From 0a12acee7fa8aa7356a6cd0201bd74c1aae974c0 Mon Sep 17 00:00:00 2001 From: "Valentijn van de Beek (uwu)" Date: Wed, 8 Jan 2025 12:19:41 +0100 Subject: [PATCH 01/11] Replace deprecated hostname -I with ip --- management_os/build/build_management_initramfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/management_os/build/build_management_initramfs.sh b/management_os/build/build_management_initramfs.sh index d255b46..665e136 100755 --- a/management_os/build/build_management_initramfs.sh +++ b/management_os/build/build_management_initramfs.sh @@ -11,7 +11,7 @@ source $SCRIPT_PATH/../../utils/container.sh # Generate the image directory generateImage $SCRIPT_PATH -CONTROL_SERVER_IP="$(hostname -I | awk '{print $1}')" +CONTROL_SERVER_IP="$(ip a | grep -F "inet " | awk '{print $2}' | sed -n 2p | rev | cut -b 4- | rev)" cat > "$SCRIPT_PATH/hosts" << EOF # Put the ip address of the control server here so the management From f88ddfebbde20c9b8633e8a54447d43864cdce94 Mon Sep 17 00:00:00 2001 From: "Valentijn van de Beek (uwu)" Date: Wed, 8 Jan 2025 12:22:38 +0100 Subject: [PATCH 02/11] Update outdated management_os makefile commands --- Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 53b495d..fff4431 100644 --- a/Makefile +++ b/Makefile @@ -14,13 +14,12 @@ lint: goimports -local baas -w **/*.go golangci-lint run -management_os: management_initramfs management_kernel +.PHONY: management_os +management_os: management_initramfs management_initramfs: @$(mkfile_dir)/management_os/build/build_management_initramfs.sh -management_initramfs: control_server/static/initramfs - control_server_docker: @docker-compose -f $(mkfile_dir)/docker-compose.yml up --build From de9c25aa431ffff9e0d0bbf72ac3ac62feb1184a Mon Sep 17 00:00:00 2001 From: "Valentijn van de Beek (uwu)" Date: Wed, 8 Jan 2025 12:59:27 +0100 Subject: [PATCH 03/11] Setup control server script --- Makefile | 5 +++++ utils/setup_control_server.sh | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100755 utils/setup_control_server.sh diff --git a/Makefile b/Makefile index fff4431..532e8d1 100644 --- a/Makefile +++ b/Makefile @@ -5,6 +5,7 @@ mkfile_dir := $(shell dirname $(mkfile_path)) # or to the ip address of the control server when ~~testing~~ running in production. # This will be put in the hosts file. export CONTROL_SERVER_IP ?= 192.168.2.76 +export FIRST_MAC_ADDRESS ?= 52:54:00:08:5e:49 lint_fix: goimports -local baas -w **/*.go @@ -26,3 +27,7 @@ control_server_docker: .PHONY: control_server control_server: cd $(mkfile_dir) && sudo env GO111MODULE=on go run ./control_server + +.PHONY: setup_control_server +setup_control_server: + @$(mkfile_dir)/utils/setup_control_server.sh ${FIRST_MAC_ADDRESS} diff --git a/utils/setup_control_server.sh b/utils/setup_control_server.sh new file mode 100755 index 0000000..fd0c36e --- /dev/null +++ b/utils/setup_control_server.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env sh +# Copyright (c) 2025, Valentijn van de Beek +# All rights reserved. +# +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. + +set -e +URL="localhost:4848" + +# Set a preamble for each of the cURL requests. In particular: +# - Content-Type -- Type of request data we are giving +# - Origin -- Were the request originates from, at the moment we only accept localhost (needed for CORS) +# - Type -- Allows a request to bypass session user checking +HEADERS=$(cat < Date: Wed, 8 Jan 2025 13:00:29 +0100 Subject: [PATCH 04/11] Update and fix LICENSE --- LICENSE | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/LICENSE b/LICENSE index df36879..8cda3a5 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,5 @@ -Copyright 2022 TU Delft & Valentijn van de Beek - -Copyright +Copyright 2022 TU Delft +Copyright 2022-2024 Valentijn van de Beek Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -27,4 +26,4 @@ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. From ab3becb4d6a390c25bcb5a25b7d6a5a7ee6d8e55 Mon Sep 17 00:00:00 2001 From: "Valentijn van de Beek (uwu)" Date: Wed, 8 Jan 2025 13:05:37 +0100 Subject: [PATCH 05/11] Update README installation instructions --- README.md | 52 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 31 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 2f88280..054158f 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,29 @@ # BAAS -Baremetal As A Service, or abbreviated to BAAS is a project done for the TU Delft to facilitate operating systems -research on high-powered machines, by scheduling the access researches have to these machines. This system makes sure -each researcher can have full access to