remove hardcoded urls and move it to env (#170)

* remove hardcoded urls and move it to env

* fix minio bucket ssl issue

Author: yuvrajsab

.env.sample

@@ -34,15 +34,17 @@ POSTGRES_HOST=10021
 DATABASE_URL="postgresql://postgresql:yoursupersecret@localhost:10021/templaterdb?schema=public"
 
 # minio
+MINIO_URL=
 MINIO_USER=root
 MINIO_PASSWORD=password
 
 # wkhtmltopdf
 WKHTMLTOPDF="/usr/bin/wkhtmltopdf"
 
 # FA
-MINIO_FA_APPLICATION_ID=
-MINIO_FA_AUTHORIZATION=
+FA_APPLICATION_ID=
+FA_AUTHORIZATION=
+FA_URL=
 
 # Google Client
 GC_CLIENT_ID=

src/pdf/plugins/_doc/external.py

@@ -51,10 +51,12 @@ def upload_file(self):
             drive_file_loc = f'pdf/drivefiles/{self.token}.docx'
             if self.uploader == "minio":
                 host = self.user_config["MINIO_HOST"]
+                isHttps = self.user_config.get("MINIO_IS_HTTPS", False)
                 access_key = self.user_config["MINIO_ACCESS_KEY"]
                 secret_key = self.user_config["MINIO_SECRET_KEY"]
                 bucket_name = self.user_config["MINIO_BUCKET_NAME"]
-                uploader = MinioUploader(host, access_key, secret_key, bucket_name)
+                cred_expiry_duration = self.user_config.get("MINIO_CREDENTIAL_EXPIRY_DURATION")
+                uploader = MinioUploader(host, access_key, secret_key, bucket_name, cred_expiry_duration, isHttps)
                 error_code, error_msg, final_data = uploader.put(f'{self.token}.docx', f'{self.token}.docx', None)
                 if error_code is None:
                     if os.path.exists(drive_file_loc):
@@ -69,4 +71,4 @@ def upload_file(self):
             error_code = 805
             error_msg = f"Something went wrong: {e}"
         finally:
-            return error_code, error_msg, final_data
+            return error_code, error_msg, final_data

src/pdf/plugins/_html/external.py

@@ -36,10 +36,12 @@ def upload_file(self):
             drive_file_loc = f'pdf/drivefiles/{self.token}.html'
             if self.uploader == "minio":
                 host = self.user_config["MINIO_HOST"]
+                isHttps = self.user_config.get("MINIO_IS_HTTPS", False)
                 access_key = self.user_config["MINIO_ACCESS_KEY"]
                 secret_key = self.user_config["MINIO_SECRET_KEY"]
                 bucket_name = self.user_config["MINIO_BUCKET_NAME"]
-                uploader = MinioUploader(host, access_key, secret_key, bucket_name)
+                cred_expiry_duration = self.user_config.get("MINIO_CREDENTIAL_EXPIRY_DURATION")
+                uploader = MinioUploader(host, access_key, secret_key, bucket_name, cred_expiry_duration, isHttps)
                 error_code, error_msg, final_data = uploader.put(f'{self.token}.html', f'{self.token}.html', None)
                 if error_code is None:
                     if os.path.exists(drive_file_loc):
@@ -54,4 +56,4 @@ def upload_file(self):
             error_code = 805
             error_msg = f"Something went wrong: {e}"
         finally:
-            return error_code, error_msg, final_data
+            return error_code, error_msg, final_data

src/pdf/plugins/_pdf/external.py

@@ -135,11 +135,13 @@ def upload_file(self):
             drive_file_loc = f'pdf/drivefiles/{self.token}.pdf'
             if self.uploader == "minio":
                 host = self.user_config["MINIO_HOST"]
+                isHttps = self.user_config.get("MINIO_IS_HTTPS", False)
                 access_key = self.user_config["MINIO_ACCESS_KEY"]
                 secret_key = self.user_config["MINIO_SECRET_KEY"]
                 bucket_name = self.user_config["MINIO_BUCKET_NAME"]
+                cred_expiry_duration = self.user_config.get("MINIO_CREDENTIAL_EXPIRY_DURATION")
                 uploader = MinioUploader(
-                    host, access_key, secret_key, bucket_name)
+                    host, access_key, secret_key, bucket_name, cred_expiry_duration, isHttps)
                 error_code, error_msg, final_data = uploader.put(
                     f'{self.token}.pdf', f'{self.token}.pdf', None)
                 if error_code is None:

