customer-engineering/mockapi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add OAuth dropdown to admin navigation and update README

Browse source 
- Add OAuth dropdown menu in admin UI with links to Clients, Tokens, Users
- Update README with install.sh details and simplified port configuration
- Remove references to deleted fix scripts
- Update systemd service example to show dynamic port configuration
- Clarify OAuth admin UI accessibility in documentation
This commit is contained in:
cclohmar 2026-03-16 19:11:12 +00:00
parent 80e8d93a27
commit 8db1029517
2 changed files with 53 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

95
README.md
View file

@ -96,6 +96,8 @@ mockapi/
5. **Initialize the database** (tables are created automatically on first run). 5. **Initialize the database** (tables are created automatically on first run).
**For production deployment**, consider using the automated `install.sh` script which handles virtual environment creation, dependency installation, secure credential generation, and systemd service setup. See [Production Deployment with install.sh](#production-deployment-with-installsh) for details.
## Running the Application ## Running the Application
### Development (with autoreload) ### Development (with autoreload)
@ -245,12 +247,14 @@ Default scopes include:
### Admin OAuth2 Management ### Admin OAuth2 Management
Access OAuth2 management via the admin interface: Access OAuth2 management via the admin interface navigation (OAuth dropdown):
- **Clients**: `http://localhost:8000/admin/oauth/clients` Register and manage OAuth clients - **Clients**: `http://localhost:8000/admin/oauth/clients` Register and manage OAuth clients
- **Tokens**: `http://localhost:8000/admin/oauth/tokens` View and revoke issued tokens - **Tokens**: `http://localhost:8000/admin/oauth/tokens` View and revoke issued tokens
- **Users**: `http://localhost:8000/admin/oauth/users` Manage OAuth user records - **Users**: `http://localhost:8000/admin/oauth/users` Manage OAuth user records
**Admin UI Navigation**: The admin interface now includes an "OAuth" dropdown menu in the top navigation bar with direct access to Clients, Tokens, and Users management pages.
## Production Deployment Considerations ## Production Deployment Considerations
### 1. **Environment Configuration** ### 1. **Environment Configuration**
@ -273,38 +277,49 @@ User=www-data
Group=www-data Group=www-data
WorkingDirectory=/path/to/mockapi WorkingDirectory=/path/to/mockapi
Environment="PATH=/path/to/mockapi/venv/bin" Environment="PATH=/path/to/mockapi/venv/bin"
ExecStart=/path/to/mockapi/venv/bin/waitress-serve --host=0.0.0.0 --port=8000 wsgi:wsgi_app EnvironmentFile=/path/to/mockapi/.env
# HOST and PORT are read from .env file at runtime
ExecStart=/path/to/mockapi/venv/bin/waitress-serve --host=$HOST --port=$PORT wsgi:wsgi_app
Restart=always Restart=always
RestartSec=10 RestartSec=10
# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ReadWritePaths=/path/to/mockapi
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
``` ```
### 3. **Changing Port Configuration** **Note**: The `install.sh` script automatically creates an optimized systemd service file with dynamic port configuration, security hardening, and proper environment variable loading from `.env`.
If you need to change the port MockAPI runs on (e.g., due to port conflicts), you have two options:
### 3. **Production Deployment with install.sh**
For production deployments, use the provided `install.sh` script which handles all setup automatically:
#### Option A: Using the Change Port Script (Recommended)
```bash ```bash
# Download the script if not already present
cd /opt/mockapi cd /opt/mockapi
sudo wget -O change_port.sh https://raw.githubusercontent.com/your-repo/main/change_port.sh sudo ./install.sh
sudo chmod +x change_port.sh
# Run the script
sudo bash change_port.sh
``` ```
The script will: The install script will:
1. Show current port configuration 1. Check Python version and handle Python 3.13+ compatibility
2. Ask for new port number 2. Create Python virtual environment with required dependencies
3. Update `.env` file 3. Generate secure credentials (admin password, secret key)
4. Update systemd service file 4. Create `.env` configuration file with all required variables
5. Update OAuth2 issuer URL 5. Initialize the database
6. Restart the service 6. Create and configure systemd service with dynamic port configuration
7. Start and enable the service
#### Option B: Manual Port Change **Key Features**:
If you prefer to change the port manually: - **Python 3.13.5+ compatibility**: Automatically handles SQLAlchemy 2.0.27+ requirements
- **Dynamic port configuration**: Service reads HOST/PORT from `.env` file at runtime