the machines in their timeslot, being able to load their own (custom) kernel and have -access to all hardware. BAAS makes sure the system is reset a well-known state after every job, to make sure these custom kernels -have not messed up the system enough to make further research on them impossible. - -Disclaimer: this system is custom-built for the needs of the TU Delft. It is open source, and written to be extensible, -but it is unlikely that it will completely fit your needs without changes. We are open to pull requests, -but we might not implement suggestions ourselves which are outside the scope of the requirements for the TU Delft. +Baremetal As A Service, or abbreviated to BAAS is a project done for +the TU Delft to facilitate operating systems research on high-powered +machines, by scheduling the access researches have to these +machines. This system makes sure each researcher can have full access +to the machines in their timeslot, being able to load their own +(custom) kernel and have access to all hardware. BAAS makes sure the +system is reset a well-known state after every job, to make sure these +custom kernels have not messed up the system enough to make further +research on them impossible. + +Disclaimer: this system is custom-built for the needs of the TU +Delft. It is open source, and written to be extensible, but it is +unlikely that it will completely fit your needs without changes. We +are open to pull requests, but we might not implement suggestions +ourselves which are outside the scope of the requirements for the TU +Delft. # Documentation -Some documentation about the systems, and building these systems is provided [here](https://baas-project.github.io/baas/). In addition, you can generate a website with inline documentation by running `godoc` and going to [this url](http://localhost:6060/pkg/github.com/baas-project/baas/). +Some documentation about the systems, and building these systems is +provided [here](https://baas-project.github.io/baas/). In addition, +you can generate a website with inline documentation by running +`godoc` and going to [thisurl](http://localhost:6060/pkg/github.com/baas-project/baas/). # Install @@ -26,7 +36,7 @@ Some documentation about the systems, and building these systems is provided [he ## Installation of the virtual machine This software works on a client a server-model, where there is a -central control server which offers the management OS to one or multiple +central control server which offers the management OS to one or multiple clients. These are two entirely different systems and hence both testing as well as developing must be done on two separate machines. @@ -41,8 +51,8 @@ new network, select NAT, set the name as BAASNetwork and set "Forward To" as the network card you typically use (in my case wlan0). Press on finish. -> :warning: If you have problems with connecting to the server, -> double check if there is not a firewall running in the background. +> :warning: If you have problems with connecting to the server, +> double check if there is not a firewall running in the background. Run the following command, after running it, you should be able to boot the virtual machine with the proper network settings. @@ -51,8 +61,8 @@ virt-install --pxe --prompt --memory 2048 --name baas --disk size=30 --boot uefi,network,hd --network network=BAASNetwork --os-variant generic ``` -Finally generate the management operating system which is run on the -client machine. +Finally generate the management operating system which is run on the +client machine. ```sh make management_initramfs @@ -61,11 +71,11 @@ make management_initramfs ### Control server In `virt-manager` go to view and select Details, press on the light bulb and find the menu item called NIC. From there copy the MAC -address and change the value in control_server/main.go to this IP -address. You can then run `make control_server` to run the control -server and reboot the virtual machine. If all is well, it should now -boot into the management operating system. +address and change `FIRST_MAC_ADDRESS` in the Makefile to this +value. You can then run `make control_server` to run the control +server. Then you can run `make setup_control_server` to create an +administrator user, a first disk image and add the VM to BAAS. If all +is well, it should now boot into the management operating system. # License - -// TODO +[3-Clause BSD][https://github.com/baas-project/baas/blob/master/LICENSE] From e9dc795245eb03b20c4e3c7b6910bd71b2fa5462 Mon Sep 17 00:00:00 2001 From: "Valentijn van de Beek (uwu)" Date: Wed, 8 Jan 2025 13:09:54 +0100 Subject: [PATCH 06/11] Update REST API documentation --- docs/control_server/REST API.md | 53 +++++++++++++++++---------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/docs/control_server/REST API.md b/docs/control_server/REST API.md index 3d146c9..2148dd7 100644 --- a/docs/control_server/REST API.md +++ b/docs/control_server/REST API.md @@ -26,8 +26,9 @@ In general of all of the resources look like the following: Different resources may be nested in groups of two arbitrarily deep into other resources, for example, `/machine/[mac]/disk/[uuid]/file/[name]`. -Some endpoints may require a user to be logging in, as indicated by the permissions field in the documentation below, which means that the `session-name` cookie must be set to the right value. This can be done by simply [logging in](logging_in.md), copying the relevant cookie value and using it in your requests. For example, using cURL you want to prefix your commands with: `--cookie "session-name=[some base64 string]"`. +Some endpoints may require a user to be logging in, as indicated by the permissions field in the documentation below, which means that the `session-name` cookie must be set to the right value. This can be done by simply [logging in](logging_in.md), copying the relevant cookie value and using it in your requests. For example, using cURL you want to prefix your commands with: `--cookie "session-name=[some base64 string]"`. Checks can be skipped, for now, by setting a `Type: System` header in your HTTP request. +To send a request you must set the Origin Header due to the [Cross-Origin Resource Sharing][https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS] protections of modern browsers. At the moment, only `http://localhost:9090` is supported as a value. ## Endpoint compendium In this section an overview is given of every single on the defined endpoints together with an example on how to call it, what parameters it takes and what it returns. This section is divided in the same way as the resources defined above. @@ -53,10 +54,10 @@ Allows a user to get information about a specific machine which is identified by { "Name": "Machine 1", "Architecture": "X86_64", - "Managed": true, + "Managed": true, "MacAddress": [{ - "Address": "00:11:22:33:44:55:66" - }] + "Address": "00:11:22:33:44:55:66" + }] } ``` @@ -71,19 +72,19 @@ Receives information about every currently registered machine. **Example response:**
```json [{ - "Name": "Machine 1", + "Name": "Machine 1", "Architecture": "x86_64", - "Managed": true, + "Managed": true, "MacAddress": [{ - "Address": "00:11:22:33:44:55:66" + "Address": "00:11:22:33:44:55:66" }] }, { - "Name": "Machine 2", + "Name": "Machine 2", "Architecture": "x86_64", - "Managed": false, + "Managed": false, "MacAddress": [{ - "Address": "42:DE:AD:BE:EF:42" + "Address": "42:DE:AD:BE:EF:42" }] }] ``` @@ -105,16 +106,16 @@ the machine. **Example body:**
```json { - "Name": "Hello World", - "Architecture": "x86_64", - "Managed": true, - "MacAddress": [{ - "Address": "52:54:00:d9:71:15", - "MachineModelID": 12 - }] + "Name": "Hello World", + "Architecture": "x86_64", + "Managed": true, + "MacAddress": [{ + "Address": "52:54:00:d9:71:15", + "MachineModelID": 12 + }] } ``` -**Example curl command:** `curl -X POST localhost:4848/machine -H 'Content-Type: application/json' -d '{"name": "Test", "Architecture": "x86_64", "Managed": true, "MacAddress": {"Address": "52:54:00:d9:71:12"}1}'` +**Example curl command:** `curl -X POST localhost:4848/machine -H 'Content-Type: application/json' -d '{"name": "Test", "Architecture": "x86_64", "Managed": true, "MacAddress": {"Address": "52:54:00:d9:71:12"}}'` #### Update machine Change the information of a machine, this also used to create a machine. @@ -132,12 +133,12 @@ Change the information of a machine, this also used to create a machine. **Example body:**
```json { - "Name": "Hello World", - "Architecture": "x86_64", - "Managed": true, - "MacAddress": [{ - "Mac": "52:54:00:d9:71:15", - }] + "Name": "Hello World", + "Architecture": "x86_64", + "Managed": true, + "MacAddress": [{ + "Mac": "52:54:00:d9:71:15", + }] } ``` **Example curl command:** `curl -X PUT localhost:4848/machine -H 'Content-Type: application/json' -d '{"name": "Test", "Architecture": "x86_64", "Managed": true, "MacAddress": {"Address": "52:54:00:d9:71:12"}}'` @@ -339,7 +340,7 @@ Creates a new image entity and file. - *Type:* BAAS image type, one of: base, system, temporal and temporary
- *Versioned:* Boolean value indicating that it is a versioned or a checksum-based image
