9ea0a8b039
Refinement pass on top of the validated v1.2 base.
Hardening / quick fixes
- Caddyfile.tpl: CSP / HSTS / X-Frame / Referrer-Policy / Permissions-Policy,
1 MiB request body cap, X-Forwarded-For pass-through; stock-Caddy compatible.
- auth.py: STUDENT_MAX_AGE 1y -> 30d.
- bootstrap.sh: stage 5 prepends `git config --add safe.directory` so the
re-bootstrap path no longer 'detected dubious ownership' faults.
- admin.js: drop the misleading `closedPayload?.state || session.state`
shim; state derives from session only.
Anti-cheat
- New `student_events` audit table; new POST /api/session/{sid}/event for
blur / visibility_hidden / focus / visibility_visible. quiz.js debounces
events at 1.5s and uses sendBeacon for visibility_hidden so the event
survives a navigation. Counts surface in admin presence + CSV export.
- First-claim-wins on join: add_participant raises DuplicateStudentId on
PK violation; route returns 409 + records a duplicate_join audit event
with attempted name + IP + UA. Admin dashboard surfaces a per-row red
badge for hits on real participants and a top-of-page alert for orphan
attempts.
- DELETE /admin/api/students/{id} as the recovery hatch: clears the
participant + submissions, kicks active WS sockets so a stale cookie
cannot continue submitting. quiz.js surfaces the FastAPI detail message
in the join form so users see the 'already in use' guidance.
Presence panel
- New presence_update WS message; in-process presence map keyed on
student_id tracks ws_count + last_seen_ms. Admin dashboard renders
per-student rows: connected/idle/dropped dot, blur+hidden+duplicate
badges, 'answered current Q' tick, and a clear-student button.
Projector view (public, read-only)
- /projector/?sid=..., GET /api/session/{sid}/projector, WS
/ws/projector/{sid}. Single self-contained projector_state snapshot
pushed on every state change. Public leaderboard strips student_id;
QR rendered server-side as data: URL (CSP-compliant).
- Includes per-Q answer histogram, 8-bucket response-time distribution,
10-bucket score distribution.
- static/projector.{html,css,js}: editorial-broadside design — masthead,
registration crosses, conic-gradient countdown ring, SVG stepped-area
score distribution with median tick, leaderboard row-stagger. Inherits
light/dark tokens from style.css; honours prefers-reduced-motion. No
scroll at 1366x768 / 1920x1080 / 3440x1440.
Tests
- tests/test_anti_cheat.py: blur logging + CSV count, unknown-kind 422,
unauthenticated event 401, duplicate-join 409 + audit, admin
clear-student happy + 404, server-side submit lockout regression.
- tests/test_projector.py: snapshot shape, leaderboard student_id
redaction, WS push on state change, 404 for unknown sid, page redirect
when no sid.
- Existing tests updated for the new presence_update snapshot frame +
CSV header columns + first-claim-wins refusal of re-key.
57/57 pytest green; smoke-tested locally end-to-end.
152 lines
5.2 KiB
Bash
Executable File
152 lines
5.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Live in-lecture quiz portal — VPS bootstrap.
|
|
# Idempotent: safe to re-run on a partially-bootstrapped host.
|
|
# Designed for: fresh Ubuntu 24.04 LTS, run as root.
|
|
#
|
|
# Usage (one-shot, on the VPS):
|
|
# curl -fsSL https://gitea.ahkhan.me/apps/quiz/raw/branch/master/deploy/bootstrap.sh | bash
|
|
#
|
|
# Override via env:
|
|
# DOMAIN=quiz.example.org curl ... | bash
|
|
# REPO_URL=https://... curl ... | bash
|
|
|
|
set -euo pipefail
|
|
|
|
REPO_URL="${REPO_URL:-https://gitea.ahkhan.me/apps/quiz.git}"
|
|
APP_DIR="${APP_DIR:-/opt/quiz}"
|
|
APP_USER="${APP_USER:-quiz}"
|
|
DOMAIN="${DOMAIN:-quiz.ahkhan.me}"
|
|
BRANCH="${BRANCH:-master}"
|
|
|
|
if [ "$(id -u)" != "0" ]; then
|
|
echo "bootstrap.sh must run as root" >&2
|
|
exit 1
|
|
fi
|
|
|
|
stage() { printf '\n==> Stage %s\n' "$*"; }
|
|
|
|
stage "1/10: provision 2GB swap (skip if /swapfile already present)"
|
|
# 1GB-RAM ECS instances OOM-kill uvicorn during ws-burst peaks (50+
|
|
# simultaneous WS handshakes during class start). 2GB swap absorbs
|
|
# transient pressure without touching steady-state behavior.
|
|
if [ ! -f /swapfile ]; then
|
|
fallocate -l 2G /swapfile
|
|
chmod 600 /swapfile
|
|
mkswap /swapfile >/dev/null
|
|
swapon /swapfile
|
|
grep -q '^/swapfile ' /etc/fstab || echo '/swapfile none swap sw 0 0' >> /etc/fstab
