Allows to save temporal secret with passphrase and get it back one time. After that, secret is deleted from server.
Developed as trainee task from avito.
JSON Api service, that creating secret with passphrase and returns one-time key to access to the secret.
/generate
- takes secret and passphrase and returnssecret_key
by which the secret can be got./secrets/{secret_key}
- takes passphrase and returns secret.
- Language: Python 3.7.
- Using
Docker
, service must be launched viadocker-compose up
. - There are no restrictions on using technlogies.
- Code must conform to PEP. Required to use
type hints
. Documentation must be written to public methods.
- Tests written (70% minimum by task, 97% reached)
- Asynchonous request handling (Using aiohttp server)
- Data is stored in external database, that also defined in
docker-compose
- Secrets and passphrases are stored with encryption (Using cryptography python library)
- Added option to define time-to-live for secrets (Using TTL index as max ttl and additional api for user-defined TTL)
Simply clone repository
$ git clone https://github.com/Saiel/avito-web-secrets
And run docker-compose
$ sudo docker-compose up
After 20 seconds service will be ready
Save secret
$ curl \
http://localhost/generate \
-d '
{
"secret": "some secret",
"phrase": "some phrase"
}'
It returns JSON response:
{
"secret_key": "asdasdasda_some_key_asdasdasdasd"
}
Then get secret
$ curl \
http://localhost/secrets/asdasdasda_some_key_asdasdasdasd \
-d '
{
"phrase": "some phrase"
}'
That returns
{
"secret": "some secret"
}
Or
{
"Error": "Key not found"
}
If secret expired.
By default TTL of secret is 7 days, and this is max value. To save secret with less TTL, add "ttl" field to /generate
request:
$ curl \
http://localhost/generate \
-d '
{
"secret": "some secret",
"phrase": "some phrase",
"ttl": {
"days": 3,
"hours": 4,
"minutes": 5
}
}'
-
Service is developed via Python 3.7 and aiohttp library.
-
Aiohttp application can be started via aiohttp/web module:
$ python -m aiohttp.web src.app:init_app -U <socket> -H <host> -P <port>
or via directly running src/app.py
$ python -m src.app -U <socket> -P <port> --log-level <level>
-
In container service is managed by supervisord, that keeps runnig 4 proccess (See supervisord.conf).
-
Requests are balanced between proccesses with nginx. (See nginx.conf)
-
Communication bettween nginx and service occurs via unix sockets. They are stored in internal docker-compose volume.
-
Logs of procceses and supervidord stored in ./logs/web (after first
docker-compose up
run)
- As database used MongoDB
- Data is stored in ./mongodb (after first
docker-compose up
run) - Database network is isolated, but can be opened via forwarding the 27017 (by default) port.
- Contains sensitive and other variable information for service initialization.
- Should be not stores in git normally.
Unittesting can be done with
$ docker-compose run --rm web python -m unittest src/tests.py
Coverage measured via coverage library inside container web:
- Documented with docstring in Google style