Lenny lcp server v1

.gitignore

@@ -6,7 +6,14 @@ __pycache__/
 *.py[cod]
 *$py.class
 *.cfg
+
+#lenny files
 lenny.env
+readium/config/config.yaml
+readium/config/lsd_config.yaml
+readium/config/htpasswd
+readium/tmp
+readium/bookshelf
 
 # C extensions
 *.so
@@ -174,3 +181,4 @@ cython_debug/
 
 # PyPI configuration file
 .pypirc
+

compose.yaml

@@ -35,6 +35,7 @@ services:
       - "${DB_PORT}:5432"
     volumes:
       - db_data:/var/lib/postgresql/data
+      - ./readium/db/:/docker-entrypoint-initdb.d/:ro
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB -h localhost || exit 1"]
       interval: 5s
@@ -106,6 +107,59 @@ services:
     networks:
       - lenny_network
 
+  lcpserver:
+    build:
+      context: ./docker/readium-lcp-server
+    container_name: lcpserver
+    ports:
+      - "8989:8989"
+    depends_on:
+      db:
+        condition: service_healthy
+    environment:
+      - READIUM_LCPSERVER_CONFIG=/srv/config/config.yaml
+    volumes:
+      - ./readium/config:/srv/config
+      - ./readium/db:/srv/db
+      - ./readium/tmp:/srv/tmp
+      - ./readium/bookshelf:/bookshelf
+    command: ["/usr/local/bin/lcpserver"]
+    networks:
+      - lenny_network
+
+  lsdserver:
+    build:
+      context: ./docker/readium-lcp-server
+    container_name: lsdserver
+    ports:
+      - "8990:8990"
+    depends_on:
+      db:
+        condition: service_healthy
+    environment:
+      - READIUM_LSDSERVER_CONFIG=/srv/config/lsd_config.yaml
+    volumes:
+      - ./readium/config:/srv/config
+      - ./readium/db:/srv/db
+      - ./readium/tmp:/srv/tmp
+      - ./readium/bookshelf:/bookshelf
+    command: ["/usr/local/bin/lsdserver"]
+    networks:
+      - lenny_network
+
+  lcpencrypt:
+    build:
+      context: ./docker/readium-lcp-server
+    container_name: lcpencrypt
+    volumes:
+      - ./readium/config:/srv/config
+      - ./readium/db:/srv/db
+      - ./readium/tmp:/srv/tmp
+      - ./readium/bookshelf:/bookshelf
+    command: ["tail", "-f", "/dev/null"]
+    networks:
+      - lenny_network
+
 networks:
   lenny_network:
     driver: bridge

docker/configure.sh

@@ -2,6 +2,14 @@
 
 ENV_FILE=".env"
 
+# Unset all relevant environment variables to avoid contamination from the current shell
+unset LENNY_HOST LENNY_PORT LCP_HOST LCP_PORT LCP_PUBLIC_BASE_URL
+unset LCP_DB_NAME LCP_UPDATE_USER LCP_UPDATE_PASS LCP_HTPASSWD_USER LCP_HTPASSWD_PASS
+unset LSD_HOST LSD_PORT LSD_PUBLIC_BASE_URL LSD_NOTIFY_USER LSD_NOTIFY_PASS
+unset DB_USER DB_HOST DB_PORT DB_PASSWORD DB_NAME
+unset S3_ACCESS_KEY S3_SECRET_KEY S3_ENDPOINT S3_PROVIDER S3_SECURE
+unset READER_PORT READIUM_PORT LENNY_WORKERS LENNY_LOG_LEVEL LENNY_RELOAD LENNY_SSL_CRT LENNY_SSL_KEY
+
 # Exit if the file already exists
 if [ -f "$ENV_FILE" ]; then
   echo "$ENV_FILE already exists. No changes made."
@@ -26,6 +34,18 @@ LENNY_SSL_KEY="${LENNY_SSL_KEY:-}"
 READER_PORT="${READER_PORT:-3000}"
 READIUM_PORT="${READIUM_PORT:-15080}"
 
+LCP_HTPASSWD_USER="${LCP_HTPASSWD_USER:-admin}"
+LCP_HTPASSWD_PASS="${LCP_HTPASSWD_PASS:-$(genpass 20)}"
+
+LCP_HOST="${LCP_HOST:-0.0.0.0}"
+LCP_PORT="${LCP_PORT:-8989}"
+LCP_PUBLIC_BASE_URL="${LCP_PUBLIC_BASE_URL:-http://${LCP_HOST}:${LCP_PORT}/lcpserver}"
+LCP_DB_NAME="${LCP_DB_NAME:-lcp}"
+
+LSD_HOST="${LSD_HOST:-lsdserver}"
+LSD_PORT="${LSD_PORT:-8990}"
+LSD_PUBLIC_BASE_URL="${LSD_PUBLIC_BASE_URL:-http://${LSD_HOST}:${LSD_PORT}}"
+
 NEXT_PUBLIC_ENABLE_MANIFEST_ROUTE="${NEXT_PUBLIC_ENABLE_MANIFEST_ROUTE:-true}"
 NEXT_PUBLIC_MANIFEST_FORCE_ENABLE="${NEXT_PUBLIC_MANIFEST_FORCE_ENABLE:-true}"
 NODE_ENV="${NODE_ENV:-production}"
@@ -63,6 +83,25 @@ NODE_ENV=$NODE_ENV
 READER_PORT=$READER_PORT
 READIUM_PORT=$READIUM_PORT
 
