Commit fb784d22 authored by Vitali Stupin's avatar Vitali Stupin
Browse files

Updated readme

parent 78a2b35b
# Central Server API
This API is used to add new X-Road members directly to X-Road Central Server without web admin interface.
**NB! Make sure your API is not accessible from public internet, and is properly secured in your internal network!**
## API description
API is described using OpenAPI specification: [openapi-definition.yaml](openapi-definition.yaml)
## Systemd configuration
## Installation
Installation was tested with Ubuntu 18.04.
### Program
Provided systemd and nginx configurations assume than program files are installed under `/opt/csapi`. Program is running under `xroad` user to be able to access X-Road configuration files and database without any additional configurations.
Create `/opt/csapi` directory:
```bash
sudo mkdir -p /opt/csapi
```
And copy files `member.py`, `server.py`, and `requirements.txt` into `/opt/csapi` directory.
You will need to install support for python venv:
```bash
sudo apt-get install python3-venv
```
Then install required python modules into venv:
```bash
cd /opt/csapi
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
```
### Systemd configuration
Add service description `systemd/csapi.service` to `/lib/systemd/system/csapi.service`. Then start and enable automatic startup:
```bash
......@@ -13,11 +45,13 @@ sudo systemctl start csapi
sudo systemctl enable csapi
```
## Nginx configuration
### Nginx configuration
Add nginx configuration from this repository: `nginx/csapi.conf` to nginx server: `/etc/nginx/sites-enabled/csapi.conf`
Create a certificate for nginx:
Create a certificate for nginx (installed by default in X-Road Central Server):
```bash
mkdir -p /etc/nginx/csapi
sudo mkdir -p /etc/nginx/csapi
cd /etc/nginx/csapi
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout csapi.key -out csapi.crt
```
......@@ -29,14 +63,14 @@ State or Province Name (full name) [Some-State]:Harjumaa
Locality Name (eg, city) []:Tallinn
Organization Name (eg, company) [Internet Widgits Pty Ltd]:RIA
Organizational Unit Name (eg, section) []:CSAPI
Common Name (e.g. server FQDN or YOUR name) []:central-server.ci.kit
Common Name (e.g. server FQDN or YOUR name) []:central-server.domain.local
Email Address []:
```
Make sure key is accessible to nginx:
```bash
sudo chmod 640 /etc/nginx/csapi/csapi.key
sudo chgrp www-data /etc/nginx/csapi/csapi.key
sudo chmod g+r /etc/nginx/csapi/csapi.key
```
On client side (XTSS app):
......@@ -50,22 +84,21 @@ Country Name (2 letter code) [AU]:EE
State or Province Name (full name) [Some-State]:Harjumaa
Locality Name (eg, city) []:Tallinn
Organization Name (eg, company) [Internet Widgits Pty Ltd]:RIA
Organizational Unit Name (eg, section) []:xtss
Organizational Unit Name (eg, section) []:APIClient
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
```
Copy client.crt to nginx machine: `/etc/nginx/csapi/client.crt`
Copy client.crt to Central Server machine: `/etc/nginx/csapi/client.crt`
For testing copy nginx `csapi.crt` to client and issue curl command:
```bash
curl --cert client.crt --key client.key --cacert csapi.crt -i -d '{"member_code": "XX000003", "member_name": "XX Test 3", "member_class": "GOVXXX"}' -X POST https://jan-center2.ci.kit:5443/member
curl --cert client.crt --key client.key --cacert csapi.crt -i -d '{"member_code": "XX000003", "member_name": "XX Test 3", "member_class": "GOVXXX"}' -X POST https://central-server.domain.local:5443/member
```
Add nginx configuration from this repository: `nginx/csapi` to nginx server: `/etc/nginx/sites-enabled/csapi`
## Testing
Note that `server.py` is a configuration file for logging and flask and therefore not covered by tests.
Note that `server.py` is a configuration file for logging and Flask and therefore not covered by tests.
Running the tests:
```bash
......@@ -83,7 +116,7 @@ In order to measure code coverage install `coverage` module:
pip install coverage
```
Then coverage analyse:
Then run coverage analyse:
```bash
coverage run test_member.py
coverage report member.py
......@@ -91,6 +124,7 @@ coverage report member.py
Alternatively you can generate html report with:
```bash
coverage run test_member.py
coverage html member.py
```
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment