Refactor: organize application as a package

.env.sample

@@ -1 +1,2 @@
+FLASK_APP=eligibility_server/app.py
 ELIGIBILITY_SERVER_SETTINGS=../config/sample.py

.github/workflows/run-tests.yml

@@ -27,6 +27,6 @@ jobs:
 
       - name: Test with pytest
         run: |
-          python setup.py
+          flask init-db
           coverage run -m pytest
           coverage report -m

.gitignore

@@ -5,3 +5,4 @@ __pycache__/
 .env
 config/*
 !config/sample.py
+eligibility_server.egg-info

bin/init.sh

@@ -3,4 +3,4 @@ set -eux
 
 # run database migrations
 
-python setup.py
+flask init-db

docs/getting-started.md

@@ -65,8 +65,7 @@ Once you clone the repository locally, open it within VS Code, which will prompt
  2. Start the `eligibility-server` Flask app and database with `F5`
  3. Now you can run tests from the container.
 
-Starting the Dev Container will run `bin/init.sh`, which runs `setup.py` and starts the Flask app. The `setup.py` script creates the database and imports and saves users
-based on the configured settings.
+Starting the Dev Container will run `bin/init.sh`, which runs a command to initialize the database. More specifically, it creates the database and imports and saves users based on the configured settings.
 
 ## Run tests
 
@@ -80,16 +79,16 @@ The test suite runs against every pull request via a GitHub Action.
 
 In testing the database, you may need to teardown the database and restart a database from scratch.
 
-The teardown script removes all users and drops the database. To tear down the database, run:
+The command below will remove all users and drop the database:
 
 ```bash
-python teardown.py
+flask drop-db
 ```
 
 To set up the database with a new import file or other configuration variables, after making any new environment variable changes, run:
 
 ```bash
-python setup.py
+flask init-db
 ```
 
 ## Run and develop the Documentation

eligibility_server/app.py

@@ -5,9 +5,9 @@
 
 from flask import Flask, jsonify, make_response
 from flask_restful import Api
-from flask_sqlalchemy import SQLAlchemy
 from flask.logging import default_handler
 
+from . import db
 from .verify import Verify
 from .keypair import get_server_public_key
 
@@ -67,18 +67,7 @@ def internal_server_error(error):
 api = Api(app)
 api.add_resource(Verify, "/verify")
 
-db = SQLAlchemy(app)
-
-
-class User(db.Model):
-    id = db.Column(db.Integer, primary_key=True)
-    sub = db.Column(db.String, unique=True, nullable=False)
-    name = db.Column(db.String, unique=True, nullable=False)
-    types = db.Column(db.String, unique=False, nullable=False)
-
-    def __repr__(self):
-        return "<User %r>" % self.sub
-
+db.init_app(app)
 
 if __name__ == "__main__":
     app.run(host=app.config["HOST"], debug=app.config["DEBUG_MODE"], port="8000")  # nosec

eligibility_server/db/__init__.py

@@ -0,0 +1,17 @@
+import logging
+
+from flask_sqlalchemy import SQLAlchemy
+
+logger = logging.getLogger(__name__)
+
+
+db = SQLAlchemy()
+
+
+def init_app(app):
+    db.init_app(app)
+
+    from .setup import init_db_command, drop_db_command
+
+    app.cli.add_command(init_db_command)
+    app.cli.add_command(drop_db_command)

eligibility_server/database.py → eligibility_server/db/database.py

@@ -1,12 +1,9 @@
-"""
-Simple hard-coded server database.
-"""
-
 import ast
-
-from . import app
 import logging
 
+from .models import User
+
+
 logger = logging.getLogger(__name__)
 
 
@@ -44,7 +41,7 @@ def check_user(self, sub: str, name: str, types: str) -> list:
             sub = self._hash.hash_input(sub)
             name = self._hash.hash_input(name)
 
