Add JWT auth

.gitignore

@@ -2,3 +2,5 @@
 **/__pycache__
 **.DS_Store
 **.iml
+**.local
+docker-compose.override.yml

README.md

@@ -1,7 +1,11 @@
 # AVC Forms
 
-## Usage
-Run `docker-compose up -d` and visit `host:port` (default `localhost:8080`)
+## Local development usage
+Use a `docker-compose.override.yml` at the root of the project to override the base configuration.
+Run `docker-compose up`. Only the api and the database will run. 
+Visit `host:port/api` (default `localhost:8080/api`) to access the API interface.
+Default user Admin credentials are `{ username: admin, password: admin }`.
 
-## Configuration
-Set up your custom configuration in the `.env` file
+## Production or demo usage
+Run `docker-compose -f docker-compose.yml -f docker-compose.prod.yml up`. 
+Visit `host:port` (default `localhost:8080`).

api/.env

@@ -0,0 +1,7 @@
+DJANGO_SUPERUSER_PASSWORD=${DJANGO_SUPERUSER_PASSWORD:-admin}
+DJANGO_SUPERUSER_USERNAME=${DJANGO_SUPERUSER_USERNAME:-admin}
+DJANGO_SUPERUSER_EMAIL=${DJANGO_SUPERUSER_EMAIL:[email protected]}
+DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY:-secret}
+DJANGO_DEBUG=${DJANGO_DEBUG:-0}
+DJANGO_ALLOWED_HOSTS="${DJANGO_ALLOWED_HOSTS:-localhost 127.0.0.1 [::1]}"
+DJANGO_CORS_ALLOWED_ORIGINS="${DJANGO_CORS_ALLOWED_ORIGINS:-http://localhost:8080 http://localhost:3000}"

api/Dockerfile

@@ -7,14 +7,17 @@ RUN apt-get update && apt-get install -y libpq-dev gcc
 RUN pip wheel --no-cache-dir --no-deps --wheel-dir /tmp/wheels -r requirements.txt
 
 FROM python:3.9.0-slim-buster
-ENV DJANGO_SETTINGS_MODULE=avc_forms.settings
-ENV PYTHONPATH=/api
 RUN apt-get update && \
     apt-get install -y --no-install-recommends netcat libpq-dev && \
     apt-get autoremove -y && \
     apt-get clean
-COPY --from=builder /tmp/wheels /wheels
-RUN pip install --no-cache /wheels/*
-WORKDIR /api
-COPY . .
+RUN groupadd -r api && useradd --create-home --no-log-init -r -g api api
+USER api:api
+WORKDIR /home/api
+ENV PYTHONPATH=/home/api
+ENV PATH /home/api/.local/bin:${PATH}
+ENV DJANGO_SETTINGS_MODULE=avc_forms.settings
+COPY --from=builder --chown=api:api /tmp/wheels wheels
+RUN pip install --user --no-cache wheels/* && rm -rf wheels
+COPY --chown=api:api . .
 ENTRYPOINT ["sh", "docker-entrypoint.sh"]

api/README.md

@@ -6,13 +6,41 @@
 * Admin interface at `host:port/api/admin`
 
 ## Routes
-* `/api-auth/login` accepts basic authentication
-* `/api-auth/logout`
+Visit `host:port/api` and login for full API documentation
+
+* `/token/`
+  * `POST` request
+    ```json
+    {
+      "username": "username",
+      "password": "password"
+    }
+    ```
+  * Response
+    ```json
+    {
+      "refresh": "refresh_jwt_token",
+      "access": "access_jwt_token"
+    }
+    ```
+* `/token/refresh/`
+  * Request
+    ```shell script
+    curl \
+      -X POST \
+      -H "Content-Type: application/json" \
+      -d '{"refresh":"refresh_token_jwt"}' \
+      http://host:port/api/token/refresh/
+    ```
+  * Response
+    ```json
+    { "access": "access_jwt_token" }
+    ```
 * `/users`
 * `/patients`
-```json
-{
-"code": "unique_text_field",
-"data": { } 
-}
-```
+  * Example request
+    ```shell script
+    curl \
+      -H "Bearer access_jwt_token"
+      http://host:port/api/patients
+    ```

api/avc_forms/settings.py

@@ -24,15 +24,17 @@
 SECRET_KEY = os.getenv('DJANGO_SECRET_KEY', 'secret')
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = int(os.getenv('DJANGO_DEBUG', 0))
+DEBUG = bool(int(os.getenv('DJANGO_DEBUG', 0)))
 
