Add dev to testing

.gitattributes

@@ -0,0 +1,6 @@
+*.py linguist-language=Python
+*.sh linguist-language=Shell
+*.sql linguist-language=SQL
+*.Dockerfile linguist-language=Dockerfile
+*.yaml linguist-language=YAML
+*.md linguist-language=Markdown

.github/CODEOWNERS

@@ -0,0 +1 @@
+** @the-cs-nerds/library-devs

.gitignore

@@ -3,4 +3,7 @@ logs/**
 config/*.yaml
 !config/example*
 secrets/
-*/__pycache__/**
+*/__pycache__/**
+Python-3.13.5/**
+Python-3.13.5.tgz
+Python3.13-Portable-Image/**

compose.yaml

@@ -15,10 +15,9 @@
 #    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 # Docker Compose configuration
-
 services:
   frontend:
-    entrypoint: ["docker-entrypoint.sh"] # Frontend webapp
+
     container_name: frontend
     #image: library-system/frontend
     build: 
@@ -28,14 +27,14 @@ services:
       - "443:443" # HTTPS traffic for serving webapp
     networks:
       - backend
-      - casdoor
+      - logto
     restart: unless-stopped
     depends_on:
       backend:
         condition: service_started
     command: ["python","/src/__main__.py"]
   backend: # Backend
-    entrypoint: ["docker-entrypoint.sh"]
+
     container_name: backend
     #image: library-system/backend
     build: 
@@ -44,53 +43,63 @@ services:
     networks:
       - backend
       - db
-      - casdoor
     restart: unless-stopped
     environment:
       DB_HOST: db
       DB_PORT: 5432
     command: ["python","/src/__main__.py"]
-    secrets:
-      - db_pass
     depends_on:
       db:
         condition: service_healthy
+    ports:
+      - "8000:8000"
   db: # Database
+    # entrypoint: ['docker-entrypoint.sh']
     image: postgres:17.5-alpine3.21  # Using alpine Postgres image
+    container_name: db
     networks:
       - db
     restart: unless-stopped
     volumes:
       - pgdata:/var/lib/postgresql/data
       - db-init:/docker-entrypoint-initdb.d:ro # Init scripts for postgres
     environment:
-      POSTGRES_USER:     library
-      POSTGRES_PASSWORD_FILE: /run/secrets/db_pass   
+      POSTGRES_USER:     library  
+      POSTGRES_PASSWORD: ${DB_PASS}
       POSTGRES_DB:       library
 
-    secrets:
-      - db_pass
-      - casbin_login_pass
-
     healthcheck:
       test: ["CMD", "pg_isready", "-U", "library"]
       interval: 10s
       retries: 5
-  casdoor:
-    image: casbin/casdoor:v1.960.0
+
+  logto:
+    depends_on:
+      db:
+        condition: service_healthy
+    image: svhd/logto:${TAG-latest}
+    entrypoint: ["sh", "-c", "npm run cli db seed -- --swe && npm start"]
+    ports:
+      - 3001:3001
+      - 3002:3002
+    environment:
+      - TRUST_PROXY_HEADER=1
+      - DB_URL=postgres://library:$DB_PASS@db:5432/library
+      - NODE_ENV=test
+      - PORT=3001
+      - ADMIN_PORT=3002
+      - ADMIN_ENDPOINT=http://localhost:3002
     networks:
-      - casdoor
+      - db
+      - logto
     restart: unless-stopped
-    depends_on:
-      backend:
-        condition: service_started
 
-networks:
-  backend:
+networks: # Frontend and DB MUST NEVER be on the same network.
+  backend: # For all containers that must communicate with backend. MUST include backend.
     driver: bridge
-  db:
+  db: # For all containers that must communicate with the database. MUST include db. CANNOT include frontend.
     driver: bridge
-  casdoor:
+  logto:
     driver: bridge
 
 volumes:
@@ -99,6 +108,6 @@ volumes:
 
 secrets:
   casbin_login_pass:
-    file: ./secrets/casbin_login_pass.txt
+    environment: CASBIN_LOGIN_PASS
   db_pass:
-    file: ./secrets/db_pass.txt
+    environment: DB_PASS

db-init/0_roles.sql

@@ -18,10 +18,12 @@
 
 -- Create casbin role
 CREATE ROLE casbin NOLOGIN;
-CREATE ROLE casbin_login LOGIN PASSWORD 'SUBSTITUTE_PASSWORD';
+CREATE ROLE casbin_login LOGIN PASSWORD :casbin_login_pass;
 GRANT casbin TO casbin_login;
 
