init

Youssef-Harby · Youssef-Harby · commit f441a3a4eb1c · 2023-06-14T22:58:26.000+03:00
diff --git a/.dockerignore b/.dockerignore
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+authelia/db.sqlite3
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Cartologic
+Copyright (c) 2023 Cartologic - Youssef Harby <yharby@cartologic.com>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/authelia/configuration.yml b/authelia/configuration.yml
@@ -0,0 +1,87 @@
+---
+###############################################################
+#                   Authelia configuration                    #
+###############################################################
+
+# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
+jwt_secret: a_very_important_secret
+default_redirection_url: https://app.pygeoapi.local/api
+
+server:
+  host: 0.0.0.0
+  port: 9091
+
+log:
+  level: debug
+
+totp:
+  issuer: authelia.com
+
+# duo_api:
+#  hostname: api-123456789.pygeoapi.local
+#  integration_key: ABCDEF
+#  # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
+#  secret_key: 1234567890abcdefghifjkl
+
+authentication_backend:
+  file:
+    path: /config/users_database.yml
+
+access_control:
+  default_policy: deny
+  rules:
+    - domain: "app.pygeoapi.local"
+      policy: one_factor
+      resources:
+        - "^/api/collections/obs.*"
+      subject:
+        - "group:cartologic"
+
+    - domain: "app.pygeoapi.local"
+      policy: one_factor
+      resources:
+        - "^/api/collections/lakes.*"
+      subject:
+        - "group:geobeyond"
+
+    - domain: "app.pygeoapi.local"
+      policy: one_factor
+      resources:
+        - "^.*\\/api(?:\\/)?(?:\\?.*)?$"
+        - "^/api/static/.*"
+        - "^.*\\/api\\/collections(?:\\?.*)?$"
+        - "^.*\\/api\\/processes(?:\\?.*)?$"
+        - "^.*\\/api\\/jobs(?:\\?.*)?$"
+        - "^.*\\/api\\/openapi(?:\\?.*)?$"
+        - "^.*\\/api\\/conformance(?:\\?.*)?$"
+      subject:
+        - "group:geobeyond"
+        - "group:cartologic"
+
+session:
+  name: authelia_session
+  domain: pygeoapi.local
+  same_site: lax
+  secret: unsecure_session_secret
+  expiration: 1h
+  inactivity: 5m
+  remember_me_duration: 5M
+
+  redis:
+    host: redis
+    port: 6379
+
+regulation:
+  max_retries: 3
+  find_time: 120
+  ban_time: 300
+
+storage:
+  encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this
+  local:
+    path: /config/db.sqlite3
+
+notifier:
+  disable_startup_check: true
+  filesystem:
+    filename: /config/notification.txt
diff --git a/authelia/notification.txt b/authelia/notification.txt
diff --git a/authelia/users_database.yml b/authelia/users_database.yml
@@ -0,0 +1,26 @@
+---
+###############################################################
+#                         Users Database                      #
+###############################################################
+
+# This file can be used if you do not have an LDAP set up.
+
+# List of users
+users:
+  yharby:
+    disabled: false
+    displayname: "Youssef Harby"
+    # Password is cartologic
+    password: "$argon2id$v=19$m=65536,t=3,p=4$TLuRm+ReJ2BQKn6NNFKpFQ$FAGugPprt9yQjcpZEXz4VWJbjrAHN1oTttx93DGvufg" # yamllint disable-line rule:line-length
+    email: yharby@cartologic.com
+    groups:
+      - cartologic
+
+  francbartoli:
+    disabled: false
+    displayname: "Francesco Bartoli"
+    # Password is francbartoli
+    password: "$argon2id$v=19$m=65536,t=3,p=4$do0H+Co0ZWfQr5+GkbPjHQ$GIBk6dUegRVm6THxrg7G7wAvgqniqvHhhhhuUKIEet8" # yamllint disable-line rule:line-length
+    email: francesco.bartoli@geobeyond.it
+    groups:
+      - geobeyond
diff --git a/caddy/Caddyfile b/caddy/Caddyfile
@@ -0,0 +1,26 @@
+## It is important to read the following document before enabling this section:
+##     https://www.authelia.com/integration/proxies/caddy/#forwarded-header-trust#trusted-proxies
+(trusted_proxy_list) {
+       ## Uncomment & adjust the following line to configure specific ranges which should be considered as trustworthy.
+#        trusted_proxies 10.0.0.0/8 172.16.0.0/16 192.168.0.0/16 fc00::/7
+}
+
+# Authelia Portal.
+pygeoapi.local {
+        reverse_proxy authelia:9091 {
+                ## This import needs to be included if you're relying on a trusted proxies configuration.
+                # import trusted_proxy_list
+        }
+}
+
+# Protected Endpoint.
+app.pygeoapi.local {
+        forward_auth authelia:9091 {
+                uri /api/verify?rd=https://pygeoapi.local/
+                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
+
+                ## This import needs to be included if you're relying on a trusted proxies configuration.
