The auth channel does not allow users to get messages (access them over
the internet). Hence, a regular SSE client should not be able to monitor
the events generated on the auth channel. In contrast, an admin host
should be able to monitor the auth events. For that, this patch adds an
/admin/subscribe endpoint that is SSL-authenticated in production, so
only the admin hosts can connect to it.
The same server now can handle multiple logical channels, on which the
transmitter logic runs independently. That is, while previously a single
message would be in transmitting state at a time, now multiple messages
can be in transmitting state as long as they belong to distinct logical
channels.
The supported channels each have different permissions. The user channel
is where users can post, get, and delete messages as needed. In
contrast, the other channels do not grant all permissions to users. Some
are read-only (users can get but not post) and there is a channel (the
auth channel) on which users have no permissions (neither get nor post).
For the channels on which users do not have all permissions (get, post,
and delete), this patch adds admin-specific routes, which are prefixed
by /admin/. The /admin/ route is protected via SSL in production and
allows the admin host to send GET/POST/DELETE requests normally. Hence,
for instance, the admin host can post a message on the auth channel
(with POST /admin/order) and read it (with GET /admin/order) for
transmission over satellite, whereas regulars cannot. With this scheme,
the auth channel messages are accessible exclusively over satellite (and
not over the internet).
The admin routes were added to the following endpoints:
- /order/<uuid> (GET and DELETE requests)
- /order (POST request)
- /orders/<state> (GET request)
- /message/<tx_seq_num> (GET request)
The messages posted by the admin are not paid, so this patch removes the
requirement of invoice generation and payment. Only paid orders now
generate an invoice. Thus, the POST request to the /order/ endpoint does
not return an invoice for non-paid (admin-only) messages.
Also, this patch updates the queue page to display the orders separately
for each channel. The query string channel parameter determines which
channel the page shows.
Finally, this patch updates the events published into the Redis db on
transmission. The event includes the corresponding logical channel so
that SSE events can be subscribed independently for each channel.
The former daemon.sh script was replaced by the workers.sh script in
2cfc398. Update on the terraform setup and also rename the service now
that it no longer consists of only Tx-related daemon workers.
Flask-RESTful returns a JSON response by default when returning a
dictionary. It's not necessary to dump the returning dictionary into a
JSON-serialized string. Otherwise, the client will see a string response
instead of a JSON response.
This change implements a mechanism to retransmit orders if some of the
order's selected regions do not confirm transmission in due time. It
adds a worker to repeatedly check the orders and determine if they need
retransmission. Such orders will be added to a new table named
tx_retries. The tx_start function now first checks if there are regular
new paid orders to transmit. If not, it will check the retransmission
table and retransmit an order from there if one is available.
This patch also introduces a new order state called "retranmission". The
order enters this state while waiting for retransmission.
Users can provide a list of regions to POST /order requests. This list
indicates on which regions the order should be transmitted. It also
determines the expected transmission and reception confirmations.
This change removes the infinite transmission loop with sleep periods
between each transmission. Now, a new transmission can start by a call
to "tx_start" on the following two conditions:
1) As soon as the application starts (if there is a previously paid
order waiting already).
2) As soon as the current transmission ends. The server will immediately
look for the next order ready for transmission and start it if
available.
Meanwhile, the condition for ending the current transmission (i.e., for
calling "tx_end(order)") is when all Tx confirmations are received from
all regions.
If the env var is not defined, fall back to a random string. However,
note the random string won't work over gunicorn if using multiple
workers. In this case, it is necessary to define the env var.
- If a staging_/prod_/misc_ tag is present, or if merging to master,
push the Satellite API image upstream.
- Tag images with the commit SHA and the commit ref slug (.e.g, branch
name) for caching. Tag with latest if merging to master.
- Deploy the image specified by commit SHA.
The new server implementation in Python implements request validation
using the Marshamallow package. With that, some requests are validated
directly by the marshmallow validator and do not return custom error
codes. Drop those error codes and other unused ones. Review the README
docs accordingly.
- Preserve the SQLite database and use SQLAlchemy to wrap db
interactions.
- Use Alembic for database migrations.
- Organize all the python modules on the new server/ directory.
- Use pytest for unit tests and organize test modules at server/tests/.