+# LCP Server
+LCP_HOST=$LCP_HOST
+LCP_PORT=$LCP_PORT
+LCP_PUBLIC_BASE_URL=$LCP_PUBLIC_BASE_URL
+LCP_DB_NAME=$LCP_DB_NAME
+LCP_UPDATE_USER=$LCP_HTPASSWD_USER
+LCP_UPDATE_PASS=$LCP_HTPASSWD_PASS
+
+# LCP Authentication
+LCP_HTPASSWD_USER=$LCP_HTPASSWD_USER
+LCP_HTPASSWD_PASS=$LCP_HTPASSWD_PASS
+
+# LSD Server
+LSD_HOST=$LSD_HOST
+LSD_PORT=$LSD_PORT
+LSD_PUBLIC_BASE_URL=$LSD_PUBLIC_BASE_URL
+LSD_NOTIFY_USER=$LCP_HTPASSWD_USER
+LSD_NOTIFY_PASS=$LCP_HTPASSWD_PASS
+
 # DB
 DB_USER=$DB_USER
 DB_HOST=$DB_HOST

docker/generate_htpasswd.sh

@@ -0,0 +1,61 @@
+#!/bin/sh
+# Generate an Apache htpasswd file for LCP/LSD server authentication (bcrypt)
+# Or: set LCP_HTPASSWD_USER and LCP_HTPASSWD_PASS in .env and run ./generate_htpasswd.sh [<output_file>]
+
+set -e
+
+install_htpasswd() {
+  case "$(uname)" in
+    Darwin) brew install httpd ;;
+    Linux)
+      if [ -f "/etc/debian_version" ]; then
+        sudo apt-get update && sudo apt-get install -y apache2-utils
+      elif [ -f "/etc/redhat-release" ]; then
+        sudo yum install -y httpd-tools
+      else
+        echo "Please install 'htpasswd' manually."; exit 1
+      fi
+      ;;
+    *) echo "Please install 'htpasswd' manually."; exit 1 ;;
+  esac
+}
+
+command -v htpasswd >/dev/null 2>&1 || install_htpasswd
+
+DEFAULT_OUTPUT_FILE="./readium/config/htpasswd"
+
+if [ -n "$1" ] && ! echo "$1" | grep -q ':'; then
+  OUTPUT_FILE="$1"
+  shift
+else
+  OUTPUT_FILE="$DEFAULT_OUTPUT_FILE"
+fi
+
+mkdir -p ./readium/config
+
+[ -f .env ] && export $(grep -v '^#' .env | xargs)
+
+USERS="$@"
+[ -z "$USERS" ] && [ -n "$HTPASSWD_USERS" ] && USERS="$HTPASSWD_USERS"
+[ -z "$USERS" ] && [ -n "$LCP_HTPASSWD_USER" ] && [ -n "$LCP_HTPASSWD_PASS" ] && USERS="$LCP_HTPASSWD_USER:$LCP_HTPASSWD_PASS"
+
+if [ -z "$USERS" ]; then
+  echo "Usage: $0 [<output_file>] <username1>:<password1> [<username2>:<password2> ...]"
+  echo "   or: HTPASSWD_USERS=\"user1:pass1 user2:pass2\" $0 [<output_file>]"
+  echo "   or: set LCP_HTPASSWD_USER and LCP_HTPASSWD_PASS in .env and run $0 [<output_file>]"
+  exit 1
+fi
+
+FIRST=1
+for up in $USERS; do
+  USER="$(echo $up | cut -d: -f1)"
+  PASS="$(echo $up | cut -d: -f2-)"
+  if [ $FIRST -eq 1 ]; then
+    htpasswd -B -b -c "$OUTPUT_FILE" "$USER" "$PASS" >/dev/null 2>&1
+    FIRST=0
+  else
+    htpasswd -B -b "$OUTPUT_FILE" "$USER" "$PASS" >/dev/null 2>&1
+  fi
+done
+
+echo "[+] LCP htpasswd generated"

