Update devapp1.yml (#1000)

* Update devapp1.yml

New release

* small bug fixes in async code. rename ov event svc and script fix

* small bug fixes in async code. rename ov event svc and script fix

* perms

* Bringing Phat's changes into current branch.

* Enhance send email from client server (#1013)

* Enhance send email from client server

* Change using email queue to call service

* Add toggle enable donate for Upstage (#1012)

* Add readme about send email

* Revert user_schema

* update email process

* change default setting

* update process send email

* update READme

* Move Donate toggle from system to foyer

* Fetch Stages after login (#1016)

* Fix fetchStage after login

* Fix send email external format

Co-authored-by: gloriajw <aagg@comcast.net>
Co-authored-by: Upstage system user <upstage@app1.upstage.org.nz-1621696771938-s-2vcpu-4gb-nyc1-01>
Co-authored-by: TuyetGiang <30744004+TuyetGiang@users.noreply.github.com>
Co-authored-by: giang <giang281197@gmail.com>

Author: 4 people

.github/workflows/devapp1.yml

@@ -6,7 +6,7 @@ name: DEVAPP1 CI
 on:
   # Triggers the workflow on push or approved pull request on R1-2021 branch
   push:
-    branches: [ Krombacher-23 ]
+    branches: [ GnarlyPine-24 ]
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
@@ -32,7 +32,7 @@ jobs:
           script: |
             cd /home/upstage/upstage/ui/dashboard/
             git fetch
-            git checkout Krombacher-23
+            git checkout GnarlyPine-24
             git pull
             yarn
             yarn build:dev

README.md

@@ -103,6 +103,19 @@ systemctl start upstage-streaming.service
 systemctl enable upstage-streaming.service
 ```
 
+7. Setup `Upstage Send Email Token To Cient Server`:
+```bash
+
+# Only setup on Upstage Prod
+# Create the systemd service using our example configuration
+cp system/prod/upstage_email_token.service /etc/systemd/system/upstage_email_token.service
+
+# Start the service
+systemctl start upstage_email_token.service
+
+# Enable the service if you want it start automatically on boot
+systemctl enable upstage_email_token.service
+```
 ## Configurations
 
 UpStage was designed to have multiple instances of it working independently. Each instance could have its own configurations set to get worked.
@@ -151,6 +164,19 @@ CIPHER_KEY='' # Paste the result from fernet_crypto.py
 SECRET_KEY='' # Paste the result from running __init__.py
 ```
 
