From 6b2c8d512a783468c8fa5bf674c6d8c5239e1fea Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 15 May 2025 07:59:18 +0200 Subject: [PATCH 1/8] migrate from "python-jose" to "python3-josepy" since it is no longer supported on future releases of debian/ubuntu --- .DEBIAN/requirements-bookworm-12.txt | 2 +- .DEBIAN/requirements-ubuntu-24.04.txt | 2 +- .DEBIAN/requirements-ubuntu-24.10.txt | 2 +- .PKGBUILD/PKGBUILD | 2 +- .gitlab-ci.yml | 8 ++++---- README.md | 3 --- app/main.py | 24 ++++++++++++++++-------- requirements.txt | 2 +- 8 files changed, 25 insertions(+), 20 deletions(-) diff --git a/.DEBIAN/requirements-bookworm-12.txt b/.DEBIAN/requirements-bookworm-12.txt index c3fe52e..2e3e4a3 100644 --- a/.DEBIAN/requirements-bookworm-12.txt +++ b/.DEBIAN/requirements-bookworm-12.txt @@ -1,7 +1,7 @@ # https://packages.debian.org/hu/ fastapi==0.92.0 uvicorn[standard]==0.17.6 -python-jose[cryptography]==3.3.0 +josepy==2.0.0 cryptography==38.0.4 python-dateutil==2.8.2 sqlalchemy==1.4.46 diff --git a/.DEBIAN/requirements-ubuntu-24.04.txt b/.DEBIAN/requirements-ubuntu-24.04.txt index 0ba3025..bc267ea 100644 --- a/.DEBIAN/requirements-ubuntu-24.04.txt +++ b/.DEBIAN/requirements-ubuntu-24.04.txt @@ -1,7 +1,7 @@ # https://packages.ubuntu.com fastapi==0.101.0 uvicorn[standard]==0.27.1 -python-jose[cryptography]==3.3.0 +josepy==2.0.0 cryptography==41.0.7 python-dateutil==2.8.2 sqlalchemy==1.4.50 diff --git a/.DEBIAN/requirements-ubuntu-24.10.txt b/.DEBIAN/requirements-ubuntu-24.10.txt index 59f9361..47026e0 100644 --- a/.DEBIAN/requirements-ubuntu-24.10.txt +++ b/.DEBIAN/requirements-ubuntu-24.10.txt @@ -1,7 +1,7 @@ # https://packages.ubuntu.com fastapi==0.110.3 uvicorn[standard]==0.30.3 -python-jose[cryptography]==3.3.0 +josepy==2.0.0 cryptography==42.0.5 python-dateutil==2.9.0 sqlalchemy==2.0.32 diff --git a/.PKGBUILD/PKGBUILD b/.PKGBUILD/PKGBUILD index 0d83324..865baf9 100644 --- a/.PKGBUILD/PKGBUILD +++ b/.PKGBUILD/PKGBUILD @@ -8,7 +8,7 @@ pkgdesc='NVIDIA DLS server implementation with FastAPI' arch=('any') url='https://git.collinwebdesigns.de/oscar.krause/fastapi-dls' license=('MIT') -depends=('python' 'python-jose' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-cryptography' 'uvicorn' 'python-markdown' 'openssl') +depends=('python' 'python3-josepy' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-cryptography' 'uvicorn' 'python-markdown' 'openssl') provider=("$pkgname") install="$pkgname.install" backup=('etc/default/fastapi-dls') diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c6d3e33..8531c6c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -172,12 +172,12 @@ test:apt: parallel: matrix: - IMAGE: - # - debian:trixie-slim # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy" - - debian:bookworm-slim # EOL: June 06, 2026 + - debian:trixie-slim # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy" - debian:bookworm-slim # EOL: June 06, 2026 + - debian:bullseye-slim # EOL: June 06, 2026 - ubuntu:24.04 # EOL: April 2036 - # - ubuntu:24.10 # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy" - # - ubuntu:25.04 # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy" + - ubuntu:24.10 # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy" + - ubuntu:25.04 # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy" needs: - job: build:apt artifacts: true diff --git a/README.md b/README.md index 0b7457f..d059592 100644 --- a/README.md +++ b/README.md @@ -336,10 +336,7 @@ Successful tested with (**LTS Version**): Not working with: -- Debian 11 (Bullseye) and lower (missing `python-jose` dependency) -- Debian 13 (Trixie) (missing `python-jose` dependency) - Ubuntu 22.04 (Jammy Jellyfish) (not supported as for 15.01.2023 due to [fastapi - uvicorn version