- +- *Username:* Username of the user that you want to create the image for
**Response:** - *Name:* Human-readable name of the image.
- *Versions:* A list of objects with a Version attribute containing the version number.
@@ -351,7 +352,7 @@ Creates a new image entity and file. - *Checksum:* Checksum in case of a non-versioned image.
**Permissions:** User in question or administrator
-**Example curl request:** `curl -X POST "localhost:4848/user/ValentijnvdBeek/image" -H 'Content-Type: application/json' --cookie "session-name=$SECRET" -d '{"Name": "Fedora Research", "DiskCompressionStrategy": "none", "ImageFileType": "raw", "Type": "system"}'`
+**Example curl request:** `curl -X POST "localhost:4848/user/ValentijnvdBeek/image" -H 'Content-Type: application/json' --cookie "session-name=$SECRET" -d '{"Name": "Fedora Research", "DiskCompressionStrategy": "none", "ImageFileType": "raw", "Type": "system","username":"ValentijnvdBeek"}'`
**Example Response:** ```json { From 7bb2f1b7ec2dbeb925f63fe02031f6e1eb358145 Mon Sep 17 00:00:00 2001 From: "Valentijn van de Beek (uwu)" Date: Wed, 8 Jan 2025 13:18:02 +0100 Subject: [PATCH 07/11] Update the installation instructions of the documentation --- docs/control_server/index.md | 6 +++--- docs/index.md | 27 ++++++++++++++++++++------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/docs/control_server/index.md b/docs/control_server/index.md index 1ac2fe7..5a1351a 100644 --- a/docs/control_server/index.md +++ b/docs/control_server/index.md @@ -31,11 +31,11 @@ image that should be booted and any information about images such as compression algorithm. !!! Danger - The implementation of the system message is incredibly + The implementation of the system message is incredibly simple and allows for the complete bypassing of all security mechanisms. Please do not deploy the BAAS project on a safety - critical system until this mechanism is replaced with a more - secure implementation. + critical system until this mechanism is replaced with a more + secure implementation. Each request sent to the system is checked whether it is a system message and hence is provided with a specific header, whether a user diff --git a/docs/index.md b/docs/index.md index 6476e33..2bee488 100644 --- a/docs/index.md +++ b/docs/index.md @@ -44,7 +44,7 @@ Normally, you would use a virtual machine to create a client machine and run the !!! warning "Firewalls can interfere with VM networks." If you have problems with connecting to the server, double check if there is not a firewall running in the background. - Run the following command, after running it, you should be able to boot the virtual machine with the proper network settings. + Run the following command, after running it, you should be able to boot the virtual machine with the proper network settings. ```sh virt-install --pxe --prompt --memory 2048 --name baas --disk size=30 @@ -58,22 +58,35 @@ make management_initramfs ``` ### Starting the control server -In `virt-manager` go to view and select Details, press on the light bulb and find the menu item called NIC. From there copy the MAC address and change the value in `control_server/main.go` to this MAC address. You can then run `make control_server` to run the control server. +In `virt-manager` go to view and select Details, press on the light bulb and find the menu item called NIC. From there copy the MAC address and change `FIRST_MAC_ADDRESS` in the Makefile to this value. You can then run `make control_server` to run the control server. Then you can run `make setup_control_server` to create an administrator user, a first disk image and add the VM to BAAS. If all is well, it should now boot into the management operating system. ### Scheduling the first boot At boot the server will add the machine and hence the only thing left to do is ensuring that the system actually has images that it can boot. First create a user on the system, followed by the