.gitlab-ci.yml bearbeiten

Dev

See merge request oscar.krause/fastapi-dls!51

.DEBIAN/control

@@ -2,7 +2,7 @@ Package: fastapi-dls
 Version: 0.0
 Architecture: all
 Maintainer: Oscar Krause oscar.krause@collinwebdesigns.de
-Depends: python3, python3-fastapi, python3-uvicorn, python3-dotenv, python3-dateutil, python3-jose, python3-sqlalchemy, python3-pycryptodome, python3-markdown, python3-jinja2, uvicorn, openssl
+Depends: python3, python3-fastapi, python3-uvicorn, python3-dotenv, python3-dateutil, python3-josepy, python3-sqlalchemy, python3-cryptography, python3-markdown, uvicorn, openssl
 Recommends: curl
 Installed-Size: 10240
 Homepage: https://git.collinwebdesigns.de/oscar.krause/fastapi-dls

.DEBIAN/requirements-bookworm-12.txt

@@ -0,0 +1,11 @@
+# https://packages.debian.org/hu/
+fastapi==0.92.0
+uvicorn[standard]==0.17.6
+python-jose[cryptography]==3.3.0
+cryptography==38.0.4
+python-dateutil==2.8.2
+sqlalchemy==1.4.46
+markdown==3.4.1
+python-dotenv==0.21.0
+jinja2==3.1.2
+httpx==0.23.3

.DEBIAN/requirements-ubuntu-24.04.txt

@@ -0,0 +1,10 @@
+# https://packages.ubuntu.com
+fastapi==0.101.0
+uvicorn[standard]==0.27.1
+python-jose[cryptography]==3.3.0
+cryptography==41.0.7
+python-dateutil==2.8.2
+sqlalchemy==1.4.50
+markdown==3.5.2
+python-dotenv==1.0.1
+jinja2==3.1.2

.DEBIAN/requirements-ubuntu-24.10.txt

@@ -0,0 +1,10 @@
+# https://packages.ubuntu.com
+fastapi==0.110.3
+uvicorn[standard]==0.30.3
+python-jose[cryptography]==3.3.0
+cryptography==42.0.5
+python-dateutil==2.9.0
+sqlalchemy==2.0.32
+markdown==3.6
+python-dotenv==1.0.1
+jinja2==3.1.3

.PKGBUILD/PKGBUILD

@@ -8,10 +8,11 @@ pkgdesc='NVIDIA DLS server implementation with FastAPI'
 arch=('any')
 url='https://git.collinwebdesigns.de/oscar.krause/fastapi-dls'
 license=('MIT')
-depends=('python' 'python-jose' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-pycryptodome' 'python-jinja' 'uvicorn' 'python-markdown' 'openssl')
+depends=('python' 'python-jose' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-cryptography' 'uvicorn' 'python-markdown' 'openssl')
 provider=("$pkgname")
 install="$pkgname.install"
-source=('git+file:///builds/oscar.krause/fastapi-dls' # https://gitea.publichub.eu/oscar.krause/fastapi-dls.git
+backup=('etc/default/fastapi-dls')
+source=("git+file://${CI_PROJECT_DIR}"
         "$pkgname.default"
         "$pkgname.service"
         "$pkgname.tmpfiles")
@@ -21,8 +22,9 @@ sha256sums=('SKIP'
             '3dc60140c08122a8ec0e7fa7f0937eb8c1288058890ba09478420fc30ce9e30c')
 
 pkgver() {
+  echo -e "VERSION=$VERSION\nCOMMIT=$CI_COMMIT_SHA" > $srcdir/$pkgname/version.env
   source $srcdir/$pkgname/version.env
-  echo ${VERSION}
+  echo $VERSION
 }
 
 check() {
@@ -35,52 +37,17 @@ check() {
 }
 
 package() {
-    # create directories
     install -d "$pkgdir/usr/share/doc/$pkgname"
     install -d "$pkgdir/var/lib/$pkgname/cert"
-
-    # copy docs & static files
-    cp -r "$srcdir/$pkgname/doc"/* "$pkgdir/usr/share/doc/$pkgname/"
+    #cp -r "$srcdir/$pkgname/doc"/* "$pkgdir/usr/share/doc/$pkgname/"
     install -Dm644 "$srcdir/$pkgname/README.md" "$pkgdir/usr/share/doc/$pkgname/README.md"
     install -Dm644 "$srcdir/$pkgname/version.env" "$pkgdir/usr/share/doc/$pkgname/version.env"
-    sed -i "s/README.md/\/usr\/share\/doc\/$pkgname\/README.md/g" "$srcdir/$pkgname/app/main.py"
 
-    # copy main app python files
+    sed -i "s/README.md/\/usr\/share\/doc\/$pkgname\/README.md/g" "$srcdir/$pkgname/app/main.py"
     sed -i "s/join(dirname(__file__), 'cert\//join('\/var\/lib\/$pkgname', 'cert\//g" "$srcdir/$pkgname/app/main.py"
     install -Dm755 "$srcdir/$pkgname/app/main.py" "$pkgdir/opt/$pkgname/main.py"
     install -Dm755 "$srcdir/$pkgname/app/orm.py" "$pkgdir/opt/$pkgname/orm.py"
     install -Dm755 "$srcdir/$pkgname/app/util.py" "$pkgdir/opt/$pkgname/util.py"
-
-    # copy static asset files
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/css/bootstrap.min.css" "$pkgdir/opt/$pkgname/static/assets/css/bootstrap.min.css"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/css/bootstrap-icons.min.css" "$pkgdir/opt/$pkgname/static/assets/css/bootstrap-icons.min.css"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/css/custom.css" "$pkgdir/opt/$pkgname/static/assets/css/custom.css"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/css/dashboard.css" "$pkgdir/opt/$pkgname/static/assets/css/dashboard.css"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/fonts/bootstrap-icons.woff" "$pkgdir/opt/$pkgname/static/assets/fonts/bootstrap-icons.woff"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/fonts/bootstrap-icons.woff2" "$pkgdir/opt/$pkgname/static/assets/fonts/bootstrap-icons.woff2"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/img/favicons/android-chrome-192x192.png" "$pkgdir/opt/$pkgname/static/assets/img/favicons/android-chrome-192x192.png"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/img/favicons/android-chrome-512x512.png" "$pkgdir/opt/$pkgname/static/assets/img/favicons/android-chrome-512x512.png"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/img/favicons/apple-touch-icon.png" "$pkgdir/opt/$pkgname/static/assets/img/favicons/apple-touch-icon.png"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/img/favicons/favicon.ico" "$pkgdir/opt/$pkgname/static/assets/img/favicons/favicon.ico"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/img/favicons/favicon-16x16.png" "$pkgdir/opt/$pkgname/static/assets/img/favicons/favicon-16x16.png"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/img/favicons/favicon-32x32.png" "$pkgdir/opt/$pkgname/static/assets/img/favicons/favicon-32x32.png"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/img/favicons/manifest.json" "$pkgdir/opt/$pkgname/static/assets/img/favicons/manifest.json"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/img/logo.png" "$pkgdir/opt/$pkgname/static/assets/img/logo.png"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/js/bootstrap.min.js" "$pkgdir/opt/$pkgname/static/assets/js/bootstrap.min.js"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/js/helper.js" "$pkgdir/opt/$pkgname/static/assets/js/helper.js"
-    install -Dm755 "$srcdir/$pkgname/app/static/assets/js/popper.min.js" "$pkgdir/opt/$pkgname/static/assets/js/popper.min.js"
-    install -Dm755 "$srcdir/$pkgname/app/templates/components/navbar.html" "$pkgdir/opt/$pkgname/templates/components/navbar.html"
-    install -Dm755 "$srcdir/$pkgname/app/templates/components/sidebar.html" "$pkgdir/opt/$pkgname/templates/components/sidebar.html"
-    install -Dm755 "$srcdir/$pkgname/app/templates/layout/base.html" "$pkgdir/opt/$pkgname/templates/layout/base.html"
-    install -Dm755 "$srcdir/$pkgname/app/templates/layout/bootstrap.html" "$pkgdir/opt/$pkgname/templates/layout/bootstrap.html"
-    install -Dm755 "$srcdir/$pkgname/app/templates/layout/bootstrap-dashboard.html" "$pkgdir/opt/$pkgname/templates/layout/bootstrap-dashboard.html"
-    install -Dm755 "$srcdir/$pkgname/app/templates/views/dashboard.html" "$pkgdir/opt/$pkgname/templates/views/dashboard.html"
-    install -Dm755 "$srcdir/$pkgname/app/templates/views/dashboard_leases.html" "$pkgdir/opt/$pkgname/templates/views/dashboard_leases.html"
-    install -Dm755 "$srcdir/$pkgname/app/templates/views/dashboard_origins.html" "$pkgdir/opt/$pkgname/templates/views/dashboard_origins.html"
-    install -Dm755 "$srcdir/$pkgname/app/templates/views/dashboard_readme.html" "$pkgdir/opt/$pkgname/templates/views/dashboard_readme.html"
-    install -Dm755 "$srcdir/$pkgname/app/templates/views/index.html" "$pkgdir/opt/$pkgname/templates/views/index.html"
-
-    # copy service files
     install -Dm644 "$srcdir/$pkgname.default" "$pkgdir/etc/default/$pkgname"
     install -Dm644 "$srcdir/$pkgname.service" "$pkgdir/usr/lib/systemd/system/$pkgname.service"
     install -Dm644 "$srcdir/$pkgname.tmpfiles" "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"

.UNRAID/FastAPI-DLS.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0"?>
+<Container version="2">
+  <Name>FastAPI-DLS</Name>
+  <Repository>collinwebdesigns/fastapi-dls:latest</Repository>
+  <Registry>https://hub.docker.com/r/collinwebdesigns/fastapi-dls</Registry>
+  <Network>br0</Network>
+  <MyIP></MyIP>
+  <Shell>sh</Shell>
+  <Privileged>false</Privileged>
+  <Support/>
+  <Project/>
+  <Overview>Source:&#xD;
+https://git.collinwebdesigns.de/oscar.krause/fastapi-dls#docker&#xD;
+&#xD;
+Make sure you create these certificates before starting the container for the first time:&#xD;
+```&#xD;
+# Check https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/tree/main/#docker for more information:&#xD;
+WORKING_DIR=/mnt/user/appdata/fastapi-dls/cert&#xD;
+mkdir -p $WORKING_DIR&#xD;
+cd $WORKING_DIR&#xD;
+# create instance private and public key for singing JWT's&#xD;
+openssl genrsa -out $WORKING_DIR/instance.private.pem 2048 &#xD;
+openssl rsa -in $WORKING_DIR/instance.private.pem -outform PEM -pubout -out $WORKING_DIR/instance.public.pem&#xD;
+# create ssl certificate for integrated webserver (uvicorn) - because clients rely on ssl&#xD;
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout  $WORKING_DIR/webserver.key -out $WORKING_DIR/webserver.crt&#xD;
+```&#xD;
+</Overview>
+  <Category/>
+  <WebUI>https://[IP]:[PORT:443]</WebUI>
+  <TemplateURL/>
+  <Icon>https://git.collinwebdesigns.de/uploads/-/system/project/avatar/106/png-transparent-nvidia-grid-logo-business-nvidia-electronics-text-trademark.png?width=64</Icon>
+  <ExtraParams>--restart always</ExtraParams>
+  <PostArgs/>
+  <CPUset/>
+  <DateInstalled>1679161568</DateInstalled>
+  <DonateText/>
+  <DonateLink/>
+  <Requires/>
+  <Config Name="HTTPS Port" Target="" Default="443" Mode="tcp" Description="Same as DLS Port below." Type="Port" Display="always-hide" Required="true" Mask="false">443</Config>
+  <Config Name="App Cert" Target="/app/cert" Default="/mnt/user/appdata/fastapi-dls/cert" Mode="rw" Description="[REQUIRED] Read the description above to make this folder. &#13;&#10;&#13;&#10;You do not need to change the path." Type="Path" Display="always-hide" Required="true" Mask="false">/mnt/user/appdata/fastapi-dls/cert</Config>
+  <Config Name="DLS Port" Target="DSL_PORT" Default="443" Mode="" Description="Choose port you want to use. Make sure to change the HTTPS port above to match it." Type="Variable" Display="always-hide" Required="true" Mask="false">443</Config>
+  <Config Name="App database" Target="/app/database" Default="/mnt/user/appdata/fastapi-dls/data" Mode="rw" Description="[REQUIRED] Read the description above to make this folder. &#13;&#10;&#13;&#10;You do not need to change the path." Type="Path" Display="always-hide" Required="true" Mask="false">/mnt/user/appdata/fastapi-dls/data</Config>
+  <Config Name="DSL IP" Target="DLS_URL" Default="localhost" Mode="" Description="Put your container's IP (or your host's IP if it's shared)." Type="Variable" Display="always-hide" Required="true" Mask="false"></Config>
+  <Config Name="Time Zone" Target="TZ" Default="" Mode="" Description="Format example: America/New_York. MUST MATCH YOUR CURRENT TIMEZONE AND THE GUEST VMS TIMEZONE! Otherwise you'll get into issues, read the guide above." Type="Variable" Display="always-hide" Required="true" Mask="false"></Config>
+  <Config Name="Database" Target="DATABASE" Default="sqlite:////app/database/db.sqlite" Mode="" Description="Set to sqlite:////app/database/db.sqlite" Type="Variable" Display="advanced-hide" Required="true" Mask="false">sqlite:////app/database/db.sqlite</Config>
+  <Config Name="Debug" Target="DEBUG" Default="true" Mode="" Description="true to enable debugging, false to disable them." Type="Variable" Display="advanced-hide" Required="false" Mask="false">true</Config>
+  <Config Name="Lease" Target="LEASE_EXPIRE_DAYS" Default="90" Mode="" Description="90 days is the maximum value." Type="Variable" Display="advanced" Required="false" Mask="false">90</Config>
+</Container>

