca0021d1d8d534ddf3d4ea64183290fbb7dc3eb51b62fa
-  data.tar.gz: 8b21030f47a494ba2ae680de04f42916b3222a46ae9a4f41f1ca0a567bf4ed5fdcb401026648496d54438c7f522195c6d8c61db4d2721fccea0bdd82dd590789
+  metadata.gz: 2bf3fe77b3a2b3f3e9e9c4a0ad33ff5480712926a44eb546026d0cc91bdfa52350817dc9c238f4c379d3cba0ecf9e07070d7837ada598d1b1c9a216ff4aec869
+  data.tar.gz: 61a0ec0dfd5ad4bee3d548aea9a061d67d09f6f03bf14a05f0e720dc9ef96cc5c897c2e08a35a690c5923ce8857d7081b28783330a8f9548fcff40891d4a50f8

data/.gitignore

@@ -2,6 +2,11 @@
 *.db
 /coverage/
 
+config/api/config.yml
+config/policies/mozilla_modern.yml
+config/worker/config.yml
+postgres-data/*
+
 ## Documentation cache and generated files:
 /.yardoc/
 /_yardoc/
@@ -16,8 +21,8 @@
 # for a library or gem, you might want to ignore these files since the code is
 # intended to run in multiple environments; otherwise, check them in:
 Gemfile.lock
-# .ruby-version
-# .ruby-gemset
+.ruby-version
+.ruby-gemset
 
 # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
 .rvmrc

data/.travis.yml

@@ -1,30 +1,77 @@
 language: ruby
+sudo: false
+dist: trusty
+before_install: gem update --system
+addons:
+  postgresql: "9.6"
 matrix:
   include:
   - rvm: ruby-head
     env:
       - LABEL=unit_tests
+      - SSHSCAN_API_HOST=127.0.0.1
+      - SSHSCAN_API_PORT=8000
+      - SSHSCAN_API_ALLOWED_PORTS=22
+      - SSHSCAN_API_AUTHENTICATION=false
+      - SSHSCAN_DATABASE_HOST=database
+      - SSHSCAN_DATABASE_NAME=ssh_observatory
+      - SSHSCAN_DATABASE_USERNAME=sshobs
     services:
-      - mongodb
+      - postgres
+    before_script:
+      - chmod u+x database/init-user-db-travis.sh
+      - database/init-user-db-travis.sh
     after_success:
       - coveralls
-  - rvm: 2.3.0
+  - rvm: 2.5.0
     env:
       - LABEL=unit_tests
+      - SSHSCAN_API_HOST=127.0.0.1
+      - SSHSCAN_API_PORT=8000
+      - SSHSCAN_API_ALLOWED_PORTS=22
+      - SSHSCAN_API_AUTHENTICATION=false
+      - SSHSCAN_DATABASE_HOST=database
+      - SSHSCAN_DATABASE_NAME=ssh_observatory
+      - SSHSCAN_DATABASE_USERNAME=sshobs
     services:
-      - mongodb
-  - rvm: 2.2.0
+      - postgres
+    before_script:
+      - chmod u+x database/init-user-db-travis.sh
+      - database/init-user-db-travis.sh
+  - rvm: 2.3.6
     env:
       - LABEL=unit_tests
+      - SSHSCAN_API_HOST=127.0.0.1
+      - SSHSCAN_API_PORT=8000
+      - SSHSCAN_API_ALLOWED_PORTS=22
+      - SSHSCAN_API_AUTHENTICATION=false
+      - SSHSCAN_DATABASE_HOST=database
+      - SSHSCAN_DATABASE_NAME=ssh_observatory
+      - SSHSCAN_DATABASE_USERNAME=sshobs
     services:
-      - mongodb
-  - rvm: 2.1.3
+      - postgres
+    before_script:
+      - chmod u+x database/init-user-db-travis.sh
+      - database/init-user-db-travis.sh
+  - rvm: 2.2.9
     env:
+      - SSHSCAN_API_HOST=127.0.0.1
+      - SSHSCAN_API_PORT=8000
+      - SSHSCAN_API_ALLOWED_PORTS=22
+      - SSHSCAN_API_AUTHENTICATION=false
+      - SSHSCAN_DATABASE_HOST=database
+      - SSHSCAN_DATABASE_NAME=ssh_observatory
+      - SSHSCAN_DATABASE_USERNAME=sshobs
       - LABEL=unit_tests
     services:
-      - mongodb
-  - rvm: 2.0.0
+      - postgres
+    before_script:
+      - chmod u+x database/init-user-db-travis.sh
+      - database/init-user-db-travis.sh
+  - rvm: 2.5.0
     env:
-      - LABEL=unit_tests
+      - LABEL=docker_build_tests
     services:
-      - mongodb
+      - docker
+    script:
+      - docker-compose build

data/Gemfile

@@ -1,4 +1,3 @@
 source "https://rubygems.org"
 