missmatch](https://bugs.launchpad.net/ubuntu/+source/fastapi/+bug/1970557)) -- Ubuntu 24.10 (Oracular Oriole) (missing `python-jose` dependency) **Run this on your server instance** diff --git a/app/main.py b/app/main.py index 13dd5a9..8b2a80e 100644 --- a/app/main.py +++ b/app/main.py @@ -15,8 +15,7 @@ from dotenv import load_dotenv from fastapi import FastAPI from fastapi.requests import Request from fastapi.responses import Response, RedirectResponse, StreamingResponse -from jose import jws, jwk, jwt, JWTError -from jose.constants import ALGORITHMS +from josepy import jws, jwk, RS256 from sqlalchemy import create_engine from sqlalchemy.orm import sessionmaker from starlette.middleware.cors import CORSMiddleware @@ -63,8 +62,8 @@ my_si_certificate = Cert.from_file(ca_setup.si_certificate_filename) my_si_private_key = PrivateKey.from_file(ca_setup.si_private_key_filename) my_si_public_key = my_si_private_key.public_key() -jwt_encode_key = jwk.construct(my_si_private_key.pem(), algorithm=ALGORITHMS.RS256) -jwt_decode_key = jwk.construct(my_si_private_key.public_key().pem(), algorithm=ALGORITHMS.RS256) +jwt_encode_key = jwk.JWK.load(my_si_private_key.pem()) +jwt_decode_key = jwk.JWK.load(my_si_private_key.public_key().pem()) # Logging LOG_LEVEL = logging.DEBUG if DEBUG else logging.INFO @@ -114,7 +113,11 @@ app.add_middleware( def __get_token(request: Request) -> dict: authorization_header = request.headers.get('authorization') token = authorization_header.split(' ')[1] - return jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False}) + + # return jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False}) + _ = jws.Signature() + _.verify(payload=token.encode('utf-8'), key=jwt_decode_key) + return _.to_partial_json() # Endpoints @@ -295,9 +298,12 @@ async def _client_token(): }, } - content = jws.sign(payload, key=jwt_encode_key, headers=None, algorithm=ALGORITHMS.RS256) + # content = jws.sign(payload, key=jwt_encode_key, headers=None, algorithm=ALGORITHMS.RS256) + payload = json_dumps(payload).encode('utf-8') + content = jws.Signature.sign(payload=payload, key=jwt_encode_key, alg=RS256, include_jwk=False) - response = StreamingResponse(iter([content]), media_type="text/plain") + # response = StreamingResponse(iter([content]), media_type="text/plain") + response = StreamingResponse(iter(content), media_type="text/plain") filename = f'client_configuration_token_{datetime.now().strftime("%d-%m-%y-%H-%M-%S")}.tok' response.headers["Content-Disposition"] = f'attachment; filename={filename}' @@ -386,7 +392,9 @@ async def auth_v1_code(request: Request): 'kid': SITE_KEY_XID } - auth_code = jws.sign(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256) + # auth_code = jws.sign(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256) + payload = json_dumps(payload).encode('utf-8') + auth_code = jws.Signature.sign(payload=payload, key=jwt_encode_key, alg=RS256, include_jwk=True) response = { "auth_code": auth_code, diff --git a/requirements.txt b/requirements.txt index 96cf81d..e3a0fca 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ fastapi==0.115.12 uvicorn[standard]==0.34.2 -python-jose[cryptography]==3.4.0 +josepy==2.0.0 cryptography==44.0.3 python-dateutil==2.9.0 sqlalchemy==2.0.41 From 26a5bdb320991f0fe453ede8123a9f57abb88376 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 15 May 2025 08:01:55 +0200 Subject: [PATCH 2/8] fixed pacman dependency --- .PKGBUILD/PKGBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.PKGBUILD/PKGBUILD b/.PKGBUILD/PKGBUILD index 865baf9..f64b323 100644 --- a/.PKGBUILD/PKGBUILD +++ b/.PKGBUILD/PKGBUILD @@ -8,7 +8,7 @@ pkgdesc='NVIDIA DLS server implementation with FastAPI' arch=('any') url='https://git.collinwebdesigns.de/oscar.krause/fastapi-dls' license=('MIT') -depends=('python' 