Allows to save temporal secret with passphrase and get it back one time. After that, secret is deleted from server.

Developed as trainee task from avito.

JSON Api service, that creating secret with passphrase and returns one-time key to access to the secret.

• /generate - takes secret and passphrase and returns secret_key by which the secret can be got.
• /secrets/{secret_key} - takes passphrase and returns secret.

• Language: Python 3.7.
• Using Docker, service must be launched via docker-compose up.
• There are no restrictions on using technlogies.
• Code must conform to PEP. Required to use type hints. Documentation must be written to public methods.

• Tests written (70% minimum by task, 97% reached)
• Asynchonous request handling (Using aiohttp server)
• Data is stored in external database, that also defined in docker-compose
• Secrets and passphrases are stored with encryption (Using cryptography python library)
• Added option to define time-to-live for secrets (Using TTL index as max ttl and additional api for user-defined TTL)

Simply clone repository

$ git clone https://github.com/Saiel/avito-web-secrets

And run docker-compose

$ sudo docker-compose up

After 20 seconds service will be ready

Save secret

$ curl \
    http://localhost/generate \
    -d '
    {
        "secret": "some secret",
        "phrase": "some phrase"
    }'

It returns JSON response:

{
    "secret_key": "asdasdasda_some_key_asdasdasdasd"
}

Then get secret

$ curl \
    http://localhost/secrets/asdasdasda_some_key_asdasdasdasd \
    -d '
    {
        "phrase": "some phrase"
    }'

That returns

{
    "secret": "some secret"
}

Or

{
    "Error": "Key not found"
}

If secret expired.

By default TTL of secret is 7 days, and this is max value. To save secret with less TTL, add "ttl" field to /generate request:

$ curl \
    http://localhost/generate \
    -d '
    {
        "secret": "some secret",
        "phrase": "some phrase",
        "ttl": {
            "days": 3,
            "hours": 4,
            "minutes": 5
        }
    }'

• Service is developed via Python 3.7 and aiohttp library.

• Aiohttp application can be started via aiohttp/web module:

  $ python -m aiohttp.web src.app:init_app -U <socket> -H <host> -P <port>

  or via directly running src/app.py

  $ python -m src.app -U <socket> -P <port> --log-level <level>

• In container service is managed by supervisord, that keeps runnig 4 proccess (See supervisord.conf).

• Requests are balanced between proccesses with nginx. (See nginx.conf)

• Communication bettween nginx and service occurs via unix sockets. They are stored in internal docker-compose volume.

• Logs of procceses and supervidord stored in ./logs/web (after first docker-compose up run)

• As database used MongoDB
• Data is stored in ./mongodb (after first docker-compose up run)
• Database network is isolated, but can be opened via forwarding the 27017 (by default) port.

• Contains sensitive and other variable information for service initialization.
• Should be not stores in git normally.

Unittesting can be done with

$ docker-compose run --rm web python -m unittest src/tests.py

Coverage measured via coverage library inside container web:

• 
• Documented with docstring in Google style