Merge of main and partial implementation of REST API for MFA

Author: Tyler Gonsalves

.github/workflows/codeql.yml

@@ -0,0 +1,98 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '24 21 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: python
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Add any setup steps before running the `github/codeql-action/init` action.
+    # This includes steps like installing compilers or runtimes (`actions/setup-node`
+    # or others). This is typically only required for manual builds.
+    # - name: Setup runtime (example)
+    #   uses: actions/setup-example@v1
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # If the analyze step fails for one of the languages you are analyzing with
+    # "We were unable to automatically build your code", modify the matrix above
+    # to set the build mode to "manual" for that language. Then modify this step
+    # to build your code.
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    - if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        echo 'If you are using a "manual" build mode for one or more of the' \
+          'languages you are analyzing, replace this with the commands to build' \
+          'your code, for example:'
+        echo '  make bootstrap'
+        echo '  make release'
+        exit 1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

code/.env.example

@@ -1,9 +1,46 @@
-DJANGO_SECRET_KEY= 
-DJANGO_ALLOWED_HOSTS=localhost 127.0.0.1 [::1]
-
-EMAIL_BACKEND=django.core.mail.backends.smtp.EmailBackend
-EMAIL_HOST=smtp.gmail.com
-EMAIL_PORT=587
-EMAIL_USE_TLS=True
-EMAIL_HOST_USER=email@gmail.com
-EMAIL_HOST_PASSWORD=app_password
+# Gunicorn Configuration
+GUNICORN_PORT=8000
+GUNICORN_WORKERS=2
+GUNICORN_TIMEOUT=60
+GUNICORN_LOG_LEVEL=info
+
+# Django Security
+DJANGO_SECRET_KEY=''
+DJANGO_DEBUG=false
+DJANGO_ALLOWED_HOSTS=127.0.0.1,localhost,localhost:8080
+DJANGO_CSRF_TRUSTED_ORIGINS=http://127.0.0.1,http://localhost,http://localhost:8080
+
+# Database
+SQL_ENGINE=django.db.backends.sqlite3
+SQL_DATABASE=db.sqlite3
+DJANGO_SQLITE_DIR=/sqlite
+
+# API Configuration
+REACT_APP_API_URL=http://127.0.0.1:8080/api
+
+# Localization
+DJANGO_LANGUAGE_CODE=en-us
+DJANGO_TIME_ZONE=UTC
+
+# Email Configuration - Gmail
+DJANGO_EMAIL_BACKEND=django.core.mail.backends.smtp.EmailBackend
+DJANGO_EMAIL_HOST=smtp.gmail.com
+DJANGO_EMAIL_PORT=587
+DJANGO_EMAIL_USE_TLS=true
+DJANGO_EMAIL_USE_SSL=false
+DJANGO_EMAIL_HOST_USER=email@gmail.com
+DJANGO_EMAIL_HOST_PASSWORD=
+DJANGO_DEFAULT_FROM_EMAIL=MyMedic <email@gmail.com>
+
+# Default Email Settings
+DJANGO_SERVER_EMAIL=email@gmail.com
+
+# Project Configuration
+PROJECT_NAME=mymedic
+
+# Admin Configuration
+DJANGO_ADMIN_NAME=Admin
+DJANGO_ADMIN_EMAIL=email@gmail.com
+DJANGO_SUPERUSER_USERNAME=admin
+DJANGO_SUPERUSER_EMAIL=admin@admin.com
+DJANGO_SUPERUSER_PASSWORD=admin

code/Dockerfile

@@ -1,66 +1,26 @@
-FROM python:3.13-alpine AS base
+FROM python:3.13-alpine
 
-FROM base AS builder
+RUN apk update \
+ && apk add --no-cache \
+      gcc musl-dev python3-dev libffi-dev openssl-dev \
+      nginx su-exec
 
