Merge pull request #132 from avantifellows/main

Production Release: 03/10/2023

.github/workflows/production_deploy.yml

@@ -26,6 +26,15 @@ jobs:
         run: |
           echo "$PRIVATE_KEY" > private_key && chmod 600 private_key
           ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} '
+            #Setting environment variables .
+            cd /var/www/html/db-service/config
+            sed -i 's|DATABASE_URL=.*|DATABASE_URL=${{ secrets.PRODUCTION_DATABASE_URL }}|' .env
+            sed -i 's|SECRET_KEY_BASE=.*|SECRET_KEY_BASE=${{ secrets.PRODUCTION_SECRET_KEY_BASE }}|' .env
+            sed -i 's|PHX_HOST=.*|PHX_HOST=${{ secrets.PRODUCTION_PHX_HOST }}|' .env
+            sed -i 's|WHITELISTED_DOMAINS=.*|WHITELISTED_DOMAINS=${{ secrets.PRODUCTION_WHITELISTED_DOMAINS }}|' .env
+            sed -i 's|POOL_SIZE=.*|POOL_SIZE=${{ secrets.PRODUCTION_POOL_SIZE }}|' .env
+            sed -i 's|PORT=.*|PORT=${{ secrets.PRODUCTION_PORT }}|' .env
+            sed -i 's|BEARER_TOKEN=.*|BEARER_TOKEN=${{ secrets.PRODUCTION_BEARER_TOKEN }}|' .env
 
             #Now we have got the access of EC2 and we will start the deploy .
             cd /var/www/html

.github/workflows/staging_deploy.yml

@@ -28,6 +28,14 @@ jobs:
           branch_name="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
           echo "$PRIVATE_KEY" > private_key && chmod 600 private_key
           ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} "
+            cd /var/www/html/db-service/config
+            sed -i 's|DATABASE_URL=.*|DATABASE_URL=${{ secrets.STAGING_DATABASE_URL }}|' .env
+            sed -i 's|SECRET_KEY_BASE=.*|SECRET_KEY_BASE=${{ secrets.STAGING_SECRET_KEY_BASE }}|' .env
+            sed -i 's|PHX_HOST=.*|PHX_HOST=${{ secrets.STAGING_PHX_HOST }}|' .env
+            sed -i 's|WHITELISTED_DOMAINS=.*|WHITELISTED_DOMAINS=${{ secrets.STAGING_WHITELISTED_DOMAINS }}|' .env
+            sed -i 's|POOL_SIZE=.*|POOL_SIZE=${{ secrets.STAGING_POOL_SIZE }}|' .env
+            sed -i 's|PORT=.*|PORT=${{ secrets.STAGING_PORT }}|' .env
+            sed -i 's|BEARER_TOKEN=.*|BEARER_TOKEN=${{ secrets.STAGING_BEARER_TOKEN }}|' .env
             cd /var/www/html
             sudo ./kill_process_on_port_4000.sh
             cd /var/www/html/db-service &&
@@ -41,4 +49,4 @@ jobs:
             sudo MIX_ENV=prod mix ecto.migrate &&
             sudo MIX_ENV=prod mix phx.swagger.generate &&
             sudo MIX_ENV=prod elixir --erl "-detached" -S mix phx.server
-          "
+          "

.gitignore

@@ -22,3 +22,8 @@ erl_crash.dump
 # Ignore package tarball (built via "mix hex.build").
 dbservice-*.tar
 
+# Ignore .env
+/config/.env
+
+# Ignore log file
+/logs/info.log

config/config.exs

@@ -31,7 +31,13 @@ config :dbservice, Dbservice.Mailer, adapter: Swoosh.Adapters.Local
 config :swoosh, :api_client, false
 
