Merge branch 'channels' into 'master'

Base Channels setup See merge request !538

Merge branch 'channels' into 'master'
0bd9ba93 · Bastien Abadie · 5a1e8c12 · ae849699 · 0bd9ba93 · 0bd9ba93
Commit 0bd9ba93 authored 5 years ago by Bastien Abadie
--- a/Dockerfile
+++ b/Dockerfile
-FROM registry.gitlab.com/arkindex/backend:base-0.10.1
+FROM registry.gitlab.com/arkindex/backend:base-0.10.3

 ARG COMMON_BRANCH=master
 ARG COMMON_ID=9855787
@@ -26,12 +26,12 @@ RUN \
 # Install arkindex and its deps
 # Uses a source archive instead of full local copy to speedup docker build
 COPY dist/arkindex-*.tar.gz /tmp/arkindex.tar.gz
-RUN pip install /tmp/arkindex.tar.gz gunicorn==19.9 && rm /tmp/arkindex.tar.gz
+RUN pip install /tmp/arkindex.tar.gz && rm /tmp/arkindex.tar.gz

 # Allow access to logs
 RUN mkdir -p /logs
 RUN chown -R ark:teklia /logs

-# Run through supervisor
+# Run with Daphne
 EXPOSE 80
-CMD ["gunicorn", "--access-logfile=-", "--capture-output", "--bind=0.0.0.0:80", "arkindex.project.wsgi"]
+CMD ["daphne", "--verbosity=1", "--bind=0.0.0.0", "--port=80", "arkindex.project.asgi:application"]
--- a/arkindex/project/asgi.py
+++ b/arkindex/project/asgi.py
+"""
+ASGI entrypoint. Configures Django and then runs the application
+defined in the ASGI_APPLICATION setting.
+"""
+
+import os
+import django
+from channels.routing import get_default_application
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "arkindex.project.settings")
+os.environ['ALL_CHECKS'] = 'true'
+django.setup()
+application = get_default_application()
--- a/arkindex/project/consumers.py
+++ b/arkindex/project/consumers.py
+from channels.exceptions import DenyConnection
+from channels.generic.websocket import AsyncJsonWebsocketConsumer
+
+
+class ConsumerPermission(object):
+    """
+    Base class for permission classes on Channels consumers.
+    """
+
+    def has_permission(self, consumer):
+        return True
+
+
+class IsAuthenticated(ConsumerPermission):
+    """
+    Restrict connections to authenticated users.
+    """
+
+    def has_permission(self, consumer):
+        if not consumer.user.is_authenticated:
+            return False
+        return super().has_permission(consumer)
+
+
+class IsAdmin(ConsumerPermission):
+    """
+    Restrict connections to admin users.
+    """
+
+    def has_permission(self, consumer):
+        if not consumer.user.is_authenticated or not consumer.user.is_admin:
+            return False
+        return super().has_permission(consumer)
+
+
+class AuthConsumer(AsyncJsonWebsocketConsumer):
+    permission_classes = ()
+
+    async def connect(self):
+        self.user = self.scope["user"]
+        for permission_class in self.permission_classes:
+            if not permission_class().has_permission(self):
+                # Raise instead of using self.close() because it allows subclasses
+                # to call await super().connect() and continue only when connections are accepted
+                raise DenyConnection
+        await self.accept()
--- a/arkindex/project/routing.py
+++ b/arkindex/project/routing.py
+from channels.auth import AuthMiddlewareStack
+from channels.routing import ProtocolTypeRouter, URLRouter
+from channels.security.websocket import AllowedHostsOriginValidator
+
+application = ProtocolTypeRouter({
+    'websocket': AllowedHostsOriginValidator(
+        AuthMiddlewareStack(
+            URLRouter([
+            ]),
+        ),
+    ),
+})
--- a/arkindex/project/settings.py
+++ b/arkindex/project/settings.py
@@ -117,6 +117,7 @@ INSTALLED_APPS = [
    'django_admin_hstore_widget',

    # Tools
+    'channels',
    'rest_framework',
    'rest_framework.authtoken',
    'django_filters',
@@ -162,6 +163,7 @@ TEMPLATES = [
 ]

 WSGI_APPLICATION = 'arkindex.project.wsgi.application'
+ASGI_APPLICATION = 'arkindex.project.routing.application'


 # Password validation
@@ -277,6 +279,18 @@ CACHES = {
    }
 }

+# Django Channels layer using Redis
+CHANNEL_LAYERS = {
+    "default": {
+        "BACKEND": "channels_redis.core.RedisChannelLayer",
+        "CONFIG": {
+            "hosts": [
+                (os.environ.get('REDIS_HOST', 'localhost'), 6379)
+            ],
+        },
+    },
+}
+
 LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
@@ -319,6 +333,10 @@ LOGGING = {
            'level': 'INFO',
            'propagate': True,
        },
+        'daphne.server': {
+            'handlers': ['console_debug'],
+            'level': 'INFO',
+        },
        'arkindex.documents.importer': {
            'handlers': ['importers'],
            'level': 'DEBUG',
@@ -363,6 +381,8 @@ CSRF_COOKIE_DOMAIN = os.environ.get('COOKIE_DOMAIN')

 SESSION_COOKIE_NAME = 'arkindex.auth'
 SESSION_COOKIE_DOMAIN = os.environ.get('COOKIE_DOMAIN')
+# Required for authentication over websockets
+SESSION_COOKIE_HTTPONLY = False

 CORS_ORIGIN_WHITELIST = env2list('CORS_ORIGIN_WHITELIST', default=[
    'universalviewer.io',

--- a/base/requirements.txt
+++ b/base/requirements.txt
@@ -2,9 +2,11 @@ boto3==1.9
 cryptography>=2.7
 Django==2.2
 elasticsearch==6.2.0
+hiredis==1.0.0
 ijson==2.3
 lxml==4.2.3
 openpyxl==2.4.9
 Pillow==4.3.0
 psycopg2==2.7.3.2
 python-Levenshtein==0.12.0
+Twisted==19.7.0
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,6 +2,8 @@

 arkindex-common==0.2.0
 certifi==2017.7.27.1
+channels==2.3.1
+channels-redis==2.4.1
 chardet==3.0.4
 django-admin-hstore-widget==1.0.1
 django-cors-headers==2.4.0