goosebit 0.1.0__tar.gz → 0.1.1__tar.gz

goosebit-0.1.1/PKG-INFO

@@ -0,0 +1,73 @@
+Metadata-Version: 2.1
+Name: goosebit
+Version: 0.1.1
+Summary: 
+Author: Upstream Data
+Author-email: brett@upstreamdata.ca
+Requires-Python: >=3.11,<4.0
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Dist: aerich (>=0.7.2,<0.8.0)
+Requires-Dist: aiofiles (>=24.1.0,<25.0.0)
+Requires-Dist: argon2-cffi (>=23.1.0,<24.0.0)
+Requires-Dist: fastapi[uvicorn] (>=0.111.0,<0.112.0)
+Requires-Dist: itsdangerous (>=2.2.0,<3.0.0)
+Requires-Dist: jinja2 (>=3.1.4,<4.0.0)
+Requires-Dist: joserfc (>=1.0.0,<2.0.0)
+Requires-Dist: python-multipart (>=0.0.9,<0.0.10)
+Requires-Dist: semver (>=3.0.2,<4.0.0)
+Requires-Dist: tortoise-orm (>=0.21.4,<0.22.0)
+Requires-Dist: websockets (>=12.0,<13.0)
+Description-Content-Type: text/markdown
+
+# gooseBit
+<img src="docs/img/goosebit-logo.png" style="width: 100px; height: 100px; display: block;">
+
+---
+
+A simplistic, opinionated remote update server implementing hawkBit™'s [DDI API](https://eclipse.dev/hawkbit/apis/ddi_api/).
+
+## Setup
+
+To set up, install the dependencies in `pyproject.toml` with `poetry install`.  Then you can run gooseBit by running `main.py`.
+
+## Initial Startup
+
+The first time you start gooseBit, you should change the default username and password inside `settings.yaml`.
+The default login credentials for testing are `admin@goosebit.local`, `admin`.
+
+## Assumptions
+- [SWUpdate](https://swupdate.org) used on device side.
+
+## Current Feature Set
+
+### Firmware repository
+Uploading firmware images through frontend. All files should follow the format `{model}_{revision}_{version}`, where
+`version` is either a semantic version or a datetime version in the format `YYYYMMDD-HHmmSS`.
+
+### Automatic device registration
+First time a new device connects, its configuration data is requested. `hw_model` and `hw_revision` are captured from
+the configuration data (both fall back to `default` if not provided) which allows to distinguish different device
+types and their revisions.
+
+### Automatically update device to newest firmware
+Once a device is registered it will get the newest available firmware from the repository based on model and revision.
+
+### Manually update device to specific firmware
+Frontend allows to assign specific firmware to be rolled out.
+
+### Firmware rollout
+Rollouts allow a fine-grained assignment of firmwares to devices. The reported device model and revision is combined
+with the manually set feed and flavor values on a device to determine a matching rollout.
+
+The feed is meant to model either different environments (like: dev, qa, live) or update channels (like. candidate,
+fast, stable).
+
+The flavor can be used for different type of builds (like: debug, prod).
+
+### Pause updates
+Device can be pinned to its current firmware.
+
+### Realtime update logs
+While an update is running, the update logs are captured and visualized in the frontend.