.UNRAID/setup_vgpu_license.sh

@@ -0,0 +1,197 @@
+#!/bin/bash
+
+# This script automates the licensing of the vGPU guest driver
+# on Unraid boot. Set the Schedule to: "At Startup of Array".
+# 
+# Relies on FastAPI-DLS for the licensing.
+# It assumes FeatureType=1 (vGPU), change it as you see fit in line <114>
+# 
+# Requires `eflutils` to be installed in the system for `nvidia-gridd` to run
+# To Install it:
+# 1) You might find it here: https://packages.slackware.com/ (choose the 64bit version of Slackware)
+# 2) Download the package and put it in /boot/extra to be installed on boot
+# 3) a. Reboot to install it, OR
+#    b. Run `upgradepkg --install-new /boot/extra/elfutils*`
+# [i]: Make sure to have only one version of elfutils, otherwise you might run into issues
+
+# Sources and docs:
+# https://docs.nvidia.com/grid/15.0/grid-vgpu-user-guide/index.html#configuring-nls-licensed-client-on-linux
+# 
+
+################################################
+# MAKE SURE YOU CHANGE THESE VARIABLES         #
+################################################
+
+###### CHANGE ME! 
+# IP and PORT of FastAPI-DLS 
+DLS_IP=192.168.0.123
+DLS_PORT=443
+# Token folder, must be on a filesystem that supports
+# linux filesystem permissions (eg: ext4,xfs,btrfs...)
+TOKEN_PATH=/mnt/user/system/nvidia
+PING=$(which ping)
+
+# Check if the License is applied
+if [[ "$(nvidia-smi -q | grep "Expiry")" == *Expiry* ]]; then
+    echo " [i] Your vGPU Guest drivers are already licensed."
+    echo " [i] $(nvidia-smi -q | grep "Expiry")"
+    echo " [<] Exiting..."
+    exit 0
+fi
+
+# Check if the FastAPI-DLS server is reachable
+# Check if the License is applied
+MAX_RETRIES=30
+for i in $(seq 1 $MAX_RETRIES); do
+    echo -ne "\r [>] Attempt $i to connect to $DLS_IP."
+    if ping -c 1 $DLS_IP >/dev/null 2>&1; then
+        echo -e "\n  [*] Connection successful."
+        break
+    fi
+    if [ $i -eq $MAX_RETRIES ]; then
+        echo -e "\n  [!] Connection failed after $MAX_RETRIES attempts."
+        echo -e "\n [<] Exiting..."
+        exit 1
+    fi
+    sleep 1
+done
+
+# Check if the token folder exists
+if [ -d "${TOKEN_PATH}" ]; then
+	echo " [*] Token Folder exists. Proceeding..."
+else
+	echo " [!] Token Folder does not exists or not ready yet. Exiting."
+	echo " [!] Token Folder Specified: ${TOKEN_PATH}"
+	exit 1
+fi
+
+# Check if elfutils are installed, otherwise nvidia-gridd service
+# wont start
+if [ "$(grep -R "elfutils" /var/log/packages/* | wc -l)" != 0 ]; then
+        echo " [*] Elfutils is installed, proceeding..."
+else
+        echo " [!] Elfutils is not installed, downloading and installing..."
+        echo " [!] Downloading elfutils to /boot/extra"
+        echo " [i] This script will download elfutils from slackware64-15.0 repository."
+        echo " [i] If you have a different version of Unraid (6.11.5), you might want to"
+        echo " [i] download and install a suitable version manually from the slackware"
+        echo " [i] repository, and put it in /boot/extra to be install on boot."
+        echo " [i] You may also install it by running: "
+        echo " [i] upgradepkg --install-new /path/to/elfutils-*.txz"
+        echo ""
+        echo " [>] Downloading elfutils from slackware64-15.0 repository:"
+        wget -q -nc --show-progress --progress=bar:force:noscroll -P /boot/extra https://slackware.uk/slackware/slackware64-15.0/slackware64/l/elfutils-0.186-x86_64-1.txz 2>/dev/null \
+        || { echo " [!] Error while downloading elfutils, please download it and install it manually."; exit 1; }
+	    echo ""
+        if upgradepkg --install-new /boot/extra/elfutils-0.186-x86_64-1.txz 
+        then
+                echo " [*] Elfutils installed and will be installed automatically on boot"
+        else
+                echo " [!] Error while installing, check logs..."
+                exit 1
+        fi
+fi
+
+echo " [~] Sleeping for 60 seconds before continuing..."
+echo " [i] The script is waiting until the boot process settles down."
+
+for i in {60..1}; do
+    printf "\r  [~] %d seconds remaining" "$i"
+    sleep 1
+done
+
+printf "\n"
+
+create_token () {
+	echo " [>] Creating new token..."
+	if ${PING} -c1 ${DLS_IP} > /dev/null 2>&1
+	then
+		# curl --insecure -L -X GET https://${DLS_IP}:${DLS_PORT}/-/client-token -o ${TOKEN_PATH}/client_configuration_token_"$(date '+%d-%m-%Y-%H-%M-%S')".tok || { echo " [!] Could not get the token, please check the server."; exit 1;}
+		wget -q -nc -4c --no-check-certificate --show-progress --progress=bar:force:noscroll -O "${TOKEN_PATH}"/client_configuration_token_"$(date '+%d-%m-%Y-%H-%M-%S')".tok https://${DLS_IP}:${DLS_PORT}/-/client-token \
+		|| { echo " [!] Could not get the token, please check the server."; exit 1;}
+		chmod 744 "${TOKEN_PATH}"/*.tok || { echo " [!] Could not chmod the tokens."; exit 1; }
+		echo ""
+		echo " [*] Token downloaded and stored in ${TOKEN_PATH}."
+	else
+		echo " [!] Could not get token, DLS server unavailable ."
+		exit 1
+	fi
+}
+
+setup_run () {
+        echo " [>] Setting up gridd.conf"
+        cp /etc/nvidia/gridd.conf.template /etc/nvidia/gridd.conf || { echo " [!] Error configuring gridd.conf, did you install the drivers correctly?"; exit 1; }
+        sed -i 's/FeatureType=0/FeatureType=1/g' /etc/nvidia/gridd.conf
+        echo "ClientConfigTokenPath=${TOKEN_PATH}" >> /etc/nvidia/gridd.conf
+        echo " [>] Creating /var/lib/nvidia folder structure"
+        mkdir -p /var/lib/nvidia/GridLicensing
+        echo " [>] Starting nvidia-gridd"
+        if pgrep nvidia-gridd >/dev/null 2>&1; then
+            echo " [!] nvidia-gridd service is running. Closing."
+            sh /usr/lib/nvidia/sysv/nvidia-gridd stop
+            stop_exit_code=$?
+            if [ $stop_exit_code -eq 0 ]; then
+                echo " [*] nvidia-gridd service stopped successfully."
+            else
+                echo " [!] Error while stopping nvidia-gridd service."
+                exit 1
+            fi
+            
+            # Kill the service if it does not close
+            if pgrep nvidia-gridd >/dev/null 2>&1; then
+                kill -9 "$(pgrep nvidia-gridd)" || { 
+                    echo " [!] Error while closing nvidia-gridd service"
+                    exit 1
+                }
+            fi
+        
+            echo " [*] Restarting nvidia-gridd service."
+            sh /usr/lib/nvidia/sysv/nvidia-gridd start
+        
+            if pgrep nvidia-gridd >/dev/null 2>&1; then
+                echo " [*] Service started, PID: $(pgrep nvidia-gridd)"
+            else
+                echo -e " [!] Error while starting nvidia-gridd service. Use strace -f nvidia-gridd to debug.\n [i] Check if elfutils is installed.\n [i] strace is not installed by default."
+                exit 1
+            fi
+        else
+            sh /usr/lib/nvidia/sysv/nvidia-gridd start
+        
+            if pgrep nvidia-gridd >/dev/null 2>&1; then
+                echo " [*] Service started, PID: $(pgrep nvidia-gridd)"
+            else
+                echo -e " [!] Error while starting nvidia-gridd service. Use strace -f nvidia-gridd to debug.\n [i] Check if elfutils is installed.\n [i] strace is not installed by default."
+                exit 1
+            fi
+        fi
+}
+
+for token in "${TOKEN_PATH}"/*; do
+    if [ "${token: -4}" == ".tok" ]
+    then
+        echo " [*] Tokens found..."
+        setup_run
+    else
+        echo " [!] No Tokens found..."
+        create_token
+        setup_run
+    fi
+done
+
+while true; do
+    if nvidia-smi -q | grep "Expiry" >/dev/null 2>&1; then
+        echo " [>] vGPU licensed!"
+        echo " [i] $(nvidia-smi -q | grep "Expiry")"
+        break
+    else
+        echo -ne " [>] vGPU not licensed yet... Checking again in 5 seconds\c"
+        for i in {1..5}; do
+            sleep 1
+            echo -ne ".\c"
+        done
+        echo -ne "\r\c"
+    fi
+done
+
+echo " [>] Done..."
+exit 0

.codeclimate.yml

@@ -1,7 +1,9 @@
+version: "2"
 plugins:
   bandit:
     enabled: true
   sonar-python:
     enabled: true
-  pylint:
-    enabled: true
+    config:
+      tests_patterns:
+        - test/**

.gitignore

@@ -1,6 +1,6 @@
 .DS_Store
 venv/
 .idea/
-app/*.sqlite*
+*.sqlite
 app/cert/*.*
 .pytest_cache

.gitlab-ci.yml

@@ -1,39 +1,58 @@
+include:
+  - template: Jobs/Code-Quality.gitlab-ci.yml
+  - template: Jobs/Secret-Detection.gitlab-ci.yml
+  - template: Jobs/SAST.gitlab-ci.yml
+  - template: Jobs/Container-Scanning.gitlab-ci.yml
+  - template: Jobs/Dependency-Scanning.gitlab-ci.yml
+
 cache:
   key: one-key-to-rule-them-all
 
+variables:
+  DOCKER_BUILDX_PLATFORM: "linux/amd64,linux/arm64"
+
 build:docker:
   image: docker:dind
   interruptible: true
   stage: build
   rules:
-    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+    # deployment is in "deploy:docker:"
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
       changes:
         - app/**/*
         - Dockerfile
         - requirements.txt
-    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
   tags: [ docker ]
   before_script:
-    - echo "COMMIT=${CI_COMMIT_SHA}" >> version.env  # COMMIT=`git rev-parse HEAD`
+    - docker buildx inspect
+    - docker buildx create --use
   script:
     - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-    - docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF}
-    - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF}
+    - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHA
+    - docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE --push .
+    - docker buildx imagetools inspect $IMAGE
+    - echo "CS_IMAGE=$IMAGE" > container_scanning.env
+  artifacts:
+    reports:
+      dotenv: container_scanning.env
 
 build:apt:
   image: debian:bookworm-slim
   interruptible: true
   stage: build
   rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
-    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+    - if: $CI_COMMIT_TAG
+      variables:
+        VERSION: $CI_COMMIT_REF_NAME
+    - if: ($CI_PIPELINE_SOURCE == 'merge_request_event') || ($CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH)
       changes:
         - app/**/*
         - .DEBIAN/**/*
-    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+        - .gitlab-ci.yml
+      variables:
+        VERSION: "0.0.1"
   before_script:
-    - echo "COMMIT=${CI_COMMIT_SHA}" >> version.env
-    - source version.env
+    - echo -e "VERSION=$VERSION\nCOMMIT=$CI_COMMIT_SHA" > version.env
     # install build dependencies
     - apt-get update -qq && apt-get install -qq -y build-essential
     # create build directory for .deb sources
@@ -54,7 +73,7 @@ build:apt:
     # cd into "build/"
     - cd build/
   script:
-    # set version based on value in "$VERSION" (which is set above from version.env)
+    # set version based on value in "$CI_COMMIT_REF_NAME"
     - sed -i -E 's/(Version\:\s)0.0/\1'"$VERSION"'/g' DEBIAN/control
     # build
     - dpkg -b . build.deb
@@ -69,14 +88,18 @@ build:pacman:
   interruptible: true
   stage: build
   rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
-    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+    - if: $CI_COMMIT_TAG
+      variables:
+        VERSION: $CI_COMMIT_REF_NAME
+    - if: ($CI_PIPELINE_SOURCE == 'merge_request_event') || ($CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH)
       changes:
         - app/**/*
         - .PKGBUILD/**/*
-    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+        - .gitlab-ci.yml
+      variables:
+        VERSION: "0.0.1"
   before_script:
-    - echo "COMMIT=${CI_COMMIT_SHA}" >> version.env
+    #- echo -e "VERSION=$VERSION\nCOMMIT=$CI_COMMIT_SHA" > version.env
     # install build dependencies
     - pacman -Syu --noconfirm git
     # create a build-user because "makepkg" don't like root user
@@ -91,41 +114,70 @@ build:pacman:
     # download dependencies
     - source PKGBUILD && pacman -Syu --noconfirm --needed --asdeps "${makedepends[@]}" "${depends[@]}"
     # build
-    - sudo -u build makepkg -s
+    - sudo --preserve-env -u build makepkg -s
   artifacts:
     expire_in: 1 week
     paths:
       - "*.pkg.tar.zst"
 
-test:
-  image: python:3.11-slim-bullseye
+test:python:
+  image: $IMAGE
   stage: test
+  interruptible: true
   rules:
-    - if: $CI_COMMIT_BRANCH
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
     - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+      changes:
+        - app/**/*
+        - test/**/*
   variables:
     DATABASE: sqlite:///../app/db.sqlite
+  parallel:
+    matrix:
+      - IMAGE:
+          # https://devguide.python.org/versions/#supported-versions
+#          - python:3.14-rc-alpine  # EOL 2030-10 =>  uvicorn does not support 3.14 yet
+          - python:3.13-alpine  # EOL 2029-10
+          - python:3.12-alpine  # EOL 2028-10
+          - python:3.11-alpine  # EOL 2027-10
+#          - python:3.10-alpine  # EOL 2026-10 => ImportError: cannot import name 'UTC' from 'datetime'
+#          - python:3.9-alpine  # EOL 2025-10 => ImportError: cannot import name 'UTC' from 'datetime'
   before_script:
+    - apk --no-cache add openssl
+    - python3 -m venv venv
+    - source venv/bin/activate
+    - pip install --upgrade pip
     - pip install -r requirements.txt
-    - pip install pytest httpx
+    - pip install pytest pytest-cov pytest-custom_exit_code httpx
     - mkdir -p app/cert
     - openssl genrsa -out app/cert/instance.private.pem 2048
     - openssl rsa -in app/cert/instance.private.pem -outform PEM -pubout -out app/cert/instance.public.pem
     - cd test
   script:
-    - pytest main.py
+    - python -m pytest main.py --junitxml=report.xml
   artifacts:
     reports:
-      dotenv: version.env
+      junit: ['**/report.xml']
 
-.test:linux:
+test:apt:
+  image: $IMAGE
   stage: test
   rules:
-    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
       changes:
         - app/**/*
         - .DEBIAN/**/*
     - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+  parallel:
+    matrix:
+      - IMAGE:
+          - debian:trixie-slim # EOL: t.b.a.
+          - debian:bookworm-slim # EOL: June 06, 2026
+          - debian:bookworm-slim # EOL: June 06, 2026
+          - ubuntu:24.04 # EOL: April 2036
+          - ubuntu:24.10
   needs:
     - job: build:apt
       artifacts: true
@@ -157,22 +209,15 @@ test:
     - apt-get purge -qq -y fastapi-dls
     - apt-get autoremove -qq -y && apt-get clean -qq
 
-test:debian:
-  extends: .test:linux
-  image: debian:bookworm-slim
-
-test:ubuntu:
-  extends: .test:linux
-  image: ubuntu:22.10
-
-test:archlinux:
+test:pacman:archlinux:
   image: archlinux:base
   rules:
-    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
       changes:
         - app/**/*
         - .PKGBUILD/**/*
-    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+        - .gitlab-ci.yml
   needs:
     - job: build:pacman
       artifacts: true
@@ -180,42 +225,101 @@ test:archlinux:
     - pacman -Sy
     - pacman -U --noconfirm *.pkg.tar.zst
 
-.deploy:
+code_quality:
+  variables:
+    SOURCE_CODE: app
   rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
-    - if: $CI_COMMIT_TAG
+    - if: $CODE_QUALITY_DISABLED
       when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+secret_detection:
+  rules:
+    - if: $SECRET_DETECTION_DISABLED
+      when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  before_script:
+    - git config --global --add safe.directory $CI_PROJECT_DIR
+
+semgrep-sast:
+  rules:
+    - if: $SAST_DISABLED
+      when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
+test_coverage:
+#  extends: test
+  image: python:3.12-slim-bookworm
+  allow_failure: true
+  stage: test
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  variables:
+    DATABASE: sqlite:///../app/db.sqlite
+  before_script:
+    - apt-get update && apt-get install -y python3-dev gcc
+    - pip install -r requirements.txt
+    - pip install pytest pytest-cov pytest-custom_exit_code httpx
+    - mkdir -p app/cert
+    - openssl genrsa -out app/cert/instance.private.pem 2048
+    - openssl rsa -in app/cert/instance.private.pem -outform PEM -pubout -out app/cert/instance.public.pem
+    - cd test
+  script:
+    - coverage run -m pytest main.py --junitxml=report.xml --suppress-no-test-exit-code
+    - coverage report
+    - coverage xml
+  coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/'
+  artifacts:
+    reports:
+      junit: [ '**/report.xml' ]
+      coverage_report:
+        coverage_format: cobertura
+        path: '**/coverage.xml'
+
+container_scanning:
+  dependencies: [ build:docker ]
+  rules:
+    - if: $CONTAINER_SCANNING_DISABLED
+      when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+
+gemnasium-python-dependency_scanning:
+  rules:
+    - if: $DEPENDENCY_SCANNING_DISABLED
+      when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
 
 deploy:docker:
-  extends: .deploy
+  image: docker:dind
   stage: deploy
+  tags: [ docker ]
   rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_COMMIT_TAG
   before_script:
-    - echo "COMMIT=${CI_COMMIT_SHA}" >> version.env
-    - source version.env
-    - echo "Building docker image for commit ${COMMIT} with version ${VERSION}"
+    - echo "Building docker image for commit $CI_COMMIT_SHA with version $CI_COMMIT_REF_NAME"
+    - docker buildx inspect
+    - docker buildx create --use
   script:
-    - echo "GitLab-Registry"
+    - echo "========== GitLab-Registry =========="
     - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-    - docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${VERSION}
-    - docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:latest
-    - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${VERSION}
-    - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:latest
-    - echo "Docker-Hub"
+    - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH
+    - docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:$CI_COMMIT_REF_NAME --push .
+    - docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:latest --push .
+    - echo "========== Docker-Hub =========="
     - docker login -u $PUBLIC_REGISTRY_USER -p $PUBLIC_REGISTRY_TOKEN
-    - docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION}
-    - docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
-    - docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION}
-    - docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
+    - IMAGE=$PUBLIC_REGISTRY_USER/$CI_PROJECT_NAME
+    - docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:$CI_COMMIT_REF_NAME --push .
+    - docker buildx build --progress=plain --platform $DOCKER_BUILDX_PLATFORM --build-arg VERSION=$CI_COMMIT_REF_NAME --build-arg COMMIT=$CI_COMMIT_SHA --tag $IMAGE:latest --push .
 
 deploy:apt:
   # doc: https://git.collinwebdesigns.de/help/user/packages/debian_repository/index.md#install-a-package
-  extends: .deploy
   image: debian:bookworm-slim
   stage: deploy
   rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_COMMIT_TAG
   needs:
     - job: build:apt
       artifacts: true
@@ -252,21 +356,19 @@ deploy:apt:
     - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file ${EXPORT_NAME} "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${PACKAGE_NAME}/${PACKAGE_VERSION}/${EXPORT_NAME}"'
 
 deploy:pacman:
-  extends: .deploy
   image: archlinux:base-devel
   stage: deploy
   rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_COMMIT_TAG
   needs:
     - job: build:pacman
       artifacts: true
   script:
     - source .PKGBUILD/PKGBUILD
-    - source version.env
     # fastapi-dls-1.0-1-any.pkg.tar.zst
-    - BUILD_NAME=${pkgname}-${VERSION}-${pkgrel}-any.pkg.tar.zst
+    - BUILD_NAME=${pkgname}-${CI_COMMIT_REF_NAME}-${pkgrel}-any.pkg.tar.zst
     - PACKAGE_NAME=${pkgname}
-    - PACKAGE_VERSION=${VERSION}
+    - PACKAGE_VERSION=${CI_COMMIT_REF_NAME}
     - PACKAGE_ARCH=any
     - EXPORT_NAME=${BUILD_NAME}
     - 'echo "PACKAGE_NAME:    ${PACKAGE_NAME}"'
@@ -278,19 +380,15 @@ deploy:pacman:
 release:
   image: registry.gitlab.com/gitlab-org/release-cli:latest
   stage: .post
-  needs:
-    - job: test
-      artifacts: true
+  needs: [ deploy:docker, deploy:apt, deploy:pacman ]
   rules:
     - if: $CI_COMMIT_TAG
-      when: never
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
   script:
-    - echo "Running release-job for $VERSION"
+    - echo "Running release-job for $CI_COMMIT_TAG"
   release:
-    name: $CI_PROJECT_TITLE $VERSION
-    description: Release of $CI_PROJECT_TITLE version $VERSION
-    tag_name: $VERSION
+    name: $CI_PROJECT_TITLE $CI_COMMIT_TAG
+    description: Release of $CI_PROJECT_TITLE version $CI_COMMIT_TAG
+    tag_name: $CI_COMMIT_TAG
     ref: $CI_COMMIT_SHA
     assets:
       links:

Dockerfile

@@ -1,17 +1,20 @@
-FROM python:3.11-alpine
+FROM python:3.12-alpine
+
+ARG VERSION
+ARG COMMIT=""
+RUN echo -e "VERSION=$VERSION\nCOMMIT=$COMMIT" > /version.env
 
 COPY requirements.txt /tmp/requirements.txt
 
 RUN apk update \
- && apk add --no-cache --virtual build-deps gcc g++ python3-dev musl-dev \
- && apk add --no-cache curl postgresql postgresql-dev mariadb-connector-c-dev sqlite-dev \
+ && apk add --no-cache --virtual build-deps gcc g++ python3-dev musl-dev pkgconfig \
+ && apk add --no-cache curl postgresql postgresql-dev mariadb-dev sqlite-dev \
  && pip install --no-cache-dir --upgrade uvicorn \
- && pip install --no-cache-dir psycopg2==2.9.5 mysqlclient==2.1.1 pysqlite3==0.5.0 \
+ && pip install --no-cache-dir psycopg2==2.9.10 mysqlclient==2.2.7 pysqlite3==0.5.4 \
  && pip install --no-cache-dir -r /tmp/requirements.txt \
  && apk del build-deps
 
 COPY app /app
-COPY version.env /version.env
 COPY README.md /README.md
 
 HEALTHCHECK --start-period=30s --interval=10s --timeout=5s --retries=3 CMD curl --insecure --fail https://localhost/-/health || exit 1

FAQ.md

@@ -1,17 +0,0 @@
-# FAQ
-
-## `Failed to acquire license from <ip> (Info: <license> - Error: The allowed time to process response has expired)`
-
-- Did your timezone settings are correct on fastapi-dls **and your guest**?
-
-- Did you download the client-token more than an hour ago?
-
-Please download a new client-token. The guest have to register within an hour after client-token was created.
-
-
-## `jose.exceptions.JWTError: Signature verification failed.`
-
-- Did you recreated `instance.public.pem` / `instance.private.pem`?
-
-Then you have to download a **new** client-token on each of your guests.
-

README.md

@@ -2,42 +2,63 @@
 
 Minimal Delegated License Service (DLS).
 
