├── tests
    ├── __init__.py
    ├── test_subscribe_to_core.py
    ├── test_subscribe_topic_handler.py
    └── test_handle_message.py
├── src
    ├── frontend
    │   ├── .dockerignore
    │   ├── public
    │   │   ├── robots.txt
    │   │   ├── manifest.json
    │   │   └── index.html
    │   ├── src
    │   │   ├── setupTests.js
    │   │   ├── App.test.js
    │   │   ├── App.css
    │   │   ├── index.css
    │   │   ├── reportWebVitals.js
    │   │   ├── index.js
    │   │   └── App.js
    │   ├── req.conf
    │   ├── Dockerfile
    │   ├── package.json
    │   ├── nginx.default.conf
    │   ├── .gitignore
    │   └── README.md
    ├── backend
    │   ├── requirements.txt
    │   ├── Dockerfile
    │   └── app.py
    └── docker-compose.yaml
├── docs
    ├── login.png
    ├── authenticated.png
    └── aws.greengrass.labs.LocalWebServer.png
├── CODE_OF_CONDUCT.md
├── req.conf
├── gdk-config.json
├── recipe.yaml
├── CONTRIBUTING.md
├── .gitignore
├── README.md
└── LICENSE


/tests/__init__.py:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/src/frontend/.dockerignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | npm-debug.log
3 | 


--------------------------------------------------------------------------------
/src/backend/requirements.txt:
--------------------------------------------------------------------------------
1 | awsiotsdk==1.7.1
2 | flask-login==0.5.0
3 | flask-socketio==5.1.1
4 | 


--------------------------------------------------------------------------------
/docs/login.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awslabs/aws-greengrass-labs-local-web-server/HEAD/docs/login.png


--------------------------------------------------------------------------------
/src/frontend/public/robots.txt:
--------------------------------------------------------------------------------
1 | # https://www.robotstxt.org/robotstxt.html
2 | User-agent: *
3 | Disallow:
4 | 


--------------------------------------------------------------------------------
/docs/authenticated.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awslabs/aws-greengrass-labs-local-web-server/HEAD/docs/authenticated.png


--------------------------------------------------------------------------------
/docs/aws.greengrass.labs.LocalWebServer.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awslabs/aws-greengrass-labs-local-web-server/HEAD/docs/aws.greengrass.labs.LocalWebServer.png


--------------------------------------------------------------------------------
/src/frontend/public/manifest.json:
--------------------------------------------------------------------------------
1 | {
2 |   "short_name": "React App",
3 |   "name": "Create React App Sample",
4 |   "icons": [],
5 |   "start_url": ".",
6 |   "display": "standalone",
7 |   "theme_color": "#000000",
8 |   "background_color": "#ffffff"
9 | }


--------------------------------------------------------------------------------
/src/frontend/src/setupTests.js:
--------------------------------------------------------------------------------
1 | // jest-dom adds custom jest matchers for asserting on DOM nodes.
2 | // allows you to do things like:
3 | // expect(element).toHaveTextContent(/react/i)
4 | // learn more: https://github.com/testing-library/jest-dom
5 | import '@testing-library/jest-dom';
6 | 


--------------------------------------------------------------------------------
/src/backend/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.7-slim-buster
 2 | COPY requirements.txt ./
 3 | 
 4 | RUN apt-get update && apt-get install -y cmake
 5 | RUN pip install -r ./requirements.txt
 6 | 
 7 | COPY app.py ./
 8 | 
 9 | CMD ["python", "app.py"]
10 | 
11 | RUN adduser --system backend
12 | USER backend


--------------------------------------------------------------------------------
/src/frontend/src/App.test.js:
--------------------------------------------------------------------------------
1 | import { render, screen } from '@testing-library/react';
2 | import App from './App';
3 | 
4 | test('renders learn react link', () => {
5 |   render(<App />);
6 |   const linkElement = screen.getByText(/learn react/i);
7 |   expect(linkElement).toBeInTheDocument();
8 | });
9 | 


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | ## Code of Conduct
2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
4 | opensource-codeofconduct@amazon.com with any additional questions or comments.
5 | 


