Implement an intitial server based on flask.

Do the core work necessary to have a first response served to a GET
request and some basic wiring to allow submission of JSON via POST.

CHECKPOINT: running coreapi server

overrides? not yet sure why this was needed

Implement a user creation endpoint in the server.

Back a POST handler onto the refactored createuser functionality file which
exposes a function that can be invoked programatically with a configuration.

Split out the response data decoding chunk.

axe depedency pn reworkings on userapi

fixups - move closer to the server working without createuser changes

Implement finding users by email address.

Author: albu-diku

mig/services/__init__.py

@@ -0,0 +1 @@
+from mig.services.coreapi.server import ThreadedApiHttpServer, _create_and_expose_server

mig/services/coreapi/__init__.py

@@ -0,0 +1,30 @@
+from argparse import ArgumentError
+from getopt import getopt
+import sys
+
+from mig.shared.conf import get_configuration_object
+from mig.services.coreapi.server import main as server_main
+
+
+def _getopt_opts_to_options(opts):
+    options = {}
+    for k, v in opts:
+        options[k[1:]] = v
+    return options
+
+
+def _required_argument_error(option, argument_name):
+    raise ArgumentError(None, 'Missing required argument: %s %s' %
+                        (option, argument_name.upper()))
+
+
+if __name__ == '__main__':
+    (opts, args) = getopt(sys.argv[1:], 'c:')
+    opts_dict = _getopt_opts_to_options(opts)
+
+    if 'c' not in opts_dict:
+        raise _required_argument_error('-c', 'config_file')
+
+    configuration = get_configuration_object(opts_dict['c'],
+                                             skip_log=True, disable_auth_log=True)
+    server_main(configuration)