-Compatibility tested with official DLS 2.0.1.
+> [!note] Compatibility
+> Compatibility tested with official NLS 2.0.1, 2.1.0, 3.1.0, 3.3.1, 3.4.0. For Driver compatibility
+> see [compatibility matrix](#vgpu-software-compatibility-matrix).
+
+> [!warning] 18.x Drivers are not yet supported!
+> Drivers are only supported until **17.x releases**.
 
 This service can be used without internet connection.
 Only the clients need a connection to this service on configured port.
 
 **Official Links**
 
-- https://git.collinwebdesigns.de/oscar.krause/fastapi-dls
-- https://gitea.publichub.eu/oscar.krause/fastapi-dls
-- Docker Image `collinwebdesigns/fastapi-dls:latest`
+* https://git.collinwebdesigns.de/oscar.krause/fastapi-dls (Private Git)
+* https://gitea.publichub.eu/oscar.krause/fastapi-dls (Public Git)
+* https://hub.docker.com/r/collinwebdesigns/fastapi-dls (Docker-Hub `collinwebdesigns/fastapi-dls:latest`)
 
-*All other repositories are forks!*
+*All other repositories are forks! (which  is no bad - just for information and bug reports)*
+
+[Releases & Release Notes](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/releases)
+
+**Further Reading**
+
+* [NVIDIA vGPU Guide](https://gitlab.com/polloloco/vgpu-proxmox) - This document serves as a guide to install NVIDIA vGPU host drivers on the latest Proxmox VE version
+* [vgpu_unlock](https://github.com/DualCoder/vgpu_unlock) - Unlock vGPU functionality for consumer-grade Nvidia GPUs.
+* [vGPU_Unlock Wiki](https://docs.google.com/document/d/1pzrWJ9h-zANCtyqRgS7Vzla0Y8Ea2-5z2HEi4X75d2Q) - Guide for `vgpu_unlock`
+* [Proxmox 8 vGPU in VMs and LXC Containers](https://medium.com/@dionisievldulrincz/proxmox-8-vgpu-in-vms-and-lxc-containers-4146400207a3) - Install *Merged Drivers* for using in Proxmox VMs and LXCs
+* [Proxmox All-In-One Installer Script](https://wvthoog.nl/proxmox-vgpu-v3/) - Also known as `proxmox-installer.sh`
 
 ---
 
-[[_TOC_]]
+[TOC]
 
 # Setup (Service)
 
-**System requirements**:
+**System requirements**
 
 - 256mb ram
 - 4gb hdd
+- *maybe IPv6 must be disabled*
 
-Tested with Ubuntu 22.10 (from Proxmox templates), actually its consuming 100mb ram and 750mb hdd.
+Tested with Ubuntu 22.10 (EOL!) (from Proxmox templates), actually its consuming 100mb ram and 750mb hdd.
 
-**Prepare your system**:
+**Prepare your system**
 
 - Make sure your timezone is set correct on you fastapi-dls server and your client
 
+This guide does not show how to install vGPU host drivers! Look at the official documentation packed with the driver
+releases.
+
 ## Docker
 
-Docker-Images are available here:
+Docker-Images are available here for Intel (x86), AMD (amd64) and ARM (arm64):
 
 - [Docker-Hub](https://hub.docker.com/repository/docker/collinwebdesigns/fastapi-dls): `collinwebdesigns/fastapi-dls:latest`
-- [GitLab-Registry](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/container_registry): `registry.git.collinwebdesigns.de/oscar.krause/fastapi-dls/main:latest`
+- [GitLab-Registry](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/container_registry): `registry.git.collinwebdesigns.de/oscar.krause/fastapi-dls:latest`
+
+The images include database drivers for `postgres`, `mariadb` and `sqlite`.
 
 **Run this on the Docker-Host**
 
@@ -63,16 +84,20 @@ docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/
 
 **Docker-Compose / Deploy stack**
 
-Goto [`docker-compose.yml`](docker-compose.yml) for more advanced example (with reverse proxy usage).
+See [`examples`](examples) directory for more advanced examples (with reverse proxy usage).
+
+> Adjust `REQUIRED` variables as needed
 
 ```yaml
 version: '3.9'
 
 x-dls-variables: &dls-variables
+  TZ: Europe/Berlin # REQUIRED, set your timezone correctly on fastapi-dls AND YOUR CLIENTS !!!
   DLS_URL: localhost # REQUIRED, change to your ip or hostname
   DLS_PORT: 443
-  LEASE_EXPIRE_DAYS: 90
+  LEASE_EXPIRE_DAYS: 90  # 90 days is maximum
   DATABASE: sqlite:////app/database/db.sqlite
+  DEBUG: false
 
 services:
   dls:
@@ -85,14 +110,22 @@ services:
     volumes:
       - /opt/docker/fastapi-dls/cert:/app/cert
       - dls-db:/app/database
-
+    logging:  # optional, for those who do not need logs
+      driver: "json-file"
+      options:
+        max-file: 5
+        max-size: 10m
+            
 volumes:
   dls-db:
 ```
 
-## Debian/Ubuntu (manual method using `git clone` and python virtual environment)
+## Debian / Ubuntu / macOS (manual method using `git clone` and python virtual environment)
 
-Tested on `Debian 11 (bullseye)`, Ubuntu may also work.
+Tested on `Debian 11 (bullseye)`, `Debian 12 (bookworm)` and `macOS Ventura (13.6)`, Ubuntu may also work.
+**Please note that setup on macOS differs from Debian based systems.**
+
+**Make sure you are logged in as root.**
 
 **Install requirements**
 
@@ -118,7 +151,7 @@ chown -R www-data:www-data $WORKING_DIR
 
 ```shell
 WORKING_DIR=/opt/fastapi-dls/app/cert
-mkdir $WORKING_DIR
+mkdir -p $WORKING_DIR
 cd $WORKING_DIR
 # create instance private and public key for singing JWT's
 openssl genrsa -out $WORKING_DIR/instance.private.pem 2048 
@@ -134,12 +167,17 @@ This is only to test whether the service starts successfully.
 
 ```shell
 cd /opt/fastapi-dls/app
+sudo -u www-data /opt/fastapi-dls/venv/bin/uvicorn main:app --app-dir=/opt/fastapi-dls/app
+# or
 su - www-data -c "/opt/fastapi-dls/venv/bin/uvicorn main:app --app-dir=/opt/fastapi-dls/app"
 ```
 
 **Create config file**
 
+> Adjust `DLS_URL` as needed (accessing from LAN won't work with 127.0.0.1)
+
 ```shell
+mkdir /etc/fastapi-dls
 cat <<EOF >/etc/fastapi-dls/env
 DLS_URL=127.0.0.1
 DLS_PORT=443
@@ -184,16 +222,125 @@ EOF
 Now you have to run `systemctl daemon-reload`. After that you can start service
 with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
 
-## Debian/Ubuntu (using `dpkg`)
+## openSUSE Leap (manual method using `git clone` and python virtual environment)
+
+Tested on `openSUSE Leap 15.4`, openSUSE Tumbleweed may also work.
+
+**Install requirements**
+
+```shell
+zypper in -y python310 python3-virtualenv python3-pip
+```
+
+**Install FastAPI-DLS**
+
+```shell
+BASE_DIR=/opt/fastapi-dls
+SERVICE_USER=dls
+mkdir -p ${BASE_DIR}
+cd ${BASE_DIR}
+git clone https://git.collinwebdesigns.de/oscar.krause/fastapi-dls .
+python3.10 -m venv venv
+source venv/bin/activate
+pip install -r requirements.txt
+deactivate
+useradd -r ${SERVICE_USER} -M -d /opt/fastapi-dls
+chown -R ${SERVICE_USER} ${BASE_DIR}
+```
+
+**Create keypair and webserver certificate**
+
+```shell
+CERT_DIR=${BASE_DIR}/app/cert
+SERVICE_USER=dls
+mkdir ${CERT_DIR}
+cd ${CERT_DIR}
+# create instance private and public key for singing JWT's
+openssl genrsa -out ${CERT_DIR}/instance.private.pem 2048 
+openssl rsa -in ${CERT_DIR}/instance.private.pem -outform PEM -pubout -out ${CERT_DIR}/instance.public.pem
+# create ssl certificate for integrated webserver (uvicorn) - because clients rely on ssl
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout  ${CERT_DIR}/webserver.key -out ${CERT_DIR}/webserver.crt
+chown -R ${SERVICE_USER} ${CERT_DIR}
+```
+
+**Test Service**
+
+This is only to test whether the service starts successfully.
+
+```shell
+BASE_DIR=/opt/fastapi-dls
+SERVICE_USER=dls
+cd ${BASE_DIR}
+sudo -u ${SERVICE_USER} ${BASE_DIR}/venv/bin/uvicorn main:app --app-dir=${BASE_DIR}/app
+# or
+su - ${SERVICE_USER} -c "${BASE_DIR}/venv/bin/uvicorn main:app --app-dir=${BASE_DIR}/app"
+```
+
+**Create config file**
+
+> Adjust `DLS_URL` as needed (accessing from LAN won't work with 127.0.0.1)
+
+```shell
+BASE_DIR=/opt/fastapi-dls
+cat <<EOF >/etc/fastapi-dls/env
+DLS_URL=127.0.0.1
+DLS_PORT=443
+LEASE_EXPIRE_DAYS=90
+DATABASE=sqlite:///${BASE_DIR}/app/db.sqlite
+
+EOF
+```
+
+**Create service**
+
+```shell
+BASE_DIR=/opt/fastapi-dls
+SERVICE_USER=dls
+cat <<EOF >/etc/systemd/system/fastapi-dls.service
+[Unit]
+Description=Service for fastapi-dls vGPU licensing service
+After=network.target
+
+[Service]
+User=${SERVICE_USER}
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+WorkingDirectory=${BASE_DIR}/app
+EnvironmentFile=/etc/fastapi-dls/env
+ExecStart=${BASE_DIR}/venv/bin/uvicorn main:app \\
+  --env-file /etc/fastapi-dls/env \\
+  --host \$DLS_URL --port \$DLS_PORT \\
+  --app-dir ${BASE_DIR}/app \\
+  --ssl-keyfile ${BASE_DIR}/app/cert/webserver.key \\
+  --ssl-certfile ${BASE_DIR}/app/cert/webserver.crt \\
+  --proxy-headers
+Restart=always
+KillSignal=SIGQUIT
+Type=simple
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target
+
+EOF
+```
+
+Now you have to run `systemctl daemon-reload`. After that you can start service
+with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
+
+## Debian / Ubuntu (using `dpkg` / `apt`)
 
 Packages are available here:
 
 - [GitLab-Registry](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/packages)
 
-Successful tested with:
+Successful tested with (**LTS Version**):
 
-- Debian 12 (Bookworm) (works but not recommended because it is currently in *testing* state)
-- Ubuntu 22.10 (Kinetic Kudu)
+- **Debian 12 (Bookworm)** (EOL: June 06, 2026)
+- *Ubuntu 22.10 (Kinetic Kudu)* (EOL: July 20, 2023)
+- *Ubuntu 23.04 (Lunar Lobster)* (EOL: January 2024)
+- *Ubuntu 23.10 (Mantic Minotaur)* (EOL: July 2024)
+- **Ubuntu 24.04 (Noble Numbat)** (EOL: Apr 2029)
+- *Ubuntu 24.10 (Oracular Oriole)* (EOL: Jul 2025)
 
 Not working with:
 
@@ -214,6 +361,7 @@ apt-get install -f --fix-missing
 ```
 
 Start with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
+Now you have to edit `/etc/fastapi-dls/env` as needed.
 
 ## ArchLinux (using `pacman`)
 
@@ -235,6 +383,27 @@ pacman -U --noconfirm fastapi-dls.pkg.tar.zst
 ```
 
 Start with `systemctl start fastapi-dls.service` and enable autostart with `systemctl enable fastapi-dls.service`.
+Now you have to edit `/etc/default/fastapi-dls` as needed.
+
+## unRAID
+
+1. Download [this xml file](.UNRAID/FastAPI-DLS.xml)
+2. Put it in /boot/config/plugins/dockerMan/templates-user/
+3. Go to Docker page, scroll down to `Add Container`, click on Template list and choose `FastAPI-DLS`
+4. Open terminal/ssh, follow the instructions in overview description
+5. Setup your container `IP`, `Port`, `DLS_URL` and `DLS_PORT`
+6. Apply and let it boot up
+
+*Unraid users must also make sure they have Host access to custom networks enabled if unraid is the vgpu guest*.
+
+Continue [here](#unraid-guest) for docker guest setup.
+
+## NixOS
+
+Tanks to [@mrzenc](https://github.com/mrzenc) for [fastapi-dls-nixos](https://github.com/mrzenc/fastapi-dls-nixos).
+
+> [!note] Native NixOS-Package
+> There is a [pull request](https://github.com/NixOS/nixpkgs/pull/358647) which adds fastapi-dls into nixpkgs.
 
 ## Let's Encrypt Certificate (optional)
 
@@ -254,21 +423,21 @@ After first success you have to replace `--issue` with `--renew`.
 
 # Configuration
 
-| Variable               | Default                                | Usage                                                                                                |
-|------------------------|----------------------------------------|------------------------------------------------------------------------------------------------------|
-| `DEBUG`                | `false`                                | Toggles `fastapi` debug mode                                                                         |
-| `DLS_URL`              | `localhost`                            | Used in client-token to tell guest driver where dls instance is reachable                            |
-| `DLS_PORT`             | `443`                                  | Used in client-token to tell guest driver where dls instance is reachable                            |
-| `TOKEN_EXPIRE_DAYS`    | `1`                                    | Client auth-token validity (used for authenticate client against api, **not `.tok` file!**)          |
-| `LEASE_EXPIRE_DAYS`    | `90`                                   | Lease time in days                                                                                   |
-| `LEASE_RENEWAL_PERIOD` | `0.15`                                 | The percentage of the lease period that must elapse before a licensed client can renew a license \*1 |
-| `DATABASE`             | `sqlite:///db.sqlite`                  | See [official SQLAlchemy docs](https://docs.sqlalchemy.org/en/14/core/engines.html)                  |
-| `CORS_ORIGINS`         | `https://{DLS_URL}`                    | Sets `Access-Control-Allow-Origin` header (comma separated string) \*2                               |
-| `SITE_KEY_XID`         | `00000000-0000-0000-0000-000000000000` | Site identification uuid                                                                             |
-| `INSTANCE_REF`         | `10000000-0000-0000-0000-000000000001` | Instance identification uuid                                                                         |
-| `ALLOTMENT_REF`        | `20000000-0000-0000-0000-000000000001` | Allotment identification uuid                                                                        |
-| `INSTANCE_KEY_RSA`     | `<app-dir>/cert/instance.private.pem`  | Site-wide private RSA key for singing JWTs \*3                                                       |
-| `INSTANCE_KEY_PUB`     | `<app-dir>/cert/instance.public.pem`   | Site-wide public key \*3                                                                             |
+| Variable                 | Default                                | Usage                                                                                                                               |
+|--------------------------|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------|
+| `DEBUG`                  | `false`                                | Toggles `fastapi` debug mode                                                                                                        |
+| `DLS_URL`                | `localhost`                            | Used in client-token to tell guest driver where dls instance is reachable                                                           |
+| `DLS_PORT`               | `443`                                  | Used in client-token to tell guest driver where dls instance is reachable                                                           |
+| `TOKEN_EXPIRE_DAYS`      | `1`                                    | Client auth-token validity (used for authenticate client against api, **not `.tok` file!**)                                         |
+| `LEASE_EXPIRE_DAYS`      | `90`                                   | Lease time in days                                                                                                                  |
+| `LEASE_RENEWAL_PERIOD`   | `0.15`                                 | The percentage of the lease period that must elapse before a licensed client can renew a license \*1                                |
+| `DATABASE`               | `sqlite:///db.sqlite`                  | See [official SQLAlchemy docs](https://docs.sqlalchemy.org/en/14/core/engines.html)                                                 |
+| `CORS_ORIGINS`           | `https://{DLS_URL}`                    | Sets `Access-Control-Allow-Origin` header (comma separated string) \*2                                                              |
+| `SITE_KEY_XID`           | `00000000-0000-0000-0000-000000000000` | Site identification uuid                                                                                                            |
+| `INSTANCE_REF`           | `10000000-0000-0000-0000-000000000001` | Instance identification uuid                                                                                                        |
+| `ALLOTMENT_REF`          | `20000000-0000-0000-0000-000000000001` | Allotment identification uuid                                                                                                       |
+| `INSTANCE_KEY_RSA`       | `<app-dir>/cert/instance.private.pem`  | Site-wide private RSA key for singing JWTs \*3                                                                                      |
+| `INSTANCE_KEY_PUB`       | `<app-dir>/cert/instance.public.pem`   | Site-wide public key \*3                                                                                                            |
 
 \*1 For example, if the lease period is one day and the renewal period is 20%, the client attempts to renew its license
 every 4.8 hours. If network connectivity is lost, the loss of connectivity is detected during license renewal and the
@@ -276,17 +445,14 @@ client has 19.2 hours in which to re-establish connectivity before its license e
 
 \*2 Always use `https`, since guest-drivers only support secure connections!
 