-gem 'coveralls', require: false
-gemspec
+gemspec

data/README.md

@@ -1,16 +1,15 @@
 # ssh_scan_api
 
+[![Build Status](https://secure.travis-ci.org/mozilla/ssh_scan_api.png)](http://travis-ci.org/mozilla/ssh_scan_api)
+[![Code Climate](https://codeclimate.com/github/mozilla/ssh_scan_api.png)](https://codeclimate.com/github/mozilla/ssh_scan_api)
+[![Gem Version](https://badge.fury.io/rb/ssh_scan.svg)](https://badge.fury.io/rb/ssh_scan_api)
+[![Join the chat at https://gitter.im/mozilla-ssh_scan/Lobby](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/mozilla-ssh_scan/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Coverage Status](https://coveralls.io/repos/github/mozilla/ssh_scan_api/badge.svg?branch=master)](https://coveralls.io/github/mozilla/ssh_scan_api?branch=master)
+
 A web api to scale ssh_scan operations
 
 ## Setup
 
-To install and run as a gem, type:
-
-```bash
-gem install ssh_scan_api
-ssh_scan_api
-```
-
 To install and run from source, type:
 
 ```bash
@@ -35,18 +34,17 @@ bundle install
 ./bin/ssh_scan_api
 ```
 
-## Rubies Supported
+## ssh_scan as a command-line tool?
+
+This project is focused on providing ssh_scan as a service/API.
 
-This project is integrated with [travis-ci](http://about.travis-ci.org/) and is regularly tested to work with the following rubies:
+If you would like to run ssh_scan from command-line, checkout the [ssh_scan](https://github.com/mozilla/ssh_scan) project.
+
+## Rubies Supported
 
-* [ruby-head](https://github.com/ruby/ruby)
-* [2.3.0](https://github.com/ruby/ruby/tree/ruby_2_1)
-* [2.2.0](https://github.com/ruby/ruby/tree/ruby_2_1)
-* [2.1.3](https://github.com/ruby/ruby/tree/ruby_2_1)
-* [2.1.0](https://github.com/ruby/ruby/tree/ruby_2_1)
-* [2.0.0](https://github.com/ruby/ruby/tree/ruby_2_0_0)
+This project is integrated with [travis-ci](http://about.travis-ci.org/) and is regularly tested to work with multiple rubies.
 
-To checkout the current build status for these rubies, click [here](https://travis-ci.org/#!/mozilla/ssh_scan).
+To checkout the current build status for these rubies, click [here](https://travis-ci.org/#!/mozilla/ssh_scan_api).
 
 ## Contributing
 

data/Rakefile

@@ -5,7 +5,13 @@ require 'rspec'
 require 'rspec/core'
 require 'rspec/core/rake_task'
 require 'bundler/setup'
-require 'ssh_scan_api/version'
+require "sinatra/activerecord/rake"
+
+namespace :db do
+  task :load_config do
+    require "./lib/ssh_scan_api/api"
+  end
+end
 
 $:.unshift File.join(File.dirname(__FILE__), "lib")
 

data/bin/ssh_scan_api

@@ -1,16 +1,6 @@
 #!/usr/bin/env ruby
-
 $:.unshift File.join(File.dirname(__FILE__), "../lib")
-
 require 'ssh_scan_api'
 
-# Get the api config from command-line or via an example location
-config_file = ARGV[0] ||
-              File.join(
-                File.dirname(__FILE__),
-                "../config/api/config.yml"
-              )
-opts = YAML.load_file(config_file)
-opts["config_file"] = config_file
-
-SSHScan::API.run!(opts)
+# Usage: ruby ./bin/ssh_scan_api
+SSHScan::Api::Api.run!()

data/lib/ssh_scan_api.rb

@@ -1,12 +1,11 @@
-#External Deps
+# #External Deps
 require 'timeout'
 require 'resolv'
 require 'ssh_scan'
 
