notifier/backend-api-internal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed HVAC handler and changed deployment to Kubernetes #1

Merged
florian merged 1 commits from feature/hvac-removal into main 2025-10-07 21:46:26 +02:00
Conversation 0 Commits 1 Files Changed 5 +19 -62
5 changed files with 19 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
requirements.txt
View File

@ -2,23 +2,18 @@ annotated-types==0.7.0
anyio==4.11.0 anyio==4.11.0
argon2-cffi==25.1.0 argon2-cffi==25.1.0
argon2-cffi-bindings==25.1.0 argon2-cffi-bindings==25.1.0
certifi==2025.10.5
cffi==2.0.0 cffi==2.0.0
charset-normalizer==3.4.3
click==8.3.0 click==8.3.0
fastapi==0.118.0 fastapi==0.118.0
h11==0.16.0 h11==0.16.0
hvac==2.3.0
idna==3.10 idna==3.10
mysql-connector-python==9.4.0 mysql-connector-python==9.4.0
pika==1.3.2 pika==1.3.2
pycparser==2.23 pycparser==2.23
pydantic==2.11.10 pydantic==2.12.0
pydantic_core==2.33.2 pydantic_core==2.41.1
requests==2.32.5
sniffio==1.3.1 sniffio==1.3.1
starlette==0.48.0 starlette==0.48.0
typing-inspection==0.4.2 typing-inspection==0.4.2
typing_extensions==4.15.0 typing_extensions==4.15.0
urllib3==2.5.0
uvicorn==0.37.0 uvicorn==0.37.0

7
src/db.py
View File

@ -1,14 +1,13 @@
import mysql.connector import mysql.connector
from mysql.connector import pooling
import threading import threading
from hvac_handler import get_secret from secret_handler import return_credentials
import os import os
import time import time
import sys import sys
db_username = get_secret("secret/api-internal/db", "username") db_username = return_credentials("/etc/secrets/db_username")
db_password = get_secret("secret/api-internal/db", "password") db_password = return_credentials("/etc/secrets/db_password")
db_host = os.getenv("BACKEND_API_INTERNAL_DB_HOST","localhost") db_host = os.getenv("BACKEND_API_INTERNAL_DB_HOST","localhost")
db_database = os.getenv("BACKEND_API_INTERNAL_DB_DATABASE","app") db_database = os.getenv("BACKEND_API_INTERNAL_DB_DATABASE","app")

44
src/hvac_handler.py
View File

@ -1,44 +0,0 @@
import hvac
import base64
import os
import time
import sys
HVAC_AGENT_URL = os.getenv("HVAC_AGENT_URL","http://vault-agent:8201")
MAX_RETRIES = 5
BACKOFF = 5
def get_client():
for attempt in range(1, MAX_RETRIES+1):
try:
client = hvac.Client(url=HVAC_AGENT_URL)
if client.is_authenticated():
return client
raise Exception("Not authenticated")
except Exception as e:
print(f"Vault connection failed (attempt {attempt}/{MAX_RETRIES}): {e}")
time.sleep(BACKOFF * attempt)
print("Vault unreachable after retries. Exiting.")
sys.exit(1)
client = get_client()
def get_secret(path:str, key:str):
try:
secret = client.secrets.kv.v2.read_secret_version(
mount_point="kv",
path=path
)
return secret["data"]["data"][key]
except Exception as e:
print(f"Failed to fetch secret '{path}:{key}': {e}")
sys.exit(1)
def decrypt_token(ciphertext: str) -> str:
response = client.secrets.transit.decrypt_data(
name="push-tokens",
ciphertext=ciphertext
)
plaintext_b64 = response["data"]["plaintext"]
return base64.b64decode(plaintext_b64).decode()

18
src/rabbitmq_handler.py
View File

@ -1,13 +1,17 @@
import pika import pika
from typing import Dict from typing import Dict
from secret_handler import return_credentials
import ssl import ssl
from hvac_handler import get_secret
import json import json
import time import time
import sys import sys
import os
rmq_username = get_secret("secret/api-internal/rmq", "username") rmq_username = return_credentials("/etc/secrets/rmq_username")
rmq_password = get_secret("secret/api-internal/rmq", "password") rmq_password = return_credentials("/etc/secrets/rmq_password")
rmq_host = os.getenv("BACKEND_API_INTERNAL_RMQ_HOST","localhost")
rmq_vhost = os.getenv("BACKEND_API_INTERNAL_RMQ_VHOST","app_notifications")
rmq_exchange = os.getenv("BACKEND_API_INTERNAL_RMQ_EXCHANGE","app_notifications")
MAX_RETRIES = 5 MAX_RETRIES = 5
RETRY_DELAY = 5 RETRY_DELAY = 5
@ -18,21 +22,21 @@ def send_message_to_rmq(user_id: int, message: Dict):
context.check_hostname = False context.check_hostname = False
ssl_options = pika.SSLOptions(context) ssl_options = pika.SSLOptions(context)
conn_params = pika.ConnectionParameters( conn_params = pika.ConnectionParameters(
host="localhost", host=rmq_host,
port=5671, port=5671,
ssl_options=ssl_options, ssl_options=ssl_options,
credentials=credentials, credentials=credentials,
virtual_host="app_notifications" virtual_host=rmq_vhost
) )
for attempt in range(1, MAX_RETRIES + 1): for attempt in range(1, MAX_RETRIES + 1):
try: try:
connection = pika.BlockingConnection(conn_params) connection = pika.BlockingConnection(conn_params)
channel = connection.channel() channel = connection.channel()
channel.exchange_declare(exchange="app_notifications", exchange_type="topic", durable=True) channel.exchange_declare(exchange=rmq_exchange, exchange_type="topic", durable=True)
channel.confirm_delivery() channel.confirm_delivery()
channel.basic_publish( channel.basic_publish(
exchange='app_notifications', exchange=rmq_exchange,
routing_key=f"notify.user.{user_id}", routing_key=f"notify.user.{user_id}",
body=json.dumps(message), body=json.dumps(message),
properties=pika.BasicProperties( properties=pika.BasicProperties(

3
src/secret_handler.py Normal file
View File

@ -0,0 +1,3 @@
def return_credentials(path: str)->str:
with open (path) as file:
return file.read()