-\*3 If you recreate instance keys you need to **recreate client-token for each guest**!
+\*3 If you recreate your instance keys you need to **recreate client-token for each guest**!
 
 # Setup (Client)
 
 **The token file has to be copied! It's not enough to C&P file contents, because there can be special characters.**
 
-Successfully tested with this package versions:
-
-- `14.3` (Linux-Host: `510.108.03`, Linux-Guest: `510.108.03`, Windows-Guest: `513.91`)
-- `14.4` (Linux-Host: `510.108.03`, Linux-Guest: `510.108.03`, Windows-Guest: `514.08`)
-- `15.0` (Linux-Host: `525.60.12`, Linux-Guest: `525.60.13`, Windows-Guest: `527.41`)
+This guide does not show how to install vGPU guest drivers! Look at the official documentation packed with the driver
+releases.
 
 ## Linux
 
@@ -338,7 +504,7 @@ Restart-Service NVDisplay.ContainerLocalSystem
 Check licensing status:
 
 ```shell
-& 'C:\Program Files\NVIDIA Corporation\NVSMI\nvidia-smi.exe' -q  | Select-String "License"
+& 'nvidia-smi' -q  | Select-String "License"
 ```
 
 Output should be something like:
@@ -350,33 +516,44 @@ vGPU Software Licensed Product
 
 Done. For more information check [troubleshoot section](#troubleshoot).
 
-# Endpoints
+## unRAID Guest
 
-### `GET /`
+1. Make sure you create a folder in a linux filesystem (BTRFS/XFS/EXT4...), I recommend `/mnt/user/system/nvidia` (this is where docker and libvirt preferences are saved, so it's a good place to have that)
+2. Edit the script to put your `DLS_IP`, `DLS_PORT` and `TOKEN_PATH`, properly 
+3. Install `User Scripts` plugin from *Community Apps* (the Apps page, or google User Scripts Unraid if you're not using CA)
+4. Go to `Settings > Users Scripts > Add New Script`
+5. Give it a name  (the name must not contain spaces preferably)
+6. Click on the *gear icon* to the left of the script name then edit script
+7. Paste the script and save
+8. Set schedule to `At First Array Start Only`
+9. Click on Apply 
+
+# API Endpoints
+
+<details>
+  <summary>show</summary>
+
+**`GET /`**
 
 Redirect to `/-/readme`.
 
-### `GET /-/health`
+**`GET /-/health`**
 
 Status endpoint, used for *healthcheck*.
 
-### `GET /-/config`
+**`GET /-/config`**
 
 Shows current runtime environment variables and their values.
 
-### `GET /-/readme`
+**`GET /-/readme`**
 
 HTML rendered README.md.
 
-### `GET /-/docs`, `GET /-/redoc`
-
-OpenAPI specifications rendered from `GET /-/openapi.json`.
-
-### `GET /-/manage`
+**`GET /-/manage`**
 
 Shows a very basic UI to delete origins or leases.
 
-### `GET /-/origins?leases=false`
+**`GET /-/origins?leases=false`**
 
 List registered origins.
 
@@ -384,11 +561,11 @@ List registered origins.
 |-----------------|---------|--------------------------------------|
 | `leases`        | `false` | Include referenced leases per origin |
 
-### `DELETE /-/origins`
+**`DELETE /-/origins`**
 
 Deletes all origins and their leases.
 
-### `GET /-/leases?origin=false`
+**`GET /-/leases?origin=false`**
 
 List current leases.
 
@@ -396,22 +573,29 @@ List current leases.
 |-----------------|---------|-------------------------------------|
 | `origin`        | `false` | Include referenced origin per lease |
 
-### `DELETE /-/lease/{lease_ref}`
+**`DELETE /-/lease/{lease_ref}`**
 
 Deletes an lease.
 
-### `GET /-/client-token`
+**`GET /-/client-token`**
 
 Generate client token, (see [installation](#installation)).
 
-### Others
+**Others**
 
 There are many other internal api endpoints for handling authentication and lease process.
+</details>
 
-# Troubleshoot
+# Troubleshoot / Debug
 
 **Please make sure that fastapi-dls and your guests are on the same timezone!**
 
+Maybe you have to disable IPv6 on the machine you are running FastAPI-DLS.
+
+## Docker
+
+Logs are available with `docker logs <container>`. To get the correct container-id use `docker container ls` or `docker ps`.
+
 ## Linux
 
 Logs are available with `journalctl -u nvidia-gridd -f`.
@@ -422,11 +606,26 @@ Logs are available in `C:\Users\Public\Documents\Nvidia\LoggingLog.NVDisplay.Con
 
 # Known Issues
 
+## Generic
+
+### `Failed to acquire license from <ip> (Info: <license> - Error: The allowed time to process response has expired)`
+
+- Did your timezone settings are correct on fastapi-dls **and your guest**?
+- Did you download the client-token more than an hour ago?
+
+Please download a new client-token. The guest have to register within an hour after client-token was created.
+
+### `jose.exceptions.JWTError: Signature verification failed.`
+
+- Did you recreate `instance.public.pem` / `instance.private.pem`?
+
+Then you have to download a **new** client-token on each of your guests.
+
 ## Linux
 
-### `uvicorn.error:Invalid HTTP request received.`
+### Invalid HTTP request
 
-This message can be ignored.
+This error message: `uvicorn.error:Invalid HTTP request received.` can be ignored.
 
 - Ref. https://github.com/encode/uvicorn/issues/441
 
@@ -469,7 +668,7 @@ only
 gets a valid local license.
 
 <details>
-  <summary>Log</summary>
+  <summary>Log example</summary>
 
 **Display-Container-LS**
 
@@ -535,7 +734,7 @@ The error message can safely be ignored (since we have no license limitation :P)
 <0>:End Logging
 ```
 
-#### log with nginx as reverse proxy (see [docker-compose.yml](docker-compose.yml))
+#### log with nginx as reverse proxy (see [docker-compose-http-and-https.yml](examples/docker-compose-http-and-https.yml))
 
 ```
 <1>:NLS initialized
@@ -552,9 +751,57 @@ The error message can safely be ignored (since we have no license limitation :P)
 
 </details>
 
+# vGPU Software Compatibility Matrix
+
+**18.x Drivers are not supported on FastAPI-DLS Versions < 1.6.0**
+
+<details>
+  <summary>Show Table</summary>
+
+Successfully tested with this package versions.
+
+| vGPU Suftware | Driver Branch | Linux vGPU Manager | Linux Driver | Windows Driver |  Release Date |      EOL Date |
+|:-------------:|:-------------:|--------------------|--------------|----------------|--------------:|--------------:|
+|    `17.5`     |     R550      | `550.144.02`       | `550.144.03` | `553.62`       |  January 2025 |     June 2025 |
+|    `17.4`     |     R550      | `550.127.06`       | `550.127.05` | `553.24`       |  October 2024 |               |
+|    `17.3`     |     R550      | `550.90.05`        | `550.90.07`  | `552.74`       |     July 2024 |               |
+|    `17.2`     |     R550      | `550.90.05`        | `550.90.07`  | `552.55`       |     June 2024 |               |
+|    `17.1`     |     R550      | `550.54.16`        | `550.54.15`  | `551.78`       |    March 2024 |               |
+|    `17.0`     |     R550      | `550.54.10`        | `550.54.14`  | `551.61`       | February 2024 |               |
+|    `16.9`     |     R535      | `535.230.02`       | `535.216.01` | `539.19`       |  October 2024 |     July 2026 |
+|    `16.8`     |     R535      | `535.216.01`       | `535.216.01` | `538.95`       |  October 2024 |               |
+|    `16.7`     |     R535      | `535.183.04`       | `535.183.06` | `538.78`       |     July 2024 |               |
+|    `16.6`     |     R535      | `535.183.04`       | `535.183.01` | `538.67`       |     June 2024 |               |
+|    `16.5`     |     R535      | `535.161.05`       | `535.161.08` | `538.46`       | February 2024 |               |
+|    `16.4`     |     R535      | `535.161.05`       | `535.161.07` | `538.33`       | February 2024 |               |
+|    `16.3`     |     R535      | `535.154.02`       | `535.154.05` | `538.15`       |  January 2024 |               |
+|    `16.2`     |     R535      | `535.129.03`       | `535.129.03` | `537.70`       |  October 2023 |               |
+|    `16.1`     |     R535      | `535.104.06`       | `535.104.05` | `537.13`       |   August 2023 |               |
+|    `16.0`     |     R535      | `535.54.06`        | `535.54.03`  | `536.22`       |     July 2023 |               |
+|    `15.4`     |     R525      | `525.147.01`       | `525.147.05` | `529.19`       |     June 2023 | December 2023 |
+|    `14.4`     |     R510      | `510.108.03`       | `510.108.03` | `514.08`       | December 2022 | February 2023 |
+
+</details>
+
+- https://docs.nvidia.com/grid/index.html
+- https://docs.nvidia.com/grid/gpus-supported-by-vgpu.html
+
+*To get the latest drivers, visit Nvidia or search in Discord-Channel `GPU Unlocking` (Server-ID: `829786927829745685`)
+on channel `licensing`
+
 # Credits
 
 Thanks to vGPU community and all who uses this project and report bugs.
 
-Special thanks to @samicrusader who created build file for ArchLinux.
+Special thanks to:
 
+- `samicrusader` who created build file for **ArchLinux**
+- `cyrus` who wrote the section for **openSUSE**
+- `midi` who wrote the section for **unRAID**
+- `polloloco` who wrote the *[NVIDIA vGPU Guide](https://gitlab.com/polloloco/vgpu-proxmox)*
+- `DualCoder` who creates the `vgpu_unlock` functionality [vgpu_unlock](https://github.com/DualCoder/vgpu_unlock)
+- `Krutav Shah` who wrote the [vGPU_Unlock Wiki](https://docs.google.com/document/d/1pzrWJ9h-zANCtyqRgS7Vzla0Y8Ea2-5z2HEi4X75d2Q/)
+- `Wim van 't Hoog` for the [Proxmox All-In-One Installer Script](https://wvthoog.nl/proxmox-vgpu-v3/)
+- `mrzenc` who wrote [fastapi-dls-nixos](https://github.com/mrzenc/fastapi-dls-nixos)
+
+And thanks to all people who contributed to all these libraries!

ROADMAP.md

@@ -0,0 +1,27 @@
+# Roadmap
+
+I am planning to implement the following features in the future.
+
+
+## HA - High Availability
+
+Support Failover-Mode (secondary ip address) as in official DLS.
+
+**Note**: There is no Load-Balancing / Round-Robin HA Mode supported! If you want to use that, consider to use 
+Docker-Swarm with shared/cluster database (e.g. postgres).
+
+*See [ha branch](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/tree/ha) for current status.*
+
+
+## UI - User Interface
+
+Add a user interface to manage origins and leases.
+
+*See [ui branch](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/tree/ui) for current status.*
+
+
+## Config Database
+
+Instead of using environment variables, configuration files and manually create certificates, store configs and
+certificates in database (like origins and leases). Also, there should be provided a startup assistant to prefill 
+required attributes and create instance-certificates. This is more user-friendly and should improve fist setup.

app/main.py

@@ -1,51 +1,49 @@
 import logging
 from base64 import b64encode as b64enc
+from calendar import timegm
+from contextlib import asynccontextmanager
+from datetime import datetime, timedelta, UTC
 from hashlib import sha256
-from uuid import uuid4
-from os.path import join, dirname
+from json import loads as json_loads
 from os import getenv as env
+from os.path import join, dirname
+from uuid import uuid4
 
+from dateutil.relativedelta import relativedelta
 from dotenv import load_dotenv
 from fastapi import FastAPI
 from fastapi.requests import Request
-from json import loads as json_loads
-from datetime import datetime, timedelta
-from dateutil.relativedelta import relativedelta
-from calendar import timegm
 from jose import jws, jwk, jwt, JWTError
 from jose.constants import ALGORITHMS
-from starlette.middleware.cors import CORSMiddleware
-from starlette.responses import StreamingResponse, JSONResponse as JSONr, HTMLResponse as HTMLr, Response, RedirectResponse
 from sqlalchemy import create_engine
 from sqlalchemy.orm import sessionmaker
-from starlette.staticfiles import StaticFiles
-from starlette.templating import Jinja2Templates
+from starlette.middleware.cors import CORSMiddleware
+from starlette.responses import StreamingResponse, JSONResponse as JSONr, HTMLResponse as HTMLr, Response, RedirectResponse
 
-from util import load_key, load_file
 from orm import Origin, Lease, init as db_init, migrate
+from util import PrivateKey, PublicKey, load_file
 
+# Load variables
 load_dotenv('../version.env')
 
+# Get current timezone
 TZ = datetime.now().astimezone().tzinfo
 
+# Load basic variables
 VERSION, COMMIT, DEBUG = env('VERSION', 'unknown'), env('COMMIT', 'unknown'), bool(env('DEBUG', False))
 
-config = dict(openapi_url='/-/openapi.json', docs_url='/-/docs', redoc_url='/-/redoc')
-app = FastAPI(title='FastAPI-DLS', description='Minimal Delegated License Service (DLS).', version=VERSION, **config)
-app.mount('/static', StaticFiles(directory=join(dirname(__file__), 'static'), html=True), name='static'),
-templates = Jinja2Templates(directory=join(dirname(__file__), 'templates'))
-
+# Database connection
 db = create_engine(str(env('DATABASE', 'sqlite:///db.sqlite')))
 db_init(db), migrate(db)
 
-# everything prefixed with "INSTANCE_*" is used as "SERVICE_INSTANCE_*" or "SI_*" in official dls service
+# Load DLS variables (all prefixed with "INSTANCE_*" is used as "SERVICE_INSTANCE_*" or "SI_*" in official dls service)
 DLS_URL = str(env('DLS_URL', 'localhost'))
 DLS_PORT = int(env('DLS_PORT', '443'))
 SITE_KEY_XID = str(env('SITE_KEY_XID', '00000000-0000-0000-0000-000000000000'))
 INSTANCE_REF = str(env('INSTANCE_REF', '10000000-0000-0000-0000-000000000001'))
 ALLOTMENT_REF = str(env('ALLOTMENT_REF', '20000000-0000-0000-0000-000000000001'))
-INSTANCE_KEY_RSA = load_key(str(env('INSTANCE_KEY_RSA', join(dirname(__file__), 'cert/instance.private.pem'))))
-INSTANCE_KEY_PUB = load_key(str(env('INSTANCE_KEY_PUB', join(dirname(__file__), 'cert/instance.public.pem'))))
+INSTANCE_KEY_RSA = PrivateKey.from_file(str(env('INSTANCE_KEY_RSA', join(dirname(__file__), 'cert/instance.private.pem'))))
+INSTANCE_KEY_PUB = PublicKey.from_file(str(env('INSTANCE_KEY_PUB', join(dirname(__file__), 'cert/instance.public.pem'))))
 TOKEN_EXPIRE_DELTA = relativedelta(days=int(env('TOKEN_EXPIRE_DAYS', 1)), hours=int(env('TOKEN_EXPIRE_HOURS', 0)))
 LEASE_EXPIRE_DELTA = relativedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=int(env('LEASE_EXPIRE_HOURS', 0)))
 LEASE_RENEWAL_PERIOD = float(env('LEASE_RENEWAL_PERIOD', 0.15))
@@ -53,8 +51,42 @@ LEASE_RENEWAL_DELTA = timedelta(days=int(env('LEASE_EXPIRE_DAYS', 90)), hours=in
 CLIENT_TOKEN_EXPIRE_DELTA = relativedelta(years=12)
 CORS_ORIGINS = str(env('CORS_ORIGINS', '')).split(',') if (env('CORS_ORIGINS')) else [f'https://{DLS_URL}']
 
-jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
-jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
+jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.pem(), algorithm=ALGORITHMS.RS256)
+jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.pem(), algorithm=ALGORITHMS.RS256)
+
+# Logging
+LOG_LEVEL = logging.DEBUG if DEBUG else logging.INFO
+logging.basicConfig(format='[{levelname:^7}] [{module:^15}] {message}', style='{')
+logger = logging.getLogger(__name__)
+logger.setLevel(LOG_LEVEL)
+logging.getLogger('util').setLevel(LOG_LEVEL)
+logging.getLogger('NV').setLevel(LOG_LEVEL)
+
+
+# FastAPI
+@asynccontextmanager
+async def lifespan(_: FastAPI):
+    # on startup
+    logger.info(f'''
+    
+    Using timezone: {str(TZ)}. Make sure this is correct and match your clients!
+    
+    Your clients renew their license every {str(Lease.calculate_renewal(LEASE_RENEWAL_PERIOD, LEASE_RENEWAL_DELTA))}.
+    If the renewal fails, the license is {str(LEASE_RENEWAL_DELTA)} valid.
+    
+    Your client-token file (.tok) is valid for {str(CLIENT_TOKEN_EXPIRE_DELTA)}.
+    ''')
+
+    logger.info(f'Debug is {"enabled" if DEBUG else "disabled"}.')
+
+    yield
+
+    # on shutdown
+    logger.info(f'Shutting down ...')
+
+
+config = dict(openapi_url=None, docs_url=None, redoc_url=None)  # dict(openapi_url='/-/openapi.json', docs_url='/-/docs', redoc_url='/-/redoc')
+app = FastAPI(title='FastAPI-DLS', description='Minimal Delegated License Service (DLS).', version=VERSION, lifespan=lifespan, **config)
 
 app.debug = DEBUG
 app.add_middleware(
@@ -65,29 +97,28 @@ app.add_middleware(
     allow_headers=['*'],
 )
 