-RUN apk update && apk --no-cache add python3-dev libpq-dev && mkdir /install
-WORKDIR /install
-COPY requirements.txt ./
-RUN pip install --no-cache-dir --prefix=/install -r ./requirements.txt
+RUN mkdir -p /usr/src/mymedic /sqlite /var/run/nginx
+WORKDIR /usr/src/mymedic
 
-FROM base
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
 
-ARG USER=user
-ARG USER_UID=1001
-ARG PROJECT_NAME=mymedic
-ARG GUNICORN_PORT=8000
-ARG GUNICORN_WORKERS=2
-# the value is in seconds
-ARG GUNICORN_TIMEOUT=60
-ARG GUNICORN_LOG_LEVEL=info
-ARG DJANGO_BASE_DIR=/usr/src/$PROJECT_NAME
-ARG DJANGO_STATIC_ROOT=/var/www/static
-ARG DJANGO_MEDIA_ROOT=/var/www/media
-ARG DJANGO_SQLITE_DIR=/sqlite
+COPY . .
 
-# if no superuser (currently: Admin, Admin, indhhra@bu.edu)
-ARG DJANGO_SUPERUSER_USERNAME=admin
-ARG DJANGO_SUPERUSER_PASSWORD=admin
-ARG DJANGO_SUPERUSER_EMAIL=admin@example.com
-ARG DJANGO_DEV_SERVER_PORT=8000
+COPY nginx.conf /etc/nginx/nginx.conf
 
+RUN adduser -D -u 1001 user \
+ && chown -R user:user /usr/src/mymedic /sqlite \
+ && chmod +x /usr/src/mymedic/docker-entrypoint.sh \
+              /usr/src/mymedic/docker-cmd.sh
 
-ENV \
-	USER=$USER \
-	USER_UID=$USER_UID \
-	PROJECT_NAME=$PROJECT_NAME \
-	GUNICORN_PORT=$GUNICORN_PORT \
-	GUNICORN_WORKERS=$GUNICORN_WORKERS \
-	GUNICORN_TIMEOUT=$GUNICORN_TIMEOUT \
-	GUNICORN_LOG_LEVEL=$GUNICORN_LOG_LEVEL \
-	DJANGO_BASE_DIR=$DJANGO_BASE_DIR \
-	DJANGO_STATIC_ROOT=$DJANGO_STATIC_ROOT \
-	DJANGO_MEDIA_ROOT=$DJANGO_MEDIA_ROOT \
-	DJANGO_SQLITE_DIR=$DJANGO_SQLITE_DIR \
-	DJANGO_SUPERUSER_USERNAME=$DJANGO_SUPERUSER_USERNAME \
-	DJANGO_SUPERUSER_PASSWORD=$DJANGO_SUPERUSER_PASSWORD \
-	DJANGO_SUPERUSER_EMAIL=$DJANGO_SUPERUSER_EMAIL \
-	DJANGO_DEV_SERVER_PORT=$DJANGO_DEV_SERVER_PORT
+EXPOSE 80 8000
 
-COPY --from=builder /install /usr/local
-COPY docker-entrypoint.sh /
-COPY docker-cmd.sh /
-COPY $PROJECT_NAME $DJANGO_BASE_DIR
-
-# User
-RUN chmod +x /docker-entrypoint.sh /docker-cmd.sh && \
-    apk --no-cache add su-exec libpq-dev && \
-    mkdir -p $DJANGO_STATIC_ROOT $DJANGO_MEDIA_ROOT $DJANGO_SQLITE_DIR && \
-    adduser -s /bin/sh -D -u $USER_UID $USER && \
-    chown -R $USER:$USER $DJANGO_BASE_DIR $DJANGO_STATIC_ROOT $DJANGO_MEDIA_ROOT $DJANGO_SQLITE_DIR
-
-WORKDIR $DJANGO_BASE_DIR
-
-RUN python manage.py collectstatic --noinput && \
-	python manage.py makemigrations && \
-	python manage.py migrate && \
-	python manage.py createsuperuser --noinput
+ENTRYPOINT ["/usr/src/mymedic/docker-entrypoint.sh"]
+CMD ["/usr/src/mymedic/docker-cmd.sh"]

