Metadata-Version: 2.4
Name: basic-python-project
Version: 0.0.0
Summary: Template: Basic Python Project
Author-email: Christian Hänig <christian.haenig@hs-anhalt.de>
Project-URL: Gitlab, https://gitlab.hs-anhalt.de/ki/templates/basic-python-project
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Requires-Python: >=3.12
Description-Content-Type: text/markdown; charset=UTF-8
License-File: LICENSE
Requires-Dist: fastapi~=0.115.5
Requires-Dist: pytest~=8.3
Requires-Dist: pytest-asyncio~=0.24
Requires-Dist: starlette~=0.41.3
Requires-Dist: uvicorn~=0.32.1
Requires-Dist: python-keycloak~=4.7.3
Requires-Dist: python-dotenv~=1.0.1
Requires-Dist: sqlmodel~=0.0.34
Requires-Dist: sqlalchemy~=2.0
Requires-Dist: asyncpg~=0.30.0
Requires-Dist: geoalchemy2~=0.15.2
Requires-Dist: minio~=7.2
Requires-Dist: Pillow~=11.0
Requires-Dist: python-multipart~=0.0.20
Requires-Dist: sentry-sdk[fastapi]~=2.0
Dynamic: license-file

# Meinewaldki Citizen Rest Service


## Installation for Kubernetes

You need to have helm and kubectl installed.

Your kubeconfig should be set to the correct cluster (meinewaldki).

```bash
kubectl config current-context
```

Navigate to the configuration directory:

```bash
cd config
```

### Keycloak

For keycloak you need to run the following command:

```bash
helm install test-keycloak keycloak --namespace citizen-scientist-app
```

The configurations are in the keycloak/values.yaml file.

Base configuration your endpoint will be `https://meinewaldki.anhalt.ai/dev-auth`.

To uninstall keycloak run the following command:

```bash
helm uninstall test-keycloak --namespace citizen-scientist-app
```

#### Settings

Log into keycloak with the following credentials:

```
Username: admin-dev
Password: PLS_CHG_ME
```

Add a new realm for guest users.

In the new realm create a new client with the ClientID `MeineWaldKIApp`.
Enable OAuth 2.0 Device Authorization Grant.

After creating the client change the following settings:

Origin: `*` (should be more restrictive in production, but did not check if this works with a more restrictive setting)
Valid Redirect URIs: `*` (should be more restrictive in production, but did not check if this works with a more restrictive setting)

Add the role `guest` to the client roles.

Go to Realm Settings. Set SSO Session Idle very high and SSO Session also very high (Sessions).

Set Access Token Lifespan to a very high value (Tokens).

Remove the first name and last name from the required user attributes (User profile).


### Installation Rest Service

I will add the automatic deployment through CI/CD later.

The deployment helm is mostly written but the Docker image is not yet in a registry.


## Run locally
After Installing keycloak and creating your realms and changing the admin password and or admin user you can run the service locally.

Add the following environment variables to your .env file:

```env
KEYCLOAK_SERVER_URL=https://meinewaldki.anhalt.ai/dev-auth/ (if not changed)
ADMIN_USERNAME=admin_dev (if not changed)
ADMIN_PASSWORD=PLS_CHG_ME (if not changed)
ADMIN_REALM_NAME=master (if not changed)
GUEST_USER_REALM_NAME=YourRealm (I set it to guest-users)
```

Mark the src directory as source root in your IDE.

Run the main.py file with the working directory set to the root directory of the project.

### Endpoints
I did not setup an endpoint for cookies. This should make it easier to test the endpoints.

http://127.0.0.1:5001/citizen-api/guest-user/create -> Create a new guest user
http://127.0.0.1:5001/citizen-api/guest-user/check -> Check if Token is valid (Post request)
http://127.0.0.1:5001/citizen-api/docs -> Swagger UI (Easy to test the endpoints)