-#Internal Deps
-require 'ssh_scan_api/api'
+# #Internal Deps
 require 'ssh_scan_api/version'
-require 'ssh_scan_api/job_queue'
-require 'ssh_scan_api/database'
-require 'ssh_scan_api/stats'
-require 'ssh_scan_api/authenticator'
+require 'ssh_scan_api/api'
+require 'ssh_scan_api/authenticator'
+require 'ssh_scan_api/target_validator'
+require 'ssh_scan_api/constants'

data/lib/ssh_scan_api/api.rb

@@ -1,231 +1,296 @@
-require 'sinatra/base'
+require 'sinatra'
+require 'sinatra/activerecord'
 require 'sinatra/namespace'
-require 'json'
-require 'haml'
-require 'secure_headers'
-require 'thin'
 require 'securerandom'
-require 'ssh_scan'
-require 'ssh_scan_api/job_queue'
-require 'ssh_scan_api/database'
+require 'secure_headers'
+require 'ssh_scan_api/models/scan'
+require 'ssh_scan_api/target_validator'
+require 'ssh_scan_api/authenticator'
+require 'pg'
 
 module SSHScan
-  class API < Sinatra::Base
-    if ENV['RACK_ENV'] == 'test'
-      configure do
-        set :job_queue, SSHScan::JobQueue.new()
-        set :authentication, false
-        config_file = File.join(Dir.pwd, "./config/api/config.yml")
-        opts = YAML.load_file(config_file)
-        opts["config_file"] = config_file
-        set :db, SSHScan::Database.from_hash(opts)
+  module Api
+    
+    class Api < Sinatra::Base
+      if ENV['RACK_ENV'] == 'test'
+        configure do
+          set :database_file, "lib/config/database.yml"
+          set :authentication, false
+          set :authenticator, SSHScan::Api::Authenticator.new()
+          set :target_validator, SSHScan::Api::TargetValidator.new()
+          set :allowed_ports, 22
+          set :protection, false
+        end
       end
-    end
 
-    # Configure all the secure headers we want to use
-    use SecureHeaders::Middleware
-    SecureHeaders::Configuration.default do |config|
-      config.cookies = {
-        secure: true, # mark all cookies as "Secure"
-        httponly: true, # mark all cookies as "HttpOnly"
-      }
-      config.hsts = "max-age=31536000; includeSubdomains; preload"
-      config.x_frame_options = "DENY"
-      config.x_content_type_options = "nosniff"
-      config.x_xss_protection = "1; mode=block"
-      config.x_download_options = "noopen"
-      config.x_permitted_cross_domain_policies = "none"
-      config.referrer_policy = "no-referrer"
-      config.csp = {
-        default_src: ["'none'"],
-        frame_ancestors: ["'none'"],
-        upgrade_insecure_requests: true, # see https://www.w3.org/TR/upgrade-insecure-requests/
-      }
-    end
+      include SSHScan
+      register Sinatra::Namespace
+      register Sinatra::ActiveRecordExtension
 
-    register Sinatra::Namespace
+      before do
+        content_type :json
+      end
 
-    before do
-      headers "Server" => "ssh_scan_api"
-      headers "Cache-control" => "no-store"
-      headers "Pragma" => "no-cache"
-    end
+      # Configure all the secure headers we want to use
+      use SecureHeaders::Middleware
+      SecureHeaders::Configuration.default do |config|
+        config.cookies = {
+          secure: true, # mark all cookies as "Secure"
+          httponly: true, # mark all cookies as "HttpOnly"
+        }
+        config.hsts = "max-age=31536000; includeSubdomains; preload"
+        config.x_frame_options = "DENY"
+        config.x_content_type_options = "nosniff"
+        config.x_xss_protection = "1; mode=block"
+        config.x_download_options = "noopen"
+        config.x_permitted_cross_domain_policies = "none"
+        config.referrer_policy = "no-referrer"
+        config.csp = {
+          default_src: ["'none'"],
+          script_src: ["'none'"],
+          frame_ancestors: ["'none'"],
+          upgrade_insecure_requests: true, # see https://www.w3.org/TR/upgrade-insecure-requests/
+        }
+      end
 