goosebit-0.1.1/README.md

@@ -0,0 +1,50 @@
+# gooseBit
+<img src="docs/img/goosebit-logo.png" style="width: 100px; height: 100px; display: block;">
+
+---
+
+A simplistic, opinionated remote update server implementing hawkBit™'s [DDI API](https://eclipse.dev/hawkbit/apis/ddi_api/).
+
+## Setup
+
+To set up, install the dependencies in `pyproject.toml` with `poetry install`.  Then you can run gooseBit by running `main.py`.
+
+## Initial Startup
+
+The first time you start gooseBit, you should change the default username and password inside `settings.yaml`.
+The default login credentials for testing are `admin@goosebit.local`, `admin`.
+
+## Assumptions
+- [SWUpdate](https://swupdate.org) used on device side.
+
+## Current Feature Set
+
+### Firmware repository
+Uploading firmware images through frontend. All files should follow the format `{model}_{revision}_{version}`, where
+`version` is either a semantic version or a datetime version in the format `YYYYMMDD-HHmmSS`.
+
+### Automatic device registration
+First time a new device connects, its configuration data is requested. `hw_model` and `hw_revision` are captured from
+the configuration data (both fall back to `default` if not provided) which allows to distinguish different device
+types and their revisions.
+
+### Automatically update device to newest firmware
+Once a device is registered it will get the newest available firmware from the repository based on model and revision.
+
+### Manually update device to specific firmware
+Frontend allows to assign specific firmware to be rolled out.
+
+### Firmware rollout
+Rollouts allow a fine-grained assignment of firmwares to devices. The reported device model and revision is combined
+with the manually set feed and flavor values on a device to determine a matching rollout.
+
+The feed is meant to model either different environments (like: dev, qa, live) or update channels (like. candidate,
+fast, stable).
+
+The flavor can be used for different type of builds (like: debug, prod).
+
+### Pause updates
+Device can be pinned to its current firmware.
+
+### Realtime update logs
+While an update is running, the update logs are captured and visualized in the frontend.

{goosebit-0.1.0 → goosebit-0.1.1}/goosebit/__init__.py

@@ -49,14 +49,14 @@ async def login_ui(request: Request):
 
 
 @app.post("/login", include_in_schema=False, dependencies=[Depends(authenticate_user)])
-async def login(form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
-    resp = RedirectResponse("/ui/home", status_code=302)
+async def login(request: Request, form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
+    resp = RedirectResponse(request.url_for("ui_root"), status_code=302)
     resp.set_cookie(key="session_id", value=create_session(form_data.username))
     return resp
 
 
 @app.get("/logout", include_in_schema=False)
 async def logout(request: Request):
-    resp = RedirectResponse("/login", status_code=302)
+    resp = RedirectResponse(request.url_for("login_ui"), status_code=302)
     resp.delete_cookie(key="session_id")
     return resp

{goosebit-0.1.0 → goosebit-0.1.1}/goosebit/api/devices.py

@@ -30,15 +30,19 @@ async def devices_get_all() -> list[dict]:
             last_seen = round(time.time() - device.last_seen)
         return {
             "uuid": device.uuid,
-            "web_pwd": device.web_pwd,
             "name": device.name,
             "fw": device.fw_version,
             "fw_file": device.fw_file,
+            "hw_model": device.hw_model,
+            "hw_revision": device.hw_revision,
+            "progress": device.progress,
             "state": device.last_state,
             "force_update": manager.force_update,
             "last_ip": device.last_ip,
             "last_seen": last_seen,
-            "online": last_seen < 120 if last_seen is not None else None,
+            "online": (
+                last_seen < manager.poll_seconds if last_seen is not None else None
+            ),
         }
 
     return list(await asyncio.gather(*[parse(d) for d in devices]))

{goosebit-0.1.0 → goosebit-0.1.1}/goosebit/api/firmware.py

@@ -4,8 +4,8 @@ from fastapi.requests import Request
 from goosebit.auth import validate_user_permissions
 from goosebit.permissions import Permissions
 from goosebit.settings import UPDATES_DIR
-from goosebit.updater.misc import fw_sort_key, get_newest_fw
-from goosebit.updater.updates import FirmwareArtifact
+from goosebit.updater.misc import fw_sort_key
+from goosebit.updates.artifacts import FirmwareArtifact
 
 router = APIRouter(prefix="/firmware")
 
@@ -37,19 +37,6 @@ async def firmware_get_all() -> list[dict]:
     return firmware
 
 
-@router.get(
-    "/latest",
-    dependencies=[
-        Security(validate_user_permissions, scopes=[Permissions.FIRMWARE.READ])
-    ],
-)
-async def firmware_get_latest() -> dict:
-    UPDATES_DIR.mkdir(parents=True, exist_ok=True)
-
-    file_data = UPDATES_DIR.joinpath(get_newest_fw())
-    return {"name": file_data.name, "size": file_data.stat().st_size}
-
-
 @router.post(
     "/delete",
     dependencies=[