-        existing_user = app.User.query.filter_by(sub=sub, name=name).first()
+        existing_user = User.query.filter_by(sub=sub, name=name).first()
         if existing_user:
             existing_user_types = ast.literal_eval(existing_user.types)
         else:

eligibility_server/db/models.py

@@ -0,0 +1,11 @@
+from . import db
+
+
+class User(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    sub = db.Column(db.String, unique=True, nullable=False)
+    name = db.Column(db.String, unique=True, nullable=False)
+    types = db.Column(db.String, unique=False, nullable=False)
+
+    def __repr__(self):
+        return "<User %r>" % self.sub

eligibility_server/db/setup.py

@@ -0,0 +1,95 @@
+import csv
+import json
+
+import click
+from flask import current_app
+from flask_sqlalchemy import inspect
+
+from .models import db, User
+
+
+@click.command("init-db")
+def init_db_command():
+    with current_app.app_context():
+        inspector = inspect(db.engine)
+
+        if inspector.get_table_names():
+            click.echo("Tables already exist.")
+            if User.query.count() == 0:
+                import_users()
+            else:
+                click.echo("User table already has data.")
+        else:
+            click.echo("Creating table...")
+            db.create_all()
+            click.echo("Table created.")
+
+            import_users()
+
+
+def import_users():
+    """
+    Imports user data to be added to database and saves user to database
+
+    Users can be imported from either a JSON file or CSV file, as configured
+    with settings from environment variables. CSV files take extra setting
+    configurations: CSV_DELIMITER, CSV_NEWLINE, CSV_QUOTING, CSV_QUOTECHAR
+    """
+
+    file_path = current_app.config["IMPORT_FILE_PATH"]
+    click.echo(f"Importing users from {file_path}")
+
+    file_format = file_path.split(".")[-1]
+
+    if file_format == "json":
+        with open(file_path) as file:
+            data = json.load(file)["users"]
+            for user in data:
+                save_users(user, data[user][0], str(data[user][1]))
+    elif file_format == "csv":
+        with open(file_path, newline=current_app.config["CSV_NEWLINE"], encoding="utf-8") as file:
+            data = csv.reader(
+                file,
+                delimiter=current_app.config["CSV_DELIMITER"],
+                quoting=int(current_app.config["CSV_QUOTING"]),
+                quotechar=current_app.config["CSV_QUOTECHAR"],
+            )
+            for user in data:
+                save_users(user[0], user[1], user[2])
+    else:
+        click.echo(f"Warning: File format is not supported: {file_format}")
+
+    click.echo(f"Users added: {User.query.count()}")
+
+
+def save_users(sub: str, name: str, types: str):
+    """
+    Add users to the database User table
+
+    @param sub - User's ID, not to be confused with Database row ID
+    @param name - User's name
+    @param types - Types of eligibilities, in a stringified list
+    """
+
+    item = User(sub=sub, name=name, types=types)
+    db.session.add(item)
+    db.session.commit()
+
+
+@click.command("drop-db")
+def drop_db_command():
+    with current_app.app_context():
+        inspector = inspect(db.engine)
+
+        if inspector.get_table_names():
+            try:
+                click.echo(f"Users to be deleted: {User.query.count()}")
+                User.query.delete()
+                db.session.commit()
+            except Exception as e:
+                click.echo("Failed to query for Users", e)
+
+            db.drop_all()
+            click.echo("Database dropped.")
+        else:
+            click.echo("Database does not exist.")

eligibility_server/verify.py

@@ -8,12 +8,12 @@
 import re
 import time
 
-from flask import abort
+from flask import abort, current_app
 from flask_restful import Resource, reqparse
 from jwcrypto import jwe, jws, jwt
 
-from . import app, keypair
-from .database import Database
+from . import keypair
+from .db.database import Database
 from .hash import Hash
 
 
@@ -26,27 +26,28 @@ def __init__(self):
         self.client_public_key = keypair.get_client_public_key()
         self.server_private_key = keypair.get_server_private_key()
 