-    helpers do
-      def cache_valid?(start_time)
-        (Time.now - Time.parse(start_time.to_s)) / (60 * 60 * 24) < 1
+      before do
+        headers "Access-Control-Allow-Methods" => "GET, POST"
+        headers "Access-Control-Allow-Origin" => "*"
+        headers "Access-Control-Max-Age" => "86400"
+        headers "Cache-control" => "no-store"
+        headers "Pragma" => "no-cache"
+        headers "Server" => "ssh_scan_api"
       end
-    end
 
-    # Custom 404 handling
-    not_found do
-      content_type "text/plain"
-      "Invalid request, see API documentation here: \
-https://github.com/mozilla/ssh_scan_api/wiki/ssh_scan-Web-API\n"
-    end
+      # Custom 404 handling
+      not_found do
+        content_type "text/plain"
+        "Invalid request, see API documentation here: https://github.com/mozilla/ssh_scan_api/wiki/ssh_scan-Web-API\n"
+      end
 
-    get '/' do
-      content_type "text/plain"
-      "See API documentation here: \
-https://github.com/mozilla/ssh_scan_api/wiki/ssh_scan-Web-API\n"
-    end
+      get '/' do
+        content_type "text/plain"
+        "See API documentation here: https://github.com/mozilla/ssh_scan_api/wiki/ssh_scan-Web-API\n"
+      end
 
-    get '/robots.txt' do
-      content_type "text/plain"
-      "User-agent: *\nDisallow: /\n"
-    end
+      get '/robots.txt' do
+        content_type "text/plain"
+        "User-agent: *\nDisallow: /\n"
+      end
 
-    get '/contribute.json' do
-      content_type :json
-      SSHScan::Constants::CONTRIBUTE_JSON.to_json
-    end
+      get '/contribute.json' do
+        content_type :json
+        SSHScan::Api::Constants::CONTRIBUTE_JSON.to_json
+      end
 
-    get '/__version__' do
-      {
-        :ssh_scan_version => SSHScan::VERSION,
-        :api_version => SSHScan::API_VERSION,
-      }.to_json
-    end
+      get '/__version__' do
+        {
+          :api_version => SSHScan::Api::VERSION,
+        }.to_json
+      end
 
-    namespace "/api/v1" do
-      before do
-        content_type :json
-        if settings.authentication == true
-          token = request.env['HTTP_SSH_SCAN_AUTH_TOKEN']
+      namespace "/api/v1" do
 
-          # If a token is not provided, only localhost can proceed
-          if token.nil? && request.ip != "127.0.0.1"
-            halt '{"error" : "authentication failure"}'
+        post '/scan' do
+          port = params["port"] || 22
+
+          # Check to see if there is a recent scan we offer
+          begin
+            latest_scan = Scan.where(["target = ? and port = ?", params["target"], port]).last
+
+            # Return prior scan results if run within 2min of now
+            if latest_scan && (Time.now - latest_scan.creation_time < 120)
+              return {"uuid": latest_scan.scan_id}.to_json
+            end
+          rescue
+            ActiveRecord::Base.connection_pool.release_connection
           end
 
-          # If a token is provided, it must be valid to proceed
-          if token && settings.authenticator.valid_token?(token) == false
-            halt '{"error" : "authentication failure"}'
+          # Perform a new scan
+          begin
+            scan = Scan.new do |s|
+              s.scan_id = SecureRandom.uuid
+              s.creation_time = Time.now
+              s.target = params["target"]
+              s.port = port
+              s.state = "QUEUED"
+              s.save
+            end
+          ensure
+            ActiveRecord::Base.connection_pool.release_connection
           end
+
+          return {"uuid": scan.scan_id}.to_json
         end
-      end
 
