Deployment configuration

Dockerfile

@@ -0,0 +1,13 @@
+FROM python:3.12-slim
+
+COPY requirements.txt .
+
+RUN pip install --no-cache-dir -r requirements.txt
+
+WORKDIR /app
+
+COPY src/ /app/
+
+ENTRYPOINT ["sh", "-c", "sleep 10 && python main.py"]
+
+

app_database.sql

@@ -2,18 +2,18 @@ CREATE TABLE users (
     user_id BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
     username VARCHAR(100) UNIQUE NOT NULL,
     email VARCHAR(255) UNIQUE NOT NULL,
-    password_hash CHAR(64) DEFAULT NULL, -- SHA256 hash or similar
-    api_key VARCHAR(255) UNIQUE NOT NULL, -- for API authentication
+    password_hash CHAR(64) DEFAULT NULL,
+    api_key VARCHAR(255) UNIQUE NOT NULL,
     created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
     last_login TIMESTAMP NULL DEFAULT NULL,
     status ENUM('active','inactive','banned') NOT NULL DEFAULT 'active'
 );
 
 CREATE TABLE device_tokens (
-    token_id CHAR(36) NOT NULL PRIMARY KEY, -- UUID
-    user_id BIGINT NOT NULL,                -- Foreign key
+    token_id CHAR(36) NOT NULL PRIMARY KEY,
+    user_id BIGINT NOT NULL,
     platform ENUM('ios','android','web') NOT NULL,
-    token VARBINARY(512) NOT NULL,          -- encrypted token
+    token VARBINARY(512) NOT NULL,
     status ENUM('active','invalid','expired') NOT NULL DEFAULT 'active',
     app_version VARCHAR(50),
     locale VARCHAR(10),

db.py

@@ -1,42 +0,0 @@
-import mysql.connector
-from mysql.connector import pooling
-import threading
-
-MYSQL_CONFIG = {
-	"host": "localhost",
-	"user": "florian",
-	"password": "password123++",
-	"database": "app"
-}
-
-# Lock to ensure thread-safe pool creation
-_pool_lock = threading.Lock()
-_connection_pool = None
-
-def get_connection_pool():
-	global _connection_pool
-	with _pool_lock:
-		if _connection_pool is None:
-			_connection_pool = mysql.connector.pooling.MySQLConnectionPool(
-				pool_name="mypool",
-				pool_size=5,
-				pool_reset_session=True,
-				**MYSQL_CONFIG
-			)
-	return _connection_pool
-
-# Dependency for FastAPI
-def get_db():
-	pool = get_connection_pool()
-	conn = pool.get_connection()
-	try:
-		yield conn
-	finally:
-		conn.close()
-
-if __name__ == "__main__":
-	# Manual test
-	for conn in get_db():
-		cursor = conn.cursor(dictionary=True)
-		cursor.execute("SELECT NOW() AS ts")
-		print(cursor.fetchone())

hvac_handler.py

@@ -1,13 +0,0 @@
-import hvac
-import base64
-import os
-
-HVAC_AGENT_URL = os.getenv("HVAC_AGENT_URL","http://vault-agent:8201")
-client = hvac.Client(url=HVAC_AGENT_URL)
-
-def encrypt_token(token: str) -> str:
-	response = client.secrets.transit.encrypt_data(
-		name='push-tokens',
-		plaintext=base64.b64encode(token.encode()).decode()
-	)
-	return response['data']['ciphertext']

src/db.py

@@ -0,0 +1,62 @@
+import mysql.connector
+from mysql.connector import pooling
+import threading
+from hvac_handler import get_secret
+import os
+import time
+import sys
+
+
+db_username = get_secret("secret/api/db", "username")
+db_password = get_secret("secret/api/db", "password")
+db_host = os.getenv("BACKEND_API_DB_HOST","localhost")
+db_database = os.getenv("BACKEND_API_DB_DATABASE","app")
+
+MAX_RETRIES = 5
+RETRY_DELAY = 5
+
+MYSQL_CONFIG = {
+	"host": db_host,
+	"user": db_username,
+	"password": db_password,
+	"database": db_database
+}
+
+_pool_lock = threading.Lock()
+_connection_pool = None
+
+def create_connection_pool():
+	global _connection_pool
+	for attempt in range(1, MAX_RETRIES+1):
+		try:
+			print(f"[MySQL] Attempt {attempt} to connect...")
+			_connection_pool = mysql.connector.pooling.MySQLConnectionPool(
+				pool_name="mypool",
+				pool_size=5,
+				pool_reset_session=True,
+				**MYSQL_CONFIG
+			)
+			print("[MySQL] Connection pool created successfully.")
+			return
+		except mysql.connector.Error as e:
+			print(f"[MySQL] Attempt {attempt} failed: {e}")
+			if attempt < MAX_RETRIES:
+				time.sleep(RETRY_DELAY)
+	print(f"[MySQL] Failed to connect after {MAX_RETRIES} attempts — exiting.")
+	sys.exit(1)
+
+def get_connection_pool():
+	global _connection_pool
+	with _pool_lock:
+		if _connection_pool is None:
+			create_connection_pool
+	return _connection_pool
+
+def get_db():
+	pool = get_connection_pool()
+	conn = pool.get_connection()
+	try:
+		yield conn
+	finally:
+		conn.close()
+

src/hvac_handler.py

@@ -0,0 +1,43 @@
+import hvac
+import base64
+import os
+import time
+import sys
+
+HVAC_AGENT_URL = os.getenv("HVAC_AGENT_URL","http://vault-agent:8201")
+
+MAX_RETRIES = 5
+BACKOFF = 5
+
+def get_client():
+	for attempt in range(1, MAX_RETRIES+1):
+		try:
+			client = hvac.Client(url=HVAC_AGENT_URL)
+			if client.is_authenticated():
+				return client
+			raise Exception("Not authenticated")
+		except Exception as e:
+			print(f"Vault connection failed (attempt {attempt}/{MAX_RETRIES}): {e}")
+			time.sleep(BACKOFF * attempt)
+	print("Vault unreachable after retries. Exiting.")
+	sys.exit(1)
+
+client = get_client()
+
+def get_secret(path:str, key:str):
+	try:
+		secret = client.secrets.kv.v2.read_secret_version(
+			mount_point="kv",
+			path=path
+		)
+		return secret["data"]["data"][key]
+	except Exception as e:
+		print(f"Failed to fetch secret '{path}:{key}': {e}")
+		sys.exit(1)
+
+def encrypt_token(token: str) -> str:
+	response = client.secrets.transit.encrypt_data(
+		name='push-tokens',
+		plaintext=base64.b64encode(token.encode()).decode()
+	)
+	return response['data']['ciphertext']