creation of an initial image and the downloading this image to disk. It is assumed that you have the `curl` and `jq` utilities installed and are running on a UNIX system. ```sh - curl -X POST "localhost:4848/user" -H 'Content-Type: application/json' -d '{"name": "USER", "email": "EMAIL", "role": "user"}' - UUID=$(curl -X POST "localhost:4848/user/USER/image" -H 'Content-Type: application/json' -d '{"name": "Test image", "DiskUUID": "/dev/sda"}' | jq .UUID | sed 's/\"//g') - curl "localhost:4848/image/${UUID}/latest" --output /tmp/image.img +# Set a preamble for each of the cURL requests. In particular: +# - Content-Type -- Type of request data we are giving +# - Origin -- Were the request originates from, at the moment we only accept localhost (needed for CORS) +# - Type -- Allows a request to bypass session user checking +HEADERS=$(cat < Date: Wed, 8 Jan 2025 13:57:52 +0100 Subject: [PATCH 08/11] Fixup! Disable CORS debugging --- control_server/api/routes.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/control_server/api/routes.go b/control_server/api/routes.go index 8764423..bbe801a 100644 --- a/control_server/api/routes.go +++ b/control_server/api/routes.go @@ -66,7 +66,7 @@ func getHandler(machineStore database.Store, staticDir string, diskpath string) AllowedHeaders: []string{"Authorization", "Set-Cookie"}, AllowedMethods: []string{"GET", "POST", "PUT", "DELETE"}, AllowCredentials: true, - Debug: true, + Debug: false, }) return c.Handler(r) From 8140d9789e47fe075d782f891a4433982c1a4a7a Mon Sep 17 00:00:00 2001 From: "Valentijn van de Beek (uwu)" Date: Wed, 8 Jan 2025 15:03:20 +0100 Subject: [PATCH 09/11] Create disk label and BAAS partition on first managament OS boot There is a bug in the go-diskfs library that makes it impossible to create EXT4 partitions. It might be nicer to switch to this on the long term. The code snippet for that is: ```go log.Warn("Create new machine partition and disk label") theDisk, err := diskfs.Open(image.DeviceFile[:len(image.DeviceFile)-1], diskfs.WithOpenMode(diskfs.ReadWrite)) if err != nil { log.Fatalf("Failed to open disk: %v", err) } // Create a GPT table with one partition to store the meta data for BAAS table := &gpt.Table{ LogicalSectorSize: 512, PhysicalSectorSize: 512, ProtectiveMBR: false, Partitions: []*gpt.Partition{ { Type: gpt.LinuxFilesystem, Start: 2 * 1024 * 1024, // 2MB Size: 20 * 1024 * 1024, // 20MB Name: "BAASPartition", }, }, } err = theDisk.Partition(table) if err != nil { log.Fatalf("Failed to create partition: %v", err) } _, err = theDisk.CreateFilesystem(disk.FilesystemSpec{ Partition: 1, FSType: filesystem.TypeExt4, VolumeLabel: "BAAS-fs", }) if err != nil { log.Fatalf("Failed to create filesystem: %v", err) } ``` --- management_os/entrypoint/machine_disk.go | 49 ++++++++++++++++++++++-- management_os/entrypoint/main.go | 1 + 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/management_os/entrypoint/machine_disk.go b/management_os/entrypoint/machine_disk.go index f0b7a67..29e302f 100644 --- a/management_os/entrypoint/machine_disk.go +++ b/management_os/entrypoint/machine_disk.go @@ -1,14 +1,17 @@ -// Copyright (c) 2020-2022 TU Delft & Valentijn van de Beek All rights reserved. +// Copyright (c) 2020-2022 TU Delft +// Copyright (c) 2022-2025 Valentijn van de Beek +// All rights reserved. +// // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. package main import ( + log "github.com/sirupsen/logrus" "os" + "os/exec" "syscall" - - log "github.com/sirupsen/logrus" ) // MachineImage stores the target directory and device file associated with an image. @@ -35,6 +38,44 @@ func (image *MachineImage) Initialise(file string, target string) { } } +func (image *MachineImage) CreateMachinePartition() { + // Checks if the disk has been setup at all, if not, it will create a GPT disk with + // a singular EXT4 partition for metadata storage. + + // go-diskfs has a bug with creating EXT4 GPT partitions, so