|
|
fi
|
|
# vm.swappiness=10 keeps active pages in RAM, only swap under real pressure.
|
|
echo 'vm.swappiness=10' > /etc/sysctl.d/99-quiz.conf
|
|
sysctl -p /etc/sysctl.d/99-quiz.conf >/dev/null
|
|
|
|
stage "2/10: apt update + base packages"
|
|
apt-get update -q
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y -q \
|
|
git curl ca-certificates gnupg \
|
|
python3 python3-venv python3-pip \
|
|
debian-keyring debian-archive-keyring apt-transport-https
|
|
|
|
stage "3/10: install Caddy (skip if present)"
|
|
if ! command -v caddy >/dev/null 2>&1; then
|
|
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' \
|
|
| gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
|
|
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' \
|
|
| tee /etc/apt/sources.list.d/caddy-stable.list >/dev/null
|
|
apt-get update -q
|
|
apt-get install -y -q caddy
|
|
fi
|
|
|
|
stage "4/10: create $APP_USER system user (skip if present)"
|
|
if ! id "$APP_USER" >/dev/null 2>&1; then
|
|
useradd --system --shell /usr/sbin/nologin --home-dir "$APP_DIR" "$APP_USER"
|
|
fi
|
|
|
|
stage "5/10: clone or update repo into $APP_DIR"
|
|
# safe.directory mark for the root-run git ops: on a re-bootstrap the
|
|
# repo is owned by $APP_USER (set on the previous run), and modern git
|
|
# refuses cross-user operations without this marker.
|
|
git config --global --add safe.directory "$APP_DIR" 2>/dev/null || true
|
|
if [ -d "$APP_DIR/.git" ]; then
|
|
git -C "$APP_DIR" fetch origin
|
|
git -C "$APP_DIR" reset --hard "origin/$BRANCH"
|
|
else
|
|
rm -rf "$APP_DIR"
|
|
git clone --branch "$BRANCH" "$REPO_URL" "$APP_DIR"
|
|
fi
|
|
chown -R "$APP_USER":"$APP_USER" "$APP_DIR"
|
|
|
|
stage "6/10: build venv + install dependencies"
|
|
sudo -u "$APP_USER" -H python3 -m venv "$APP_DIR/.venv"
|
|
sudo -u "$APP_USER" -H "$APP_DIR/.venv/bin/pip" install --quiet --upgrade pip
|
|
sudo -u "$APP_USER" -H "$APP_DIR/.venv/bin/pip" install --quiet -e "$APP_DIR"
|
|
|
|
stage "7/10: configure environment (.env)"
|
|
ENV_FILE="$APP_DIR/.env"
|
|
if [ ! -f "$ENV_FILE" ]; then
|
|
if [ -f /root/.quiz.env ]; then
|
|
echo "Using /root/.quiz.env"
|
|
cp /root/.quiz.env "$ENV_FILE"
|
|
else
|
|
# Need to prompt for the admin password; reattach TTY if curl|bash
|
|
# left stdin pointed at the pipe.
|
|
if [ ! -t 0 ] && [ -r /dev/tty ]; then
|
|
exec < /dev/tty
|
|
fi
|
|
if [ ! -t 0 ]; then
|
|
echo "ERROR: stdin is not a TTY and /root/.quiz.env is missing." >&2
|
|
echo "Either pre-populate /root/.quiz.env or run this script interactively." >&2
|
|
exit 1
|
|
fi
|
|
QUIZ_SECRET_KEY=$(python3 -c 'import secrets; print(secrets.token_urlsafe(48))')
|
|
printf 'Admin password (input hidden): '
|
|
read -rs QUIZ_ADMIN_PASSWORD
|
|
echo
|
|
cat > "$ENV_FILE" <<EOF
|
|
QUIZ_DB_PATH=$APP_DIR/quiz.db
|
|
QUIZ_POOL_PATH=$APP_DIR/pool.json
|
|
QUIZ_SECRET_KEY=$QUIZ_SECRET_KEY
|
|
QUIZ_ADMIN_PASSWORD=$QUIZ_ADMIN_PASSWORD
|
|
QUIZ_HOST=127.0.0.1
|
|
QUIZ_PORT=8001
|
|
QUIZ_PUBLIC_URL=https://$DOMAIN
|
|
QUIZ_LOG_LEVEL=INFO
|
|
EOF
|
|
fi
|
|
chown "$APP_USER":"$APP_USER" "$ENV_FILE"
|
|
chmod 600 "$ENV_FILE"
|
|
fi
|
|
|
|
stage "8/10: seed pool.json (if not already present)"
|
|
POOL_FILE="$APP_DIR/pool.json"
|
|
if [ ! -f "$POOL_FILE" ]; then
|
|
SEED_POOL="$APP_DIR/examples/demo10_pool.json"
|
|
[ -f "$SEED_POOL" ] || SEED_POOL="$APP_DIR/examples/pool_example.json"
|
|
cp "$SEED_POOL" "$POOL_FILE"
|
|
chown "$APP_USER":"$APP_USER" "$POOL_FILE"
|
|
echo "Seeded $POOL_FILE from $(basename "$SEED_POOL"). Replace with your real pool when ready."
|
|
fi
|
|
|
|
stage "9/10: install systemd unit"
|
|
install -m 644 "$APP_DIR/deploy/quiz.service" /etc/systemd/system/quiz.service
|
|
systemctl daemon-reload
|
|
systemctl enable quiz.service
|
|
systemctl restart quiz.service
|
|
|
|
stage "10/10: configure Caddy"
|
|
sed "s/__DOMAIN__/$DOMAIN/g" "$APP_DIR/deploy/Caddyfile.tpl" > /etc/caddy/Caddyfile
|
|
systemctl reload caddy
|
|
|
|
echo
|
|
echo "==> Health check"
|
|
sleep 2
|
|
if curl -fs http://127.0.0.1:8001/healthz; then
|
|
echo
|
|
echo
|
|
echo "Bootstrap complete. Public URL: https://$DOMAIN"
|
|
else
|
|
echo
|
|
echo "Health check failed. Inspect: journalctl -u quiz.service -n 50"
|
|
exit 1
|
|
fi
|