- **Secure credential generation**: Random admin password and secret key
- **Missing variable protection**: Automatically adds required environment variables if missing
### 4. **Changing Port Configuration**
Port configuration is now simplified - all settings are read from the `.env` file:
1. **Edit the `.env` file**: 1. **Edit the `.env` file**:
```bash ```bash
@ -317,49 +332,23 @@ If you prefer to change the port manually:
OAUTH2_ISSUER=http://localhost:8080 # Update to match new port OAUTH2_ISSUER=http://localhost:8080 # Update to match new port
``` ```
2. **Edit the systemd service file**: 2. **Restart the service**:
```bash ```bash
sudo nano /etc/systemd/system/mockapi.service
```
Update the `ExecStart` line:
```ini
ExecStart=/opt/mockapi/venv/bin/waitress-serve --host=0.0.0.0 --port=8080 wsgi:wsgi_app
```
3. **Reload systemd and restart**:
```bash
sudo systemctl daemon-reload
sudo systemctl restart mockapi sudo systemctl restart mockapi
sudo systemctl status mockapi
``` ```
4. **Verify the change**: 3. **Verify the change**:
```bash ```bash
curl http://localhost:8080/health curl http://localhost:8080/health
``` ```
**Important Notes**: **Important Notes**:
- The port in `.env` and service file must match - The systemd service automatically reads HOST and PORT from `.env` file at runtime
- No need to edit the service file when changing ports
- After changing port, update any reverse proxy configurations - After changing port, update any reverse proxy configurations
- OAuth2 clients may need reconfiguration if issuer URL changes - OAuth2 clients may need reconfiguration if issuer URL changes
**Checking Current Configuration**: ### 5. **Reverse Proxy (Recommended)**
To verify your port configuration is consistent, use the check script:
```bash
cd /opt/mockapi
sudo wget -O check_port_config.sh https://raw.githubusercontent.com/your-repo/main/check_port_config.sh
sudo chmod +x check_port_config.sh
sudo bash check_port_config.sh
```
The script will:
- Show current port settings from `.env` and service file
- Check for consistency between files
- Verify service is running and listening on correct port
- Test health endpoint
- Provide recommendations if issues are found
### 4. **Reverse Proxy (Recommended)**
Use Nginx or Apache as a reverse proxy for SSL termination, load balancing, and static file serving: Use Nginx or Apache as a reverse proxy for SSL termination, load balancing, and static file serving:
**Example Nginx configuration**: **Example Nginx configuration**:
@ -378,7 +367,7 @@ server {
} }
``` ```
### 4. **Database Backups** ### 6. **Database Backups**
For SQLite, regularly backup the `mockapi.db` file. For production, consider migrating to PostgreSQL. For SQLite, regularly backup the `mockapi.db` file. For production, consider migrating to PostgreSQL.
## Usage ## Usage
@ -581,7 +570,7 @@ Enable debug logging by setting `DEBUG=True` in `.env`. Check the console output
- SQLite only (but can be extended to PostgreSQL via `DATABASE_URL`) - SQLite only (but can be extended to PostgreSQL via `DATABASE_URL`)
- Single admin user (no multiuser support) - Single admin user (no multiuser support)
- No request logging/history - No request logging/history
- OAuth2 protection fields (requires_oauth, oauth_scopes) not exposed in admin UI - OAuth2 protection fields (requires_oauth, oauth_scopes) for endpoints not exposed in admin UI (though OAuth client/token/user management is available via navigation dropdown)
- OAuth2 user authentication uses placeholder user IDs (integration with external identity providers pending) - OAuth2 user authentication uses placeholder user IDs (integration with external identity providers pending)
- **Possible extensions**: - **Possible extensions**:

10
app/modules/admin/templates/base.html
View file

@ -39,6 +39,16 @@
<i class="bi bi-list-ul"></i> Endpoints <i class="bi bi-list-ul"></i> Endpoints
</a> </a>
</li> </li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle {% if request.url.path.startswith('/admin/oauth') %}active{% endif %}" href="#" role="button" data-bs-toggle="dropdown" aria-expanded="false">
<i class="bi bi-shield-lock"></i> OAuth
</a>
<ul class="dropdown-menu">
<li><a class="dropdown-item {% if request.url.path == '/admin/oauth/clients' %}active{% endif %}" href="/admin/oauth/clients"><i class="bi bi-person-badge"></i> Clients</a></li>
<li><a class="dropdown-item {% if request.url.path == '/admin/oauth/tokens' %}active{% endif %}" href="/admin/oauth/tokens"><i class="bi bi-key"></i> Tokens</a></li>
<li><a class="dropdown-item {% if request.url.path == '/admin/oauth/users' %}active{% endif %}" href="/admin/oauth/users"><i class="bi bi-people"></i> Users</a></li>
</ul>
</li>
</ul> </ul>
<ul class="navbar-nav"> <ul class="navbar-nav">
<li class="nav-item"> <li class="nav-item">