add worker skeleton fastapi setup

Author: CrysR

src/worker/.env.example

@@ -0,0 +1,23 @@
+# The following are required in all environments
+ENV="LOCAL"
+# Generate the following using `openssl rand -hex 32`
+SECRET_KEY = ""
+ALGORITHM = "HS256"
+ACCESS_TOKEN_EXPIRE_MINUTES = 120
+
+# The username and password used to authenticate to this worker to trigger SFTP calls.
+# These are SECRET.
+USERNAME="tester-user"
+PASSWORD="tester-pw"
+
+# GCP related keys. Retrieved for the service account with write access to GCS here: https://stackoverflow.com/questions/46287267/how-can-i-get-the-file-service-account-json-for-google-translate-api
+GCP_SERVICE_ACCOUNT_KEY_PATH=""
+
+# SFTP related env vars
+SFTP_HOST=""
+SFTP_PORT=""
+SFTP_USER=""
+SFTP_PASSWORD=""
+
+# API key to access the SST backend.
+BACKEND_API_KEY=""

src/worker/README.md

@@ -0,0 +1,40 @@
+# REST API for SST peripheral jobs/actions.
+
+There is no user database. This job has no access to the databases used by the SST.
+
+### Prerequisites
+
+In order to work with and test GCS related functionality, you'll need to setup default credentials:
+https://cloud.google.com/docs/authentication/set-up-adc-local-dev-environment#local-user-cred
+
+You will also need to add the permission Storage Writer or Storage Admin to your Datakind Account in GCP to allow for local interaction with the storage buckets.
+
+### For local testing:
+
+Enter into the root directory of the repo.
+
+
+1. Copy the `.env.example` file to `.env`
+1. Run `export ENV_FILE_PATH='/full/path/to/.env'`
+1. `python3 -m venv .venv`
+1. `source .venv/bin/activate`
+1. `pip install uv`
+1. `uv sync --all-extras --dev`
+1. `coverage run -m pytest  -v -s ./src/webapp/`
+
+For all of the following, be in the repo root folder (`student-success-tool/`).
+
+Spin up the app locally:
+
+1. `fastapi dev src/webapp/main.py`
+1. Go to `http://127.0.0.1:8000/docs`
+1. Hit the `Authorize` button on the top right and enter the tester credentials:
+
+* username: `tester-user`
+* password: `tester-pw`
+
+Before committing, make sure to run:
+
+1. `black src/webapp/.`
+1. Test using `coverage run -m pytest  -v -s ./src/webapp/*.py`
+1. Test using `coverage run -m pytest  -v -s ./src/webapp/routers/*.py`

src/worker/authn.py

@@ -0,0 +1,75 @@
+import jwt
+
+from fastapi.security import (
+    OAuth2PasswordBearer,
+    OAuth2PasswordRequestForm,
+    APIKeyHeader,
+    APIKeyQuery,
+)
+from pydantic import BaseModel
+from datetime import timedelta, datetime, timezone
+from .config import env_vars
+from typing import Annotated
+from fastapi import Depends, HTTPException, status
+
+
+oauth2_scheme = OAuth2PasswordBearer(
+    tokenUrl="token",
+)
+
+
+class Token(BaseModel):
+    access_token: str
+    token_type: str
+
+
+class TokenData(BaseModel):
+    username: str | None = None
+
+
+def check_creds(username: str, password: str):
+    if username == env_vars["USERNAME"] and password == env_vars["PASSWORD"]:
+        return True
+    raise HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Creds for worker job not correct",
+    )
+
+
+def create_access_token(data: dict, expires_delta: timedelta | None = None):
+    to_encode = data.copy()
+    if expires_delta:
+        expire = datetime.now(timezone.utc) + expires_delta
+    else:
+        expire = datetime.now(timezone.utc) + timedelta(
+            minutes=env_vars["ACCESS_TOKEN_EXPIRE_MINUTES"]
+        )
+    to_encode.update({"exp": expire})
+    encoded_jwt = jwt.encode(
+        to_encode, env_vars["SECRET_KEY"], algorithm=env_vars["ALGORITHM"]
+    )
+    return encoded_jwt
+
+
+async def get_current_username(
+    token: Annotated[str, Depends(oauth2_scheme)],
+) -> str:
+    credentials_exception = HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Could not validate credentials",
+        headers={"WWW-Authenticate": "Bearer"},
+    )
+    username = ""
+    try:
+        payload = jwt.decode(
+            token, env_vars["SECRET_KEY"], algorithms=env_vars["ALGORITHM"]
+        )
+        username = payload.get("sub")
+        if username is None:
+            raise credentials_exception
+        token_data = TokenData(username=username)
+    except InvalidTokenError:
+        raise credentials_exception
+    if token_data.username != env_vars["USERNAME"]:
+        raise credentials_exception
+    return username