goosebit-0.1.1/goosebit/api/rollouts.py

@@ -0,0 +1,36 @@
+from __future__ import annotations
+
+from fastapi import APIRouter, Security
+
+from goosebit.auth import validate_user_permissions
+from goosebit.models import Rollout
+from goosebit.permissions import Permissions
+
+router = APIRouter(prefix="/rollouts")
+
+
+@router.get(
+    "/all",
+    dependencies=[
+        Security(validate_user_permissions, scopes=[Permissions.ROLLOUT.READ])
+    ],
+)
+async def rollouts_get_all() -> list[dict]:
+    rollouts = await Rollout.all()
+
+    def parse(rollout: Rollout) -> dict:
+        return {
+            "id": rollout.id,
+            "created_at": rollout.created_at,
+            "name": rollout.name,
+            "hw_model": rollout.hw_model,
+            "hw_revision": rollout.hw_revision,
+            "feed": rollout.feed,
+            "flavor": rollout.flavor,
+            "fw_file": rollout.fw_file,
+            "paused": rollout.paused,
+            "success_count": rollout.success_count,
+            "failure_count": rollout.failure_count,
+        }
+
+    return [parse(r) for r in rollouts]

{goosebit-0.1.0 → goosebit-0.1.1}/goosebit/api/routes.py

@@ -1,6 +1,6 @@
 from fastapi import APIRouter, Depends
 
-from goosebit.api import devices, download, firmware
+from goosebit.api import devices, download, firmware, rollouts
 from goosebit.auth import authenticate_api_session
 
 router = APIRouter(
@@ -8,4 +8,5 @@ router = APIRouter(
 )
 router.include_router(firmware.router)
 router.include_router(devices.router)
+router.include_router(rollouts.router)
 router.include_router(download.router)

{goosebit-0.1.0 → goosebit-0.1.1}/goosebit/auth/__init__.py

@@ -4,7 +4,8 @@ from fastapi import Depends, HTTPException
 from fastapi.requests import Request
 from fastapi.security import SecurityScopes
 from fastapi.websockets import WebSocket
-from jose import jwt
+from joserfc import jwt
+from joserfc.errors import BadSignatureError
 
 from goosebit.settings import PWD_CXT, SECRET, USERS
 
@@ -20,7 +21,7 @@ async def authenticate_user(request: Request):
             headers={"location": str(request.url_for("login"))},
             detail="Invalid credentials",
         )
-    if not PWD_CXT.verify(password, user.hashed_pwd):
+    if not PWD_CXT.verify(user.hashed_pwd, password):
         raise HTTPException(
             status_code=302,
             headers={"location": str(request.url_for("login"))},
@@ -29,46 +30,49 @@ async def authenticate_user(request: Request):
     return user
 
 
-sessions = {}
-
-
-def create_session(email: str) -> str:
-    token = jwt.encode({"email": email}, SECRET)
-    sessions[token] = email
-    return token
+def create_session(username: str) -> str:
+    return jwt.encode(
+        header={"alg": "HS256"}, claims={"username": username}, key=SECRET
+    )
 
 
 def authenticate_session(request: Request):
     session_id = request.cookies.get("session_id")
-    if session_id is None or session_id not in sessions:
+    if session_id is None:
         raise HTTPException(
             status_code=302,
             headers={"location": str(request.url_for("login"))},
             detail="Invalid session ID",
         )
     user = get_user_from_session(session_id)
+    if user is None:
+        raise HTTPException(
+            status_code=302,
+            headers={"location": str(request.url_for("login"))},
+            detail="Invalid username",
+        )
     return user
 
 
 def authenticate_api_session(request: Request):
     session_id = request.cookies.get("session_id")
-    if session_id is None or session_id not in sessions:
-        raise HTTPException(status_code=401, detail="Not logged in")
     user = get_user_from_session(session_id)
+    if user is None:
+        raise HTTPException(status_code=401, detail="Not logged in")
     return user
 
 
 def authenticate_ws_session(websocket: WebSocket):
     session_id = websocket.cookies.get("session_id")
-    if session_id is None or session_id not in sessions:
-        raise HTTPException(status_code=401, detail="Not logged in")
     user = get_user_from_session(session_id)
+    if user is None:
+        raise HTTPException(status_code=401, detail="Not logged in")
     return user
 