+```python
+# When setup Send Email Service, only the Upstage server has permission to send the email. The Client-server has to call the external API of the Upstage server. 
+# Upstage server will generate and send a token to each client server every 10 minutes. That token has expired in 10 minutes. Client-server stores that token in MongoDB and uses that token to call the sendEmailExternal API of the Upstage server
+EMAIL_USE_TLS = True
+EMAIL_HOST = 'mail.gandi.net'
+EMAIL_HOST_USER = ''
+EMAIL_HOST_PASSWORD = ''
+EMAIL_PORT = 465
+ADMIN_EMAIL = '' # A list admin email always in bcc
+EMAIL_HOST_DISPLAY_NAME = 'UpStage Support'
+ACCEPT_SERVER_SEND_EMAIL_EXTERNAL = ['http://127.0.0.1:8000/'] # This is setup only in app1 server, All client server endpoint having permission using Upstage Send Email service
+```
+
 ```python
 # When setuping Streaming Service, a secret key is recommended so that we can set up password protection and prevent your streaming server from being used by strangers. You will need to paste that key here so that we can generate QR codes with correct stream sign, only then the players will be able to broadcast.
 STREAM_KEY=''

auth/auth_mutation.py

@@ -89,8 +89,9 @@ class Arguments(object):
 
     message = graphene.String()
     username = graphene.String()
-
-    def mutate(self, info, username_or_email):
+    
+    @staticmethod
+    async def mutate(self, info, username_or_email):
         with ScopedSession() as local_db_session:
             if '@' in username_or_email:
                 user = local_db_session.query(User).filter(
@@ -114,7 +115,7 @@ def mutate(self, info, username_or_email):
             local_db_session.flush()
             local_db_session.add(OneTimeTOTP(user_id=user.id, code=otp))
             local_db_session.flush()
-            send([email], f"Password reset for account {user.username}", password_reset(user, otp))
+            await send([email], f"Password reset for account {user.username}", password_reset(user, otp))
 
         return RequestPasswordResetMutation(
             message=f"We've sent an email with a code to reset your password to {email}.",

auth/fernet_crypto.py

@@ -26,4 +26,7 @@ def check_password(enc_key,password):
     return decrypt(enc_key) == password
 
 if __name__ == '__main__':
-    print("Copy-paste this key: {}".format(Fernet.generate_key()))
+    c = Fernet(b'Y9fzvL6bbiTqWumKfk7-phWutaPjK_HcdhIHGqQmSg0=')
+    text=str.encode('12345678')
+    print(c.encrypt(text).decode())
+    # print("Copy-paste this key: {}".format(Fernet.generate_key()))

config/schema.py

@@ -1,20 +1,23 @@
 # -*- coding: iso8859-15 -*-
 from os import name
 
-from flask_jwt_extended.view_decorators import jwt_required
-from config.project_globals import DBSession, ScopedSession, app
+import graphene
 from flask_graphql import GraphQLView
-from config.settings import NGINX_CONFIG_FILE, URL_PREFIX
+from flask_jwt_extended.view_decorators import jwt_required
 from graphene import relay
-import graphene
-from config.models import Config as ConfigModel
+from graphql.execution.executors.asyncio import AsyncioExecutor
 from mail.mail_utils import send
 from user.models import ADMIN, SUPER_ADMIN
 from user.user_utils import current_user
 
+from config.models import Config as ConfigModel
+from config.project_globals import DBSession, ScopedSession, app
+from config.settings import NGINX_CONFIG_FILE, URL_PREFIX
+
 TERMS_OF_SERVICE = 'TERMS_OF_SERVICE'
 MANUAL = 'MANUAL'
 EMAIL_SUBJECT_PREFIX = 'EMAIL_SUBJECT_PREFIX'
+ENABLE_DONATE = 'ENABLE_DONATE'
 
 
 class NginxConfig(graphene.ObjectType):
@@ -46,6 +49,7 @@ class SystemConfig(graphene.ObjectType):
     termsOfService = graphene.String()
     manual = graphene.String()
     esp = graphene.String()
+    enableDonate = graphene.Boolean()
 
     def resolve_termsOfService(self, info):
         return get_config(TERMS_OF_SERVICE)
@@ -56,6 +60,9 @@ def resolve_manual(self, info):
     def resolve_esp(self, info):
         return get_config(EMAIL_SUBJECT_PREFIX)
 
+    def resolve_enableDonate(self, info):
+        return get_config(ENABLE_DONATE)
+
 class FoyerConfig(graphene.ObjectType):
     title = graphene.String()
     description = graphene.String()
@@ -74,6 +81,7 @@ def resolve_menu(self, info):
     def resolve_showRegistration(self, info):
         return get_config('SHOW_REGISTRATION')
 
+
 class Query(graphene.ObjectType):
     node = relay.Node.Field()
     nginx = graphene.Field(NginxConfig)
@@ -158,13 +166,13 @@ class Arguments:
             required=False, description="The bcc recipients of the email. Comma separated.")
 
     @jwt_required()
-    def mutate(self, info, subject, body, recipients, bcc):
+    async def mutate(self, info, subject, body, recipients, bcc):
         code, error, user, timezone = current_user()
-        if not user.role in (ADMIN, SUPER_ADMIN):
+        if not user.role in (ADMIN, SUPER_ADMIN) and not user.can_send_email:
             raise Exception(
                 "Only Admin can send notification emails!")
 
-        send(recipients.split(','), subject, body, bcc.split(','))
+        await send(recipients.split(','), subject, body, bcc.split(','))
         return SendEmail(success=True)
 
 
@@ -179,6 +187,6 @@ class Mutation(graphene.ObjectType):
 app.add_url_rule(
     f'/{URL_PREFIX}config_graphql/', view_func=GraphQLView.as_view(
         "config_graphql", schema=config_schema,
-        graphiql=True
+        graphiql=True, executor=AsyncioExecutor()
     )
 )

config/settings/__init__.py

@@ -35,6 +35,10 @@
 EMAIL_HOST_PASSWORD = ''
 EMAIL_HOST_DISPLAY_NAME = ''
 EMAIL_TIME_TRIGGER_SECONDS = 60 * 1 # 1 minute
+EMAIL_TIME_EXPIRED_TOKEN = 60 * 10 # 10 minute
+ACCEPT_SERVER_SEND_EMAIL_EXTERNAL = ['https://dev-app1.upstage.live'] # All client server endpoints. Only config on upstage server
+SEND_EMAIL_SERVER = 'https://upstage.live' # Send email server endpoint
+ACCEPT_EMAIL_HOST = ['app1']
 
 MONGO_HOST = ""
 MONGO_PORT = 0
@@ -49,6 +53,7 @@
 PERFORMANCE_TOPIC_RULE = "#"
 
 MONGODB_COLLECTION_EMAIL = 'EMAIL_OUTBOUND_QUEUE'
+MONGODB_COLLECTION_TOKEN = 'EMAIL_ACCEPT_TOKEN'
 
 EMAIL_PORT = 587
 #EMAIL_PORT = 25

config/settings/your_hostname.py

@@ -119,4 +119,13 @@
 SECRET_KEY='' # Paste the result from running __init__.py
 STREAM_KEY='' # Paste the secret key from node media server config
 STRIPE_KEY = ''
-STRIPE_PRODUCT_ID = ''
+STRIPE_PRODUCT_ID = ''
+
+EMAIL_HOST = ''
+EMAIL_HOST_USER = ''
+EMAIL_HOST_PASSWORD = ''
+ADMIN_EMAIL = ''
+EMAIL_HOST_DISPLAY_NAME = ''
+ACCEPT_SERVER_SEND_EMAIL_EXTERNAL = ['https://dev-app1.upstage.live'] # All client server endpoints. Only config on upstage server
+SEND_EMAIL_SERVER = 'https://upstage.live' # Send email server endpoint
+ACCEPT_EMAIL_HOST = ['app1']

config/sqlfiles/create.sql

@@ -11,4 +11,6 @@ CREATE TABLE "public"."config" (
 INSERT INTO "config" ("name", "value") VALUES ('FOYER_TITLE', 'CYBERFORMANCE PLATFORM');
 INSERT INTO "config" ("name", "value") VALUES ('FOYER_DESCRIPTION', 'UpStage is an online venue for live performance: remote performers collaborate in real time using digital media, and online audiences anywhere in the world join events by going to a web page, without having to download and install any additional software. UpStage is available free to anyone who would like to use it.');
 INSERT INTO "config" ("name", "value") VALUES ('FOYER_MENU', 'UpStage User Manual (https://docs.upstage.live/)
-Customise Foyer (/backstage/admin/foyer-customisation)');
+Customise Foyer (/backstage/admin/foyer-customisation)');
+
+INSERT INTO "config" ("name", "value") VALUES ('ENABLE_DONATE', 'true');

event_archive/db.py

@@ -1,14 +1,15 @@
 import logging
-import secrets
 import os
+import secrets
 import sys
 
 import pymongo
+from config.settings import (EMAIL_TIME_EXPIRED_TOKEN, MONGO_DB, MONGO_HOST,
+                             MONGO_PORT, MONGODB_COLLECTION_TOKEN,
+                             SQLALCHEMY_DATABASE_URI)
 from sqlalchemy import create_engine
 from sqlalchemy.orm import sessionmaker
 
-from config.settings import MONGO_HOST, MONGO_PORT, SQLALCHEMY_DATABASE_URI
-
 
 def build_mongo_client(host=MONGO_HOST, port=MONGO_PORT):
     return pymongo.MongoClient(host, port)
@@ -21,4 +22,18 @@ def build_pg_engine(connection_string=SQLALCHEMY_DATABASE_URI):
 def build_pg_session():
     eng = build_pg_engine()
     Session = sessionmaker(bind=eng)
-    return Session()
+    return Session()
+
+
+def get_mongo_token_collection():
+    client = build_mongo_client()
+    mongo_db = client[MONGO_DB]
+    # queue = db[EVENT_COLLECTION]
+
+    # mongo_connection = pymongo.MongoClient(f'mongodb://{MONGO_HOST}:{MONGO_PORT}/')
+    # mongo_db = mongo_connection[MONGO_DB]
+    collection = mongo_db[MONGODB_COLLECTION_TOKEN]
+    if 'expired_date' in collection.index_information():
+        collection.drop_index('expired_date')
+    collection.create_index("expired_date", name="expired_date", expireAfterSeconds=EMAIL_TIME_EXPIRED_TOKEN)
+    return collection