migrated some of files to docker folder

Author: fed1337

.dockerignore

@@ -9,4 +9,3 @@ lemur/static/dist
 node_modules
 bower_components
 .tmp
-migrations

Dockerfile

@@ -63,7 +63,7 @@ RUN useradd --create-home --shell /bin/bash lemur
 COPY --from=builder --chown=lemur:lemur /opt/lemur /opt/lemur
 
 # Ensure entrypoint is executable
-RUN chmod +x /opt/lemur/entrypoint
+RUN chmod +x /opt/lemur/docker/entrypoint.sh
 
 # Switch to the user
 USER lemur
@@ -72,4 +72,4 @@ USER lemur
 EXPOSE 80
 
 # Default command
-ENTRYPOINT ["/opt/lemur/entrypoint"]
+ENTRYPOINT ["/opt/lemur/docker/entrypoint.sh"]

Caddyfile docker/CaddyfileCaddyfile renamed to docker/Caddyfile

@@ -2,7 +2,6 @@
 set -e
 
 echo "[supervisor] Starting Lemur container..."
-install -Dm644 /opt/lemur/lemur.conf.py /home/lemur/.lemur/lemur.conf.py
 
 cd /opt/lemur
 
@@ -26,4 +25,4 @@ LEMUR_PID=$!
 trap 'echo "[supervisor] Caught stop signal"; kill "$LEMUR_PID" "$CADDY_PID" 2>/dev/null || true' SIGTERM SIGINT
 
 echo "[supervisor] Starting Caddy (foreground)..."
-exec caddy run --config /opt/lemur/Caddyfile
+exec caddy run --config /opt/lemur/docker/Caddyfile

entrypoint docker/entrypoint.shentrypoint renamed to docker/entrypoint.sh

@@ -1,15 +1,37 @@
 """
 Helper script to generate random values for Lemur configuration
 """
-from base64 import urlsafe_b64encode, b64encode
+
+import secrets
+import string
+from base64 import b64encode, urlsafe_b64encode
 from os import urandom
 from secrets import choice, token_hex
 from string import ascii_lowercase, ascii_uppercase, digits
+from time import time
+
+from cryptography.hazmat.primitives import hashes, hmac
 
 chars = ascii_uppercase + ascii_lowercase + digits + "~!@#$%^&*()_+"
 
+
+def get_random_secret(length):
+    """Similar to get_pseudo_random_string, but accepts a length parameter."""
+    return "".join(secrets.choice(chars) for x in range(length))
+
+
+def generate_state_token():
+    t = int(time())
+    ts = hex(t)[2:].encode("ascii")
+    h = hmac.HMAC(b64encode(get_random_secret(32).encode("utf8")), hashes.SHA256())
+    h.update(ts)
+    digest = b64encode(h.finalize())
+    state = ts + b":" + digest
+    return state.decode()
+
+
 print("LEMUR_ENCRYPTION_KEY:", urlsafe_b64encode(urandom(32)).decode())
-print("LEMUR_TOKEN_SECRET:", ''.join(choice(chars) for x in range(24)))
+print("LEMUR_TOKEN_SECRET:", "".join(choice(chars) for x in range(24)))
 print("SECRET:", token_hex())
 print("OAUTH2_SECRET:", token_hex())
-print("OAUTH_STATE_TOKEN_SECRET:", b64encode(urandom(32)))
+print("OAUTH_STATE_TOKEN_SECRET:", generate_state_token())

generate_tokens.py

@@ -29,13 +29,13 @@
 # You should consider storing these separately from your config
 LEMUR_TOKEN_SECRET = "EO5vLI6sBXBLKDJr_2AYYq"
 LEMUR_TOKEN_SECRETS = [LEMUR_TOKEN_SECRET]
-LEMUR_ENCRYPTION_KEYS = ['Q7AzDsZHJRaKdS4Obeb4bLw6tYRdTqQD24xHQqJbA4A=']
+LEMUR_ENCRYPTION_KEYS = ["Q7AzDsZHJRaKdS4Obeb4bLw6tYRdTqQD24xHQqJbA4A="]
 
 
-OAUTH2_SECRET = 'd105a7b3f365423a08917fa0455b353fce966e955c3a6e88f8ff149fac301a03'
+OAUTH2_SECRET = "d105a7b3f365423a08917fa0455b353fce966e955c3a6e88f8ff149fac301a03"
 
 # this is the secret used to generate oauth state tokens
-OAUTH_STATE_TOKEN_SECRET = b'jhyNmgizEixQRnWL8F9yTfGlKz3pp2ks2GGxAUoFYE8='
+OAUTH_STATE_TOKEN_SECRET = "693e7b68:VY7FS2WY13LQU2n6iBkCo3i7jpKBkyjNU7sQEZz5fXg="
 
 # REQUIRED
 # Certificate Defaults
@@ -66,7 +66,7 @@
 
 
 # Database settings
-SQLALCHEMY_DATABASE_URI = environ.get('SQLALCHEMY_DATABASE_URI', 'postgresql://lemur:lemur@localhost:5432/lemur')
+SQLALCHEMY_DATABASE_URI = environ.get("SQLALCHEMY_DATABASE_URI", "postgresql://lemur:lemur@localhost:5432/lemur")
 # SQLALCHEMY_ENABLE_FLASK_REPLICATED = False
 # SQLALCHEMY_TRACK_MODIFICATIONS = False
 # SQLALCHEMY_ECHO = True

lemur.conf.py

@@ -69,7 +69,7 @@ dependencies = [
     "idna==3.7",
     "importlib-resources==6.4.0",
     "inflection==0.5.1",
-    "invoke==2.2.0",
+    "invoke>=2.2.0",
     "itsdangerous==2.2.0",
     "javaobj-py3==0.4.4",
     "jinja2==3.1.6",