 ALLOWED_HOSTS = os.environ.get("DJANGO_ALLOWED_HOSTS").split(" ")
-
+CORS_ALLOW_ALL_ORIGINS = DEBUG
+CORS_ALLOWED_ORIGINS = os.environ.get("DJANGO_CORS_ALLOWED_ORIGINS").split(" ")
 
 # Application definition
 
 INSTALLED_APPS = [
     'avc_forms.api',
+    'corsheaders',
     'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',
@@ -45,6 +47,7 @@
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
@@ -123,12 +126,14 @@
 
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/3.1/howto/static-files/
-
-PROJECT_DIR = os.path.dirname(os.path.abspath(__file__))
-STATIC_ROOT = os.path.join(PROJECT_DIR, 'django_static')
+STATIC_ROOT = '/tmp/django_static'
 STATIC_URL = '/django_static/'
 
 REST_FRAMEWORK = {
     'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
-    'PAGE_SIZE': 42
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        'rest_framework_simplejwt.authentication.JWTAuthentication',
+        'rest_framework.authentication.SessionAuthentication'
+    ),
+    'PAGE_SIZE': 100
 }

api/avc_forms/urls.py

@@ -18,6 +18,10 @@
 from django.contrib import admin
 from rest_framework import routers
 from avc_forms.api import views
+from rest_framework_simplejwt.views import (
+    TokenObtainPairView,
+    TokenRefreshView,
+)
 
 router = routers.DefaultRouter()
 router.register(r'users', views.UserViewSet)
@@ -28,5 +32,7 @@
 urlpatterns = [
     path('', include(router.urls)),
     path('api-auth/', include('rest_framework.urls', namespace='rest_framework')),
+    path('token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
+    path('token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
     path('admin/', admin.site.urls)
 ]

api/avc_forms/uwsgi.ini

@@ -1,5 +1,5 @@
 [uwsgi]
-chdir=/api/avc_forms
+chdir=/home/api/avc_forms
 mount = /api=avc_forms.wsgi:application
 manage-script-name=true
 master=True
@@ -9,5 +9,7 @@ max-requests=5000
 env=LANG=en_US.UTF-8
 processes=5
 threads=2
-socket=avc_forms.sock
+socket=/tmp/avc_forms.sock
 chmod-socket=666
+uid=api
+gid=api

api/docker-entrypoint.sh

@@ -1,5 +1,9 @@
 #!/bin/bash
 
+# Collect static files
+echo "Collect static files"
+python manage.py collectstatic --noinput
+
 # Wait for db
 echo "Waiting for postgres..."
 while ! nc -z "$POSTGRES_HOST" "$POSTGRES_PORT"; do
@@ -14,8 +18,4 @@ python manage.py migrate
 echo "Create superuser"
 django-admin createsuperuser --noinput
 
-# Collect static files
-echo "Collect static files"
-python manage.py collectstatic --noinput
-
 exec "$@"

api/requirements.txt

@@ -1,9 +1,11 @@
-asgiref==3.3.1
-Django==3.1.3
+Django==3.1.4
+django-cors-headers==3.5.0
 django-filter==2.4.0
 djangorestframework==3.12.2
+djangorestframework-simplejwt==4.6.0
 Markdown==3.3.3
 psycopg2==2.8.6
+PyJWT==1.7.1
 pytz==2020.4
 sqlparse==0.4.1
 uWSGI==2.0.19.1

