darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-09 23:02:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
9,092 Commits 128 Branches 60 Tags
e58d0eb552f76dedf5e6fca739611be25289e20a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
stvnrlly e58d0eb552 replace overeager deletion
2022-10-20 20:49:49 +00:00
.github
remove broadcast-related code, except migrations
2022-10-04 15:28:27 +00:00
app
replace overeager deletion
2022-10-20 20:49:49 +00:00
devcontainer-api
remove copilot
2022-09-09 13:13:57 -07:00
devcontainer-worker
disable cache persistence & env updates
2022-06-13 21:42:36 -07:00
docker
add script to run celery from within docker
2022-02-01 16:29:08 +00:00
docs
remove broadcast-related code, except migrations
2022-10-04 15:28:27 +00:00
logs
config detect-secrets
2022-06-29 08:47:36 -07:00
migrations
remove broadcasts from migrations
2022-10-04 16:13:44 +00:00
paas-failwhale
scripts
remove broadcast-related code, except migrations
2022-10-04 15:28:27 +00:00
terraform
Create s3 buckets via terraform and bind to app
2022-09-21 11:22:55 -04:00
test_csv_files
tests
tests are, uh, mostly passing
2022-10-05 01:12:35 +00:00
.cfignore
.gitignore
Add basic terraform bootstrap and staging environments
2022-09-14 10:09:09 -04:00
.pyup.yml
make pyup point at new files
2021-11-11 13:54:21 +00:00
application.py
deploy-exclude.lst
docker-compose.devcontainer.yml
disable cache persistence & env updates
2022-06-13 21:42:36 -07:00
dump.rdb
config detect-secrets
2022-06-29 08:47:36 -07:00
gunicorn_config.py
fix rediss ssl eventlet sslerror bug
2022-04-12 14:50:36 +01:00
LICENSE
Makefile
Remove obsolete manifest.yml.j2 file
2022-09-02 10:53:00 -04:00
manifest.yml
Replace celery[sqs] with celery[redis]
2022-09-29 08:59:17 -04:00
Procfile
Collapse worker into Procfile from wrapper
2022-06-23 15:46:19 -07:00
pytest.ini
Replace celery[sqs] with celery[redis]
2022-09-29 08:59:17 -04:00
README.md
Replace celery[sqs] with celery[redis]
2022-09-29 08:59:17 -04:00
requirements_for_test.txt
make audit for python dependency audits
2022-08-12 15:36:48 +00:00
requirements.in
Replace celery[sqs] with celery[redis]
2022-09-29 08:59:17 -04:00
requirements.txt
Replace celery[sqs] with celery[redis]
2022-09-29 08:59:17 -04:00
run_celery.py
disable prometheus writing to files from celery apps
2022-01-21 11:01:39 +00:00
runtime.txt
switch to python 3.9
2021-11-11 13:54:14 +00:00
sample.env
remove broadcast-related code, except migrations
2022-10-04 15:28:27 +00:00
setup.cfg
statsd_mapping.yml
varsfile.sample
configs
2022-07-25 15:19:05 -07:00
zap.conf
First cut at running OWASP in github actions
2022-08-19 12:12:58 -04:00

README.md

US Notify API

Cloned from the brilliant work of the team at GOV.UK Notify, cheers!

Contains:

  • the public-facing REST API for US Notify, which teams can integrate with using our clients [DOCS ARE STILL UK]
  • an internal-only REST API built using Flask to manage services, users, templates, etc (this is what the admin app talks to)
  • asynchronous workers built using Celery to put things on queues and read them off to be processed, sent to providers, updated, etc

QUICKSTART

If you are the first on your team to deploy, set up AWS SES/SNS as instructed in the AWS setup section below.

Create .env file as described in the .env section below.

Install VS Code Open VS Code and install the Remote-Containers plug-in from Microsoft.

Make sure your docker daemon is running (on OS X, this is typically accomplished by opening the Docker Desktop app) Also make sure there is NOT a Postgres daemon running on port 5432.

Create the external docker network:

docker network create notify-network

Using the command palette (shift+cmd+p), search and select “Remote Containers: Open Folder in Container...” When prompted, choose devcontainer-api folder (note: this is a subfolder of notification-api). This will startup the container in a new window (replacing the current one).

After this page loads, hit "show logs” in bottom-right. The first time this runs it will need to build the Docker image, which will likely take several minutes.

Select View->Open View..., then search/select “ports”. Await a green dot on the port view, then open a new terminal and run the web server: make run-flask

Open another terminal and run the background tasks: make run-celery

Confirm that everything is working by hitting localhost:6011 and it responds with a 200 OK.

Setting Up

.env file

Create and edit a .env file, based on sample.env.

NOTE: when you change .env in the future, you'll need to rebuild the devcontainer for the change to take effect. Vscode should detect the change and prompt you with a toast notification during a cached build. If not, you can find a manual rebuild in command pallette or just docker rm the notifications-api container.

Things to change:

  • If you're not the first to deploy, only replace the aws creds, get these from team lead
  • Replace NOTIFY_EMAIL_DOMAIN with the domain your emails will come from (i.e. the "origination email" in your SES project)
  • Replace SECRET_KEY and DANGEROUS_SALT with high-entropy secret values
  • Set up AWS SES and SNS as indicated in next section (AWS Setup), fill in missing AWS env vars

AWS Setup

Steps to prepare SES

  1. Go to SES console for $AWS_REGION and create new origin and destination emails. AWS will send a verification via email which you'll need to complete.
  2. Find and replace instances in the repo of "testsender", "testreceiver" and "dispostable.com", with your origin and destination email addresses, which you verified in step 1 above.

TODO: create env vars for these origin and destination email addresses for the root service, and create new migrations to update postgres seed fixtures

Steps to prepare SNS

  1. Go to Pinpoints console for $AWS_PINPOINT_REGION and choose "create new project", then "configure for sms"
  2. Tick the box at the top to enable SMS, choose "transactional" as the default type and save
  3. In the lefthand sidebar, go the "SMS and Voice" (bottom) and choose "Phone Numbers"
  4. Under "Number Settings" choose "Request Phone Number"
  5. Choose Toll-free number, tick SMS, untick Voice, choose "transactional", hit next and then "request"
  6. Go to SNS console for $AWS_PINPOINT_REGION, look at lefthand sidebar under "Mobile" and go to "Text Messaging (SMS)"
  7. Scroll down to "Sandbox destination phone numbers" and tap "Add phone number" then follow the steps to verify (you'll need to be able to retrieve a code sent to each number)

At this point, you should be able to complete both the email and phone verification steps of the Notify user sign up process! 🎉

Secrets Detection

brew install detect-secrets # or pip install detect-secrets
detect-secrets scan
#review output of above, make sure none of the baseline entries are sensitive
detect-secrets scan > .secrets.baseline
#creates the baseline file

Ideally, you'll install detect-secrets so that it's accessible from any environment from which you might commit. You can use brew install to make it available globally. You could also install via pip install inside a virtual environment, if you're sure you'll only commit from that environment.

If you open .git/hooks/pre-commit you should see a simple bash script that runs the command below, reads the output and aborts before committing if detect-secrets finds a secret. You should be able to test it by staging a file with any high-entropy string like "bblfwk3u4bt484+afw4avev5ae+afr4?/fa" (it also has other ways to detect secrets, this is just the most straightforward to test).

You can permit exceptions by adding an inline comment containing pragma: allowlist secret

The command that is actually run by the pre-commit hook is: git diff --staged --name-only -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline

You can also run against all tracked files staged or not: git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline

Postgres

Local postgres implementation is handled by docker compose

Redis

Local redis implementation is handled by docker compose

To test the application

# install dependencies, etc.
make bootstrap

make test

To run a local OWASP scan

  1. Run make run-flask from within the dev container.
  2. On your host machine run:
docker run -v $(pwd):/zap/wrk/:rw --network="notify-network" -t owasp/zap2docker-weekly zap-api-scan.py -t http://dev:6011/_status -f openapi -c zap.conf

To run scheduled tasks

# After scheduling some tasks, open a third terminal in your running devcontainer and run celery beat
make run-celery-beat

To run one off tasks (Ignore for Quick Start)

Tasks are run through the flask command - run flask --help for more information. There are two sections we need to care about: flask db contains alembic migration commands, and flask command contains all of our custom commands. For example, to purge all dynamically generated functional test data, do the following:

Local (from inside the devcontainer)

flask command purge_functional_test_data -u <functional tests user name prefix>

Remote

cf run-task notify-api "flask command purge_functional_test_data -u <functional tests user name prefix>"

All commands and command options have a --help command if you need more information.

Further documentation [DEPRECATED]

Reference in New Issue View Git Blame Copy Permalink
Description
The API powering Notify.gov
Readme 55 MiB
Languages
Python 98.5%
HCL 0.6%
Jinja 0.5%
Shell 0.3%
Makefile 0.1%