src/worker/authn_test.py

@@ -0,0 +1,13 @@
+"""Test file for authn.py.
+"""
+
+import pytest
+
+from fastapi import HTTPException
+
+PASSWORD_STR = "pass123"
+
+
+def test_password_functions():
+    """Run tests on various password functions."""
+    assert True

src/worker/config.py

@@ -0,0 +1,82 @@
+"""Helper dict to retrieve OS env variables. This list includes all environment variables needed.
+"""
+
+import os
+from dotenv import load_dotenv
+
+# defaults to unit test values.
+env_vars = {
+    "ENV": "LOCAL",
+    "SECRET_KEY": "",
+    "ALGORITHM": "HS256",
+    "ACCESS_TOKEN_EXPIRE_MINUTES": "120",
+    "USERNAME": "tester-user",
+    "PASSWORD": "tester-pw",
+    "BACKEND_API_KEY": "",
+}
+
+gcs_vars = {
+    "GCP_SERVICE_ACCOUNT_KEY_PATH": "",
+}
+
+sftp_vars = {
+    "SFTP_HOST": "",
+    "SFTP_PORT": "",
+    "SFTP_USER": "",
+    "SFTP_PASSWORD": "",
+}
+
+
+# Setup function to get environment variables. Should be called at startup time.
+def startup_env_vars():
+    env_file = os.environ.get("ENV_FILE_PATH")
+    if not env_file:
+        raise ValueError(
+            "Missing .env filepath variable. Required. Set ENV_FILE_PATH to full path of .env file."
+        )
+    load_dotenv(env_file)
+    global env_vars
+    for name in env_vars:
+        env_var = os.environ.get(name)
+        if not env_var:
+            raise ValueError(
+                "Missing " + name + " value missing. Required environment variable."
+            )
+        if name == "ENV" and env_var not in [
+            "PROD",
+            "STAGING",
+            "DEV",
+            "LOCAL",
+        ]:
+            raise ValueError(
+                "ENV environment variable not one of: PROD, STAGING, DEV, LOCAL."
+            )
+        if (
+            name == "ACCESS_TOKEN_EXPIRE_MINUTES"
+            or name == "ACCESS_TOKEN_EXPIRE_MINUTES"
+        ) and not env_var.isdigit():
+            raise ValueError(
+                "ACCESS_TOKEN_EXPIRE_MINUTES and ACCESS_TOKEN_EXPIRE_MINUTES environment variables must be an int."
+            )
+        env_vars[name] = env_var
+    if env_vars["ENV"] != "LOCAL":
+        global gcs_vars
+        for name in gcs_vars:
+            env_var = os.environ.get(name)
+            if not env_var:
+                raise ValueError(
+                    "Missing "
+                    + name
+                    + " value missing. Required GCP environment variable."
+                )
+            gcs_vars[name] = env_var
+        global sftp_vars
+        for name in sftp_vars:
+            env_var = os.environ.get(name)
+            if not env_var:
+                raise ValueError(
+                    "Missing "
+                    + name
+                    + " value missing. Required SFTP environment variable."
+                )
+            sftp_vars[name] = env_var

src/worker/index.html

@@ -6,6 +6,9 @@
     <title>SST Worker</title>
 </head>
 <body>
-    <p>SST Worker</p>
+    SST Worker: this worker provides endpoints for
+    <ul>
+    <li>Pulling from SFTP</li>
+</ul>
 </body>
 </html>