-      post '/scan' do
-        options = {
-          :sockets => [],
-          :policy => File.join(Dir.pwd,
-                               '/config/policies/mozilla_modern.yml'),
-          :timeout => 2,
-          :verbosity => nil,
-          #:fingerprint_database => "fingerprints.db",
-        }
-        options[:sockets] <<
-          "#{params[:target]}:#{params[:port] ? params[:port] : "22"}"
-        options[:policy_file] = options[:policy]
-        options[:force] = params[:force] ? params[:force] : false
-
-        unless options[:force] == 'true'
-          available_result = settings.db.fetch_cached_result(params)
-          unless available_result.nil?
-            if cache_valid?(available_result[:start_time])
-              return {
-                uuid: available_result[:uuid]
-              }.to_json
+        get '/scan/results' do
+          uuid = params[:uuid]
+
+          # If we don't get a uuid, we don't know what scan to pick up
+          return {"error" => "no uuid specified"}.to_json if uuid.nil? || uuid.empty?
+
+          begin
+            scan = Scan.find_by("scan_id": uuid)
+
+            if scan.nil?
+              return {"scan" => "UNKNOWN"}.to_json
+            end
+
+            case scan.state
+            when "QUEUED"
+              return {"status" => "QUEUED"}.to_json
+            when "ERRORED"
+              return {"status" => "ERRORED"}.to_json
+            when "RUNNNING"
+              return {"status" => "RUNNNING"}.to_json
+            when "COMPLETED"
+              return scan.raw_scan
+            else
+              return {"status" => "UNKNOWN"}.to_json
             end
+          ensure
+            ActiveRecord::Base.connection_pool.release_connection
           end
         end
-        options[:uuid] = SecureRandom.uuid
-        settings.job_queue.add(options)
-        {
-          uuid: options[:uuid]
-        }.to_json
-      end
 
-      get '/scan/results' do
-        uuid = params[:uuid]
-        return {"scan" => "not found"}.to_json if uuid.nil? || uuid.empty?
-        result = settings.db.find_scan_result(uuid)
-        return {"scan" => "not found"}.to_json if result.nil?
-        return result.to_json
-      end
+        get '/work' do
+          # Always require authentication for this route
+          #authenticated?
+
+          worker_id = params[:worker_id]
 
-      post '/scan/results/delete' do
-        uuid = params[:uuid]
+          #uuid = settings.db.next_scan_in_queue
+          scan = SSHScan::Scan.find_by("state": "QUEUED")
 
-        if uuid.nil? || uuid.empty?
-          return {"deleted" => "false"}.to_json
-        else
-          scan = settings.db.find_scan_result(uuid)
-          if scan.empty?
-            return {"deleted" => "false"}.to_json
+          if scan
+            scan.state = "RUNNING"
+            scan.worker_id = worker_id
+            scan.save
+
+            return {
+              "work" => {
+                "uuid" => scan.scan_id,
+                "target" => scan.target,
+                "port" => scan.port,
+              }
+            }.to_json
           else
-            settings.db.delete_scan(uuid)
-            return {"deleted" => "true"}.to_json
+            return {"work" => false}.to_json
           end
         end
-      end
 
-      get '/scan/results/delete/all' do
-        settings.db.delete_all
-      end
+        post '/work/results/:worker_id/:uuid' do
+          # Always require authentication for this route
+          #authenticated?
+
+          worker_id = params[:worker_id]
+          uuid = params[:uuid]
+          result = JSON.parse(request.body.first).first
+
+          if worker_id.empty? || uuid.empty?
+            return {"accepted" => "false"}.to_json
+          end
+
+          begin
+            scan = Scan.find_by("scan_id": uuid)
+
+            # Make sure we have a relevant match scan
+            return {"accepted" => "false"}.to_json unless scan
+
+            if result["error"]
+              scan.state = "ERRORED"
+              scan.worker_id = worker_id
+              scan.raw_scan = result.to_json
+              scan.save
+            else
+              scan.state = "COMPLETED"
+              scan.worker_id = worker_id
+              scan.raw_scan = result.to_json
+              scan.save
+            end
+          ensure
+            ActiveRecord::Base.connection_pool.release_connection
+          end
 
-      get '/work' do
-        worker_id = params[:worker_id]
-        logger.warn("Worker #{worker_id} polls for Job")
-        job = settings.job_queue.next
-        if job.nil?
-          logger.warn("Worker #{worker_id} didn't get any work")
-          {"work" => false}.to_json
-        else
-          logger.warn("Worker #{worker_id} got job #{job[:uuid]}")
-          {"work" => job}.to_json
+          return {"accepted" => "true"}
         end
-      end
 
