Hello, This is my weekly report for week 2. = authentication = Much of week 2 was spent on authenticaiton. I have completed an oauth2 authentication module which allows autodeb administrators to point the autodeb master to any oauth2 provider. Much of the testing was done with salsa.debian.org. It is now possible to log into autodeb with your salsa.debian.org credentials. I have also gotten in touch with the developers on the new sso.debian.org, asking for details about how SSO will work. They have informed me that it will work much like salsa, allowing me to switch to sso.debian.org when it is released. I made sure that authentication is built in such a way that it is easy to write new authentication modules. For now, there are two available modules: - oauth: point autodeb to an oauth provider - disabled: authentication is disabled. In the future, it will be trivial to implement new authentication backends such as: - debug: allows you to log in as any user without any validation, useful when developing the application. = pgp = I have developed an interface where users can add GPG keys to their account. In order to add a key to their account, they have to submit it along with a signed proof stating that "As of $date, I am $userid on $server_url". Autodeb-servers now refuses uploads that are not signed. Signed uploads are associated to the user with the corresponding key. Unrecognized signatures are rejected. = server refactor = The App package was getting big. I have split it into appCtx and Services. AppCtx is a simple struct that holds everything that is needed to serve a request. Services contains sub-packages that implement the bulk of the application's logic: - Uploads - Jobs - PGP = web frontend = Created an http/sessions package that wraps github.com/gorilla/sessions. This allows for protecting autodeb against any API changes. I have greatly limited the exposed API surface so that it is easy to switch to another sessions library. At the same time, I have added an easy-to-use flash API, allowing for the backend to add error messages that will be displayed to the user on its next request. Refactored the page handlers to avoid code duplication: - getting the user - getting the user's session and flashes Rewritten the home page, adding more information on the project and a guide on getting started with autodeb. Implemented bootstrap 4, making the website much nicer. = infrastructure = Obtained an https for auto.debian.net (I was ratelimited by Let's Encrypt last week and I had lost my last certificate) Configure OAuth for the production environment. = Packaging = Made a new release and adapted pacakging: - new command-line flags - new dependencies - copyright section for bootstrap - copyright section for the debian logo SVG Cheers, -- Alexandre Viau aviau@debian.org
Attachment:
signature.asc
Description: OpenPGP digital signature