add changes

appserver/Dockerfile

@@ -1,133 +1,44 @@
-# ========================================
-# Base image
-# ========================================
-FROM python:3.10-slim as base
-
-ENV LANG C.UTF-8
-ENV LC_ALL C.UTF-8
-ENV PYTHONDONTWRITEBYTECODE 1
-ENV PYTHONFAULTHANDLER 1
+FROM fedora:33 as base
+LABEL app=kg-prototypes
 
+# Install dependencies
+RUN dnf install htop postgresql graphviz python-pip python3-devel vim net-tools which -y \
+    && dnf groupinstall 'Development Tools' -y \
+    && dnf clean packages
 RUN pip install pipenv
 
+ENV N4J_USER n4j
+ENV N4J_HOME /home/$N4J_USER
+ENV UID 1000
+ENV GID 1000
 
-# ========================================
-# Build dependencies stage
-# ========================================
-FROM base as build-deps
-
-# Install build dependencies
-RUN apt-get update \
-    && apt-get install -y liblmdb-dev python3-dev libxml2-dev libxslt-dev build-essential \
-    && apt-get clean
-
-# Copy Pipfiles
-COPY Pipfile Pipfile.lock ./
-
-# Install Python dependencies
-ARG DEV
-RUN PIPENV_VENV_IN_PROJECT=1 pipenv install --deploy $(if [ "$DEV" ]; then echo --dev; fi)
-
-
-# ========================================
-# Runtime stage
-# ========================================
-FROM base
-LABEL org.opencontainers.image.source https://github.com/SBRG/lifelike
-
-# Install runtime system dependencies
-RUN apt-get update \
-    && apt-get install -y libmagic-dev graphviz libgraphviz-dev curl \
-    && apt-get clean
-
-# Copy Python virtual environment
-COPY --from=build-deps /.venv /.venv
-ENV PATH="/.venv/bin:$PATH"
-
-# Set user and workdir
-WORKDIR /app
-RUN useradd -m -d /app app
-USER app
-
-# Copy application code
-COPY --chown=app . .
-
-# Set to 1 to automatically apply any pending DB migrations at startup
-ENV MIGRATE_DB=
-
-# Create an initial admin user
-ENV INITIAL_ADMIN_EMAIL=
-
-# LMDB database volume
-ENV LMDB_DATA_DIR=/lmdb
-VOLUME /lmdb
-
-# LMDB download cloud storage
-# ENV AZURE_ACCOUNT_STORAGE_NAME=
-# ENV AZURE_ACCOUNT_STORAGE_KEY=
-
-# JWT Authendication
-ENV JWT_SECRET=secret
-
-# Base URL of this app, reachable by external services
-ENV APPSERVER_URL=http://localhost:5000
-
-# Base URL of the frontend app, for link generation
-ENV FRONTEND_URL=http://localhost:4242
-
-# PostgreSQL configuration
-ENV POSTGRES_HOST=postgres
-ENV POSTGRES_PORT=5432
-ENV POSTGRES_USER=postgres
-ENV POSTGRES_PASSWORD=postgres
-ENV POSTGRES_DB=postgres
-
-# Neo4j configuration
-ENV NEO4J_HOST=neo4j
-ENV NEO4J_PORT=7687
-ENV NEO4J_AUTH=neo4j/password
-ENV NEO4J_DATABASE=neo4j
-ENV NEO4J_SCHEME=bolt
-
-# Elasticsearch configuration
-ENV ELASTICSEARCH_URL=http://elasticsearch:9200
-ENV ELASTICSEARCH_FILE_INDEX=file
-
-# Statistical enrichment service
-ENV STATISTICAL_ENRICHMENT_URL=http://statistical-enrichment:5000
-
-# PDFParser service
-ENV PDFPARSER_URL=http://pdfparser:7600
+# User and group creation
+RUN groupadd -g $GID $N4J_USER && \
+    useradd -u $UID -g $GID -G wheel --create-home --home-dir $N4J_HOME --shell /bin/bash $N4J_USER
 
-# NLP Processing service
-ENV NLP_URL=https://nlp-api.lifelike.bio/v1/predict
-ENV NLP_SECRET=secret
+WORKDIR $N4J_HOME
 
-# Mailserver configuration
-ENV [email protected]
+# Copy Pipfiles and install dependencies FIRST to better apply Docker layer cache
+COPY --chown=1000:1000 Pipfile .
+COPY --chown=1000:1000 Pipfile.lock .
+RUN pipenv install --dev --deploy --system
 
-# Sendgrid integration
-ENV SENDGRID_API_KEY=
+# ...then copy everything else
+COPY --chown=1000:1000 . .
 
-# Optional Sentry logging configuration
-ENV SENTRY_DSN=
+# TODO: We should consider breaking this apart into dev and prod
+# builds, so we don't build unnecessary packages
 
-# Optional Elastic APM configuration.
-# To enable, at least ELASTIC_APM_SERVER_URL must be set
-# Other available variables: https://www.elastic.co/guide/en/apm/agent/python/master/configuration.html
-ENV ELASTIC_APM_SERVER_URL=
-ENV ELASTIC_APM_SERVICE_NAME=appserver
+# Don't lose stdin, stdout and stderr output due to buffering
+ENV PYTHONUNBUFFERED 1
+ENV PYTHONPATH $N4J_HOME
 
-# Flask env (development, testing, production)
-ENV FLASK_ENV=production
+# Set Python3 as the default when running "python"
+RUN echo 'alias python=python3' >> ~/.bashrc && source ~/.bashrc
 
-# Listen port
-ENV PORT=5000
-EXPOSE $PORT
+USER $N4J_USER
 
-# Health check by requesting system info to /meta endpoint
-HEALTHCHECK --start-period=30s \
-    CMD curl -f localhost:$PORT/meta || exit 1
+# Setup flask application environment vars
+ENV MAX_ALLOWED_LOGIN_FAILURES 6
 
-RUN chmod +x bin/docker-entrypoint.sh
-ENTRYPOINT ["bin/docker-entrypoint.sh"]
+CMD [ "bin/startup.sh" ]

appserver/neo4japp/blueprints/reports.py

@@ -20,7 +20,36 @@
 class CopyrightInfringementReportView(MethodView):
     @use_args(CopyrightInfringementRequestSchema)
     def post(self, params: dict):
-        with db.session.begin_nested():
+        # Try to send an email to the user and currator
+        send_email_exception = None
+        try:
+            message = Mail(
+                from_email=MESSAGE_SENDER_IDENTITY,
+                to_emails=params['email'],
+                subject=COPYRIGHT_REPORT_CONFIRMATION_EMAIL_TITLE,
+                html_content=COPYRIGHT_REPORT_CONFIRMATION_EMAIL_CONTENT.format(
+                    url=params['url'],
+                    description=params['description'],
+                    name=params['name'],
+                    company=params['company'],
+                    address=params['address'],
+                    country=params['country'],
+                    city=params['city'],
+                    province=params['province'],
+                    zip=params['zip'],
+                    phone=params['phone'],
+                    fax=params['fax'],
+                    email=params['email'],
+                ),
+            )
+            message.add_bcc(bcc_email=LIFELIKE_EMAIL_ACCOUNT)
+            get_send_grid_service().send(message)
+        except Exception as e:
+            # If the email fails to send, store the exception to raise later
+            # after the report is saved to the database
+            send_email_exception = e
+
+        try:
             copyright_infringement_report = CopyrightInfringementRequest(
                 url=params['url'],
                 description=params['description'],
@@ -41,38 +70,16 @@ def post(self, params: dict):
                 signature=params['signature'],
             )
             db.session.add(copyright_infringement_report)
-
-        message = Mail(
-            from_email=MESSAGE_SENDER_IDENTITY,
-            to_emails=params['email'],
-            subject=COPYRIGHT_REPORT_CONFIRMATION_EMAIL_TITLE,
-            html_content=COPYRIGHT_REPORT_CONFIRMATION_EMAIL_CONTENT.format(
-                url=params['url'],
-                description=params['description'],
-                name=params['name'],
-                company=params['company'],
-                address=params['address'],
-                country=params['country'],
-                city=params['city'],
-                province=params['province'],
-                zip=params['zip'],
-                phone=params['phone'],
-                fax=params['fax'],
-                email=params['email'],
-            ),
-        )
-        message.add_bcc(bcc_email=LIFELIKE_EMAIL_ACCOUNT)
-        try:
-            get_send_grid_service().send(message)
-        except Exception as e:
-            with db.session.begin_nested():
-                # If for some reason we cannot send a confirmation email, delete the row we just
-                # created and re-raise the error.
-                db.session.delete(copyright_infringement_report)
-                # rollback in case of error?
+            db.session.commit()
+        except Exception:
+            db.session.rollback()
             raise
-
-        return jsonify(dict(result=copyright_infringement_report.to_dict()))
+        else:
+            return jsonify(dict(result=copyright_infringement_report.to_dict()))
+        finally:
+            # If the email failed to send, raise the exception before returning
+            if send_email_exception:
+                raise send_email_exception
 
 
 copyright_infringement_report_view = CopyrightInfringementReportView.as_view(

appserver/neo4japp/blueprints/user.py

@@ -7,6 +7,7 @@
 from webargs.flaskparser import use_args
 
 from neo4japp.database import db
+from neo4japp.exceptions import NotAuthorized
 from neo4japp.models import Projects, Files
 from neo4japp.schemas.filesystem import (
     PublishSchema,
@@ -48,6 +49,9 @@ def get(self, user_hash_id: str):
 