mig/services/coreapi/__main__.py

@@ -0,0 +1,314 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# --- BEGIN_HEADER ---
+#
+# mig/services/coreapi/server - coreapi service server internals
+# Copyright (C) 2003-2025  The MiG Project by the Science HPC Center at UCPH
+#
+# This file is part of MiG.
+#
+# MiG is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# MiG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# -- END_HEADER ---
+#
+
+
+"""HTTP server parts of the coreapi service."""
+
+from __future__ import print_function
+from __future__ import absolute_import
+
+from http.server import HTTPServer, BaseHTTPRequestHandler
+from socketserver import ThreadingMixIn
+
+import base64
+from collections import defaultdict, namedtuple
+from flask import Flask, request, Response
+import os
+import sys
+import threading
+import time
+import werkzeug.exceptions as httpexceptions
+from wsgiref.simple_server import WSGIRequestHandler
+
+from mig.shared.base import canonical_user, keyword_auto, force_native_str_rec
+from mig.shared.useradm import fill_user, \
+    create_user as useradm_create_user, search_users as useradm_search_users
+from mig.shared.userdb import default_db_path
+
+
+httpexceptions_by_code = {
+    exc.code: exc for exc in httpexceptions.__dict__.values() if hasattr(exc, 'code')}
+
+
+def http_error_from_status_code(http_status_code, http_url, description=None):
+    return httpexceptions_by_code[http_status_code](description)
+
+
+class ValidationReport(RuntimeError):
+    def __init__(self, errors_by_field):
+        self.errors_by_field = errors_by_field
+
+    def serialize(self, output_format='text'):
+        if output_format == 'json':
+            return dict(errors=self.errors_by_field)
+        else:
+            lines = ["- %s: required %s" %
+                     (k, v) for k, v in self.errors_by_field.items()]
+            lines.insert(0, '')
+            return 'payload failed to validate:%s' % ('\n'.join(lines),)
+
+
+def _create_user(user_dict, conf_path, **kwargs):
+    try:
+        useradm_create_user(user_dict, conf_path, keyword_auto, **kwargs)
+    except Exception as exc:
+        return 1
+    return 0
+
+
+def _define_payload(payload_name, payload_fields):
+    class Payload(namedtuple('PostUserArgs', payload_fields)):
+        def keys(self):
+            return Payload._fields
+
+        def items(self):
+            return self._asdict().items()
+
+    Payload.__name__ = payload_name
+
+    return Payload
+
+
+def _is_not_none(value):
+    """value is not None"""
+    return value is not None
+
+
+def _is_string_and_non_empty(value):
+    """value is a non-empty string"""
+    return isinstance(value, str) and len(value) > 0
+
+
+_REQUEST_ARGS_POST_USER = _define_payload('PostUserArgs', [
+    'full_name',
+    'organization',
+    'state',
+    'country',
+    'email',
+    'comment',
+    'password',
+])
+
+
+_REQUEST_ARGS_POST_USER._validators = defaultdict(lambda: _is_not_none, dict(
+    full_name=_is_string_and_non_empty,
+    organization=_is_string_and_non_empty,
+    state=_is_string_and_non_empty,
+    country=_is_string_and_non_empty,
+    email=_is_string_and_non_empty,
+    comment=_is_string_and_non_empty,
+    password=_is_string_and_non_empty,
+))
+
+
+def search_users(configuration, search_filter):
+    _, hits = useradm_search_users(search_filter, configuration, keyword_auto)
+    return list((obj for _, obj in hits))
+
+
+def validate_payload(definition, payload):
+    args = definition(*[payload.get(field, None)
+                      for field in definition._fields])
+
+    errors_by_field = {}
+    for field_name, field_value in args._asdict().items():
+        validator_fn = definition._validators[field_name]
+        if not validator_fn(field_value):
+            errors_by_field[field_name] = validator_fn.__doc__
+    if errors_by_field:
+        raise ValidationReport(errors_by_field)
+    else:
+        return args
+
+
+def _create_and_expose_server(server, configuration):
+    app = Flask('coreapi')
+
+    @app.get('/user')
+    def GET_user():
+        raise http_error_from_status_code(400, None)
+
+    @app.get('/user/<username>')
+    def GET_user_username(username):
+        return 'FOOBAR'
+
+    @app.get('/user/find')
+    def GET_user_find():
+        query_params = request.args
+
+        objects = search_users(configuration, {
+            'email': query_params['email']
+        })
+
+        if len(objects) != 1:
+            raise http_error_from_status_code(404, None)
+
+        return dict(objects=objects)
+
+    @app.post('/user')
+    def POST_user():
+        payload = request.get_json()
+
+        try:
+            validated = validate_payload(_REQUEST_ARGS_POST_USER, payload)
+        except ValidationReport as vr:
+            return http_error_from_status_code(400, None, vr.serialize())
+
+        user_dict = canonical_user(
+            configuration, validated, _REQUEST_ARGS_POST_USER._fields)
+        fill_user(user_dict)
+        force_native_str_rec(user_dict)
+
+        ret = _create_user(user_dict, configuration, default_renew=True)
+        if ret != 0:
+            raise http_error_from_status_code(400, None)
+
+        greeting = 'hello client!'
+        return Response(greeting, 201)
+
+    return app
+
+
+class ApiHttpServer(HTTPServer):
+    """
+    http(s) server that contains a reference to an OpenID Server and
+    knows its base URL.
+    Extended to fork on requests to avoid one slow or broken login stalling
+    the rest.
+    """
+
+    def __init__(self, configuration, logger=None, host=None, port=None, **kwargs):
+        self.configuration = configuration
+        self.logger = logger if logger else configuration.logger
+        self.server_app = None
+        self._on_start = kwargs.pop('on_start', lambda _: None)
+
+        addr = (host, port)
+        HTTPServer.__init__(self, addr, ApiHttpRequestHandler, **kwargs)
+
+    @property
+    def base_environ(self):
+        return {}
+
+    def get_app(self):
+        return self.server_app
+
+    def server_activate(self):
+        HTTPServer.server_activate(self)
+        self._on_start(self)
+
+
+class ThreadedApiHttpServer(ThreadingMixIn, ApiHttpServer):
+    """Multi-threaded version of the ApiHttpServer"""
+
+    @property
+    def base_url(self):
+        proto = 'http'
+        return '%s://%s:%d/' % (proto, self.server_name, self.server_port)
+
+
+class ApiHttpRequestHandler(WSGIRequestHandler):
+    """TODO: docstring"""
+
+    def __init__(self, socket, addr, server, **kwargs):
+        self.server = server
+
+        # NOTE: drop idle clients after N seconds to clean stale connections.
+        #       Does NOT include clients that connect and do nothing at all :-(
+        self.timeout = 120
+
+        self._http_url = None
+        self.parsed_uri = None
+        self.path_parts = None
+        self.retry_url = ''
+
+        WSGIRequestHandler.__init__(self, socket, addr, server, **kwargs)
+
+    @property
+    def configuration(self):
+        return self.server.configuration
+
+    @property
+    def daemon_conf(self):
+        return self.server.configuration.daemon_conf
+
+    @property
+    def logger(self):
+        return self.server.logger
+
+
+def start_service(configuration, host=None, port=None):
+    assert host is not None, "required kwarg: host"
+    assert port is not None, "required kwarg: port"
+
+    logger = configuration.logger
+
+    def _on_start(server, *args, **kwargs):
+        server.server_app = _create_and_expose_server(
+            None, server.configuration)
+
+    httpserver = ThreadedApiHttpServer(
+        configuration, host=host, port=port, on_start=_on_start)
+
+    serve_msg = 'Server running at: %s' % httpserver.base_url
+    logger.info(serve_msg)
+    print(serve_msg)
+    while True:
+        logger.debug('handle next request')
+        httpserver.handle_request()
+        logger.debug('done handling request')
+        httpserver.expire_volatile()
+
+
+def main(configuration=None):
+    if not configuration:
+        # Force no log init since we use separate logger
+        configuration = get_configuration_object(skip_log=True)
+
+    logger = configuration.logger
+
+    # Allow e.g. logrotate to force log re-open after rotates
+    register_hangup_handler(configuration)
+
+    # FIXME:
+    host = 'localhost'  # configuration.user_openid_address
+    port = 5555            # configuration.user_openid_port
+    server_address = (host, port)
+
+    info_msg = "Starting coreapi..."
+    logger.info(info_msg)
+    print(info_msg)
+
+    try:
+        start_service(configuration, host=host, port=port)
+    except KeyboardInterrupt:
+        info_msg = "Received user interrupt"
+        logger.info(info_msg)
+        print(info_msg)
+    info_msg = "Leaving with no more workers active"
+    logger.info(info_msg)
+    print(info_msg)

mig/services/coreapi/server.py

@@ -2265,7 +2265,9 @@ def search_users(search_filter, conf_path, db_path,
     fnmatch for.
     """
 
-    if conf_path:
+    if isinstance(conf_path, Configuration):
+        configuration = conf_path
+    elif conf_path:
         if isinstance(conf_path, basestring):
             configuration = Configuration(conf_path)
         else:

mig/shared/useradm.py

@@ -1,5 +1,6 @@
 # migrid core dependencies on a format suitable for pip install as described on
 # https://pip.pypa.io/en/stable/reference/requirement-specifiers/
+flask
 future
 # NOTE: python-3.6 and earlier versions require older pyotp, whereas 3.7+
 #       should work with any modern version. We tested 2.9.0 to work.