From e009155a72586a5f20791084635b2aa8647f66a8 Mon Sep 17 00:00:00 2001
From: Neil Hanlon <neil@rockylinux.org>
Date: Fri, 30 Aug 2024 15:34:13 -0400
Subject: [PATCH] fix: use rocky group, cleanup

---
 Containerfile      |  1 +
 mirrormanager2.cfg | 13 +++++++++++--
 run.py             |  8 ++++++++
 start-dev.sh       |  9 ++-------
 4 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/Containerfile b/Containerfile
index 6565f85..4fd58b9 100644
--- a/Containerfile
+++ b/Containerfile
@@ -24,6 +24,7 @@ RUN mkdir -p /opt/mirrormanager2
 WORKDIR /opt/mirrormanager2
 RUN git clone https://github.com/fedora-infra/mirrormanager2.git .
 
+RUN sed -e 's/signed_fpca/signed_rosca/' -i mirrormanager2/perms.py mirrormanager2/auth.py
 RUN pip install --prefix=/install .
 
 # Stage 2: Final stage with runtime dependencies
diff --git a/mirrormanager2.cfg b/mirrormanager2.cfg
index e60d22d..3201a4d 100644
--- a/mirrormanager2.cfg
+++ b/mirrormanager2.cfg
@@ -44,13 +44,22 @@ THEME_FOLDER = os.environ.get('MM2_THEME_FOLDER', 'fedora')
 #MM_AUTHENTICATION = "fas"
 
 OIDC_CLIENT_SECRETS = "/etc/mirrormanager/client_secrets.json"
+OIDC_SCOPES = " ".join(
+    [
+        "openid",
+        "email",
+        "profile",
+        "https://id.fedoraproject.org/scope/groups",
+        "https://id.fedoraproject.org/scope/agreements",
+    ]
+)
 
 # If the authentication method is `fas`, groups in which should be the user
 # to be recognized as an admin.
-#ADMIN_GROUP = ["sysadmin-main"]
+ADMIN_GROUP = ["infrastructure"]
 
 # Email of the admin to which send notification or error
-ADMIN_EMAIL = "admin@fedoraproject.org"
+ADMIN_EMAIL = "infrastructure@rockylinux.org"
 
 # Email address used in the "From" field of the emails sent.
 # Default: ``nobody@fedoraproject.org``.
diff --git a/run.py b/run.py
index 632dce6..7db3aa4 100644
--- a/run.py
+++ b/run.py
@@ -1,5 +1,13 @@
 from werkzeug.middleware.proxy_fix import ProxyFix
 from mirrormanager2.app import create_app
+from flask_session import Session
+from cachelib.file import FileSystemCache
+import os
+
 application = create_app()
+application.debug = os.environ.get("MM2_DEBUG", False)
+application.config['SESSION_TYPE'] = "cachelib"
+application.config['SESSION_CACHELIB'] = FileSystemCache(cache_dir='/tmp/sessions', threshold=500)
+Session(application)
 application.wsgi_app = ProxyFix(application.wsgi_app, x_proto=1, x_host=1)
 
diff --git a/start-dev.sh b/start-dev.sh
index 44411ba..fbf9032 100644
--- a/start-dev.sh
+++ b/start-dev.sh
@@ -2,13 +2,6 @@ POD=mirrormanager2
 
 podman pod exists $POD || podman pod create -p 5000:5000 -n $POD
 
-#podman run \
-#    --pod $POD \
-#    --name nginx \
-#    --replace \
-#    -v $PWD/nginx.conf:/etc/nginx/conf.d/default.conf:ro \
-#    -d docker.io/library/nginx:1.13-alpine
-
 test -d tmp || mkdir tmp
 test -f client_secrets.json || (echo "missing client_secrets" && exit 2)
 
@@ -22,6 +15,8 @@ podman run \
     -e "MM2_SECRET_KEY=$(openssl rand -hex 32)" \
     -e "MM2_PASSWORD_SEED=$(openssl rand -hex 32)" \
     -e 'MM2_THEME_FOLDER=rocky' \
+    -e 'FLASK_DEBUG=1' \
+    -e 'MM2_DEBUG=1' \
     -v $PWD/mirrormanager2.cfg:/etc/mirrormanager/mirrormanager2.cfg \
     -v $PWD/client_secrets.json:/etc/mirrormanager/client_secrets.json \
     -v $PWD/tmp:/var/tmp:rw \