app/.dockerignore

@@ -0,0 +1,2 @@
+./node_modules
+./build

app/.env

@@ -0,0 +1,2 @@
+REACT_APP_API_URL=localhost:8080/api
+REACT_APP_AUTH_API_URL=http://localhost:8080/api/token/

app/.yarnrc

@@ -0,0 +1 @@
+network-timeout 600000

app/Dockerfile

@@ -1,15 +1,13 @@
-#FROM node:15.3.0-alpine3.10 as builder
-#WORKDIR /app
-#ENV PATH /app/node_modules/.bin:$PATH
-#COPY ./package.json .
-#RUN yarn
-#COPY . .
-#RUN yarn build
-#
-#FROM busybox
-#WORKDIR /app
-#COPY --from=builder /app/build .
+FROM node:15.3.0 as builder
+WORKDIR /app
+ENV PATH /app/node_modules/.bin:$PATH
+COPY ./package.json .
+COPY ./.yarnrc .
+COPY ./yarn.lock .
+RUN yarn
+COPY . .
+RUN yarn build
 
 FROM busybox
 WORKDIR /app
-COPY ./build .
+COPY --from=builder /app/build build

app/package.json

@@ -3,7 +3,7 @@
   "version": "0.1.0",
   "private": true,
   "dependencies": {
-    "@arkhn/ui": "^1.7.4",
+    "@arkhn/ui": "^1.9.2",
     "@date-io/date-fns": "1.x",
     "@material-ui/core": "^4.11.0",
     "@material-ui/icons": "^4.9.1",

app/src/constants.ts

@@ -0,0 +1,11 @@
+export const ID_TOKEN_STORAGE_KEY = "ARKHN_ID_TOKEN";
+export const TOKEN_DATA_STORAGE_KEY = "ARKHN_TOKEN_DATA";
+export const STATE_STORAGE_KEY = "ARKHN_AUTH_STATE";
+
+export const {
+  REACT_APP_API_URL: API_URL,
+  REACT_APP_AUTH_API_URL: AUTH_API_URL,
+} = process.env;
+
+export const ACCES_TOKEN = "access";
+export const REFRESH_TOKEN = "refresh";

app/src/navigation/AppNavigator.tsx

@@ -1,5 +1,5 @@
 import React from "react";
-import { BrowserRouter, Route, Link } from "react-router-dom";
+import { BrowserRouter, Route, Link, Switch } from "react-router-dom";
 
 import { NavBar } from "@arkhn/ui";
 import { makeStyles, Theme, createStyles, Typography } from "@material-ui/core";
@@ -8,6 +8,8 @@ import LanguageSelect from "../components/LanguageSelect";
 import { ReactComponent as Logo } from "../assets/img/arkhn-logo.svg";
 import AVCTableViewer from "../screens/AVCTableViewer";
 import PatientForm from "../screens/PatientForm";
+import PrivateRoute from "./Private";
+import Login from "screens/Login";
 
 const useStyles = makeStyles((theme: Theme) =>
   createStyles({
@@ -40,7 +42,7 @@ const AppNavigator: React.FC<{}> = () => {
           title={
             <>
               <div className={classes.titleContainer}>
-                <Link className={classes.link} to={"/"}>
+                <Link className={classes.link} to={"/avc_viewer"}>
                   <Logo className={classes.logo} />
                   <Typography variant="h6" color="primary">
                     AVC Forms
@@ -52,15 +54,17 @@ const AppNavigator: React.FC<{}> = () => {
           }
         />
         <div className={classes.body}>
-          <Route exact path="/">
-            <AVCTableViewer />
-          </Route>
-          <Route exact path="/avc_viewer">
-            <AVCTableViewer />
-          </Route>
-          <Route exact path="/patient_form">
-            <PatientForm />
-          </Route>
+          <Switch>
+            <Route exact path="/">
+              <Login />
+            </Route>
+            <PrivateRoute path="/avc_viewer">
+              <AVCTableViewer />
+            </PrivateRoute>
+            <PrivateRoute path="/patient_form">
+              <PatientForm />
+            </PrivateRoute>
+          </Switch>
         </div>
       </BrowserRouter>
     </>