+                # import trusted_proxy_list
+        }
+        reverse_proxy pygeoapi:80
+}
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,55 @@
+version: "3.8"
+services:
+  caddy:
+    container_name: caddy
+    image: caddy:2.6.4
+    restart: unless-stopped
+    networks:
+      - caddy
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ./caddy/Caddyfile:/etc/caddy/Caddyfile
+
+  authelia:
+    container_name: authelia
+    image: authelia/authelia:4.37.5
+    restart: unless-stopped
+    networks:
+      - caddy
+    expose:
+      - 9091
+    ports:
+      - 9091
+    volumes:
+      - ./authelia:/config
+    depends_on:
+      - redis
+
+  redis:
+    container_name: redis
+    image: redis:7.0
+    restart: unless-stopped
+    networks:
+      - caddy
+
+  pygeoapi:
+    container_name: pygeoapi
+    image: geopython/pygeoapi:latest
+    volumes:
+      - ./pygeoapi-config.yml:/pygeoapi/local.config.yml
+    ports:
+      - "80"
+    environment:
+      - SCRIPT_NAME=/api
+    depends_on:
+      - redis
+      - caddy
+      - authelia
+    networks:
+      - caddy
+
+networks:
+  caddy:
+    name: caddy
diff --git a/pygeoapi-config.yml b/pygeoapi-config.yml
@@ -0,0 +1,181 @@
+# =================================================================
+#
+# Authors: Tom Kralidis <tomkralidis@gmail.com>
+#
+# Copyright (c) 2020 Tom Kralidis
+#
+# Permission is hereby granted, free of charge, to any person
+# obtaining a copy of this software and associated documentation
+# files (the "Software"), to deal in the Software without
+# restriction, including without limitation the rights to use,
+# copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following
+# conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+# OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+# OTHER DEALINGS IN THE SOFTWARE.
+#
+# =================================================================
+
+server:
+  bind:
+    host: 0.0.0.0
+    port: 80
+  url: https://app.pygeoapi.local/api
+  mimetype: application/json; charset=UTF-8
+  encoding: utf-8
+  gzip: false
+  languages:
+    # First language is the default language
+    - en-US
+    - fr-CA
+  # cors: true
+  pretty_print: true
+  limit: 10
+  # templates:
+  # path: /path/to/Jinja2/templates
+  # static: /path/to/static/folder # css/js/img
+  map:
+    url: https://tile.openstreetmap.org/{z}/{x}/{y}.png
+    attribution: '&copy; <a href="https://openstreetmap.org/copyright">OpenStreetMap contributors</a>'
+#    manager:
+#        name: TinyDB
+#        connection: /tmp/pygeoapi-process-manager.db
+#        output_dir: /tmp/
+# ogc_schemas_location: /opt/schemas.opengis.net
+
+logging:
+  level: ERROR
+  #logfile: /tmp/pygeoapi.log
+
+metadata:
+  identification:
+    title:
+      en: pygeoapi default instance
+      fr: instance par défaut de pygeoapi
+    description:
+      en: pygeoapi provides an API to geospatial data
+      fr: pygeoapi fournit une API aux données géospatiales
+    keywords:
+      en:
+        - geospatial
+        - data
+        - api
+      fr:
+        - géospatiale
+        - données
+        - api
+    keywords_type: theme
+    terms_of_service: https://creativecommons.org/licenses/by/4.0/
+    url: https://example.org
+  license:
+    name: CC-BY 4.0 license
+    url: https://creativecommons.org/licenses/by/4.0/
+  provider:
+    name: Organization Name
+    url: https://pygeoapi.io
+  contact:
+    name: Lastname, Firstname
+    position: Position Title
+    address: Mailing Address
+    city: City
+    stateorprovince: Administrative Area
+    postalcode: Zip or Postal Code
+    country: Country
+    phone: +xx-xxx-xxx-xxxx
+    fax: +xx-xxx-xxx-xxxx
+    email: you@example.org
+    url: Contact URL
+    hours: Mo-Fr 08:00-17:00
+    instructions: During hours of service. Off on weekends.
+    role: pointOfContact
+
+resources:
+  obs:
+    type: collection
+    title: Observations
+    description: My cool observations
+    keywords:
+      - observations
+      - monitoring
+    context:
+      - datetime: https://schema.org/DateTime
+      - vocab: https://example.com/vocab#
+        stn_id: "vocab:stn_id"
+        value: "vocab:value"
+    links:
+      - type: text/csv
+        rel: canonical
+        title: data
+        href: https://github.com/mapserver/mapserver/blob/branch-7-0/msautotest/wxs/data/obs.csv
+        hreflang: en-US
+      - type: text/csv
+        rel: alternate
+        title: data
+        href: https://raw.githubusercontent.com/mapserver/mapserver/branch-7-0/msautotest/wxs/data/obs.csv
+        hreflang: en-US
+    extents:
+      spatial:
+        bbox: [-180, -90, 180, 90]
+        crs: http://www.opengis.net/def/crs/OGC/1.3/CRS84
+      temporal:
+        begin: 2000-10-30T18:24:39Z
+        end: 2007-10-30T08:57:29Z
+    providers:
+      - type: feature
+        name: CSV
+        data: tests/data/obs.csv
+        id_field: id
+        geometry:
+          x_field: long
+          y_field: lat
+
+  lakes:
+    type: collection
+    title:
+      en: Large Lakes
+      fr: Grands Lacs
+    description:
+      en: lakes of the world, public domain
+      fr: lacs du monde, domaine public
+    keywords:
+      en:
+        - lakes
+        - water bodies
+      fr:
+        - lacs
+        - plans d'eau
+    links:
+      - type: text/html
+        rel: canonical
+        title: information
+        href: http://www.naturalearthdata.com/
+        hreflang: en-US
+    extents:
+      spatial:
+        bbox: [-180, -90, 180, 90]
+        crs: http://www.opengis.net/def/crs/OGC/1.3/CRS84
+      temporal:
+        begin: 2011-11-11T11:11:11Z
+        end: null # or empty (either means open ended)
+    providers:
+      - type: feature
+        name: GeoJSON
+        data: tests/data/ne_110m_lakes.geojson
+        id_field: id
+        title_field: name
+
+  hello-world:
+    type: process
+    processor:
+      name: HelloWorld
