VMAUTH

From STEMX365-WIKI
Revision as of 19:02, 11 April 2025 by Admin (talk | contribs)
Jump to navigationJump to search

VM AUTH

  1. A **Python Flask server** (runs on your central server) to handle login/authentication and token validation.
  2. A **bash script** that runs on **each student's VM during boot**, checks their token, and halts if invalid.

OVERVIEW

Each VM has:

  1. A file `/etc/stemx365.conf` containing a unique `STUDENT_ID` and `VM_TOKEN`
  2. On boot, a script will:
    1. Read this config
    2. Ping your Flask server to validate the ID+token
    3. Only continue if authenticated

Bash Script for the Student VM (runs on boot)

Save this as `/usr/local/bin/stemx365_boot.sh` and make it executable. 

#!/bin/bash

CONFIG_FILE="/etc/stemx365.conf"
API_URL="https://auth.stemx365.org/api/validate"

if [ ! -f "$CONFIG_FILE" ]; then
    echo "Missing configuration. Please contact STEMX365 support."
    exit 1
fi

source "$CONFIG_FILE"

# Check if required variables exist
if [ -z "$STUDENT_ID" ] || [ -z "$VM_TOKEN" ]; then
    echo "Invalid config file. Aborting."
    exit 1
fi

# Call central API to verify
response=$(curl -s -X POST "$API_URL" \
    -H "Content-Type: application/json" \
    -d "{\"student_id\": \"$STUDENT_ID\", \"vm_token\": \"$VM_TOKEN\"}")

if [[ "$response" == *"valid":true* ]]; then
    echo "✅ Welcome, $STUDENT_ID"
else
    echo "❌ Authentication failed. Access denied."
    exit 1
fi

Add this to the crontab or systemd to run on boot: 

bash
sudo crontab -e
@reboot /usr/local/bin/stemx365_boot.sh

2. Config File Example (per VM)

Path: `/etc/stemx365.conf` 

bash
STUDENT_ID="student123"
VM_TOKEN="a1b2c3d4e5f6"

Generate unique `VM_TOKEN`s for each student when creating the VM.

3. Flask Server to Validate Login

Install Flask: 

bash
pip install flask flask-cors

Save this as `stemx365_auth.py` on your server: 

from flask import Flask, request, jsonify
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

# Example: store valid tokens in a dictionary (use DB in production)
valid_tokens = {
    "student123": "a1b2c3d4e5f6",
    "student456": "z9y8x7w6v5"
}

@app.route('/api/validate', methods=['POST'])
def validate():
    data = request.get_json()
    student_id = data.get('student_id')
    token = data.get('vm_token')

    if student_id in valid_tokens and valid_tokens[student_id] == token:
        return jsonify({"valid": True})
    else:
        return jsonify({"valid": False}), 401

if __name__ == "__main__":
    app.run(host="0.0.0.0", port=5000)

Run with: 

python stemx365_auth.py

💡 In production, put behind NGINX with HTTPS.

Bonus: Generate Unique Tokens for Each VM

A helper Python snippet to generate: 

import uuid

def generate_vm_token():
    return uuid.uuid4().hex

print(generate_vm_token())
Retrieved from "https://wiki.stemx365.org/index.php?title=VMAUTH&oldid=1144"