VMAUTH: Difference between revisions
No edit summary |
No edit summary |
||
| Line 2: | Line 2: | ||
#A **Python Flask server** (runs on your central server) to handle login/authentication and token validation. | #A **Python Flask server** (runs on your central server) to handle login/authentication and token validation. | ||
#A **bash script** that runs on **each student's VM during boot**, checks their token, and halts if invalid. | #A **bash script** that runs on **each student's VM during boot**, checks their token, and halts if invalid. | ||
==OVERVIEW== | ==OVERVIEW== | ||
Each VM has: | Each VM has: | ||
#A file `/etc/stemx365.conf` containing a unique `STUDENT_ID` and `VM_TOKEN` | |||
#On boot, a script will: | |||
##Read this config | |||
##Ping your Flask server to validate the ID+token | |||
##Only continue if authenticated | |||
--- | --- | ||
Revision as of 18:59, 11 April 2025
VM AUTH
- A **Python Flask server** (runs on your central server) to handle login/authentication and token validation.
- A **bash script** that runs on **each student's VM during boot**, checks their token, and halts if invalid.
OVERVIEW
Each VM has:
- A file `/etc/stemx365.conf` containing a unique `STUDENT_ID` and `VM_TOKEN`
- On boot, a script will:
- Read this config
- Ping your Flask server to validate the ID+token
- Only continue if authenticated
---
- 🖥️ 1. Bash Script for the Student VM (runs on boot)
Save this as `/usr/local/bin/stemx365_boot.sh` and make it executable.
#!/bin/bash
CONFIG_FILE="/etc/stemx365.conf"
API_URL="https://auth.stemx365.org/api/validate"
if [ ! -f "$CONFIG_FILE" ]; then
echo "Missing configuration. Please contact STEMX365 support."
exit 1
fi
source "$CONFIG_FILE"
# Check if required variables exist
if [ -z "$STUDENT_ID" ] || [ -z "$VM_TOKEN" ]; then
echo "Invalid config file. Aborting."
exit 1
fi
# Call central API to verify
response=$(curl -s -X POST "$API_URL" \
-H "Content-Type: application/json" \
-d "{\"student_id\": \"$STUDENT_ID\", \"vm_token\": \"$VM_TOKEN\"}")
if [[ "$response" == *"valid":true* ]]; then
echo "✅ Welcome, $STUDENT_ID"
else
echo "❌ Authentication failed. Access denied."
exit 1
fi
Add this to the crontab or systemd to run on boot:
bash sudo crontab -e @reboot /usr/local/bin/stemx365_boot.sh
---
- ⚙️ 2. Config File Example (per VM)
Path: `/etc/stemx365.conf`
```bash STUDENT_ID="student123" VM_TOKEN="a1b2c3d4e5f6" ```
Generate unique `VM_TOKEN`s for each student when creating the VM.
---
- 🌐 3. Flask Server to Validate Login
Install Flask:
```bash pip install flask flask-cors ```
Save this as `stemx365_auth.py` on your server:
```python from flask import Flask, request, jsonify from flask_cors import CORS
app = Flask(__name__) CORS(app)
- Example: store valid tokens in a dictionary (use DB in production)
valid_tokens = {
"student123": "a1b2c3d4e5f6", "student456": "z9y8x7w6v5"
}
@app.route('/api/validate', methods=['POST']) def validate():
data = request.get_json()
student_id = data.get('student_id')
token = data.get('vm_token')
if student_id in valid_tokens and valid_tokens[student_id] == token:
return jsonify({"valid": True})
else:
return jsonify({"valid": False}), 401
if __name__ == "__main__":
app.run(host="0.0.0.0", port=5000)
```
Run with: ```bash python stemx365_auth.py ```
💡 In production, put behind NGINX with HTTPS.
---
- ✅ Bonus: Generate Unique Tokens for Each VM
A helper Python snippet to generate:
```python import uuid
def generate_vm_token():
return uuid.uuid4().hex
print(generate_vm_token()) ```
---
- Want More?
Would you like to: - Store tokens in a MySQL/PostgreSQL DB? - Add a web dashboard to revoke/block tokens? - Auto-create `/etc/stemx365.conf` during VM build? - Convert the server to use Google OAuth instead?
Let me know and I’ll expand on it!
