cutnut-server v0.0.1
Cutnut
Api Documentation
All stories are private by default. The user can edit, view and add cuts to his own stories. Also he can access story if he was invited to it.
In the Story object there're two urls that help you to share links of story with other people.
{
...
"editUrl": "https://cutnut.tv/s/B8",
"viewUrl": "https://cutnut.tv/s/B7",
...
}
You can share this links wherever you want: email, Facebook, Twitter, Telegram, sms, etc.
There're two types of permissions:
edit - user's allowed to edit and view story view - user's only allowed to view story
For mobile developers
The application should detect urls that contains Cutnut domain https://cutnut.tv
and custom url scheme cutnut://
.
If the application was opened by short url like https://cutnut.tv/s/B8
you should get a full url.
Examples:
- Full url
https://cutnut.tv/story/da655859-009e-4d5a-958e-debf5fd164e7/edit?access_token=k5JqdGaf1PLTU326Ds3OcIY2PiCunHRy
Scheme
cutnut://story/da655859-009e-4d5a-958e-debf5fd164e7/edit?access_token=k5JqdGaf1PLTU326Ds3OcIY2PiCunHRy
//story/:storyId/:action?access_token=:token
Important parts you need to get from url:
storyId
(da655859-009e-4d5a-958e-debf5fd164e7
)
action
(show
or edit
)
token
(k5JqdGaf1PLTU326Ds3OcIY2PiCunHRy
)
After that just do request GET Story with these parameters.
Setup project
We use Docker for the development.
To install node modules you need to run the following command:
docker-compose run web npm install
To get authenticated you need to install gcloud cli
[gcloud](https://cloud.google.com/sdk/docs/quickstarts)
Then run next command
gcloud auth configure-docker
Run next command to compile admin panel files
docker-compose run web npm run build
And then you can run the application (without control panel, for control panel use npm run serve
)
docker-compose up web thumbor worker kue-ui mongo
Or in 3 different tabs (for less logs)
docker-compose up thumbor worker kue-ui mongo
docker-compose up web
npm run serve
To run tests:
docker-compose run test
Also you need to create collection in the database called counters and insert one document. You can do this with command:
docker-compose run web ./app/bin/init-counters
If you need new user run script
docker-compose run web ./app/bin/add-user
docker-compose run web ./app/bin/add-snippets-into-user
Import collection from file
mongorestore -d cutnut --port 27018 -c users ./users.bson
mongoimport -d cutnut --port 27018 -c users --file ./users.json
Stage
Stage has "Production" environment, so for building public you need to run as well:
docker-compose run web npm i --unsafe-perm --only=dev
npm run restart
Deploy to production on GCP
Download values.yaml from secret place
Attention: version in values.yaml (in root) should match with version in TAG= command
Setup:
* install [docker](https://docs.docker.com/install/), you will need [virtualbox](https://www.virtualbox.org/wiki/Downloads) as well
* install [kubernetes](https://kubernetes.io/docs/tasks/tools/install-kubectl/) - manage everything
* install [gcloud](https://cloud.google.com/sdk/docs/quickstarts) - you can skip this this step if you've already installed it for development
* install [helm](https://docs.helm.sh/using_helm/#installing-helm) - DRY, pass variables to *yaml* configs
* `gcloud auth login`
* `gcloud config set project PROJECT_ID`
* [create](https://cloud.google.com/kubernetes-engine/docs/quickstart) cluster in GCP or connect to the existed one with: `gcloud container clusters get-credentials <cluster> --zone <zone> --project <project>` - this can be found in GCP in `kubernetes clusters`, tab after pressing `Connect` button
* `kubectl apply -f ./charts/kube-setup/tiller-sa.yaml`
* Wait few seconds
* `helm init --upgrade --service-account tiller`
* For the first time proceed `cert-manager` step
Each time you move from cluster to cluster be sure these commands were run once more time:
* `gcloud auth login`
* `gcloud config set project PROJECT_ID`
* [create](https://cloud.google.com/kubernetes-engine/docs/quickstart) cluster in GCP or connect to the existed one with: `gcloud container clusters get-credentials <cluster> --zone <zone> --project <project>` - this can be found in GCP in `kubernetes clusters`, tab after pressing `Connect` button
If changes in code (TAG here should match with tag in values.yaml
)
export TAG=<yyyy-mm-dd>
./docker/build-prod
./docker/push-prod
Test server:
helm upgrade -i cutnut-test-server ./charts/cutnut-server/ -f values.yaml
Live server:
helm upgrade -i cutnut-server-master ./charts/cutnut-server/ -f values.yaml
If you need to run command in bush on some pod (find all pod names by kubectl get pods
):
kubectl exec -ti {pod-name} -- bash
To see streamed logs use this command:
kubectl logs -f {pod-name}
cert-manager
Additional info about https (tls/ssl). There you can find which email use as issuer
helm upgrade cert-manager stable/cert-manager --namespace kube-system --install --set ingressShim.enabled=false
Also need to create an issuer, it will need an IAM user, replace the access key id in the letsencrypt.yaml
file.
There is a file route53-issuer-policy.json
that shows the permissions needed.
You might need to replace the ZONE ID in route53-issuer-policy.json
and the access key letsencrypt.yaml
.
XXXXXX - is normally your account id
"SECRET KEY" is "AWS_SECRET_ACCESS_KEY" from "letsencrypt-issuer" user
While aws configure
you need to do it with user that has IAMFullAccess
permission in IAM
aws configure
aws iam create-user --user-name letsencrypt-issuer
aws iam create-policy --policy-name letsencrypt-issuer-policy --policy-document file://charts/kube-setup/route53-issuer-policy.json
aws iam attach-user-policy --user-name letsencrypt-issuer --policy-arn arn:aws:iam::XXXXXX:policy/letsencrypt-issuer-policy
echo -n "SECRET KEY" > ./secret-access-key
kubectl create secret generic letsencrypt-prod-route53 --from-file=./secret-access-key
kubectl apply -f ./charts/kube-setup/letsencrypt.yaml
One its installed you have test it using test-cert.yaml
, "kubectl apply -f ..." can take about 5 mins to be issued, you check this by describe
ing
the cert or checking certificate manager pod logs
kubectl apply -f ./charts/kube-setup/test-cert.yaml
kubectl describe certificate test-cert
kubectl get secret test-cert-tls -o "jsonpath={.data['tls\.crt']}" | base64 --decode | openssl x509 -text -noout
To get GOOGLE_ACCESS_KEY and GOOGLE_SECRET_ACCESS_KEY go to the GCP => Storage => Settings => Interoperability if disabled => press to enable it Press create a new key
4 years ago