 # Configures Elixir's Logger
-config :logger, :console,
+config :logger,
+  backends: [:console, {LoggerFileBackend, :request_log}],
+  format: "$time $metadata[$level] $message\n",
+  metadata: [:request_id]
+
+config :logger, :request_log,
+  path: "logs/info.log",
   format: "$time $metadata[$level] $message\n",
   metadata: [:request_id]
 

config/prod.exs

@@ -12,7 +12,7 @@ import Config
 # config :dbservice, DbserviceWeb.Endpoint, cache_static_manifest: "priv/static/cache_manifest.json"
 
 # Do not print debug messages in production
-config :logger, level: :info
+config :logger, :console, format: "[$level] $message\n"
 
 # ## SSL Support
 #

config/runtime.exs

@@ -23,5 +23,6 @@ if config_env() == :prod do
       ip: {0, 0, 0, 0, 0, 0, 0, 0},
       port: port
     ],
-    secret_key_base: secret_key_base
+    secret_key_base: secret_key_base,
+    debug_errors: true
 end

lib/dbservice/form_schemas/form_schema.ex

@@ -8,6 +8,7 @@ defmodule Dbservice.FormSchemas.FormSchema do
 
   schema "form_schema" do
     field(:name, :string)
+    field(:meta_data, :map)
     field(:attributes, :map)
 
     timestamps()
@@ -20,7 +21,8 @@ defmodule Dbservice.FormSchemas.FormSchema do
     form_schema
     |> cast(attrs, [
       :name,
-      :attributes
+      :attributes,
+      :meta_data
     ])
     |> validate_required([:name])
   end

lib/dbservice/sessions/session.ex

@@ -25,11 +25,11 @@ defmodule Dbservice.Sessions.Session do
     field(:platform_id, :string)
     field(:type, :string)
     field(:auth_type, :string)
-    field(:activate_signup, :string)
-    field(:id_generation, :string)
-    field(:redirection, :string)
-    field(:pop_up_form, :string)
-    field(:number_of_fields_in_pop_form, :string)
+    field(:activate_signup, :boolean)
+    field(:id_generation, :boolean)
+    field(:redirection, :boolean)
+    field(:pop_up_form, :boolean)
+    field(:number_of_fields_in_pop_form, :integer)
 
     timestamps()
 

lib/dbservice_web/endpoint.ex

@@ -44,7 +44,8 @@ defmodule DbserviceWeb.Endpoint do
   plug Plug.MethodOverride
   plug Plug.Head
   plug Plug.Session, @session_options
-  plug DbserviceWeb.DomainWhitelistPlug
+  plug CORSPlug
+  plug DbserviceWeb.AuthenticationMiddleware
 
   plug DbserviceWeb.Router
 end

lib/dbservice_web/plugs/authentication_middleware_plug.ex

@@ -0,0 +1,41 @@
+defmodule DbserviceWeb.AuthenticationMiddleware do
+  @moduledoc """
+  This module provides a Plug middleware for handling API key-based authentication.
+
+  The middleware checks the 'Authorization' header of incoming HTTP requests to ensure that
+  it matches a predefined API key stored in the 'BEARER_TOKEN' environment variable.
+
+  If the API key is valid, the request is allowed to proceed; otherwise, a '401 Unauthorized'
+  response is sent, and further processing is halted.
+  """
+  import Plug.Conn
+  import Dotenvy
+
+  def init(_opts), do: %{}
+
+  def call(conn, _opts) do
+    source(["config/.env", "config/.env"])
+
+    referer =
+      get_req_header(conn, "referer")
+      |> List.first()
+      |> to_string()
+
+    request_path = conn.request_path
+
+    api_key = get_req_header(conn, "authorization")
+
+    if api_key == ["Bearer " <> env!("BEARER_TOKEN", :string!)] ||
+         is_swagger_request?(referer, request_path) do
+      conn
+    else
+      conn
+      |> send_resp(401, "Not Authorized")
+      |> halt()
+    end
+  end
+
+  defp is_swagger_request?(referer, request_path) do
+    String.contains?(referer, "swagger") || String.contains?(request_path, "swagger")
+  end
+end