-        if app.app.config["INPUT_HASH_ALGO"] != "":
-            hash = Hash(app.app.config["INPUT_HASH_ALGO"])
+        if current_app.config["INPUT_HASH_ALGO"] != "":
+            hash = Hash(current_app.config["INPUT_HASH_ALGO"])
             self._db = Database(hash=hash)
         else:
             self._db = Database()
 
     def _check_headers(self):
         """Ensure correct request headers."""
         req_parser = reqparse.RequestParser()
-        req_parser.add_argument(app.app.config["TOKEN_HEADER"], location="headers", required=True)
-        req_parser.add_argument(app.app.config["AUTH_HEADER"], location="headers", required=True)
+        req_parser.add_argument(current_app.config["TOKEN_HEADER"], location="headers", required=True)
+        req_parser.add_argument(current_app.config["AUTH_HEADER"], location="headers", required=True)
         headers = req_parser.parse_args()
+
         # verify auth_header's value
-        if headers.get(app.app.config["AUTH_HEADER"]) == app.app.config["AUTH_TOKEN"]:
+        if headers.get(current_app.config["AUTH_HEADER"]) == current_app.config["AUTH_TOKEN"]:
             return headers
         else:
             return False
 
     def _get_token(self, headers):
         """Get the token from request headers"""
-        token = headers.get(app.app.config["TOKEN_HEADER"], "").split(" ")
+        token = headers.get(current_app.config["TOKEN_HEADER"], "").split(" ")
         if len(token) == 2:
             return token[1]
         elif len(token) == 1:
@@ -59,12 +60,12 @@ def _get_token_payload(self, token):
         """Decode a token (JWE(JWS))."""
         try:
             # decrypt
-            decrypted_token = jwe.JWE(algs=[app.app.config["JWE_ENCRYPTION_ALG"], app.app.config["JWE_CEK_ENC"]])
+            decrypted_token = jwe.JWE(algs=[current_app.config["JWE_ENCRYPTION_ALG"], current_app.config["JWE_CEK_ENC"]])
             decrypted_token.deserialize(token, key=self.server_private_key)
             decrypted_payload = str(decrypted_token.payload, "utf-8")
             # verify signature
             signed_token = jws.JWS()
-            signed_token.deserialize(decrypted_payload, key=self.client_public_key, alg=app.app.config["JWS_SIGNING_ALG"])
+            signed_token.deserialize(decrypted_payload, key=self.client_public_key, alg=current_app.config["JWS_SIGNING_ALG"])
             # return final payload
             payload = str(signed_token.payload, "utf-8")
             return json.loads(payload)
@@ -75,12 +76,12 @@ def _get_token_payload(self, token):
     def _make_token(self, payload):
         """Wrap payload in a signed and encrypted JWT for response."""
         # sign the payload with server's private key
-        header = {"typ": "JWS", "alg": app.app.config["JWS_SIGNING_ALG"]}
+        header = {"typ": "JWS", "alg": current_app.config["JWS_SIGNING_ALG"]}
         signed_token = jwt.JWT(header=header, claims=payload)
         signed_token.make_signed_token(self.server_private_key)
         signed_payload = signed_token.serialize()
         # encrypt the signed payload with client's public key
-        header = {"typ": "JWE", "alg": app.app.config["JWE_ENCRYPTION_ALG"], "enc": app.app.config["JWE_CEK_ENC"]}
+        header = {"typ": "JWE", "alg": current_app.config["JWE_ENCRYPTION_ALG"], "enc": current_app.config["JWE_CEK_ENC"]}
         encrypted_token = jwt.JWT(header=header, claims=signed_payload)
         encrypted_token.make_encrypted_token(self.client_public_key)
         return encrypted_token.serialize()
@@ -91,11 +92,11 @@ def _get_response(self, token_payload):
             sub, name, eligibility = token_payload["sub"], token_payload["name"], list(token_payload["eligibility"])
             resp_payload = dict(
                 jti=token_payload["jti"],
-                iss=app.app.config["APP_NAME"],
+                iss=current_app.config["APP_NAME"],
                 iat=int(datetime.datetime.utcnow().replace(tzinfo=datetime.timezone.utc).timestamp()),
             )
             # sub format check
-            if re.match(app.app.config["SUB_FORMAT_REGEX"], sub):
+            if re.match(current_app.config["SUB_FORMAT_REGEX"], sub):
                 # eligibility check against db
                 resp_payload["eligibility"] = self._db.check_user(sub, name, eligibility)
                 code = 200