'python3-josepy' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-cryptography' 'uvicorn' 'python-markdown' 'openssl') +depends=('python' 'python-josepy' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-cryptography' 'uvicorn' 'python-markdown' 'openssl') provider=("$pkgname") install="$pkgname.install" backup=('etc/default/fastapi-dls') From f58e54cf288bed22c81733af325c61edfb24209b Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 15 May 2025 09:24:35 +0200 Subject: [PATCH 3/8] moved from josepy to pyjwt --- .DEBIAN/requirements-bookworm-12.txt | 2 +- .DEBIAN/requirements-ubuntu-24.04.txt | 2 +- .DEBIAN/requirements-ubuntu-24.10.txt | 2 +- .PKGBUILD/PKGBUILD | 2 +- .gitlab-ci.yml | 6 +++--- app/main.py | 24 +++++++++++------------- requirements.txt | 2 +- test/main.py | 18 +++++++++--------- 8 files changed, 28 insertions(+), 30 deletions(-) diff --git a/.DEBIAN/requirements-bookworm-12.txt b/.DEBIAN/requirements-bookworm-12.txt index 2e3e4a3..974333d 100644 --- a/.DEBIAN/requirements-bookworm-12.txt +++ b/.DEBIAN/requirements-bookworm-12.txt @@ -1,7 +1,7 @@ # https://packages.debian.org/hu/ fastapi==0.92.0 uvicorn[standard]==0.17.6 -josepy==2.0.0 +pyjwt==2.10.1 cryptography==38.0.4 python-dateutil==2.8.2 sqlalchemy==1.4.46 diff --git a/.DEBIAN/requirements-ubuntu-24.04.txt b/.DEBIAN/requirements-ubuntu-24.04.txt index bc267ea..e10cae2 100644 --- a/.DEBIAN/requirements-ubuntu-24.04.txt +++ b/.DEBIAN/requirements-ubuntu-24.04.txt @@ -1,7 +1,7 @@ # https://packages.ubuntu.com fastapi==0.101.0 uvicorn[standard]==0.27.1 -josepy==2.0.0 +pyjwt==2.10.1 cryptography==41.0.7 python-dateutil==2.8.2 sqlalchemy==1.4.50 diff --git a/.DEBIAN/requirements-ubuntu-24.10.txt b/.DEBIAN/requirements-ubuntu-24.10.txt index 47026e0..d5cc785 100644 --- a/.DEBIAN/requirements-ubuntu-24.10.txt +++ b/.DEBIAN/requirements-ubuntu-24.10.txt @@ -1,7 +1,7 @@ # https://packages.ubuntu.com fastapi==0.110.3 uvicorn[standard]==0.30.3 -josepy==2.0.0 +pyjwt==2.10.1 cryptography==42.0.5 python-dateutil==2.9.0 sqlalchemy==2.0.32 diff --git a/.PKGBUILD/PKGBUILD b/.PKGBUILD/PKGBUILD index f64b323..1c156b9 100644 --- a/.PKGBUILD/PKGBUILD +++ b/.PKGBUILD/PKGBUILD @@ -8,7 +8,7 @@ pkgdesc='NVIDIA DLS server implementation with FastAPI' arch=('any') url='https://git.collinwebdesigns.de/oscar.krause/fastapi-dls' license=('MIT') -depends=('python' 'python-josepy' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-cryptography' 'uvicorn' 'python-markdown' 'openssl') +depends=('python' 'python-jwt' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-cryptography' 'uvicorn' 'python-markdown' 'openssl') provider=("$pkgname") install="$pkgname.install" backup=('etc/default/fastapi-dls') diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8531c6c..86855da 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -172,12 +172,12 @@ test:apt: parallel: matrix: - IMAGE: - - debian:trixie-slim # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy" + - debian:trixie-slim # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy" or "python3-jwt" - debian:bookworm-slim # EOL: June 06, 2026 - debian:bullseye-slim # EOL: June 06, 2026 - ubuntu:24.04 # EOL: April 2036 - - ubuntu:24.10 # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy" - - ubuntu:25.04 # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy" + - ubuntu:24.10 # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy" or "python3-jwt" + - ubuntu:25.04 # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy" or "python3-jwt" needs: - job: build:apt artifacts: true diff --git a/app/main.py b/app/main.py index 8b2a80e..3cd3282 100644 --- a/app/main.py +++ b/app/main.py @@ -15,7 +15,7 @@ from dotenv import load_dotenv from fastapi import FastAPI from fastapi.requests import Request from