code/Readme.md

@@ -17,33 +17,31 @@ cp .env.example .env
 ```
 
 Edit `.env` and add a DJANGO_SECRET_KEY generated from [Django Secret Key Generator](https://djecrety.ir/).
----
-
-### 3. Build the Docker Image
-
-```bash
-docker build -t mymedic .
-```
+Add the email and app passwords for the Gmail account.
 
 ---
 
-### 4. Run the Server
+### 3. Run the Server
+
+If Docker gives an error about permissions for executing docker-cmd or docker-entrypoint, run the following command to fix it:
 
-#### Running Tests
 ```bash
-docker run --rm mymedic pytest -v tests/
+chmod +x docker-cmd.sh
+chmod +x docker-entrypoint.sh
 ```
 
-#### Run in Development Mode
+#### Run in Production Mode
 
 ```bash
-docker compose -f docker-compose-dev.yml up -d
+docker compose up --build --force-recreate
 ```
 
-#### Run in Production Mode
+This binds the local website code into the container and serves it at `http://localhost:8080`.
+
+#### To remove old containers and images, run:
 
 ```bash
-docker compose up -d
+docker compose down -v --remove-orphans
 ```
 
-This binds the local website code into the container and serves it at `http://127.0.0.1:8080`.
+---

code/docker-cmd.sh

@@ -1,14 +1,34 @@
+#!/bin/sh
+set -e
+
+MANAGE_PY=$(find / -type f -name manage.py -print -quit)
+if [ -z "$MANAGE_PY" ]; then
+  echo "Error: manage.py not found under /" >&2
+  exit 1
+fi
+cd "$(dirname "$MANAGE_PY")"
+
+su-exec "$USER" python manage.py migrate --noinput
+
 su-exec "$USER" python manage.py collectstatic --noinput
 
-USER_EXISTS="from django.contrib.auth import get_user_model; User = get_user_model(); exit(User.objects.exists())"
-su-exec "$USER" python manage.py shell -c "$USER_EXISTS" && su-exec "$USER" python manage.py createsuperuser --noinput
+USER_EXISTS_CMD="from django.contrib.auth import get_user_model; U = get_user_model(); exit(0) if U.objects.exists() else exit(1)"
+if su-exec "$USER" python manage.py shell -c "$USER_EXISTS_CMD"; then
+  echo "Superuser already exists"
+else
+  su-exec "$USER" python manage.py createsuperuser --noinput \
+    --username "$DJANGO_SUPERUSER_USERNAME" \
+    --email "$DJANGO_SUPERUSER_EMAIL"
+fi
+
+nginx
 
 if [ "$1" = "--debug" ]; then
-  exec su-exec "$USER" python manage.py runserver "0.0.0.0:$DJANGO_DEV_SERVER_PORT"
+  exec su-exec "$USER" python manage.py runserver "0.0.0.0:${DJANGO_DEV_SERVER_PORT:-8000}"
 else
-  exec su-exec "$USER" gunicorn "$PROJECT_NAME.wsgi:application" \
-    --bind "0.0.0.0:$GUNICORN_PORT" \
-    --workers "$GUNICORN_WORKERS" \
-    --timeout "$GUNICORN_TIMEOUT" \
-    --log-level "$GUNICORN_LOG_LEVEL"
+  exec su-exec "$USER" gunicorn "${PROJECT_NAME}.wsgi:application" \
+       --bind "0.0.0.0:${GUNICORN_PORT:-8000}" \
+       --workers "${GUNICORN_WORKERS:-3}" \
+       --timeout "${GUNICORN_TIMEOUT:-30}" \
+       --log-level "${GUNICORN_LOG_LEVEL:-info}"
 fi