lib/dbservice_web/swagger_schemas/session.ex

@@ -26,11 +26,11 @@ defmodule DbserviceWeb.SwaggerSchema.Session do
             form_schema_id(:string, "Id for the form schema")
             type(:string, "Type of session")
             auth_type(:string, "Authentication methods used for session")
-            activate_signup(:string, "Is sign up allowed for this session")
-            id_generation(:string, "Is ID being generated for this session")
-            redirection(:string, "Is the session redirecting to some other platform")
-            pop_up_form(:string, "Is the session showing a pop up form")
-            number_of_fields_in_pop_form(:string, "Number of fields in the pop form")
+            activate_signup(:boolean, "Is sign up allowed for this session")
+            id_generation(:boolean, "Is ID being generated for this session")
+            redirection(:boolean, "Is the session redirecting to some other platform")
+            pop_up_form(:boolean, "Is the session showing a pop up form")
+            number_of_fields_in_pop_form(:integer, "Number of fields in the pop form")
           end
 
           example(%{

lib/dbservice_web/views/form_schema_view.ex

@@ -12,8 +12,10 @@ defmodule DbserviceWeb.FormSchemaView do
 
   def render("form_schema.json", %{form_schema: form_schema}) do
     %{
+      id: form_schema.id,
       name: form_schema.name,
-      attributes: form_schema.attributes
+      attributes: form_schema.attributes,
+      meta_data: form_schema.meta_data
     }
   end
 end

mix.exs

@@ -50,7 +50,9 @@ defmodule Dbservice.MixProject do
       {:ex_check, "~> 0.14.0", only: [:dev], runtime: false},
       {:dialyxir, ">= 0.0.0", only: [:dev], runtime: false},
       {:credo, ">= 0.0.0", only: [:dev], runtime: false},
-      {:dotenvy, "~> 0.8.0"}
+      {:dotenvy, "~> 0.8.0"},
+      {:cors_plug, "~> 3.0"},
+      {:logger_file_backend, "~> 0.0.13"}
     ]
   end
 

priv/repo/migrations/20230630100806_alter_student_table_column.exs

@@ -2,7 +2,7 @@ defmodule Dbservice.Repo.Migrations.AlterStudentTable do
   use Ecto.Migration
 
   def change do
-    alter table(:session) do
+    alter table(:student) do
       modify(:has_internet_access, :string)
     end
   end

priv/repo/migrations/20230816173334_alter_form_table.exs

@@ -0,0 +1,9 @@
+defmodule Dbservice.Repo.Migrations.AlterFormTable do
+  use Ecto.Migration
+
+  def change do
+    alter table(:form_schema) do
+      add(:meta_data, :map)
+    end
+  end
+end

priv/repo/migrations/20230905164925_modify_data_types_in_session_table.exs

@@ -0,0 +1,25 @@
+defmodule Dbservice.Repo.Migrations.ModifyDataTypesInSessionTable do
+  use Ecto.Migration
+
+  def up do
+    execute("""
+      ALTER TABLE session
+      ALTER COLUMN activate_signup TYPE BOOLEAN USING (activate_signup::boolean),
+      ALTER COLUMN id_generation TYPE BOOLEAN USING (id_generation::boolean),
+      ALTER COLUMN redirection TYPE BOOLEAN USING (redirection::boolean),
+      ALTER COLUMN pop_up_form TYPE BOOLEAN USING (pop_up_form::boolean),
+      ALTER COLUMN number_of_fields_in_pop_form TYPE INTEGER USING (number_of_fields_in_pop_form::integer);
+    """)
+  end
+
+  def down do
+    execute("""
+      ALTER TABLE session
+      ALTER COLUMN activate_signup TYPE VARCHAR,
+      ALTER COLUMN id_generation TYPE VARCHAR,
+      ALTER COLUMN redirection TYPE VARCHAR,
+      ALTER COLUMN pop_up_form TYPE VARCHAR,
+      ALTER COLUMN number_of_fields_in_pop_form TYPE INTEGER;
+    """)
+  end
+end