for now we'll be shelling + // out to GNU parted to deal with the disk + // see: https://github.com/diskfs/go-diskfs/issues/274 + v, _ := image.Exists(image.DeviceFile) + + if v { + log.Warn("Machine partition already exists, skip.") + // The path exists so we don't need to do anything + return + } + + log.Warn("Create new machine partition and disk label") + diskPath := image.DeviceFile[:len(image.DeviceFile)-1] + cmd := exec.Command("parted", "-s", diskPath, "mklabel", "gpt") + log.Info(cmd) + err := cmd.Run() + if err != nil { + log.Fatalf("Failed running parted: %v", err) + } + + cmd = exec.Command("parted", "-s", diskPath, "mkpart", "ext4", "0", "20MiB") + log.Info(cmd) + err = cmd.Run() + if err != nil { + log.Fatalf("Failed running parted: %v", err) + } + + cmd = exec.Command("mkfs.ext4", image.DeviceFile) + log.Info(cmd) + if err != nil { + log.Fatalf("Failed running mkfs.ext4: %v", err) + } +} + // Mount attempts to mount the target file to the system func (image *MachineImage) Mount() { var flags uintptr @@ -85,7 +126,7 @@ func (image *MachineImage) RemoveAll(path string) error { // Exists checks if the path exists on disk func (image *MachineImage) Exists(path string) (bool, error) { - _, err := os.Stat(image.target + "/" + path) + _, err := os.Stat(path) if os.IsNotExist(err) { return false, nil } diff --git a/management_os/entrypoint/main.go b/management_os/entrypoint/main.go index 912f3ef..11ad106 100644 --- a/management_os/entrypoint/main.go +++ b/management_os/entrypoint/main.go @@ -124,6 +124,7 @@ func getLastSetup(machine *MachineImage) images.ImageSetup { func initializeMachine() *images.ImageSetup { var machine MachineImage machine.Initialise("/dev/sda1", "/mnt/machine") + machine.CreateMachinePartition() machine.Mount() defer machine.Unmount() From 256af3ba39c598cfab79d51e6a76997364ba7e0d Mon Sep 17 00:00:00 2001 From: "Valentijn van de Beek (uwu)" Date: Wed, 8 Jan 2025 19:54:46 +0100 Subject: [PATCH 10/11] Add GITHUB_SECRET variable to the makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 532e8d1..e21ef2f 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,7 @@ control_server_docker: .PHONY: control_server control_server: - cd $(mkfile_dir) && sudo env GO111MODULE=on go run ./control_server + cd $(mkfile_dir) && sudo env GO111MODULE=on GITHUB_SECRET=${GITHUB_SECRET} go run ./control_server .PHONY: setup_control_server setup_control_server: From a245ba7e8c3ccb64ba6a4106e52e86ce6a1d9cdd Mon Sep 17 00:00:00 2001 From: "Valentijn van de Beek (uwu)" Date: Wed, 8 Jan 2025 19:55:01 +0100 Subject: [PATCH 11/11] Update login documentation --- docs/control_server/index.md | 1 + docs/control_server/logging_in.md | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/docs/control_server/index.md b/docs/control_server/index.md index 5a1351a..a9ce6b3 100644 --- a/docs/control_server/index.md +++ b/docs/control_server/index.md @@ -16,6 +16,7 @@ possible. ## Documentation index 1. [Running the Server](running_baas_control_server.md) 2. [REST API](REST API.md) +3. [Logging In](logging_in.md) ## Overview of how the typical interaction works When the control server is run the server will open a SQL database and diff --git a/docs/control_server/logging_in.md b/docs/control_server/logging_in.md index eeea4b5..4a41971 100644 --- a/docs/control_server/logging_in.md +++ b/docs/control_server/logging_in.md @@ -11,6 +11,10 @@ server on future requests in order to authenticate yourself. There is functionally no difference between logging and registering since the user will be made on first login. +In order to make use of the Github OAuth system, you need to register +an application and set the right values in `api/login.go`. You can +pass the secret as `GITHUB_SECRET` + At the moment is not possible to register multiple OAuth sources to one account. Each login as seen as unique and distinct even with shared data. Keep in mind that if you use the same username for