OnboardLite is the result of the Influx Initiative, our vision for an improved student organization lifecycle at the University of Central Florida
git clone https://github.com/HackUCF/OnboardLite.git
python3 -m venv .venv
echo ".venv/" > ./.git/info/exclude
source ./.venv/bin/activate
python3 -m pip install -r requirements.txt
python3 -m pip install -r requirements-dev.txt
pre-commit install
mkdir ./config
cp options-example.yml ./config/options.yml
Goto https://discord.com/developers/applications create an application. Then under oauth2 get client id and client sceret set redir url to http://localhost:8000/api/oauth/?redir=_redir
Set
discord
client_id:
secret:
redirect_base: http://localhost:8000/api/oauth/?redir=
enable: false
set
email:
enable false
Set
http:
domain: localhost:8000
Set jwt secret to a <32 charcter random string
Set database to
database:
url: "sqlite:////data/database.db" # For docker create database/
url: "sqlite:///database/database.db" # For local dev create database/
To run you can do either
python3 -m uvicorn app.main:app --host 0.0.0.0 --reload --port 8000
or
docker compose -f docker-compose-dev.yml watch
Debug in vscode create .vscode/launch.json
{
"version": "0.2.0",
"configurations": [
{
"name": "Python: FastAPI",
"type": "debugpy",
"justMyCode": true,
"request": "launch",
"module": "uvicorn",
"args": [
"app.main:app",
"--reload",
"--port",
"8000"
]
}
]
}
- Deploy a box.
- Make sure the AWS CLI is set up and that
~/.aws
is populated.
- Create a new AWS user with the policies
AmazonDynamoDBFullAccess
andPowerUserAccess
(or preferrably, a policy that includes the actionsdynamodb:*
andsso:account:access
) - Install the AWS CLI
- Run
aws configure sso
on the host machine. See this article for more details. - Create a new DynamoDB table named "hackucf_members" (default) with partition key
id
- Make sure Stripe is configured to work with a webhook at
$URL/pay/webhook/validate
and the account is activated.
- Create the webhook at the desired domain. Include the events
checkout.session.*
. - Create a product to represent dues payments in the dashboard. This should be $10 + $0.60 to account for Stripe fees.
- Request a configuration file with all the neccesary secrets/configurations for AWS, Stripe, Discord, and others.
- Install dependencies:
sudo apt install -y nginx certbot build-essential python3.11 python3.11-dev
(or later versions of python3). You may need to use get-pip.py to installpip3.11
as well. - Install Python dependencies:
python3.11 -m pip install -r requirements.txt
- Configure
nginx
(recommended) to proxy to port 80/443 + enable HTTPS. Set headers likeContent-Security-Policy
.
- If you use nginx, PLEASE use HTTPS (if you can; Cloudflare will probably disagree and want to use its own cert).
- Install redis
sudo apt install redis
- Drop the following
systemd
service, replacing values as appropiate:
[Unit]
Description=Uvicorn instance to serve OnboardLite
After=network.target
[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/onboard-user/OnboardLite/
Environment="PATH=/home/onboard-user/OnboardLite/"
ExecStart=python3.11 -m uvicorn index:app --host 127.0.0.1 --port 8000 --workers 2
[Install]
WantedBy=multi-user.target
- Drop the following nginx site config:
server {
listen 80;
listen [::]:80;
server_name join.hackucf.org;
proxy_set_header X-Forwarded-For $proxy_protocol_addr; # To forward the original client's IP address
proxy_set_header X-Forwarded-Proto $scheme; # to forward the original protocol (HTTP or HTTPS)
proxy_set_header Host $host; # to forward the original host requested by the client
root /var/www/html;
index index.html;
location ^~ / {
proxy_pass http://127.0.0.1:8000;
}
}
- Start and enable the service using
systemctl
. Do the same fornginx
if installed. - Put the service behind Cloudflare (optional).
- Generate the Apple Wallet secrets and place them in
config/pki
. See this tutorial for details. - Profit!
To edit questions on a form, edit the JSON files in the forms/
folder. Each JSON is a separate page that acts as a discrete form, with each value correlated to a database entry. OnboardLite uses a file format based on a simplified Sileo Native Depiction and achieves the same goal: render a UI from a JSON schema. The schema is, honestly, poorly documented, but is rendered by util/kennelish.py
. In short, each object in an array is a discrete element that is rendered.
Database entries must be defined in models/user.py
before being called in a form. Data type valdiation is enforced by Pydantic.
Administrators are classified as trusted Operations members and are not the same thing as Executives. These are people who can view roster logs, and should be FERPA-trained by UCF (either using the RSO training or the general TA training). The initial administrator has to be set via DynamoDB's user interface.
Please report security vulnerabilities to [email protected]
.