fastapi.responses import Response, RedirectResponse, StreamingResponse -from josepy import jws, jwk, RS256 +import jwt from sqlalchemy import create_engine from sqlalchemy.orm import sessionmaker from starlette.middleware.cors import CORSMiddleware @@ -62,8 +62,8 @@ my_si_certificate = Cert.from_file(ca_setup.si_certificate_filename) my_si_private_key = PrivateKey.from_file(ca_setup.si_private_key_filename) my_si_public_key = my_si_private_key.public_key() -jwt_encode_key = jwk.JWK.load(my_si_private_key.pem()) -jwt_decode_key = jwk.JWK.load(my_si_private_key.public_key().pem()) +jwt_encode_key = my_si_private_key.pem() # todo: replace directly in code +jwt_decode_key = my_si_private_key.public_key().pem() # todo: replace directly in code # Logging LOG_LEVEL = logging.DEBUG if DEBUG else logging.INFO @@ -115,9 +115,7 @@ def __get_token(request: Request) -> dict: token = authorization_header.split(' ')[1] # return jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False}) - _ = jws.Signature() - _.verify(payload=token.encode('utf-8'), key=jwt_decode_key) - return _.to_partial_json() + return jwt.decode(jwt=token, key=jwt_decode_key, algorithms=['RS256'], options={'verify_aud': False}) # Endpoints @@ -299,8 +297,7 @@ async def _client_token(): } # content = jws.sign(payload, key=jwt_encode_key, headers=None, algorithm=ALGORITHMS.RS256) - payload = json_dumps(payload).encode('utf-8') - content = jws.Signature.sign(payload=payload, key=jwt_encode_key, alg=RS256, include_jwk=False) + content = jwt.encode(payload=payload, key=jwt_encode_key, headers=None, algorithm='RS256') # response = StreamingResponse(iter([content]), media_type="text/plain") response = StreamingResponse(iter(content), media_type="text/plain") @@ -393,8 +390,7 @@ async def auth_v1_code(request: Request): } # auth_code = jws.sign(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256) - payload = json_dumps(payload).encode('utf-8') - auth_code = jws.Signature.sign(payload=payload, key=jwt_encode_key, alg=RS256, include_jwk=True) + auth_code = jwt.encode(payload=payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm='RS256') response = { "auth_code": auth_code, @@ -412,7 +408,8 @@ async def auth_v1_token(request: Request): j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC) try: - payload = jwt.decode(token=j.get('auth_code'), key=jwt_decode_key, algorithms=ALGORITHMS.RS256) + #payload = jwt.decode(token=j.get('auth_code'), key=jwt_decode_key, algorithms=ALGORITHMS.RS256) + payload = jwt.decode(jwt=j.get('auth_code'), key=jwt_decode_key, algorithms=['RS256']) except JWTError as e: response = {'status': 400, 'title': 'invalid token', 'detail': str(e)} return Response(content=json_dumps(response), media_type='application/json', status_code=400) @@ -478,8 +475,9 @@ async def leasing_v1_config_token(request: Request): }, } - my_jwt_encode_key = jwk.construct(my_si_private_key.pem().decode('utf-8'), algorithm=ALGORITHMS.RS256) - config_token = jws.sign(payload, key=my_jwt_encode_key, headers=None, algorithm=ALGORITHMS.RS256) + # my_jwt_encode_key = jwk.construct(my_si_private_key.pem().decode('utf-8'), algorithm=ALGORITHMS.RS256) + # config_token = jws.sign(payload, key=my_jwt_encode_key, headers=None, algorithm=ALGORITHMS.RS256) + config_token = jwt.encode(payload=payload, key=my_si_private_key.pem(), headers=None, algorithm='RS256') response_ca_chain = my_ca_certificate.pem().decode('utf-8').strip() diff --git a/requirements.txt b/requirements.txt index e3a0fca..04fc9c1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ fastapi==0.115.12 uvicorn[standard]==0.34.2 -josepy==2.0.0 +pyjwt==2.10.1 cryptography==44.0.3 python-dateutil==2.9.0 sqlalchemy==2.0.41 diff --git a/test/main.py b/test/main.py index c56296c..041c926 100644 --- a/test/main.py +++ b/test/main.py @@ -4,13 +4,13 @@ from base64 import b64encode as b64enc from calendar import timegm from datetime import datetime, UTC from hashlib import sha256 +from json import loads as json_loads, dumps as json_dumps from uuid import uuid4, UUID from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15 from cryptography.hazmat.primitives.hashes import SHA256 from dateutil.relativedelta import relativedelta -from jose import jwt, jwk, jws -from jose.constants import ALGORITHMS +import jwt from starlette.testclient import TestClient # add relative path to use packages as they were in the app/ dir @@ -38,12 +38,12 @@ my_si_public_key = my_si_private_key.public_key() my_si_public_key_as_pem = my_si_private_key.public_key().pem() my_si_certificate = Cert.from_file(ca_setup.si_certificate_filename) -jwt_encode_key = jwk.construct(my_si_private_key_as_pem, algorithm=ALGORITHMS.RS256) -jwt_decode_key = jwk.construct(my_si_public_key_as_pem, algorithm=ALGORITHMS.RS256) - +jwt_encode_key = my_si_private_key.pem() +jwt_decode_key = my_si_private_key.public_key().pem() def __bearer_token(origin_ref: str) -> str: - token = jwt.encode({"origin_ref": origin_ref}, key=jwt_encode_key, algorithm=ALGORITHMS.RS256) + # token = jwt.encode({"origin_ref": origin_ref}, key=jwt_encode_key, algorithm=ALGORITHMS.RS256) + token = jwt.encode(payload={"origin_ref": origin_ref}, key=jwt_encode_key, algorithm='RS256') token = f'Bearer {token}' return token @@ -145,12 +145,12 @@ def test_config_token(): assert nv_si_certificate.public_key().mod() == nv_response_public_key.get('mod')[0] assert nv_si_certificate.authority_key_identifier() == nv_ca_chain.subject_key_identifier() - nv_jwt_decode_key = jwk.construct(nv_response_public_cert, algorithm=ALGORITHMS.RS256) + # nv_jwt_decode_key = jwk.construct(nv_response_public_cert, algorithm=ALGORITHMS.RS256) nv_response_config_token = response.json().get('configToken') - payload = jws.verify(nv_response_config_token, key=nv_jwt_decode_key, algorithms=ALGORITHMS.RS256) - payload = json.loads(payload) + #payload = jws.verify(nv_response_config_token, key=nv_jwt_decode_key, algorithms=ALGORITHMS.RS256) + payload = jwt.decode(jwt=nv_response_config_token, key=nv_si_certificate.public_key().pem(), algorithms=['RS256'], options={'verify_signature': False}) assert payload.get('iss') == 'NLS Service Instance' assert payload.get('aud') == 'NLS Licensed Client' assert payload.get('service_instance_ref') == INSTANCE_REF From fd89cd0785b482bc8e4e54e7fdc188c09c1c4fd2 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 15 May 2025 10:11:45 +0200 Subject: [PATCH 4/8] fixes --- app/main.py | 2 +- test/main.py | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/main.py b/app/main.py index 3cd3282..5b08b43 100644 --- a/app/main.py +++ b/app/main.py @@ -436,7 +436,7 @@ async def auth_v1_token(request: Request): 'origin_ref': origin_ref, } - auth_token = jwt.encode(new_payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256) + auth_token = jwt.encode(new_payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm='RS256') response = { "auth_token": auth_token, diff --git a/test/main.py b/test/main.py index 041c926..5f1b662 100644 --- a/test/main.py +++ b/test/main.py @@ -230,7 +230,7 @@ def test_auth_v1_code(): response = client.post('/auth/v1/code', json=payload) assert response.status_code == 200 - payload = jwt.get_unverified_claims(token=response.json().get('auth_code')) + payload = jwt.decode(response.json().get('auth_code'), key=my_si_public_key_as_pem, algorithms=['RS256']) assert payload.get('origin_ref') == ORIGIN_REF @@ -247,7 +247,7 @@ def test_auth_v1_token(): "kid": "00000000-0000-0000-0000-000000000000" } payload = { - "auth_code": jwt.encode(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256), + "auth_code": jwt.encode(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm='RS256'), "code_verifier": SECRET, } @@ -255,7 +255,7 @@ def test_auth_v1_token(): assert response.status_code == 200 token = response.json().get('auth_token') - payload = jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False}) + payload = jwt.decode(token, key=jwt_decode_key, algorithms=['RS256'], options={'verify_signature': False}) assert payload.get('origin_ref') == ORIGIN_REF From c0d23e78cdd7b942cafad40c657b462fb148d890 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 15 May 2025 10:14:10 +0200 Subject: [PATCH 5/8] finished migration --- app/main.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/main.py b/app/main.py index 5b08b43..eb31137 100644 --- a/app/main.py +++ b/app/main.py @@ -410,7 +410,7 @@ async def auth_v1_token(request: Request): try: #payload = jwt.decode(token=j.get('auth_code'), key=jwt_decode_key, algorithms=ALGORITHMS.RS256) payload = jwt.decode(jwt=j.get('auth_code'), key=jwt_decode_key, algorithms=['RS256']) - except JWTError as e: + except jwt.PyJWTError as e: response = {'status': 400, 'title': 'invalid token', 'detail': str(e)} return Response(content=json_dumps(response), media_type='application/json', status_code=400) @@ -436,7 +436,7 @@ async def auth_v1_token(request: Request): 'origin_ref': origin_ref, } - auth_token = jwt.encode(new_payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm='RS256') + auth_token = jwt.encode(payload=new_payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm='RS256') response = { "auth_token": auth_token, @@ -477,7 +477,7 @@ async def leasing_v1_config_token(request: Request): # my_jwt_encode_key = jwk.construct(my_si_private_key.pem().decode('utf-8'), algorithm=ALGORITHMS.RS256) # config_token = jws.sign(payload, key=my_jwt_encode_key, headers=None, algorithm=ALGORITHMS.RS256) - config_token = jwt.encode(payload=payload, key=my_si_private_key.pem(), headers=None, algorithm='RS256') + config_token = jwt.encode(payload=payload, key=jwt_encode_key, headers=None, algorithm='RS256') response_ca_chain = my_ca_certificate.pem().decode('utf-8').strip() @@ -708,7 +708,7 @@ async def leasing_v1_lessor_shutdown(request: Request): j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC) token = j.get('token') - token = jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False}) + token = jwt.decode(jwt=token, key=jwt_decode_key, algorithms='RS256', options={'verify_aud': False}) origin_ref = token.get('origin_ref') released_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref))) From 608ec9fb6cd36f1d5491ed37c58b44e2af53a306 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 15 May 2025 10:16:01 +0200 Subject: [PATCH 6/8] fixed pacman dependencies --- .PKGBUILD/PKGBUILD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.PKGBUILD/PKGBUILD b/.PKGBUILD/PKGBUILD index 1c156b9..3ddb289 100644 --- a/.PKGBUILD/PKGBUILD +++ b/.PKGBUILD/PKGBUILD @@ -8,7 +8,7 @@ pkgdesc='NVIDIA DLS server implementation with FastAPI' arch=('any') url='https://git.collinwebdesigns.de/oscar.krause/fastapi-dls' license=('MIT') -depends=('python' 'python-jwt' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-cryptography' 'uvicorn' 'python-markdown' 'openssl') +depends=('python' 'python-pyjwt' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-cryptography' 'uvicorn' 'python-markdown' 'openssl') provider=("$pkgname") install="$pkgname.install" backup=('etc/default/fastapi-dls') From 2065a335718aa9a60477bd14c60d3e212501b37a Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 15 May 2025 10:18:09 +0200 Subject: [PATCH 7/8] fixed debian dependencies --- .DEBIAN/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.DEBIAN/control