-logging.basicConfig()
-logger = logging.getLogger(__name__)
-logger.setLevel(logging.DEBUG if DEBUG else logging.INFO)
-
 
+# Helper
 def __get_token(request: Request) -> dict:
     authorization_header = request.headers.get('authorization')
     token = authorization_header.split(' ')[1]
     return jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False})
 
 
-@app.get('/', summary='* Index')
+# Endpoints
+
+@app.get('/', summary='Index')
 async def index():
-    return RedirectResponse('/-/')
+    return RedirectResponse('/-/readme')
 
 
 @app.get('/-/', summary='* Index')
-async def _index(request: Request):
-    return templates.TemplateResponse(name='views/index.html', context={'request': request, 'VERSION': VERSION})
+async def _index():
+    return RedirectResponse('/-/readme')
 
 
 @app.get('/-/health', summary='* Health')
-async def _health(request: Request):
+async def _health():
     return JSONr({'status': 'up'})
 
 
@@ -111,32 +142,48 @@ async def _config():
 
 
 @app.get('/-/readme', summary='* Readme')
-async def _readme(request: Request):
+async def _readme():
     from markdown import markdown
-    content = load_file('../README.md').decode('utf-8')
-    markdown = markdown(text=content, extensions=['tables', 'fenced_code', 'md_in_html', 'nl2br', 'toc'])
-    context = {'request': request, 'markdown': markdown, 'VERSION': VERSION}
-    return templates.TemplateResponse(name='views/dashboard_readme.html', context=context)
+    content = load_file(join(dirname(__file__), '../README.md')).decode('utf-8')
+    return HTMLr(markdown(text=content, extensions=['tables', 'fenced_code', 'md_in_html', 'nl2br', 'toc']))
 
 
 @app.get('/-/manage', summary='* Management UI')
 async def _manage(request: Request):
-    return templates.TemplateResponse(name='views/manage.html', context={'request': request, 'VERSION': VERSION})
+    response = '''
+    <!DOCTYPE html>
+    <html>
+        <head>
+            <title>FastAPI-DLS Management</title>
+        </head>
+        <body>
+            <button onclick="deleteOrigins()">delete ALL origins and their leases</button>
+            <button onclick="deleteLease()">delete specific lease</button>
+            
+            <script>
+                function deleteOrigins() {
+                    const response = confirm('Are you sure you want to delete all origins and their leases?');
 
-
-@app.get('/-/dashboard', summary='* Dashboard')
-async def _dashboard(request: Request):
-    return templates.TemplateResponse(name='views/dashboard.html', context={'request': request, 'VERSION': VERSION})
-
-
-@app.get('/-/dashboard/origins', summary='* Dashboard - Origins')
-async def _dashboard_origins(request: Request):
-    return templates.TemplateResponse(name='views/dashboard_origins.html', context={'request': request, 'VERSION': VERSION})
-
-
-@app.get('/-/dashboard/leases', summary='* Dashboard - Leases')
-async def _dashboard_origins(request: Request):
-    return templates.TemplateResponse(name='views/dashboard_leases.html', context={'request': request, 'VERSION': VERSION})
+                    if (response) {
+                        var xhr = new XMLHttpRequest();
+                        xhr.open("DELETE", '/-/origins', true);
+                        xhr.send();
+                    }
+                }
+                function deleteLease(lease_ref) {
+                    if(lease_ref === undefined)
+                        lease_ref = window.prompt("Please enter 'lease_ref' which should be deleted");
+                    if(lease_ref === null || lease_ref === "")
+                        return
+                    var xhr = new XMLHttpRequest();
+                    xhr.open("DELETE", `/-/lease/${lease_ref}`, true);
+                    xhr.send();
+                }
+            </script>
+        </body>
+    </html>
+    '''
+    return HTMLr(response)
 
 
 @app.get('/-/origins', summary='* Origins')
@@ -159,13 +206,6 @@ async def _origins_delete(request: Request):
     return Response(status_code=201)
 
 
-@app.delete('/-/origins/{origin_ref}', summary='* Origins')
-async def _origins_delete_origin_ref(request: Request, origin_ref: str):
-    if Origin.delete(db, [origin_ref]) == 1:
-        return Response(status_code=201)
-    return JSONr(status_code=404, content={'status': 404, 'detail': 'lease not found'})
-
-
 @app.get('/-/leases', summary='* Leases')
 async def _leases(request: Request, origin: bool = False):
     session = sessionmaker(bind=db)()
@@ -182,6 +222,12 @@ async def _leases(request: Request, origin: bool = False):
     return JSONr(response)
 
 
+@app.delete('/-/leases/expired', summary='* Leases')
+async def _lease_delete_expired(request: Request):
+    Lease.delete_expired(db)
+    return Response(status_code=201)
+
+
 @app.delete('/-/lease/{lease_ref}', summary='* Lease')
 async def _lease_delete(request: Request, lease_ref: str):
     if Lease.delete(db, lease_ref) == 1:
@@ -192,7 +238,7 @@ async def _lease_delete(request: Request, lease_ref: str):
 # venv/lib/python3.9/site-packages/nls_core_service_instance/service_instance_token_manager.py
 @app.get('/-/client-token', summary='* Client-Token', description='creates a new messenger token for this service instance')
 async def _client_token():
-    cur_time = datetime.utcnow()
+    cur_time = datetime.now(UTC)
     exp_time = cur_time + CLIENT_TOKEN_EXPIRE_DELTA
 
     payload = {
@@ -218,10 +264,10 @@ async def _client_token():
         },
         "service_instance_public_key_configuration": {
             "service_instance_public_key_me": {
-                "mod": hex(INSTANCE_KEY_PUB.public_key().n)[2:],
-                "exp": int(INSTANCE_KEY_PUB.public_key().e),
+                "mod": hex(INSTANCE_KEY_PUB.raw().public_numbers().n)[2:],
+                "exp": int(INSTANCE_KEY_PUB.raw().public_numbers().e),
             },
-            "service_instance_public_key_pem": INSTANCE_KEY_PUB.export_key().decode('utf-8'),
+            "service_instance_public_key_pem": INSTANCE_KEY_PUB.pem().decode('utf-8'),
             "key_retention_mode": "LATEST_ONLY"
         },
     }
@@ -238,10 +284,10 @@ async def _client_token():
 # venv/lib/python3.9/site-packages/nls_services_auth/test/test_origins_controller.py
 @app.post('/auth/v1/origin', description='find or create an origin')
 async def auth_v1_origin(request: Request):
-    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
+    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)
 
     origin_ref = j.get('candidate_origin_ref')
-    logging.info(f'> [  origin  ]: {origin_ref}: {j}')
+    logger.info(f'> [  origin  ]: {origin_ref}: {j}')
 
     data = Origin(
         origin_ref=origin_ref,
@@ -268,10 +314,10 @@ async def auth_v1_origin(request: Request):
 # venv/lib/python3.9/site-packages/nls_services_auth/test/test_origins_controller.py
 @app.post('/auth/v1/origin/update', description='update an origin evidence')
 async def auth_v1_origin_update(request: Request):
-    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
+    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)
 
     origin_ref = j.get('origin_ref')
-    logging.info(f'> [  update  ]: {origin_ref}: {j}')
+    logger.info(f'> [  update  ]: {origin_ref}: {j}')
 
     data = Origin(
         origin_ref=origin_ref,
@@ -295,10 +341,10 @@ async def auth_v1_origin_update(request: Request):
 # venv/lib/python3.9/site-packages/nls_core_auth/auth.py - CodeResponse
 @app.post('/auth/v1/code', description='get an authorization code')
 async def auth_v1_code(request: Request):
-    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
+    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)
 
     origin_ref = j.get('origin_ref')
-    logging.info(f'> [   code   ]: {origin_ref}: {j}')
+    logger.info(f'> [   code   ]: {origin_ref}: {j}')
 
     delta = relativedelta(minutes=15)
     expires = cur_time + delta
@@ -327,15 +373,15 @@ async def auth_v1_code(request: Request):
 # venv/lib/python3.9/site-packages/nls_core_auth/auth.py - TokenResponse
 @app.post('/auth/v1/token', description='exchange auth code and verifier for token')
 async def auth_v1_token(request: Request):
-    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
+    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)
 
     try:
-        payload = jwt.decode(token=j.get('auth_code'), key=jwt_decode_key)
+        payload = jwt.decode(token=j.get('auth_code'), key=jwt_decode_key, algorithms=ALGORITHMS.RS256)
     except JWTError as e:
         return JSONr(status_code=400, content={'status': 400, 'title': 'invalid token', 'detail': str(e)})
 
     origin_ref = payload.get('origin_ref')
-    logging.info(f'> [   auth   ]: {origin_ref}: {j}')
+    logger.info(f'> [   auth   ]: {origin_ref}: {j}')
 
     # validate the code challenge
     challenge = b64enc(sha256(j.get('code_verifier').encode('utf-8')).digest()).rstrip(b'=').decode('utf-8')
@@ -369,7 +415,7 @@ async def auth_v1_token(request: Request):
 # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
 @app.post('/leasing/v1/lessor', description='request multiple leases (borrow) for current origin')
 async def leasing_v1_lessor(request: Request):
-    j, token, cur_time = json_loads((await request.body()).decode('utf-8')), __get_token(request), datetime.utcnow()
+    j, token, cur_time = json_loads((await request.body()).decode('utf-8')), __get_token(request), datetime.now(UTC)
 
     try:
         token = __get_token(request)
@@ -378,7 +424,7 @@ async def leasing_v1_lessor(request: Request):
 
     origin_ref = token.get('origin_ref')
     scope_ref_list = j.get('scope_ref_list')
-    logging.info(f'> [  create  ]: {origin_ref}: create leases for scope_ref_list {scope_ref_list}')
+    logger.info(f'> [  create  ]: {origin_ref}: create leases for scope_ref_list {scope_ref_list}')
 
     lease_result_list = []
     for scope_ref in scope_ref_list:
@@ -417,12 +463,12 @@ async def leasing_v1_lessor(request: Request):
 # venv/lib/python3.9/site-packages/nls_dal_service_instance_dls/schema/service_instance/V1_0_21__product_mapping.sql
 @app.get('/leasing/v1/lessor/leases', description='get active leases for current origin')
 async def leasing_v1_lessor_lease(request: Request):
-    token, cur_time = __get_token(request), datetime.utcnow()
+    token, cur_time = __get_token(request), datetime.now(UTC)
 
     origin_ref = token.get('origin_ref')
 
     active_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
-    logging.info(f'> [  leases  ]: {origin_ref}: found {len(active_lease_list)} active leases')
+    logger.info(f'> [  leases  ]: {origin_ref}: found {len(active_lease_list)} active leases')
 
     response = {
         "active_lease_list": active_lease_list,
@@ -437,10 +483,10 @@ async def leasing_v1_lessor_lease(request: Request):
 # venv/lib/python3.9/site-packages/nls_core_lease/lease_single.py
 @app.put('/leasing/v1/lease/{lease_ref}', description='renew a lease')
 async def leasing_v1_lease_renew(request: Request, lease_ref: str):
-    token, cur_time = __get_token(request), datetime.utcnow()
+    token, cur_time = __get_token(request), datetime.now(UTC)
 
     origin_ref = token.get('origin_ref')
-    logging.info(f'> [  renew   ]: {origin_ref}: renew {lease_ref}')
+    logger.info(f'> [  renew   ]: {origin_ref}: renew {lease_ref}')
 
     entity = Lease.find_by_origin_ref_and_lease_ref(db, origin_ref, lease_ref)
     if entity is None:
@@ -464,10 +510,10 @@ async def leasing_v1_lease_renew(request: Request, lease_ref: str):
 # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_single_controller.py
 @app.delete('/leasing/v1/lease/{lease_ref}', description='release (return) a lease')
 async def leasing_v1_lease_delete(request: Request, lease_ref: str):
-    token, cur_time = __get_token(request), datetime.utcnow()
+    token, cur_time = __get_token(request), datetime.now(UTC)
 
     origin_ref = token.get('origin_ref')
-    logging.info(f'> [  return  ]: {origin_ref}: return {lease_ref}')
+    logger.info(f'> [  return  ]: {origin_ref}: return {lease_ref}')
 
     entity = Lease.find_by_lease_ref(db, lease_ref)
     if entity.origin_ref != origin_ref:
@@ -490,13 +536,13 @@ async def leasing_v1_lease_delete(request: Request, lease_ref: str):
 # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py
 @app.delete('/leasing/v1/lessor/leases', description='release all leases')
 async def leasing_v1_lessor_lease_remove(request: Request):
-    token, cur_time = __get_token(request), datetime.utcnow()
+    token, cur_time = __get_token(request), datetime.now(UTC)
 
     origin_ref = token.get('origin_ref')
 
     released_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
     deletions = Lease.cleanup(db, origin_ref)
-    logging.info(f'> [  remove  ]: {origin_ref}: removed {deletions} leases')
+    logger.info(f'> [  remove  ]: {origin_ref}: removed {deletions} leases')
 
     response = {
         "released_lease_list": released_lease_list,
@@ -510,7 +556,7 @@ async def leasing_v1_lessor_lease_remove(request: Request):
 
 @app.post('/leasing/v1/lessor/shutdown', description='shutdown all leases')
 async def leasing_v1_lessor_shutdown(request: Request):
-    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.utcnow()
+    j, cur_time = json_loads((await request.body()).decode('utf-8')), datetime.now(UTC)
 
     token = j.get('token')
     token = jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False})
@@ -518,7 +564,7 @@ async def leasing_v1_lessor_shutdown(request: Request):
 
     released_lease_list = list(map(lambda x: x.lease_ref, Lease.find_by_origin_ref(db, origin_ref)))
     deletions = Lease.cleanup(db, origin_ref)
-    logging.info(f'> [ shutdown ]: {origin_ref}: removed {deletions} leases')
+    logger.info(f'> [ shutdown ]: {origin_ref}: removed {deletions} leases')
 
     response = {
         "released_lease_list": released_lease_list,
@@ -530,18 +576,6 @@ async def leasing_v1_lessor_shutdown(request: Request):
     return JSONr(response)
 
 
-@app.on_event('startup')
-async def app_on_startup():
-    logger.info(f'''
-    Using timezone: {str(TZ)}. Make sure this is correct and match your clients!
-    
-    Your clients renew their license every {str(Lease.calculate_renewal(LEASE_RENEWAL_PERIOD, LEASE_RENEWAL_DELTA))}.
-    If the renewal fails, the license is {str(LEASE_RENEWAL_DELTA)} valid.
-    
-    Your client-token file (.tok) is valid for {str(CLIENT_TOKEN_EXPIRE_DELTA)}.
-    ''')
-
-
 if __name__ == '__main__':
     import uvicorn
 
@@ -553,7 +587,7 @@ if __name__ == '__main__':
     #
     ###
 
-    logging.info(f'> Starting dev-server ...')
+    logger.info(f'> Starting dev-server ...')
 
     ssl_keyfile = join(dirname(__file__), 'cert/webserver.key')
     ssl_certfile = join(dirname(__file__), 'cert/webserver.crt')

app/orm.py

@@ -1,10 +1,11 @@
-from datetime import datetime, timedelta, timezone
-from dateutil.relativedelta import relativedelta
+from datetime import datetime, timedelta, timezone, UTC
 
-from sqlalchemy import Column, VARCHAR, CHAR, ForeignKey, DATETIME, update, and_, inspect
-from sqlalchemy.ext.declarative import declarative_base
+from dateutil.relativedelta import relativedelta
+from sqlalchemy import Column, VARCHAR, CHAR, ForeignKey, DATETIME, update, and_, inspect, text
 from sqlalchemy.engine import Engine
-from sqlalchemy.orm import sessionmaker
+from sqlalchemy.orm import sessionmaker, declarative_base
+
+from util import DriverMatrix
 
 Base = declarative_base()
 
@@ -24,6 +25,8 @@ class Origin(Base):
         return f'Origin(origin_ref={self.origin_ref}, hostname={self.hostname})'
 
     def serialize(self) -> dict:
+        _ = DriverMatrix().find(self.guest_driver_version)
+
         return {
             'origin_ref': self.origin_ref,
             # 'service_instance_xid': self.service_instance_xid,
@@ -31,6 +34,7 @@ class Origin(Base):
             'guest_driver_version': self.guest_driver_version,
             'os_platform': self.os_platform,
             'os_version': self.os_version,
+            '$driver': _ if _ is not None else None,
         }
 
     @staticmethod
@@ -67,6 +71,16 @@ class Origin(Base):
         session.close()
         return deletions
 
+    @staticmethod
+    def delete_expired(engine: Engine) -> int:
+        session = sessionmaker(bind=engine)()
+        origins = session.query(Origin).join(Lease, Origin.origin_ref == Lease.origin_ref, isouter=True).filter(Lease.lease_ref.is_(None)).all()
+        origin_refs = [origin.origin_ref for origin in origins]
+        deletions = session.query(Origin).filter(Origin.origin_ref.in_(origin_refs)).delete()
+        session.commit()
+        session.close()
+        return deletions
+
 
 class Lease(Base):
     __tablename__ = "lease"
@@ -161,6 +175,14 @@ class Lease(Base):
         session.close()
         return deletions
 
+    @staticmethod
+    def delete_expired(engine: Engine) -> int:
+        session = sessionmaker(bind=engine)()
+        deletions = session.query(Lease).filter(Lease.lease_expires <= datetime.now(UTC)).delete()
+        session.commit()
+        session.close()
+        return deletions
+
     @staticmethod
     def calculate_renewal(renewal_period: float, delta: timedelta) -> timedelta:
         """
@@ -190,7 +212,7 @@ def init(engine: Engine):
     session = sessionmaker(bind=engine)()
     for table in tables:
         if not db.dialect.has_table(engine.connect(), table.__tablename__):
-            session.execute(str(table.create_statement(engine)))
+            session.execute(text(str(table.create_statement(engine))))
             session.commit()
     session.close()
 

app/static/assets/css/custom.css

@@ -1,56 +0,0 @@
-/*
-    Original: #76b900
-    Darken 1: #5DA000 (10%)
-    Darken 2: #438600 (20%)
-    Darken 3: #2A6D00 (30%)
-    Darken 4: #105300 (40%)
-    Darken 5: #003A00 (50%)
-*/
-
-
-.text-primary {
-    color: #76b900 !important;
-}
-
-.lead {
-    color: #105300 !important;
-}
-
-.navbar-green {
-    background-color: #76b900 !important;
-}
-
-.navbar-brand {
-    background-color: transparent;
-    color: #ffffff;
-}
-
-.navbar-brand:focus, .navbar-brand:hover {
-    color: #fcfcfc;
-}
-
-.btn-primary {
-    background-color: #76b900 !important;
-    border-color: #76b900 !important;
-}
-
-.btn-primary:focus, .btn-primary:hover {
-    background-color: #5DA000 !important;
-    border-color: #5DA000 !important;
-}
-
-code {
-    color: #105300 !important;
-}
-
-.sidebar .nav-link.active {
-    color: #76b900 !important;
-}
-
-.sidebar .nav-link:focus, .sidebar .nav-link:hover {
-    color: #105300 !important;
-}
-
-.navbar-nav .nav-item .nav-link {
-    color: white !important;
-}

app/static/assets/css/dashboard.css

@@ -1,101 +0,0 @@
-body {
-  font-size: .875rem;
-}
-
-.feather {
-  width: 16px;
-  height: 16px;
-  vertical-align: text-bottom;
-}
-
-/*
- * Sidebar
- */
-
-.sidebar {
-  position: fixed;
-  top: 0;
-  /* rtl:raw:
-  right: 0;
-  */
-  bottom: 0;
-  /* rtl:remove */
-  left: 0;
-  z-index: 100; /* Behind the navbar */
-  padding: 48px 0 0; /* Height of navbar */
-  box-shadow: inset -1px 0 0 rgba(0, 0, 0, .1);
-}
-
-@media (max-width: 767.98px) {
-  .sidebar {
-    top: 0;
-  }
-}
-
-.sidebar-sticky {
-  position: relative;
-  top: 0;
-  height: calc(100vh - 48px);
-  padding-top: .5rem;
-  overflow-x: hidden;
-  overflow-y: auto; /* Scrollable contents if viewport is shorter than content. */
-}
-
-.sidebar .nav-link {
-  font-weight: 500;
-  color: #333;
-}
-
-.sidebar .nav-link .feather {
-  margin-right: 4px;
-  color: #727272;
-}
-
-.sidebar .nav-link.active {
-  color: #2470dc;
-}
-
-.sidebar .nav-link:hover .feather,
-.sidebar .nav-link.active .feather {
-  color: inherit;
-}
-
-.sidebar-heading {
-  font-size: .75rem;
-  text-transform: uppercase;
-}
-
-/*
- * Navbar
- */
-
-.navbar-brand {
-  padding-top: .75rem;
-  padding-bottom: .75rem;
-  font-size: 1rem;
-  background-color: rgba(0, 0, 0, .25);
-  box-shadow: inset -1px 0 0 rgba(0, 0, 0, .25);
-}
-
-.navbar .navbar-toggler {
-  top: .25rem;
-  right: 1rem;
-}
-
-.navbar .form-control {
-  padding: .75rem 1rem;
-  border-width: 0;
-  border-radius: 0;
-}
-
-.form-control-dark {
-  color: #fff;
-  background-color: rgba(255, 255, 255, .1);
-  border-color: rgba(255, 255, 255, .1);
-}
-
-.form-control-dark:focus {
-  border-color: transparent;
-  box-shadow: 0 0 0 3px rgba(255, 255, 255, .25);
-}
-

app/static/assets/img/favicons/manifest.json

@@ -1 +0,0 @@
-{"name":"","short_name":"","icons":[{"src":"/android-chrome-192x192.png","sizes":"192x192","type":"image/png"},{"src":"/android-chrome-512x512.png","sizes":"512x512","type":"image/png"}],"theme_color":"#ffffff","background_color":"#ffffff","display":"standalone"}

app/static/assets/js/helper.js

@@ -1,127 +0,0 @@
-async function fetchConfig(element) {
-    let xhr = new XMLHttpRequest();
-    xhr.open("GET", '/-/config', true);
-    xhr.onreadystatechange = function () {
-        if (xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
-            element.innerHTML = JSON.stringify(JSON.parse(xhr.response),null,2);
-        }
-    };
-    xhr.send();
-}
-
-async function fetchOriginsWithLeases(element) {
-    let xhr = new XMLHttpRequest();
-    xhr.open("GET", '/-/origins?leases=true', true);
-    xhr.onreadystatechange = function () {
-        if (xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
-            const x = JSON.parse(xhr.response)
-            console.debug(x)
-
-            element.innerHTML = ''
-            let table = document.createElement('table')
-            table.classList.add('table', 'mt-4');
-            let thead = document.createElement('thead');
-            thead.innerHTML = `
-                    <tr>
-                        <th scope="col">origin</th>
-                        <th scope="col">hostname</th>
-                        <th scope="col">OS</th>
-                        <th scope="col">driver version</th>
-                        <th scope="col">leases</th>
-                    </tr>`
-            table.appendChild(thead)
-            let tbody = document.createElement('thead');
-            x.sort((a, b) => a.hostname.localeCompare(b.hostname)).forEach((o) => {
-                let row = document.createElement('tr');
-                row.innerHTML = `
-                        <td><code>${o.origin_ref}</code></td>
-                        <td>${o.hostname}</td>
-                        <td>${o.os_platform} (${o.os_version})</td>
-                        <td>${o.guest_driver_version}</td>
-                        <td>${o.leases.map(x => `<code title="expires: ${x.lease_expires}">${x.lease_ref}</code>`).join(', ')}</td>`
-                tbody.appendChild(row);
-            })
-            table.appendChild(tbody)
-            element.appendChild(table)
-        }
-    };
-    xhr.send();
-}
-
-async function fetchLeases(element) {
-    // datetime config
-    const dtc = {
-        year: "numeric",
-        month: "2-digit",
-        day: "2-digit",
-        hour: "2-digit",
-        minute: "2-digit",
-        second: "2-digit",
-        timeZoneName: "short"
-    }
-
-    let xhr = new XMLHttpRequest();
-    xhr.open("GET", '/-/leases?origin=true', true);
-    xhr.onreadystatechange = function () {
-        if (xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
-            const x = JSON.parse(xhr.response)
-            console.debug(x)
-
-            element.innerHTML = ''
-            let table = document.createElement('table')
-            table.classList.add('table', 'mt-4');
-            let thead = document.createElement('thead');
-            thead.innerHTML = `
-                    <tr>
-                        <th scope="col">lease</th>
-                        <th scope="col">created</th>
-                        <th scope="col">updated</th>
-                        <th scope="col">next renew</th>
-                        <th scope="col">expires</th>
-                        <th scope="col">origin</th>
-                    </tr>`
-            table.appendChild(thead)
-            let tbody = document.createElement('thead');
-            x.sort((a, b) => new Date(a.lease_expires) - new Date(b.lease_expires)).forEach((o) => {
-                let row = document.createElement('tr');
-                row.innerHTML = `
-                        <td><code>${o.lease_ref}</code></td>
-                        <td>${new Date(o.lease_created).toLocaleDateString('system', dtc)}</td>
-                        <td>${new Date(o.lease_updated).toLocaleDateString('system', dtc)}</td>
-                        <td>${new Date(o.lease_renewal).toLocaleDateString('system', dtc)}</td>
-                        <td>${new Date(o.lease_expires).toLocaleDateString('system', dtc)}</td>
-                        <td><code title="hostname: ${o.origin?.hostname}">${o.origin_ref}</code></td>`
-                tbody.appendChild(row);
-            })
-            table.appendChild(tbody)
-            element.appendChild(table)
-        }
-    };
-    xhr.send();
-}
-
-async function deleteOrigins() {
-    let xhr = new XMLHttpRequest();
-    xhr.open("DELETE", '/-/origins', true);
-    xhr.send();
-}
-
-async function deleteOrigin(origin_ref) {
-    if (origin_ref === undefined)
-        origin_ref = window.prompt("Please enter 'origin_ref' which should be deleted");
-    if (origin_ref === null || origin_ref === "")
-        return
-    let xhr = new XMLHttpRequest();
-    xhr.open("DELETE", `/-/origins/${origin_ref}`, true);
-    xhr.send();
-}
-
-async function deleteLease(lease_ref) {
-    if (lease_ref === undefined)
-        lease_ref = window.prompt("Please enter 'lease_ref' which should be deleted");
-    if (lease_ref === null || lease_ref === "")
-        return
-    let xhr = new XMLHttpRequest();
-    xhr.open("DELETE", `/-/lease/${lease_ref}`, true);
-    xhr.send();
-}

app/templates/components/navbar.html

@@ -1,6 +0,0 @@
-<header class="navbar navbar-expand-md navbar-green sticky-top bg-dark flex-md-nowrap p-0 shadow">
-    <a class="navbar-brand col-md-3 col-lg-2 me-0 px-3" href="/-/">FastAPI-DLS {{ VERSION }}</a>
-    <button class="navbar-toggler position-absolute d-lg-none collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#sidebarMenu" aria-controls="sidebarMenu" aria-expanded="false" aria-label="Toggle navigation">
-        <span class="navbar-toggler-icon"></span>
-    </button>
-</header>

app/templates/components/sidebar.html

@@ -1,58 +0,0 @@
-<nav id="sidebarMenu" class="col-md-3 col-lg-2 d-md-block bg-light sidebar collapse">
-    <div class="position-sticky pt-3">
-        <ul class="nav flex-column">
-            <li class="nav-item">
-                <a class="nav-link {{ 'active' if request.url.path == '/-/dashboard' }}" aria-current="page" href="/-/dashboard">
-                    <i class="bi-house-door"></i> Dashboard
-                </a>
-            </li>
-             <li class="nav-item">
-                <a class="nav-link {{ 'active' if request.url.path == '/-/dashboard/origins' }}" aria-current="page" href="/-/dashboard/origins">
-                    <i class="bi-pc-display-horizontal"></i> Origins
-                </a>
-            </li>
-            <li class="nav-item">
-                <a class="nav-link {{ 'active' if request.url.path == '/-/dashboard/leases' }}" aria-current="page" href="/-/dashboard/leases">
-                    <i class="bi-layers"></i> Leases
-                </a>
-            </li>
-        </ul>
-
-        <h6 class="sidebar-heading d-flex justify-content-between align-items-center px-3 mt-4 mb-1 text-muted text-uppercase">
-            <span>Help</span>
-        </h6>
-        <ul class="nav flex-column">
-            <li class="nav-item">
-                <a class="nav-link {{ 'active' if request.url.path == '/-/readme' }}" aria-current="page" href="/-/readme">
-                    <i class="bi-question-circle"></i> Readme
-                </a>
-            </li>
-            <li class="nav-item">
-                <a class="nav-link" aria-current="page" href="https://git.collinwebdesigns.de/oscar.krause/fastapi-dls" target="_blank">
-                    <i class="bi-git"></i> Git Repo
-                </a>
-            </li>
-        </ul>
-
-        <h6 class="sidebar-heading d-flex justify-content-between align-items-center px-3 mt-4 mb-1 text-muted text-uppercase">
-            <span>Integrations</span>
-        </h6>
-        <ul class="nav flex-column">
-            <li class="nav-item">
-                <a class="nav-link" aria-current="page" href="/-/doc" target="_blank">
-                    <i class="bi-file-text"></i> Swagger UI
-                </a>
-            </li>
-            <li class="nav-item">
-                <a class="nav-link" aria-current="page" href="/-/redoc" target="_blank">
-                    <i class="bi-file-text"></i> Redoc
-                </a>
-            </li>
-            <li class="nav-item">
-                <a class="nav-link" aria-current="page" href="/-/openapi.json"  target="_blank">
-                    <i class="bi bi-filetype-json"></i> OpenAPI JSON
-                </a>
-            </li>
-        </ul>
-    </div>
-</nav>

app/templates/layouts/base.html

@@ -1,32 +0,0 @@
-<!doctype html>
-<html lang="en" class="h-100">
-<head>
-    {% block title %}
-        <title>FastAPI-DLS</title>
-    {% endblock %}
-
-    <meta charset="utf-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-
-    <link rel="icon" href="{{ url_for('static', path='assets/img/favicons/favicon-32x32.png') }}" sizes="32x32" type="image/png">
-    <link rel="icon" href="{{ url_for('static', path='assets/img/favicons/favicon-16x16.png') }}" sizes="16x16" type="image/png">
-    <link rel="manifest" href="{{ url_for('static', path='assets/img/favicons/manifest.json') }}">
-    <link rel="icon" href="{{ url_for('static', path='assets/img/favicons/favicon.ico') }}">
-    <link rel="apple-touch-icon" href="{{ url_for('static', path='assets/img/favicons/apple-touch-icon.png') }}" sizes="180x180">
-
-    {% block styles %}
-    {% endblock %}
-
-    <link rel="stylesheet" type="text/css" href="{{ url_for('static', path='assets/css/custom.css') }}">
-</head>
-<body class="d-flex flex-column {% block body_class %}{% endblock %}">
-{% block body %}
-{% endblock %}
-
-
-<script src="{{ url_for('static', path='assets/js/helper.js') }}"></script>
-
-{% block scripts %}
-{% endblock %}
-</body>
-</html>

app/templates/layouts/bootstrap-dashboard.html

@@ -1,16 +0,0 @@
-{% extends 'layouts/bootstrap.html' %}
-
-{% block body %}
-{% include 'components/navbar.html' %}
-
-<div class="container-fluid">
-    <div class="row">
-        {% include 'components/sidebar.html' %}
-
-        <main class="col-md-9 ms-sm-auto col-lg-10 px-md-4">
-            {% block content %}
-            {% endblock %}
-        </main>
-    </div>
-</div>
-{% endblock %}

app/templates/layouts/bootstrap.html

@@ -1,14 +0,0 @@
-{% extends 'layouts/base.html' %}
-
-{% block styles %}
-{{ super() }}
-<link rel="stylesheet" type="text/css" href="{{ url_for('static', path='assets/css/bootstrap.min.css') }}">
-<link rel="stylesheet" type="text/css" href="{{ url_for('static', path='assets/css/bootstrap-icons.min.css') }}">
-<link rel="stylesheet" type="text/css" href="{{ url_for('static', path='assets/css/dashboard.css') }}">
-
-<script src="{{ url_for('static', path='assets/js/popper.min.js') }}"></script>
-<script src="{{ url_for('static', path='assets/js/bootstrap.min.js') }}"></script>
-{% endblock %}
-
-
-

app/templates/views/dashboard.html

@@ -1,50 +0,0 @@
-{% extends 'layouts/bootstrap-dashboard.html' %}
-
-{% block title %}
-<title>Dashboard</title>
-{% endblock %}
-
-{% block content %}
-<div>
-    <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-bottom">
-        <h1 class="h2">Dashboard</h1>
-        <div class="btn-toolbar mb-2 mb-md-0">
-            <div class="btn-group me-2">
-                <button type="button" class="btn btn-sm btn-outline-secondary" onclick="downloadClientToken()">
-                    <i class="bi bi-download"></i>
-                    Client Token
-                </button>
-            </div>
-        </div>
-    </div>
-
-    <div class="p-5 mb-4 bg-light rounded-3">
-        <div class="container-fluid py-5">
-            <h1 class="display-5 fw-bold">FastAPI-DLS</h1>
-            <p class="col-md-8 fs-4">Minimal Delegated License Service (DLS).</p>
-
-            <a href="https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/-/releases" class="btn btn-primary btn-lg" target="_blank">
-                Releases &raquo;
-            </a>
-        </div>
-    </div>
-
-    <pre id="config"></pre>
-</div>
-{% endblock %}
-
-{% block scripts %}
-{{ super() }}
-<script type="application/javascript">
-    function downloadClientToken() {
-        window.open('/-/client-token', "_blank")
-    }
-
-    function load() {
-        const config = document.getElementById('config')
-        fetchConfig(config)
-    }
-
-    load()
-</script>
-{% endblock %}

app/templates/views/dashboard_leases.html

@@ -1,38 +0,0 @@
-{% extends 'layouts/bootstrap-dashboard.html' %}
-
-{% block title %}
-<title>Origins</title>
-{% endblock %}
-
-{% block content %}
-    <div>
-        <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-bottom">
-            <h1 class="h2">Leases <small>with origin</small></h1>
-            <div class="btn-toolbar mb-2 mb-md-0">
-                <div class="btn-group me-2">
-                    <button type="button" class="btn btn-sm btn-outline-danger" onclick="deleteLease().finally(() => load())">
-                        delete lease
-                    </button>
-                </div>
-
-                <button type="button" class="btn btn-sm btn-outline-secondary" onclick="load()" title="refresh">
-                    <i class="bi bi-arrow-clockwise"></i>
-                </button>
-            </div>
-        </div>
-
-        <div id="leases" class="mt-3"></div>
-    </div>
-{% endblock %}
-
-{% block scripts %}
-{{ super() }}
-<script type="application/javascript">
-    function load() {
-        const leases = document.getElementById('leases')
-        fetchLeases(leases)
-    }
-
-    load()
-</script>
-{% endblock %}

app/templates/views/dashboard_origins.html

@@ -1,48 +0,0 @@
-{% extends 'layouts/bootstrap-dashboard.html' %}
-
-{% block title %}
-<title>Origins</title>
-{% endblock %}
-
-{% block content %}
-    <div>
-        <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-bottom">
-            <h1 class="h2">Origins <small>with leases</small></h1>
-            <div class="btn-toolbar mb-2 mb-md-0">
-                <div class="btn-group me-2">
-                    <button type="button" class="btn btn-sm btn-outline-danger" onclick="deleteOrigin().finally(() => load())">
-                        delete origin
-                    </button>
-                    <button type="button" class="btn btn-sm btn-outline-danger" onclick="deleteOriginsWrapper()">
-                        delete all
-                    </button>
-                </div>
-
-                <button type="button" class="btn btn-sm btn-outline-secondary" onclick="load()" title="refresh">
-                    <i class="bi bi-arrow-clockwise"></i>
-                </button>
-            </div>
-        </div>
-
-        <div id="origins" class="mt-3"></div>
-    </div>
-{% endblock %}
-
-{% block scripts %}
-{{ super() }}
-    <script type="application/javascript">
-        function load() {
-            const origins = document.getElementById('origins')
-            fetchOriginsWithLeases(origins)
-        }
-
-        load()
-
-        function deleteOriginsWrapper() {
-            const response = confirm('Are you sure you want to delete all origins and their leases?');
-
-            if (response)
-                deleteOrigins().finally(() => load())
-        }
-    </script>
-{% endblock %}

app/templates/views/dashboard_readme.html

@@ -1,15 +0,0 @@
-{% extends 'layouts/bootstrap-dashboard.html' %}
-
-{% block title %}
-<title>Origins</title>
-{% endblock %}
-
-{% block content %}
-<div>
-    <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-bottom">
-        <div class="overflow-hidden">
-            {{ markdown|safe }}
-        </div>
-    </div>
-</div>
-{% endblock %}

app/templates/views/index.html

@@ -1,26 +0,0 @@
-{% extends 'layouts/bootstrap.html' %}
-
-{% block title %}
-<title>Index</title>
-{% endblock %}
-
-{% block body_class %}h-100{% endblock %}
-
-{% block body %}
-<main class="flex-shrink-0">
-    <div class="container">
-        <h1 class="mt-5 text-primary">FastAPI-DLS</h1>
-        <p class="lead">Minimal Delegated License Service (DLS).</p>
-        <p>
-            <a href="/-/dashboard">Dashboard</a>,
-            <a href="/-/readme">Readme</a>
-        </p>
-    </div>
-</main>
-
-<footer class="footer mt-auto py-3 bg-light">
-    <div class="container">
-        <span class="text-muted">FastAPI-DLS Version {{ VERSION }}</span>
-    </div>
-</footer>
-{% endblock %}

app/util.py

@@ -1,28 +1,132 @@
-def load_file(filename) -> bytes:
+import logging
+from json import load as json_load
+
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey, RSAPublicKey, generate_private_key
+from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_pem_public_key
+
+logging.basicConfig()
+
+
+def load_file(filename: str) -> bytes:
+    log = logging.getLogger(f'{__name__}')
+    log.debug(f'Loading contents of file "{filename}')
     with open(filename, 'rb') as file:
         content = file.read()
     return content
 
 
-def load_key(filename) -> "RsaKey":
-    try:
-        # Crypto | Cryptodome on Debian
-        from Crypto.PublicKey import RSA
-        from Crypto.PublicKey.RSA import RsaKey
-    except ModuleNotFoundError:
-        from Cryptodome.PublicKey import RSA
-        from Cryptodome.PublicKey.RSA import RsaKey
+class PrivateKey:
 
-    return RSA.import_key(extern_key=load_file(filename), passphrase=None)
+    def __init__(self, data: bytes):
+        self.__key = load_pem_private_key(data, password=None)
+
+    @staticmethod
+    def from_file(filename: str) -> "PrivateKey":
+        log = logging.getLogger(__name__)
+        log.debug(f'Importing RSA-Private-Key from "{filename}"')
+
+        with open(filename, 'rb') as f:
+            data = f.read()
+
+        return PrivateKey(data=data.strip())
+
+    def raw(self) -> RSAPrivateKey:
+        return self.__key
+
+    def pem(self) -> bytes:
+        return self.__key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.TraditionalOpenSSL,
+            encryption_algorithm=serialization.NoEncryption()
+        )
+
+    def public_key(self) -> "PublicKey":
+        data = self.__key.public_key().public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo
+        )
+        return PublicKey(data=data)
+
+    @staticmethod
+    def generate(public_exponent: int = 65537, key_size: int = 2048) -> "PrivateKey":
+        log = logging.getLogger(__name__)
+        log.debug(f'Generating RSA-Key')
+        key = generate_private_key(public_exponent=public_exponent, key_size=key_size)
+        data = key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.TraditionalOpenSSL,
+            encryption_algorithm=serialization.NoEncryption()
+        )
+        return PrivateKey(data=data)
 
 
-def generate_key() -> "RsaKey":
-    try:
-        # Crypto | Cryptodome on Debian
-        from Crypto.PublicKey import RSA
-        from Crypto.PublicKey.RSA import RsaKey
-    except ModuleNotFoundError:
-        from Cryptodome.PublicKey import RSA
-        from Cryptodome.PublicKey.RSA import RsaKey
+class PublicKey:
 
-    return RSA.generate(bits=2048)
+    def __init__(self, data: bytes):
+        self.__key = load_pem_public_key(data)
+
+    @staticmethod
+    def from_file(filename: str) -> "PublicKey":
+        log = logging.getLogger(__name__)
+        log.debug(f'Importing RSA-Public-Key from "{filename}"')
+
+        with open(filename, 'rb') as f:
+            data = f.read()
+
+        return PublicKey(data=data.strip())
+
+    def raw(self) -> RSAPublicKey:
+        return self.__key
+
+    def pem(self) -> bytes:
+        return self.__key.public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo
+        )
+
+
+class DriverMatrix:
+    __DRIVER_MATRIX_FILENAME = 'static/driver_matrix.json'
+    __DRIVER_MATRIX: None | dict = None  # https://docs.nvidia.com/grid/ => "Driver Versions"
+
+    def __init__(self):
+        self.log = logging.getLogger(self.__class__.__name__)
+
+        if DriverMatrix.__DRIVER_MATRIX is None:
+            self.__load()
+
+    def __load(self):
+        try:
+            file = open(DriverMatrix.__DRIVER_MATRIX_FILENAME)
+            DriverMatrix.__DRIVER_MATRIX = json_load(file)
+            file.close()
+            self.log.debug(f'Successfully loaded "{DriverMatrix.__DRIVER_MATRIX_FILENAME}".')
+        except Exception as e:
+            DriverMatrix.__DRIVER_MATRIX = {}  # init empty dict to not try open file everytime, just when restarting app
+            # self.log.warning(f'Failed to load "{NV.__DRIVER_MATRIX_FILENAME}": {e}')
+
+    @staticmethod
+    def find(version: str) -> dict | None:
+        if DriverMatrix.__DRIVER_MATRIX is None:
+            return None
+        for idx, (key, branch) in enumerate(DriverMatrix.__DRIVER_MATRIX.items()):
+            for release in branch.get('$releases'):
+                linux_driver = release.get('Linux Driver')
+                windows_driver = release.get('Windows Driver')
+                if version == linux_driver or version == windows_driver:
+                    tmp = branch.copy()
+                    tmp.pop('$releases')
+
+                    is_latest = release.get('vGPU Software') == branch.get('Latest Release in Branch')
+
+                    return {
+                        'software_branch': branch.get('vGPU Software Branch'),
+                        'branch_version': release.get('vGPU Software'),
+                        'driver_branch': branch.get('Driver Branch'),
+                        'branch_status': branch.get('vGPU Branch Status'),
+                        'release_date': release.get('Release Date'),
+                        'eol': branch.get('EOL Date') if is_latest else None,
+                        'is_latest': is_latest,
+                    }
+        return None

doc/Database.md

@@ -1,26 +0,0 @@
-# Database structure
-
-## `request_routing.service_instance`
-
-| xid                                    | org_name                 |
-|----------------------------------------|--------------------------|
-| `10000000-0000-0000-0000-000000000000` | `lic-000000000000000000` |
-
-- `xid` is used as `SERVICE_INSTANCE_XID`
-
-## `request_routing.license_allotment_service_instance`
-
-| xid                                    | service_instance_xid                   | license_allotment_xid                  |
-|----------------------------------------|----------------------------------------|----------------------------------------|
-| `90000000-0000-0000-0000-000000000001` | `10000000-0000-0000-0000-000000000000` | `80000000-0000-0000-0000-000000000001` |
-
-- `xid` is only a primary-key and never used as foreign-key or reference
-- `license_allotment_xid` must be used to fetch `xid`'s from `request_routing.license_allotment_reference`
-
-## `request_routing.license_allotment_reference`
-
-| xid                                    | license_allotment_xid                  |
-|----------------------------------------|----------------------------------------|
-| `20000000-0000-0000-0000-000000000001` | `80000000-0000-0000-0000-000000000001` | 
-
-- `xid` is used as `scope_ref_list` on token request

doc/Reverse Engineering Notes.md

@@ -1,177 +0,0 @@
-# Reverse Engineering Notes
-
-# Usefully commands
-
-## Check licensing status
-
-- `nvidia-smi -q | grep "License"`
-
-**Output**
-
-```
-vGPU Software Licensed Product
-        License Status                    : Licensed (Expiry: 2023-1-14 12:59:52 GMT)
-```
-
-## Track licensing progress
-
-- NVIDIA Grid Log: `journalctl -u nvidia-gridd -f`
-
-```
-systemd[1]: Started NVIDIA Grid Daemon.
-nvidia-gridd[2986]: Configuration parameter ( ServerAddress  ) not set
-nvidia-gridd[2986]: vGPU Software package (0)
-nvidia-gridd[2986]: Ignore service provider and node-locked licensing
-nvidia-gridd[2986]: NLS initialized
-nvidia-gridd[2986]: Acquiring license. (Info: license.nvidia.space; NVIDIA RTX Virtual Workstation)
-nvidia-gridd[2986]: License acquired successfully. (Info: license.nvidia.space, NVIDIA RTX Virtual Workstation; Expiry: 2023-1-29 22:3:0 GMT)
-```
-
-# DLS-Container File-System (Docker)
-
-## Configuration data
-
-Most variables and configs are stored in `/var/lib/docker/volumes/configurations/_data`.
-
-Files can be modified with `docker cp <container-id>:/venv/... /opt/localfile/...` and back.
-(May you need to fix permissions with `docker exec -u 0 <container-id> chown nonroot:nonroot /venv/...`)
-
-## Dive / Docker image inspector
-
-- `dive dls:appliance`
-
-The source code is stored in `/venv/lib/python3.9/site-packages/nls_*`.
-
-Image-Reference:
-
-```
-Tags:   (unavailable)
-Id:     d1c7976a5d2b3681ff6c5a30f8187e4015187a83f3f285ba4a37a45458bd6b98
-Digest: sha256:311223c5af7a298ec1104f5dc8c3019bfb0e1f77256dc3d995244ffb295a97
-1f
-Command:
-#(nop) ADD file:c1900d3e3a29c29a743a8da86c437006ec5d2aa873fb24e48033b6bf492bb37b in /
-```
-
-## Private Key (Site-Key)
-
-- `/etc/dls/config/decryptor/decryptor`
-
-```shell
- docker exec -it <container-id> /etc/dls/config/decryptor/decryptor > /tmp/private-key.pem
-```
-
-```
------BEGIN RSA PRIVATE KEY-----
-...
------END RSA PRIVATE KEY-----
-``` 
-
-## Site Key Uri - `/etc/dls/config/site_key_uri.bin`
-
-```
-base64-content...
-```
-
-## DB Password - `/etc/dls/config/dls_db_password.bin`
-
-```
-base64-content...
-```
-
-**Decrypt database password**
-
-```
-cd /var/lib/docker/volumes/configurations/_data
-cat dls_db_password.bin | base64 -d > dls_db_password.bin.raw
-openssl rsautl -decrypt -inkey /tmp/private-key.pem -in dls_db_password.bin.raw
-```
-
-# Database
-
-- It's enough to manipulate database licenses. There must not be changed any line of code to bypass licensing
-  validations.
-
-# Logging / Stack Trace
-
-- https://docs.nvidia.com/license-system/latest/nvidia-license-system-user-guide/index.html#troubleshooting-dls-instance
-
-**Failed licensing log**
-
-```
-{
-    "activity": 100,
-    "context": {
-        "SERVICE_INSTANCE_ID": "b43d6e46-d6d0-4943-8b8d-c66a5f6e0d38",
-        "SERVICE_INSTANCE_NAME": "DEFAULT_2022-12-14_12:48:30",
-        "description": "borrow failed: NotFoundError(no pool features found for: NVIDIA RTX Virtual Workstation)",
-        "event_type": null,
-        "function_name": "_evt",
-        "lineno": 54,
-        "module_name": "nls_dal_lease_dls.event",
-        "operation_id": "e72a8ca7-34cc-4e11-b80c-273592085a24",
-        "origin_ref": "3f7f5a50-a26b-425b-8d5e-157f63e72b1c",
-        "service_name": "nls_services_lease"
-    },
-    "detail": {
-        "oc": {
-            "license_allotment_xid": "10c4317f-7c4c-11ed-a524-0e4252a7e5f1",
-            "origin_ref": "3f7f5a50-a26b-425b-8d5e-157f63e72b1c",
-            "service_instance_xid": "b43d6e46-d6d0-4943-8b8d-c66a5f6e0d38"
-        },
-        "operation_id": "e72a8ca7-34cc-4e11-b80c-273592085a24"
-    },
-    "id": "0cc9e092-3b92-4652-8d9e-7622ef85dc79",
-    "metadata": {},
-    "ts": "2022-12-15T10:25:36.827661Z"
-}
-
-{
-    "activity": 400,
-    "context": {
-        "SERVICE_INSTANCE_ID": "b43d6e46-d6d0-4943-8b8d-c66a5f6e0d38",
-        "SERVICE_INSTANCE_NAME": "DEFAULT_2022-12-14_12:48:30",
-        "description": "lease_multi_create failed: no pool features found for: NVIDIA RTX Virtual Workstation",
-        "event_by": "system",
-        "function_name": "lease_multi_create",
-        "level": "warning",
-        "lineno": 157,
-        "module_name": "nls_services_lease.controllers.lease_multi_controller",
-        "operation_id": "e72a8ca7-34cc-4e11-b80c-273592085a24",
-        "service_name": "nls_services_lease"
-    },
-    "detail": {
-        "_msg": "lease_multi_create failed: no pool features found for: NVIDIA RTX Virtual Workstation",
-        "exec_info": ["NotFoundError", "NotFoundError(no pool features found for: NVIDIA RTX Virtual Workstation)", "  File \"/venv/lib/python3.9/site-packages/nls_services_lease/controllers/lease_multi_controller.py\", line 127, in lease_multi_create\n    data = _leaseMulti.lease_multi_create(event_args)\n  File \"/venv/lib/python3.9/site-packages/nls_core_lease/lease_multi.py\", line 208, in lease_multi_create\n    raise e\n  File \"/venv/lib/python3.9/site-packages/nls_core_lease/lease_multi.py\", line 184, in lease_multi_create\n    self._try_proposals(oc, mlr, results, detail)\n  File \"/venv/lib/python3.9/site-packages/nls_core_lease/lease_multi.py\", line 219, in _try_proposals\n    lease = self._leases.create(creator)\n  File \"/venv/lib/python3.9/site-packages/nls_dal_lease_dls/leases.py\", line 230, in create\n    features = self._get_features(creator)\n  File \"/venv/lib/python3.9/site-packages/nls_dal_lease_dls/leases.py\", line 148, in _get_features\n    self._explain_not_available(cur, creator)\n  File \"/venv/lib/python3.9/site-packages/nls_dal_lease_dls/leases.py\", line 299, in _explain_not_available\n    raise NotFoundError(f'no pool features found for: {lcc.product_name}')\n"],
-        "operation_id": "e72a8ca7-34cc-4e11-b80c-273592085a24"
-    },
-    "id": "282801b9-d612-40a5-9145-b56d8e420dac",
-    "metadata": {},
-    "ts": "2022-12-15T10:25:36.831673Z"
-}
-
-```
-
-**Stack Trace**
-
-```
-"NotFoundError", "NotFoundError(no pool features found for: NVIDIA RTX Virtual Workstation)", "  File \"/venv/lib/python3.9/site-packages/nls_services_lease/controllers/lease_multi_controller.py\", line 127, in lease_multi_create
-    data = _leaseMulti.lease_multi_create(event_args)
-  File \"/venv/lib/python3.9/site-packages/nls_core_lease/lease_multi.py\", line 208, in lease_multi_create
-    raise e
-  File \"/venv/lib/python3.9/site-packages/nls_core_lease/lease_multi.py\", line 184, in lease_multi_create
-    self._try_proposals(oc, mlr, results, detail)
-  File \"/venv/lib/python3.9/site-packages/nls_core_lease/lease_multi.py\", line 219, in _try_proposals
-    lease = self._leases.create(creator)
-  File \"/venv/lib/python3.9/site-packages/nls_dal_lease_dls/leases.py\", line 230, in create
-    features = self._get_features(creator)
-  File \"/venv/lib/python3.9/site-packages/nls_dal_lease_dls/leases.py\", line 148, in _get_features
-    self._explain_not_available(cur, creator)
-  File \"/venv/lib/python3.9/site-packages/nls_dal_lease_dls/leases.py\", line 299, in _explain_not_available
-    raise NotFoundError(f'no pool features found for: {lcc.product_name}')
-"
-```
-
-# Nginx
-
-- NGINX uses `/opt/certs/cert.pem` and `/opt/certs/key.pem`  

docker-compose.yml

@@ -1,9 +1,10 @@
 version: '3.9'
 
 x-dls-variables: &dls-variables
-  DLS_URL: localhost  # REQUIRED, change to your ip or hostname
-  DLS_PORT: 443  # must match nginx listen & exposed port
-  LEASE_EXPIRE_DAYS: 90
+  TZ: Europe/Berlin # REQUIRED, set your timezone correctly on fastapi-dls AND YOUR CLIENTS !!!
+  DLS_URL: localhost # REQUIRED, change to your ip or hostname
+  DLS_PORT: 443
+  LEASE_EXPIRE_DAYS: 90  # 90 days is maximum
   DATABASE: sqlite:////app/database/db.sqlite
   DEBUG: false
 