 
 def auto_redirect(request: Request):
     session_id = request.cookies.get("session_id")
-    if session_id is None or session_id not in sessions:
+    if get_user_from_session(session_id) is None:
         return request
     raise HTTPException(
         status_code=302,
@@ -78,16 +82,20 @@ def auto_redirect(request: Request):
 
 
 def get_user_from_session(session_id: str):
-    for username in USERS:
-        if username == sessions.get(session_id):
-            return username
+    if session_id is None:
+        return
+    try:
+        session_data = jwt.decode(session_id, SECRET)
+        return session_data.claims["username"]
+    except (BadSignatureError, LookupError):
+        pass
 
 
 def get_current_user(request: Request):
     session_id = request.cookies.get("session_id")
-    if session_id is None or session_id not in sessions:
-        return None
     user = get_user_from_session(session_id)
+    if user is None:
+        return None
     return USERS[user]
 
 

goosebit-0.1.1/goosebit/models.py

@@ -0,0 +1,40 @@
+from tortoise import Model, fields
+
+
+class Tag(Model):
+    id = fields.IntField(primary_key=True)
+    name = fields.CharField(max_length=255)
+
+
+class Device(Model):
+    uuid = fields.CharField(max_length=255, primary_key=True)
+    name = fields.CharField(max_length=255, null=True)
+    fw_file = fields.CharField(max_length=255, default="latest")
+    fw_version = fields.CharField(max_length=255, null=True)
+    hw_model = fields.CharField(max_length=255, null=True, default="default")
+    hw_revision = fields.CharField(max_length=255, null=True, default="default")
+    feed = fields.CharField(max_length=255, default="default")
+    flavor = fields.CharField(max_length=255, default="default")
+    last_state = fields.CharField(max_length=255, null=True, default="unknown")
+    progress = fields.IntField(null=True)
+    last_log = fields.TextField(null=True)
+    last_seen = fields.BigIntField(null=True)
+    last_ip = fields.CharField(max_length=15, null=True)
+    last_ipv6 = fields.CharField(max_length=40, null=True)
+    tags = fields.ManyToManyField(
+        "models.Tag", related_name="devices", through="device_tags"
+    )
+
+
+class Rollout(Model):
+    id = fields.IntField(primary_key=True)
+    created_at = fields.DatetimeField(auto_now_add=True)
+    name = fields.CharField(max_length=255, null=True)
+    hw_model = fields.CharField(max_length=255, default="default")
+    hw_revision = fields.CharField(max_length=255, default="default")
+    feed = fields.CharField(max_length=255, default="default")
+    flavor = fields.CharField(max_length=255, default="default")
+    fw_file = fields.CharField(max_length=255)
+    paused = fields.BooleanField(default=False)
+    success_count = fields.IntField(default=0)
+    failure_count = fields.IntField(default=0)

{goosebit-0.1.0 → goosebit-0.1.1}/goosebit/permissions.py

@@ -22,10 +22,10 @@ class DevicePermissions(PermissionsBase):
     DELETE = "devices.delete"
 
 
-class TunnelPermissions(PermissionsBase):
-    READ = "tunnels.read"
-    WRITE = "tunnels.write"
-    DELETE = "tunnels.delete"
+class RolloutPermissions(PermissionsBase):
+    READ = "rollouts.read"
+    WRITE = "rollouts.write"
+    DELETE = "rollouts.delete"
 
 
 class HomePermissions(PermissionsBase):
@@ -36,15 +36,29 @@ class Permissions:
     HOME = HomePermissions
     FIRMWARE = FirmwarePermissions
     DEVICE = DevicePermissions
-    TUNNEL = TunnelPermissions
+    ROLLOUT = RolloutPermissions
 
     @classmethod
     def full(cls):
         all_items = set()
-        for item in [cls.HOME, cls.FIRMWARE, cls.DEVICE, cls.TUNNEL]:
+        for item in [cls.HOME, cls.FIRMWARE, cls.DEVICE, cls.ROLLOUT]:
             all_items.update(item.full())
         return list(all_items)
 