b/.DEBIAN/control index 488d8be..b0f4067 100644 --- a/.DEBIAN/control +++ b/.DEBIAN/control @@ -2,7 +2,7 @@ Package: fastapi-dls Version: 0.0 Architecture: all Maintainer: Oscar Krause oscar.krause@collinwebdesigns.de -Depends: python3, python3-fastapi, python3-uvicorn, python3-dotenv, python3-dateutil, python3-jose, python3-sqlalchemy, python3-cryptography, python3-markdown, uvicorn, openssl +Depends: python3, python3-fastapi, python3-uvicorn, python3-dotenv, python3-dateutil, python3-jwt, python3-sqlalchemy, python3-cryptography, python3-markdown, uvicorn, openssl Recommends: curl Installed-Size: 10240 Homepage: https://git.collinwebdesigns.de/oscar.krause/fastapi-dls From 3314d6b95efd664d6c06f2ffecbbbf4244f31216 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Mon, 7 Jul 2025 07:40:24 +0200 Subject: [PATCH 8/8] fixed mr conflict --- app/main.py | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/app/main.py b/app/main.py index eb31137..6c9a025 100644 --- a/app/main.py +++ b/app/main.py @@ -5,8 +5,8 @@ from contextlib import asynccontextmanager from datetime import datetime, timedelta, UTC from hashlib import sha256 from json import loads as json_loads, dumps as json_dumps -from os import getenv as env -from os.path import join, dirname +from os import getenv as env, listdir +from os.path import join, dirname, isfile, isdir, exists from textwrap import wrap from uuid import uuid4 @@ -14,6 +14,7 @@ from dateutil.relativedelta import relativedelta from dotenv import load_dotenv from fastapi import FastAPI from fastapi.requests import Request +from fastapi.staticfiles import StaticFiles from fastapi.responses import Response, RedirectResponse, StreamingResponse import jwt from sqlalchemy import create_engine @@ -49,6 +50,7 @@ LEASE_RENEWAL_PERIOD = float(env('LEASE_RENEWAL_PERIOD', 0.15)) LEASE_RENEWAL_DELTA = timedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0))) CLIENT_TOKEN_EXPIRE_DELTA = relativedelta(years=12) CORS_ORIGINS = str(env('CORS_ORIGINS', '')).split(',') if (env('CORS_ORIGINS')) else [f'https://{DLS_URL}'] +DRIVERS_DIR = env('DRIVERS_DIR', None) DT_FORMAT = '%Y-%m-%dT%H:%M:%S.%fZ' PRODUCT_MAPPING = ProductMapping(filename=join(dirname(__file__), 'static/product_mapping.json')) @@ -99,6 +101,9 @@ async def lifespan(_: FastAPI): config = dict(openapi_url=None, docs_url=None, redoc_url=None) # dict(openapi_url='/-/openapi.json', docs_url='/-/docs', redoc_url='/-/redoc') app = FastAPI(title='FastAPI-DLS', description='Minimal Delegated License Service (DLS).', version=VERSION, lifespan=lifespan, **config) +if DRIVERS_DIR is not None: + app.mount('/-/static-drivers', StaticFiles(directory=str(DRIVERS_DIR), html=False), name='drivers') + app.debug = DEBUG app.add_middleware( CORSMiddleware, @@ -207,6 +212,25 @@ async def _manage(request: Request): return Response(response, media_type='text/html', status_code=200) +@app.get('/-/drivers/{directory:path}', summary='* List drivers directory') +async def _drivers(request: Request, directory: str | None): + if DRIVERS_DIR is None: + return Response(status_code=404, content=f'Variable "DRIVERS_DIR" not set.') + + path = join(DRIVERS_DIR, directory) + + if not exists(path) and not isfile(path): + return Response(status_code=404, content=f'Resource "{path}" not found!') + + content = [{ + "type": "file" if isfile(f'{path}/{_}') else "folder" if isdir(f'{path}/{_}') else "unknown", + "name": _, + "link": f'/-/static-drivers/{directory}{_}', + } for _ in listdir(path)] + + return Response(content=json_dumps({"directory": path, "content": content}), media_type='application/json', status_code=200) + + @app.get('/-/origins', summary='* Origins') async def _origins(request: Request, leases: bool = False): session = sessionmaker(bind=db)()