@@ -13,106 +14,16 @@ services:
     restart: always
     environment:
       <<: *dls-variables
-    volumes:
-      - /opt/docker/fastapi-dls/cert:/app/cert  # instance.private.pem, instance.public.pem
-      - db:/app/database
-    entrypoint: ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--app-dir", "/app", "--proxy-headers"]
-    healthcheck:
-      test: ["CMD", "curl", "--fail", "http://localhost:8000/-/health"]
-      interval: 10s
-      timeout: 5s
-      retries: 3
-      start_period: 30s
-  proxy:
-    image: nginx
     ports:
-      # thees are ports where nginx (!) is listen to
-      - "80:80"  # for "/leasing/v1/lessor/shutdown" used by windows guests, can't be changed!
-      - "443:443"  # first part must match "DLS_PORT"
+      - "443:443"
     volumes:
-      - /opt/docker/fastapi-dls/cert:/opt/cert
-    healthcheck:
-      test: ["CMD", "curl", "--insecure", "--fail", "https://localhost/-/health"]
-      interval: 10s
-      timeout: 5s
-      retries: 3
-      start_period: 30s
-    command: |
-      bash -c "bash -s <<\"EOF\"
-      cat > /etc/nginx/nginx.conf <<\"EON\"
-      daemon off;
-      user root;
-      worker_processes auto;
-      
-      events {
-        worker_connections 1024;
-      }
-      
-      http {
-        gzip on;
-        gzip_disable "msie6";
-        include /etc/nginx/mime.types;
-      
-        upstream dls-backend {
-          server dls:8000;  # must match dls listen port
-        }
-      
-        server {
-          listen 443 ssl http2 default_server;
-          listen [::]:443 ssl http2 default_server;
-      
-          root /var/www/html;
-          index index.html;
-          server_name _;
-      
-          ssl_certificate "/opt/cert/webserver.crt";
-          ssl_certificate_key "/opt/cert/webserver.key";
-          ssl_session_cache shared:SSL:1m;
-          ssl_session_timeout  10m;
-          ssl_protocols TLSv1.3 TLSv1.2;
-          # ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305";
-          # ssl_ciphers PROFILE=SYSTEM;
-          ssl_prefer_server_ciphers on;
-      
-          location / {
-            proxy_set_header Host $$http_host;
-            proxy_set_header X-Real-IP $$remote_addr;
-            proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $$scheme;
-            proxy_pass http://dls-backend$$request_uri;
-          }
-      
-          location = /-/health {
-            access_log off;
-            add_header 'Content-Type' 'application/json';
-            return 200 '{\"status\":\"up\",\"service\":\"nginx\"}';
-          }
-        }
-      
-        server {
-          listen 80;
-          listen [::]:80;
-      
-          root /var/www/html;
-          index index.html;
-          server_name _;
-      
-          location /leasing/v1/lessor/shutdown {
-            proxy_set_header Host $$http_host;
-            proxy_set_header X-Real-IP $$remote_addr;
-            proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $$scheme;
-            proxy_pass http://dls-backend/leasing/v1/lessor/shutdown;
-          }
-      
-          location / {
-            return 301 https://$$host$$request_uri;
-          }
-        }
-      }
-      EON
-      nginx
-      EOF"
+      - /opt/docker/fastapi-dls/cert:/app/cert
+      - dls-db:/app/database
+    logging: # optional, for those who do not need logs
+      driver: "json-file"
+      options:
+        max-file: 5
+        max-size: 10m
 
 volumes:
-  db:
+  dls-db:

examples/docker-compose-http-and-https.yml

@@ -0,0 +1,120 @@
+version: '3.9'
+
+x-dls-variables: &dls-variables
+  DLS_URL: localhost  # REQUIRED, change to your ip or hostname
+  DLS_PORT: 443  # must match nginx listen & exposed port
+  LEASE_EXPIRE_DAYS: 90
+  DATABASE: sqlite:////app/database/db.sqlite
+  DEBUG: false
+
+services:
+  dls:
+    image: collinwebdesigns/fastapi-dls:latest
+    restart: always
+    environment:
+      <<: *dls-variables
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /opt/docker/fastapi-dls/cert:/app/cert  # instance.private.pem, instance.public.pem
+      - db:/app/database
+    entrypoint: ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--app-dir", "/app", "--proxy-headers"]
+    healthcheck:
+      test: ["CMD", "curl", "--fail", "http://localhost:8000/-/health"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 30s
+  proxy:
+    image: nginx
+    ports:
+      # thees are ports where nginx (!) is listen to
+      - "80:80"  # for "/leasing/v1/lessor/shutdown" used by windows guests, can't be changed!
+      - "443:443"  # first part must match "DLS_PORT"
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /opt/docker/fastapi-dls/cert:/opt/cert
+    healthcheck:
+      test: ["CMD", "curl", "--insecure", "--fail", "https://localhost/-/health"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 30s
+    command: |
+      bash -c "bash -s <<\"EOF\"
+      cat > /etc/nginx/nginx.conf <<\"EON\"
+      daemon off;
+      user root;
+      worker_processes auto;
+      
+      events {
+        worker_connections 1024;
+      }
+      
+      http {
+        gzip on;
+        gzip_disable "msie6";
+        include /etc/nginx/mime.types;
+      
+        upstream dls-backend {
+          server dls:8000;  # must match dls listen port
+        }
+      
+        server {
+          listen 443 ssl http2 default_server;
+          listen [::]:443 ssl http2 default_server;
+      
+          root /var/www/html;
+          index index.html;
+          server_name _;
+      
+          ssl_certificate "/opt/cert/webserver.crt";
+          ssl_certificate_key "/opt/cert/webserver.key";
+          ssl_session_cache shared:SSL:1m;
+          ssl_session_timeout  10m;
+          ssl_protocols TLSv1.3 TLSv1.2;
+          # ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305";
+          # ssl_ciphers PROFILE=SYSTEM;
+          ssl_prefer_server_ciphers on;
+      
+          location / {
+            proxy_set_header Host $$http_host;
+            proxy_set_header X-Real-IP $$remote_addr;
+            proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $$scheme;
+            proxy_pass http://dls-backend$$request_uri;
+          }
+      
+          location = /-/health {
+            access_log off;
+            add_header 'Content-Type' 'application/json';
+            return 200 '{\"status\":\"up\",\"service\":\"nginx\"}';
+          }
+        }
+      
+        server {
+          listen 80;
+          listen [::]:80;
+      
+          root /var/www/html;
+          index index.html;
+          server_name _;
+      
+          location /leasing/v1/lessor/shutdown {
+            proxy_set_header Host $$http_host;
+            proxy_set_header X-Real-IP $$remote_addr;
+            proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $$scheme;
+            proxy_pass http://dls-backend/leasing/v1/lessor/shutdown;
+          }
+      
+          location / {
+            return 301 https://$$host$$request_uri;
+          }
+        }
+      }
+      EON
+      nginx
+      EOF"
+
+volumes:
+  db:

requirements.txt

@@ -1,9 +1,8 @@
-fastapi==0.89.1
-uvicorn[standard]==0.20.0
-python-jose==3.3.0
-pycryptodome==3.16.0
-python-dateutil==2.8.2
-sqlalchemy==1.4.46
-markdown==3.4.1
-python-dotenv==0.21.0
-jinja2==3.1.2
+fastapi==0.115.12
+uvicorn[standard]==0.34.1
+python-jose[cryptography]==3.4.0
+cryptography==44.0.2
+python-dateutil==2.9.0
+sqlalchemy==2.0.40
+markdown==3.8
+python-dotenv==1.1.0

test/create_driver_matrix_json.py

@@ -0,0 +1,123 @@
+import logging
+
+logging.basicConfig()
+logger = logging.getLogger(__name__)
+logger.setLevel(logging.INFO)
+
+URL = 'https://docs.nvidia.com/vgpu/index.html'
+
+BRANCH_STATUS_KEY = 'vGPU Branch Status'
+VGPU_KEY, GRID_KEY, DRIVER_BRANCH_KEY = 'vGPU Software', 'vGPU Software', 'Driver Branch'
+LINUX_VGPU_MANAGER_KEY, LINUX_DRIVER_KEY = 'Linux vGPU Manager', 'Linux Driver'
+WINDOWS_VGPU_MANAGER_KEY, WINDOWS_DRIVER_KEY = 'Windows vGPU Manager', 'Windows Driver'
+ALT_VGPU_MANAGER_KEY = 'vGPU Manager'
+RELEASE_DATE_KEY, LATEST_KEY, EOL_KEY = 'Release Date', 'Latest Release in Branch', 'EOL Date'
+JSON_RELEASES_KEY = '$releases'
+
+
+def __driver_versions(html: 'BeautifulSoup'):
+    def __strip(_: str) -> str:
+        # removes content after linebreak (e.g. "Hello\n World" to "Hello")
+        _ = _.strip()
+        tmp = _.split('\n')
+        if len(tmp) > 0:
+            return tmp[0]
+        return _
+
+    # find wrapper for "DriverVersions" and find tables
+    data = html.find('div', {'id': 'driver-versions'})
+    items = data.find_all('bsp-accordion', {'class': 'Accordion-items-item'})
+    for item in items:
+        software_branch = item.find('div', {'class': 'Accordion-items-item-title'}).text.strip()
+        software_branch = software_branch.replace(' Releases', '')
+        matrix_key = software_branch.lower()
+
+        branch_status = item.find('a', href=True, string='Branch status')
+        branch_status = branch_status.next_sibling.replace(':', '').strip()
+
+        # driver version info from table-heads (ths) and table-rows (trs)
+        table = item.find('table')
+        ths, trs = table.find_all('th'), table.find_all('tr')
+        headers, releases = [header.text.strip() for header in ths], []
+        for trs in trs:
+            tds = trs.find_all('td')
+            if len(tds) == 0:  # skip empty
+                continue
+            # create dict with table-heads as key and cell content as value
+            x = {headers[i]: __strip(cell.text) for i, cell in enumerate(tds)}
+            x.setdefault(BRANCH_STATUS_KEY, branch_status)
+            releases.append(x)
+
+        # add to matrix
+        MATRIX.update({matrix_key: {JSON_RELEASES_KEY: releases}})
+
+
+def __debug():
+    # print table head
+    s = f'{VGPU_KEY:^13} | {LINUX_VGPU_MANAGER_KEY:^21} | {LINUX_DRIVER_KEY:^21} | {WINDOWS_VGPU_MANAGER_KEY:^21} | {WINDOWS_DRIVER_KEY:^21} | {RELEASE_DATE_KEY:>21} | {BRANCH_STATUS_KEY:^21}'
+    print(s)
+
+    # iterate over dict & format some variables to not overload table
+    for idx, (key, branch) in enumerate(MATRIX.items()):
+        for release in branch.get(JSON_RELEASES_KEY):
+            version = release.get(VGPU_KEY, release.get(GRID_KEY, ''))
+            linux_manager = release.get(LINUX_VGPU_MANAGER_KEY, release.get(ALT_VGPU_MANAGER_KEY, ''))
+            linux_driver = release.get(LINUX_DRIVER_KEY)
+            windows_manager = release.get(WINDOWS_VGPU_MANAGER_KEY, release.get(ALT_VGPU_MANAGER_KEY, ''))
+            windows_driver = release.get(WINDOWS_DRIVER_KEY)
+            release_date = release.get(RELEASE_DATE_KEY)
+            is_latest = release.get(VGPU_KEY) == branch.get(LATEST_KEY)
+            branch_status = __parse_branch_status(release.get(BRANCH_STATUS_KEY, ''))
+
+            version = f'{version} *' if is_latest else version
+            s = f'{version:<13} | {linux_manager:<21} | {linux_driver:<21} | {windows_manager:<21} | {windows_driver:<21} | {release_date:>21} | {branch_status:^21}'
+            print(s)
+
+
+def __parse_branch_status(string: str) -> str:
+    string = string.replace('Production Branch', 'Prod. -')
+    string = string.replace('Long-Term Support Branch', 'LTS -')
+
+    string = string.replace('supported until', '')
+
+    string = string.replace('EOL since', 'EOL - ')
+    string = string.replace('EOL from', 'EOL -')
+
+    return string
+
+
+def __dump(filename: str):
+    import json
+
+    file = open(filename, 'w')
+    json.dump(MATRIX, file)
+    file.close()
+
+
+if __name__ == '__main__':
+    MATRIX = {}
+
+    try:
+        import httpx
+        from bs4 import BeautifulSoup
+    except Exception as e:
+        logger.error(f'Failed to import module: {e}')
+        logger.info('Run "pip install beautifulsoup4 httpx"')
+        exit(1)
+
+    r = httpx.get(URL)
+    if r.status_code != 200:
+        logger.error(f'Error loading "{URL}" with status code {r.status_code}.')
+        exit(2)
+
+    # parse html
+    soup = BeautifulSoup(r.text, features='html.parser')
+
+    # build matrix
+    __driver_versions(soup)
+
+    # debug output
+    __debug()
+
+    # dump data to file
+    __dump('../app/static/driver_matrix.json')

test/main.py

@@ -1,7 +1,8 @@
+import sys
 from base64 import b64encode as b64enc
-from hashlib import sha256
 from calendar import timegm
-from datetime import datetime
+from datetime import datetime, UTC
+from hashlib import sha256
 from os.path import dirname, join
 from uuid import uuid4, UUID
 
@@ -9,14 +10,13 @@ from dateutil.relativedelta import relativedelta
 from jose import jwt, jwk
 from jose.constants import ALGORITHMS
 from starlette.testclient import TestClient
-import sys
 
 # add relative path to use packages as they were in the app/ dir
 sys.path.append('../')
 sys.path.append('../app')
 
 from app import main
-from app.util import load_key
+from util import PrivateKey, PublicKey
 
 client = TestClient(main.app)
 
@@ -25,11 +25,11 @@ ORIGIN_REF, ALLOTMENT_REF, SECRET = str(uuid4()), '20000000-0000-0000-0000-00000
 # INSTANCE_KEY_RSA = generate_key()
 # INSTANCE_KEY_PUB = INSTANCE_KEY_RSA.public_key()
 
-INSTANCE_KEY_RSA = load_key(str(join(dirname(__file__), '../app/cert/instance.private.pem')))
-INSTANCE_KEY_PUB = load_key(str(join(dirname(__file__), '../app/cert/instance.public.pem')))
+INSTANCE_KEY_RSA = PrivateKey.from_file(str(join(dirname(__file__), '../app/cert/instance.private.pem')))
+INSTANCE_KEY_PUB = PublicKey.from_file(str(join(dirname(__file__), '../app/cert/instance.public.pem')))
 
-jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
-jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256)
+jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.pem(), algorithm=ALGORITHMS.RS256)
+jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.pem(), algorithm=ALGORITHMS.RS256)
 
 
 def __bearer_token(origin_ref: str) -> str:
@@ -59,8 +59,8 @@ def test_readme():
     assert response.status_code == 200
 
 
-def test_dashboard():
-    response = client.get('/-/dashboard')
+def test_manage():
+    response = client.get('/-/manage')
     assert response.status_code == 200
 
 
@@ -106,6 +106,7 @@ def test_auth_v1_origin():
     assert response.json().get('origin_ref') == ORIGIN_REF
 
 
+
 def auth_v1_origin_update():
     payload = {
         "registration_pending": False,
@@ -141,7 +142,7 @@ def test_auth_v1_code():
 
 
 def test_auth_v1_token():
-    cur_time = datetime.utcnow()
+    cur_time = datetime.now(UTC)
     access_expires_on = cur_time + relativedelta(hours=1)
 
     payload = {
@@ -153,8 +154,7 @@ def test_auth_v1_token():
         "kid": "00000000-0000-0000-0000-000000000000"
     }
     payload = {
-        "auth_code": jwt.encode(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')},
-                                algorithm=ALGORITHMS.RS256),
+        "auth_code": jwt.encode(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256),
         "code_verifier": SECRET,
     }
 
@@ -187,8 +187,6 @@ def test_leasing_v1_lessor():
     assert len(lease_result_list[0]['lease']['ref']) == 36
     assert str(UUID(lease_result_list[0]['lease']['ref'])) == lease_result_list[0]['lease']['ref']
 
-    return lease_result_list[0]['lease']['ref']
-
 
 def test_leasing_v1_lessor_lease():
     response = client.get('/leasing/v1/lessor/leases', headers={'authorization': __bearer_token(ORIGIN_REF)})
@@ -231,7 +229,23 @@ def test_leasing_v1_lease_delete():
 
 
 def test_leasing_v1_lessor_lease_remove():
-    lease_ref = test_leasing_v1_lessor()
+    # see "test_leasing_v1_lessor()"
+    payload = {
+        'fulfillment_context': {
+            'fulfillment_class_ref_list': []
+        },
+        'lease_proposal_list': [{
+            'license_type_qualifiers': {'count': 1},
+            'product': {'name': 'NVIDIA RTX Virtual Workstation'}
+        }],
+        'proposal_evaluation_mode': 'ALL_OF',
+        'scope_ref_list': [ALLOTMENT_REF]
+    }
+
+    response = client.post('/leasing/v1/lessor', json=payload, headers={'authorization': __bearer_token(ORIGIN_REF)})
+    lease_result_list = response.json().get('lease_result_list')
+    lease_ref = lease_result_list[0]['lease']['ref']
+    #
 
     response = client.delete('/leasing/v1/lessor/leases', headers={'authorization': __bearer_token(ORIGIN_REF)})
     assert response.status_code == 200

version.env

@@ -1 +0,0 @@
-VERSION=1.3.3