docker/generate_lcp_configs.sh

@@ -0,0 +1,82 @@
+#!/bin/sh
+# Generates config.yaml and lsd_config.yaml for Readium LCP/LSD servers using environment variables from .env
+
+set -e
+
+ENV_FILE="./.env"
+
+# Function to safely load environment variables from .env file
+load_env() {
+    if [ -f "$ENV_FILE" ]; then
+        # Clear any previously set variables that might interfere
+        unset LENNY_HOST LENNY_PORT LCP_HOST LCP_PORT LCP_PUBLIC_BASE_URL
+        unset LCP_DB_NAME LCP_UPDATE_USER LCP_UPDATE_PASS LCP_HTPASSWD_USER LCP_HTPASSWD_PASS
+        unset LSD_HOST LSD_PORT LSD_PUBLIC_BASE_URL LSD_NOTIFY_USER LSD_NOTIFY_PASS
+        unset DB_USER DB_HOST DB_PORT DB_PASSWORD DB_NAME
+        unset S3_ACCESS_KEY S3_SECRET_KEY S3_ENDPOINT S3_PROVIDER S3_SECURE
+        unset READER_PORT READIUM_PORT LENNY_WORKERS LENNY_LOG_LEVEL LENNY_RELOAD LENNY_SSL_CRT LENNY_SSL_KEY
+
+        # Load fresh values from .env file
+        set -a  # automatically export all variables
+        . "$ENV_FILE"
+        set +a  # stop automatically exporting
+    else
+        echo "Error: $ENV_FILE not found!"
+        exit 1
+    fi
+}
+
+# Load environment variables
+load_env
+
+CONFIG_DIR="./readium/config"
+
+cat > "$CONFIG_DIR/config.yaml" <<EOF
+profile: "basic"
+lcp:
+    host: "${LCP_HOST}"
+    port: ${LCP_PORT}
+    public_base_url: "${LCP_PUBLIC_BASE_URL}"
+    database: "postgres://${DB_USER}:${DB_PASSWORD}@db:${DB_PORT}/${LCP_DB_NAME}?sslmode=disable"
+    auth_file: "/srv/config/htpasswd"
+storage:
+    mode: "fs"
+    filesystem:
+        directory: "/srv/tmp"
+        url: "http://${LENNY_HOST}:${LENNY_PORT}/static"
+certificate:
+    cert: "/srv/config/cert-edrlab-test.pem"
+    private_key: "/srv/config/privkey-edrlab-test.pem"
+license:
+    links:
+        status: "http://${LSD_HOST}:${LSD_PORT}/lcp/licenses/{license_id}/status"
+        hint: "http://${LENNY_HOST}:${LENNY_PORT}/static/lcp_hint.html"
+lsd:
+    public_base_url:  "${LSD_PUBLIC_BASE_URL}"
+lsd_notify_auth:
+    username: "${LSD_NOTIFY_USER}"
+    password: "${LSD_NOTIFY_PASS}"
+EOF
+
+cat > "$CONFIG_DIR/lsd_config.yaml" <<EOF
+lsd:
+  host: "${LSD_HOST}"
+  port: ${LSD_PORT}
+  public_base_url: "${LSD_PUBLIC_BASE_URL}"
+  database: "postgres://${DB_USER}:${DB_PASSWORD}@db:${DB_PORT}/${LCP_DB_NAME}?sslmode=disable"
+  auth_file: "/srv/config/htpasswd"
+  license_link_url: "http://${LCP_HOST}:${LCP_PORT}/lcp/licenses/{license_id}"
+license_status:
+  register: true
+  renew: true
+  return: true
+  renting_days: 60
+  renew_days: 7
+lcp:
+  public_base_url:  "${LCP_PUBLIC_BASE_URL}"
+lcp_update_auth:
+  username: "${LCP_UPDATE_USER}"
+  password: "${LCP_UPDATE_PASS}"
+EOF
+
+echo "[+] LCP config.yaml and lsd_config.yaml generated."

docker/readium-lcp-server/Dockerfile

@@ -0,0 +1,28 @@
+FROM golang:1.21 AS builder
+
+WORKDIR /build
+
+# Install git and clone the Readium LCP server source code
+RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*
+RUN git clone https://github.com/readium/readium-lcp-server.git .
+
+# Build the binaries
+RUN go build -o /bin/lcpencrypt ./lcpencrypt && \
+    go build -o /bin/lcpserver ./lcpserver && \
+    go build -o /bin/lsdserver ./lsdserver
+
+FROM debian:bookworm-slim
+
+WORKDIR /srv
+
+RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
+
+COPY --from=builder /bin/lcpencrypt /usr/local/bin/lcpencrypt
+COPY --from=builder /bin/lcpserver /usr/local/bin/lcpserver
+COPY --from=builder /bin/lsdserver /usr/local/bin/lsdserver
+
+RUN chmod +x /usr/local/bin/lcpencrypt /usr/local/bin/lcpserver /usr/local/bin/lsdserver
+
+RUN mkdir -p /srv/config /srv/db /srv/tmp
+
+EXPOSE 8989 8990