simplifies Bearer keys to a single one

README.md

@@ -52,13 +52,14 @@ Update `main.py:VERSION`.
 
 Copy `.env` and `src/.env` to deployment, along with the contents of `secrets/` including `secrets/orchestration.yaml`.
 
-Then `docker compose up -d`.
+Then `make prod`.
 
 #### updating packages/app/access
-If pipenv packages are updated:  `docker compose down` + `docker compose up --build -d` to build images with new packages.
-<!-- OUTDATED unless we revert to reqs.txt:~`pipenv lock --requirements -r  > requirements.txt` (or `pipenv requirements > requirements.txt` depending on pipenv version) (manually comment line `-i https://pypi.org/simple`) and then~ -->
+If pipenv packages are updated:  `make prod` to build images with new packages.
 
-New users should be added to the `src/.env` file `ALLOWED_EMAILS` prop
+New users should be added to the `src/.env` file `ALLOWED_EMAILS` prop.
+
+Run `pipenv update auto-archiver` inside `src` to update the auto-archiver version being used, then test with `make dev`. 
 
 
 ```bash

docker-compose.dev.yml

@@ -6,8 +6,6 @@ services:
     environment:
       - SERVE_LOCAL_ARCHIVE=/app/local_archive # See orchestration.yaml local_storage.save_to
       - ALLOWED_ORIGINS=http://localhost:8004,chrome-extension://ojcimmjndnlmmlgnjaeojoebaceokpdp
-      - SERVICE_PASSWORD=dev-service-password
-      - STATIC_FILE_PASSWORD=dev-static-file-password
       - API_BEARER_TOKEN=dev-api-bearer-token
 
   worker:

src/.example.env

@@ -4,6 +4,4 @@ CHROME_APP_IDS=000000000000000000000000000000000000000000000.apps.googleusercont
 #ALLOWED_ORIGINS="http://localhost:8004" # dev only
 
 
-STATIC_FILE="/app/your-file.txt"
-STATIC_FILE_PASSWORD=TODO
 API_BEARER_TOKEN=TODO

src/main.py

@@ -19,14 +19,14 @@ from worker import create_archive_task, create_sheet_task, celery, insert_result
 from db import crud, models, schemas
 from db.database import engine, SessionLocal
 from sqlalchemy.orm import Session
-from security import get_user_auth, static_api_key_auth, service_api_key_auth, bearer_security, get_token_or_user_auth
+from security import get_user_auth, token_api_key_auth, bearer_security, get_token_or_user_auth
 from auto_archiver import Metadata
 
 load_dotenv()
 
 # Configuration
 ALLOWED_ORIGINS = os.environ.get("ALLOWED_ORIGINS", "chrome-extension://ondkcheoicfckabcnkdgbepofpjmjcmb,chrome-extension://ojcimmjndnlmmlgnjaeojoebaceokpdp").split(",")
-VERSION = "0.5.13"
+VERSION = "0.5.14"
 
 # min-version refers to the version of auto-archiver-extension on the webstore
 BREAKING_CHANGES = {"minVersion": "0.3.1", "message": "The latest update has breaking changes, please update the extension to the most recent version."}
@@ -46,7 +46,7 @@ EXCEPTION_COUNTER = Counter(
     labelnames=("types",)
 )
 # prometheus exposed in /metrics with authentication
-Instrumentator(should_group_status_codes=False, excluded_handlers=["/metrics"]).instrument(app).expose(app, dependencies=[Depends(service_api_key_auth)])
+Instrumentator(should_group_status_codes=False, excluded_handlers=["/metrics"]).instrument(app).expose(app, dependencies=[Depends(token_api_key_auth)])
 
 app.mount("/static", StaticFiles(directory="static"), name="static")
 
@@ -161,7 +161,7 @@ def archive_sheet(sheet:schemas.SubmitSheet, email = Depends(get_user_auth)):
     return JSONResponse({"id": task.id})
 
 @app.post("/sheet_service", status_code=201)
-def archive_sheet_service(sheet:schemas.SubmitSheet, auth = Depends(service_api_key_auth)):
+def archive_sheet_service(sheet:schemas.SubmitSheet, auth = Depends(token_api_key_auth)):
     logger.info(f"SHEET TASK for {sheet=}")
     sheet.author_id = sheet.author_id or "api-endpoint"
     if not sheet.sheet_name and not sheet.sheet_id:
@@ -171,7 +171,7 @@ def archive_sheet_service(sheet:schemas.SubmitSheet, auth = Depends(service_api_
 
 #----- endpoint to submit data archived elsewhere
 @app.post("/submit-archive", status_code=201)
-def submit_manual_archive(manual:schemas.SubmitManual, auth = Depends(static_api_key_auth)):
+def submit_manual_archive(manual:schemas.SubmitManual, auth = Depends(token_api_key_auth)):
     result = Metadata.from_json(manual.result)
     logger.info(f"MANUAL SUBMIT {result.get_url()} {manual.author_id}")
     manual.tags.add("manual")

src/security.py

@@ -1,7 +1,7 @@
 from loguru import logger
-import requests, os, re, secrets
+import requests, os, secrets
 from fastapi import HTTPException, status, Depends
-from fastapi.security import HTTPBasic, HTTPBasicCredentials, HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 
 
 # Configuration
@@ -39,15 +39,7 @@ def api_key_auth(api_key):
 
     return auth
 
-# --------------------- Static Auth for local AA deployments to add archives to the API
-SFP = os.environ.get("STATIC_FILE_PASSWORD", "")  # min length is 20 chars
-static_api_key_auth = api_key_auth(SFP)
-
-# --------------------- Service Auth for the AA setup tool and Prometheus
-SERVICE_PASSWORD = os.environ.get("SERVICE_PASSWORD", "")  # min length is 20 chars
-service_api_key_auth = api_key_auth(SERVICE_PASSWORD)
-
-# --------------------- Token Auth for AA itself to query the API
+# --------------------- Token Auth for AA itself to query the API, AA setup tool and Prometheus
 API_BEARER_TOKEN = os.environ.get("API_BEARER_TOKEN", "")  # min length is 20 chars
 token_api_key_auth = api_key_auth(API_BEARER_TOKEN)