-      post '/work/results/:worker_id/:uuid' do
-        worker_id = params['worker_id']
-        uuid = params['uuid']
-        result = JSON.parse(request.body.first).first
-        socket = {}
-        socket[:target] = result['ip']
-        socket[:port] = result['port']
+        get '/stats' do
+          queued_max_age = 0
+
+          begin
+            oldest = Scan.where(state: "QUEUED").minimum(:creation_time)
+          ensure
+            ActiveRecord::Base.connection_pool.release_connection
+          end
+
+          if oldest
+            queued_max_age = (Time.now - oldest).to_i
+          end
 
-        if worker_id.empty? || uuid.empty?
-          return {"accepted" => "false"}.to_json
+          begin
+            report = {
+              "SCAN_STATES" => {
+                "QUEUED" => Scan.where(state: "QUEUED").count,
+                "BATCH_QUEUED" => Scan.where(state: "BATCH_QUEUED").count,
+                "RUNNING" => Scan.where(state: "RUNNING").count,
+                "ERRORED" => Scan.where(state: "ERRORED").count,
+                "COMPLETED" => Scan.where(state: "COMPLETED").count,
+              },
+             "QUEUED_MAX_AGE" => queued_max_age,
+              "GRADE_REPORT" => {
+                "A" => Scan.where(grade: "A").count,
+                "B" => Scan.where(grade: "B").count,
+                "C" => Scan.where(grade: "C").count,
+                "D" => Scan.where(grade: "D").count,
+                "F" => Scan.where(grade: "F").count,
+              }
+              # "AUTH_METHOD_REPORT" => settings.db.auth_method_report
+            }
+          ensure
+            ActiveRecord::Base.connection_pool.release_connection
+          end
+
+          return report.to_json
         end
-        settings.stats.new_scan_request
-        settings.db.add_scan(worker_id, uuid, result, socket)
-      end
 
-      get '/stats' do
-        settings.stats.get_stats(settings.job_queue.size)
+        get '/__lbheartbeat__' do
+          {
+            :status  => "OK",
+            :message => "Keep sending requests. I am still alive."
+          }.to_json
+        end
       end
 
-      get '/__lbheartbeat__' do
-        {
-          :status  => "OK",
-          :message => "Keep sending requests. I am still alive."
-        }.to_json
-      end
-    end
+      def self.run!(options = {}, &block)
+        set options
 
-    def self.run!(options = {}, &block)
-      set options
-
-      configure do
-        enable :logging
-        set :bind, options["bind"] || '127.0.0.1'
-        set :server, "thin"
-        set :logger, Logger.new(STDOUT)
-        set :job_queue, JobQueue.new()
-        set :db, SSHScan::Database.from_hash(options)
-        set :results, {}
-        set :stats, SSHScan::Stats.new
-        set :authentication, options["authentication"]
-        set :authenticator, SSHScan::Authenticator.from_config_file(
-          options["config_file"]
-        )
-      end
+        configure do
+          enable :logging
+          set :bind, ENV['SSHSCAN_API_HOST'] || '127.0.0.1'
+          set :port, (ENV['SSHSCAN_API_PORT'] || 8000).to_i
+          set :server, "thin"
+          set :logger, Logger.new(STDOUT)
+          #set :database_file, File.join(File.dirname(__FILE__),"../../config/database.yml")
 
-      super do |server|
-        # No SSL on app, SSL termination happens in nginx for a prod deployment
-        server.ssl = false
+          database_adapter = 'postgresql'
+          database_host = ENV['SSHSCAN_DATABASE_HOST'] || '127.0.0.1'
+          database_name = ENV['SSHSCAN_DATABASE_NAME'] || 'ssh_observatory'
+          database_username = ENV['SSHSCAN_DATABASE_USERNAME'] || 'sshobs'
+          database_pool = 5
+          database_timeout = 5000
+
+          set :database, { adapter: database_adapter, database: database_name, username: database_username, host: database_host, pool: database_pool, timeout: database_timeout}
+          set :authentication, ENV['SSHSCAN_API_AUTHENTICATION'] == "true" || false
+          set :authenticator, SSHScan::Api::Authenticator.new()
+          set :target_validator, SSHScan::Api::TargetValidator.new()
+          set :allowed_ports, options["allowed_ports"]
+          set :protection, false
+        end
+
+        super
       end
+
     end
   end
-end
+end