     @use_args(PublishSchema, locations=['json', 'form', 'files', 'mixed_form_json'])
     def post(self, params: dict, user_hash_id: str):
+        if g.current_user.has_role('admin') is False:
+            raise NotAuthorized()
+
         file = Publish.create_uncommited_publication(
             user_hash_id, creator=g.current_user, **params
         )

appserver/neo4japp/constants.py

@@ -451,7 +451,7 @@ def is_db_name(s: str):
 RESET_PASSWORD_ALPHABET = RESET_PASSWORD_SYMBOLS + string.ascii_letters + string.digits
 
 # Start email constants
-LIFELIKE_EMAIL_ACCOUNT = 'lifelike[email protected]'
+LIFELIKE_EMAIL_ACCOUNT = 'lifelike@biosustain.dtu.dk'
 MESSAGE_SENDER_IDENTITY = '[email protected]'
 MAILING_API_KEY = LocalProxy(lambda: config.get('SEND_GRID_EMAIL_API_KEY'))
 RESET_PASSWORD_EMAIL_TITLE = 'Lifelike: Account password reset'

cache-invalidator/Dockerfile

@@ -1,64 +1,33 @@
-# ========================================
-# Base image
-# ========================================
 FROM python:3.10-slim as base
+LABEL app=kg-prototypes
 
-ENV LANG C.UTF-8
-ENV LC_ALL C.UTF-8
-ENV PYTHONDONTWRITEBYTECODE 1
-ENV PYTHONFAULTHANDLER 1
-
+# Install dependencies
+RUN apt-get update && apt-get install -y curl && apt-get clean
 RUN pip install pipenv
 
+ENV APP_USER lifelike
+ENV APP_HOME /home/$APP_USER
+ENV UID 1000
+ENV GID 1000
 
-# ========================================
-# Build dependencies stage
-# ========================================
-FROM base as build-deps
-
-# Copy Pipfiles
-COPY Pipfile Pipfile.lock ./
-
-# Install Python dependencies
-ARG DEV
-RUN PIPENV_VENV_IN_PROJECT=1 pipenv install --deploy $(if [ "$DEV" ]; then echo --dev; fi)
-
-
-# ========================================
-# Runtime stage
-# ========================================
-FROM base
-LABEL org.opencontainers.image.source https://github.com/SBRG/lifelike
-
-# Copy Python virtual environment
-COPY --from=build-deps /.venv /.venv
-ENV PATH="/.venv/bin:$PATH"
-
-# Set user and working directory
-WORKDIR /app
-RUN useradd -m -d /app app
-USER app
+# User and group creation
+RUN groupadd -g $GID $APP_USER && \
+    useradd -u $UID -g $GID -G sudo --create-home --home-dir $APP_HOME --shell /bin/bash $APP_USER
 
-# Copy application code
-COPY --chown=app main.py ./
+WORKDIR $APP_HOME
 
-# Neo4j configuration
-ENV NEO4J_HOST=neo4j
-ENV NEO4J_PORT=7687
-ENV NEO4J_AUTH=neo4j/password
-ENV NEO4J_SCHEME=bolt
-ENV NEO4J_DATABASE=neo4j
+# Copy Pipfiles and install dependencies FIRST to better apply Docker layer cache
+COPY --chown=1000:1000 Pipfile .
+COPY --chown=1000:1000 Pipfile.lock .
+RUN pipenv install --deploy --dev --system
 
-# Redis cache configuration
-ENV REDIS_HOST=redis
-ENV REDIS_PORT=6379
-ENV REDIS_PASSWORD=password
-ENV REDIS_DB=0
+# ...then copy everything else
+COPY --chown=1000:1000 . .
 
-# Default TTL for cache
-ENV CACHE_TTL=86400
+# Don't lose stdin, stdout and stderr output due to buffering
+ENV PYTHONUNBUFFERED 1
+ENV PYTHONPATH $APP_HOME
 
-# Logging level
-ENV LOG_LEVEL=INFO
+USER $APP_USER
 
-CMD ["python", "main.py"]
+CMD [ "bin/startup.sh" ]