+    @classmethod
+    def from_str(cls, permission: str):
+        if permission == "*":
+            return cls.full()
+        permission_type = permission.split(".")[0]
+        if permission_type == "firmware":
+            return FirmwarePermissions(permission)
+        if permission_type == "devices":
+            return DevicePermissions(permission)
+        if permission_type == "rollouts":
+            return RolloutPermissions(permission)
+        if permission_type == "home":
+            return HomePermissions(permission)
+
 
 ADMIN = Permissions.full()
 MONITORING = [

{goosebit-0.1.0 → goosebit-0.1.1}/goosebit/realtime/logs.py

@@ -14,6 +14,7 @@ router = APIRouter(prefix="/logs")
 
 class RealtimeLogModel(BaseModel):
     log: str | None
+    progress: int | None
     clear: bool = False
 
 
@@ -29,7 +30,7 @@ async def device_logs(websocket: WebSocket, dev_id: str):
     manager = await get_update_manager(dev_id)
 
     async def callback(log_update):
-        data = RealtimeLogModel(log=log_update)
+        data = RealtimeLogModel(log=log_update, progress=manager.device.progress)
         if log_update is None:
             data.clear = True
             data.log = ""

goosebit-0.1.1/goosebit/settings.py

@@ -0,0 +1,66 @@
+import secrets
+from dataclasses import dataclass
+from pathlib import Path
+
+import yaml
+from argon2 import PasswordHasher
+
+from goosebit.permissions import Permissions
+from goosebit.updates.version import UpdateVersionParser
+
+BASE_DIR = Path(__file__).resolve().parent.parent
+TOKEN_SWU_DIR = BASE_DIR.joinpath("swugen")
+SWUPDATE_FILES_DIR = BASE_DIR.joinpath("swupdate")
+UPDATES_DIR = BASE_DIR.joinpath("updates")
+DB_MIGRATIONS_LOC = BASE_DIR.joinpath("migrations")
+
+SECRET = secrets.token_hex(16)
+PWD_CXT = PasswordHasher()
+
+with open(BASE_DIR.joinpath("settings.yaml"), "r") as f:
+    config = yaml.safe_load(f.read())
+
+TENANT = config.get("tenant", "DEFAULT")
+
+POLL_TIME = config.get("poll_time_default", "00:01:00")
+POLL_TIME_UPDATING = config.get("poll_time_updating", "00:00:05")
+POLL_TIME_REGISTRATION = config.get("poll_time_registration", "00:00:10")
+
+DB_LOC = BASE_DIR.joinpath(config.get("db_location", "db.sqlite3"))
+DB_URI = f"sqlite:///{DB_LOC}"
+
+UPDATE_VERSION_PARSER = UpdateVersionParser.create(
+    parse_mode=config.get("version_format", "datetime"),
+)
+
+
+@dataclass
+class User:
+    username: str
+    hashed_pwd: str
+    permissions: set
+
+    def get_json_permissions(self):
+        return [str(p) for p in self.permissions]
+
+
+users: dict[str, User] = {}
+
+
+def add_user(u: User):
+    users[u.username] = u
+
+
+for user in config.get("users", []):
+    permissions = set()
+    for p in user["permissions"]:
+        permissions.update(Permissions.from_str(p))
+    add_user(
+        User(
+            username=user["email"],
+            hashed_pwd=PWD_CXT.hash(user["password"]),
+            permissions=permissions,
+        )
+    )
+
+USERS = users

{goosebit-0.1.0 → goosebit-0.1.1}/goosebit/ui/routes.py

@@ -1,5 +1,5 @@
 import aiofiles
-from fastapi import APIRouter, Depends, Form, Security, UploadFile
+from fastapi import APIRouter, Depends, Form, HTTPException, Security, UploadFile
 from fastapi.requests import Request
 from fastapi.responses import RedirectResponse
 from fastapi.security import OAuth2PasswordBearer
@@ -8,6 +8,7 @@ from goosebit.auth import authenticate_session, validate_user_permissions
 from goosebit.permissions import Permissions
 from goosebit.settings import UPDATES_DIR
 from goosebit.ui.templates import templates
+from goosebit.updater.misc import validate_filename
 
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login")
 