 -- Create server admin, write and read roles
 CREATE ROLE server_admin LOGIN PASSWORD 'SUBSTITUTE_PASSWORD';
 CREATE ROLE server_write LOGIN PASSWORD 'SUBSTITUTE_PASSWORD';
-CREATE ROLE server_read LOGIN PASSWORD 'SUBSTITUTE_PASSWORD';
+CREATE ROLE server_read LOGIN PASSWORD 'SUBSTITUTE_PASSWORD';
+
+CREATE ROLE zitadel LOGIN PASSWORD 'zitadel';

db-init/1_tables.sql

@@ -16,7 +16,7 @@
 #    along with this program.  If not, see <https://www.gnu.org/licenses/>. */
 
 CREATE TABLE IF NOT EXISTS books ( -- Needs to be updated in future
-    id          BIGINT GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
+    id          UUID PRIMARY KEY,
     isbn        TEXT UNIQUE NOT NULL,
     title       TEXT NOT NULL,
     author      TEXT NOT NULL,
@@ -25,11 +25,19 @@ CREATE TABLE IF NOT EXISTS books ( -- Needs to be updated in future
 );
 
 CREATE TABLE IF NOT EXISTS loans ( -- Needs to be updated in future
-    id            BIGINT GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
+    id            UUID PRIMARY KEY,
     isbn          TEXT      NOT NULL REFERENCES books(isbn)       ON UPDATE CASCADE,
     student_id    CHAR(4)   NOT NULL REFERENCES users(student_id) ON UPDATE CASCADE,
     borrowed_at   TIMESTAMPTZ    DEFAULT now(),
     due_at        DATE           NOT NULL,
     returned_at   TIMESTAMPTZ
 );
 
+CREATE TABLE IF NOT EXISTS users (
+  id UUID PRIMARY KEY,
+  forename TEXT NOT NULL,
+  surname TEXT NOT NULL,
+  student_id INTEGER NOT NULL
+  email TEXT NOT NULL UNIQUE,
+  role TEXT NOT NULL,
+);

dbKeyGen.py

@@ -16,11 +16,25 @@
 
 from secrets import token_urlsafe
 import os
+from argparse import ArgumentParser
 
-os.makedirs("secrets", exist_ok=True)
+parser = ArgumentParser()
+parser.add_argument("--keys",action='extend',nargs='+')
+parser.add_argument("--print",action='store_true')
+if parser.parse_args().print:
+    os.makedirs("secrets", exist_ok=True)
+if 'db' in parser.parse_args().keys:
+    if parser.parse_args().print:
+        print(token_urlsafe(512))
+    else:
+        with open("secrets/db_pass.txt", "w") as f:
+            f.write(token_urlsafe(512))
+        os.remove("secrets/db_pass.txt")
 
-with open("secrets/db_pass.txt", "w") as f:
-    f.write(token_urlsafe(512))
-
-with open("secrets/casbin_login_pass.txt", "w") as f:
-    f.write(token_urlsafe(512))
+if 'auth' in parser.parse_args().keys:
+    if parser.parse_args().print:
+        print(token_urlsafe(512))
+    else:
+        with open("secrets/casbin_login_pass.txt", "w") as f:
+            f.write(token_urlsafe(512))
+        os.remove("secrets/casbin_login_pass.txt")

launch.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+export DB_PASS=`python3 dbKeyGen.py --keys db --print`
+export CASBIN_LOGIN_PASS=`python3 dbKeyGen.py --keys auth --print`
+if [ $1 = "--kill" ]; then
+  docker compose down
+  docker system prune --force
+  exit 0
+else
+  docker compose up --build $1
+fi
+unset DB_PASS
+unset CASBIN_LOGIN_PASS

src/backend/auth/policy.csv

@@ -3,5 +3,6 @@ p,librarian,books,book,delete,True
 p,librarian,loans,loan,add,True
 p,librarian,loans,loan,delete,True
 p,student,books,book,read,True
+p,*,books,book,read,False
 p,admin,*,*,*,True
 g,000000,0000,admin,admin,root

src/backend/auth/policySetup.py

@@ -36,7 +36,6 @@
 DSN = f"postgresql+psycopg://{"casbin_login"}:{os.environ["CASBIN_LOGIN_PASS"]}@{os.environ["DB_HOST"]}:{os.environ["DB_PORT"]}/{os.environ["DB_NAME"]}"
 
 engine  = create_engine(DSN, future=True)
-DSN.delete()
 adapter = Adapter(engine)
 
 enforcer = Enforcer(str(MODEL_PATH), adapter, auto_save=False)

src/backend/backend.Dockerfile

@@ -21,8 +21,10 @@ WORKDIR /src
 COPY requirements.txt requirements.txt
 RUN pip install --no-cache-dir --require-hashes --force-reinstall -r requirements.txt
 
-RUN adduser --disabled-password --gecos '' appuser \
- && chown -R appuser /src
+RUN adduser --disabled-password --gecos '' appuser
 USER appuser
 
 ADD ./* ./
+
+EXPOSE 8000
+