src/pdf/plugins/_template/external.py

@@ -93,10 +93,12 @@ def upload_file(self):
             drive_file_loc = f'pdf/drivefiles/{self.token}.pdf'
             if self.uploader == "minio":
                 host = self.user_config["MINIO_HOST"]
+                isHttps = self.user_config.get("MINIO_IS_HTTPS", False)
                 access_key = self.user_config["MINIO_ACCESS_KEY"]
                 secret_key = self.user_config["MINIO_SECRET_KEY"]
                 bucket_name = self.user_config["MINIO_BUCKET_NAME"]
-                uploader = MinioUploader(host, access_key, secret_key, bucket_name)
+                cred_expiry_duration = self.user_config.get("MINIO_CREDENTIAL_EXPIRY_DURATION")
+                uploader = MinioUploader(host, access_key, secret_key, bucket_name, cred_expiry_duration, isHttps)
                 error_code, error_msg, final_data = uploader.put(f'{self.token}.pdf', f'{self.token}.pdf', None)
                 if error_code is None:
                     if os.path.exists(drive_file_loc):

src/pdf/uploaders/minio.py

@@ -21,13 +21,13 @@ def get_fa_token(username, password):
         body = json.dumps({
             "loginId": f"{username}",
             "password": f"{password}",
-            "applicationId": os.getenv('MINIO_FA_APPLICATION_ID')
+            "applicationId": os.getenv('FA_APPLICATION_ID')
         })
         headers = {
             'Content-Type': 'application/json',
-            'Authorization': os.getenv('MINIO_FA_AUTHORIZATION')
+            'Authorization': os.getenv('FA_AUTHORIZATION')
         }
-        response = requests.post("http://auth.samagra.io:9011/api/login", data=body, headers=headers)
+        response = requests.post(f"{os.getenv('FA_URL')}/api/login", data=body, headers=headers)
         response.raise_for_status()
         resp = response.json()
         if 'token' in resp:
@@ -41,12 +41,12 @@ def get_fa_token(username, password):
         return token
 
 
-def get_minio_cred(username, password, bucket_name):
+def get_minio_cred(username, password, bucket_name, cred_expiry_duration=36000):
     access_key = secret_key = session_token = None
     try:
         token = get_fa_token(username, password)
         if token is not None:
-            minio_url = f"https://cdn.samagra.io/minio/{bucket_name}/?Action=AssumeRoleWithWebIdentity&DurationSeconds=36000&WebIdentityToken={token}&Version=2011-06-15"
+            minio_url = f"{os.getenv('MINIO_URL')}/{bucket_name}/?Action=AssumeRoleWithWebIdentity&DurationSeconds={cred_expiry_duration}&WebIdentityToken={token}&Version=2011-06-15"
             response = requests.post(minio_url)
             response.raise_for_status()
             resp = response.text
@@ -71,14 +71,17 @@ def get_minio_cred(username, password, bucket_name):
 
 class MinioUploader(implements(Uploader)):
 
-    def __init__(self, host, username, password, bucket_name):
+    def __init__(self, host, username, password, bucket_name, cred_expiry_duration, isHttps=False):
         self.host = host
         self.bucket_name = bucket_name
         # Get the logger specified in the file
         self.logger = logging.getLogger()
         # Create a client with the MinIO, its access key and secret key.
-        access_key, secret_key, session_token = get_minio_cred(username, password, bucket_name)
-        self.client = Minio(host, access_key=access_key, secret_key=secret_key, session_token=session_token)
+        if cred_expiry_duration:
+            access_key, secret_key, session_token = get_minio_cred(username, password, bucket_name, cred_expiry_duration)
+        else:
+            access_key, secret_key, session_token = get_minio_cred(username, password, bucket_name)
+        self.client = Minio(host, access_key=access_key, secret_key=secret_key, session_token=session_token, secure=isHttps)
 
     def put(self, file_name, object_name, expires):
         error_code = error_msg = None
@@ -139,4 +142,4 @@ def get_object(self, object_name):
         pass
 
     def get_public_url(self, file_name):
-        return f"https://{self.host}/{self.bucket_name}/{file_name}"
+        return f"{'https' if self.client._base_url.is_https else 'http'}://{self.host}/{self.bucket_name}/{file_name}"