@@ -46,6 +47,9 @@ async def upload_update(
     done: bool = Form(...),
     filename: str = Form(...),
 ):
+    if not validate_filename(filename):
+        raise HTTPException(400, detail="Could not parse file data, invalid filename.")
+
     file = UPDATES_DIR.joinpath(filename)
     tmpfile = file.with_suffix(".tmp")
     contents = await chunk.read()
@@ -81,24 +85,24 @@ async def devices_ui(request: Request):
 
 
 @router.get(
-    "/logs/{dev_id}",
+    "/rollouts",
     dependencies=[
-        Security(validate_user_permissions, scopes=[Permissions.DEVICE.READ])
+        Security(validate_user_permissions, scopes=[Permissions.ROLLOUT.READ])
     ],
 )
-async def logs_ui(request: Request, dev_id: str):
+async def rollouts_ui(request: Request):
     return templates.TemplateResponse(
-        "logs.html", context={"request": request, "title": "Log", "device": dev_id}
+        "rollouts.html", context={"request": request, "title": "Rollouts"}
     )
 
 
 @router.get(
-    "/tunnels",
+    "/logs/{dev_id}",
     dependencies=[
-        Security(validate_user_permissions, scopes=[Permissions.TUNNEL.READ])
+        Security(validate_user_permissions, scopes=[Permissions.DEVICE.READ])
     ],
 )
-async def tunnels_ui(request: Request):
+async def logs_ui(request: Request, dev_id: str):
     return templates.TemplateResponse(
-        "tunnels.html", context={"request": request, "title": "Tunnels"}
+        "logs.html", context={"request": request, "title": "Log", "device": dev_id}
     )

{goosebit-0.1.0 → goosebit-0.1.1}/goosebit/ui/static/js/devices.js

@@ -40,6 +40,8 @@ document.addEventListener("DOMContentLoaded", function() {
                 }
             },
             { data: 'uuid' },
+            { data: 'hw_model' },
+            { data: 'hw_revision' },
             { data: 'fw' },
             {
                 data: 'force_update',
@@ -56,6 +58,16 @@ document.addEventListener("DOMContentLoaded", function() {
                 }
             },
             { data: 'fw_file' },
+            {
+                data: 'progress',
+                render: function(data, type, row) {
+                    if ( type === 'display' || type === 'filter' ) {
+                        return (data || "❓") + "%";
+                    }
+                    return data;
+                }
+
+            },
             { data: 'last_ip' },
             {
                 data: 'last_seen',
@@ -210,17 +222,20 @@ function updateFirmwareSelection() {
     .then(data => {
         selectElem = document.getElementById("device-selected-fw");
 
+        optionElem = document.createElement("option");
+        optionElem.value = "none";
+        optionElem.textContent = "none";
+        selectElem.appendChild(optionElem);
+
         optionElem = document.createElement("option");
         optionElem.value = "latest";
         optionElem.textContent = "latest";
-
         selectElem.appendChild(optionElem);
 
         data.forEach(item => {
             optionElem = document.createElement("option");
             optionElem.value = item["name"];
             optionElem.textContent = item["name"];
-
             selectElem.appendChild(optionElem);
         });
     })

{goosebit-0.1.0 → goosebit-0.1.1}/goosebit/ui/static/js/firmware.js

@@ -45,6 +45,15 @@ const sendFileChunks = async (file) => {
             const progress = (uploadedChunks / totalChunks) * 100;
             progressBar.style.width = `${progress}%`;
             progressBar.innerHTML = `${Math.round(progress)}%`;
+        } else {
+            if (response.status === 400) {
+                result = await response.json()
+                alerts = document.getElementById("upload-alerts");
+                alerts.innerHTML = `<div class="alert alert-warning alert-dismissible fade show" role="alert">
+                    ${result["detail"]}
+                    <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+                </div>`
+            }
         }
 
         start = end;
@@ -84,7 +93,7 @@ function updateFirmwareList() {
 
         data.forEach(item => {
             const listItem = document.createElement('li');
-            listItem.textContent = item["version"];
+            listItem.textContent = `${item["name"]}, size: ${(item["size"] / 1024 / 1024).toFixed(2)} MB`;
             listItem.classList = ["list-group-item d-flex justify-content-between align-items-center"];
 
             const btnGroup = document.createElement("div")