--------------------------------------------------------------------------------
/req.conf:
--------------------------------------------------------------------------------
 1 | [req]
 2 | default_bits = 2048
 3 | distinguished_name = req_distinguished_name
 4 | prompt = no
 5 | 
 6 | [req_distinguished_name]
 7 | countryName = US
 8 | stateOrProvinceName = Washington
 9 | localityName = Seattle
10 | organizationName = Amazon.com
11 | organizationalUnitName = Amazon Web Services
12 | commonName = localhost
13 | 
14 | [v3_ca]
15 | subjectAltName = @alt_names
16 | 
17 | [alt_names]
18 | DNS.1 = localhost


--------------------------------------------------------------------------------
/src/frontend/src/App.css:
--------------------------------------------------------------------------------
 1 | .App {
 2 |   text-align: left;
 3 | }
 4 | 
 5 | .App-logout {
 6 |   text-align: right;
 7 | }
 8 | 
 9 | .App-header {
10 |   background-color: #282c34;
11 |   min-height: 100vh;
12 |   display: flex;
13 |   flex-direction: column;
14 |   align-items: center;
15 |   justify-content: center;
16 |   font-size: calc(10px + 2vmin);
17 |   color: white;
18 | }
19 | 
20 | .App-link {
21 |   color: #61dafb;
22 | }
23 | 


--------------------------------------------------------------------------------
/src/frontend/src/index.css:
--------------------------------------------------------------------------------
 1 | body {
 2 |   margin: 0;
 3 |   font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Oxygen',
 4 |     'Ubuntu', 'Cantarell', 'Fira Sans', 'Droid Sans', 'Helvetica Neue',
 5 |     sans-serif;
 6 |   -webkit-font-smoothing: antialiased;
 7 |   -moz-osx-font-smoothing: grayscale;
 8 | }
 9 | 
10 | code {
11 |   font-family: source-code-pro, Menlo, Monaco, Consolas, 'Courier New',
12 |     monospace;
13 | }
14 | 


--------------------------------------------------------------------------------
/src/frontend/req.conf:
--------------------------------------------------------------------------------
 1 | [req]
 2 | default_bits = 2048
 3 | distinguished_name = req_distinguished_name
 4 | prompt = no
 5 | 
 6 | [req_distinguished_name]
 7 | countryName = US
 8 | stateOrProvinceName = Washington
 9 | localityName = Seattle
10 | organizationName = Amazon.com
11 | organizationalUnitName = Amazon Web Services
12 | commonName = localhost
13 | 
14 | [v3_ca]
15 | subjectAltName = @alt_names
16 | 
17 | [alt_names]
18 | DNS.1 = localhost
19 | 


--------------------------------------------------------------------------------
/src/frontend/src/reportWebVitals.js:
--------------------------------------------------------------------------------
 1 | const reportWebVitals = onPerfEntry => {
 2 |   if (onPerfEntry && onPerfEntry instanceof Function) {
 3 |     import('web-vitals').then(({ getCLS, getFID, getFCP, getLCP, getTTFB }) => {
 4 |       getCLS(onPerfEntry);
 5 |       getFID(onPerfEntry);
 6 |       getFCP(onPerfEntry);
 7 |       getLCP(onPerfEntry);
 8 |       getTTFB(onPerfEntry);
 9 |     });
10 |   }
11 | };
12 | 
13 | export default reportWebVitals;
14 | 


--------------------------------------------------------------------------------
/gdk-config.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "component": {
 3 |     "aws.greengrass.labs.LocalWebServer": {
 4 |       "author": "Amazon",
 5 |       "version": "NEXT_PATCH",
 6 |       "build": {
 7 |         "build_system": "custom",
 8 |         "custom_build_command": [
 9 |           "bash",
10 |           "build-custom.sh",
11 |           "aws.greengrass.labs.LocalWebServer",
12 |           "NEXT_PATCH"
13 |         ]
14 |       },
15 |       "publish": {
16 |         "bucket": "<PLACEHOLDER BUCKET HERE>",
17 |         "region": "<PLACEHOLDER REGION HERE>"
18 |       }
19 |     }
20 |   },
21 |   "gdk_version": "1.0.0"
22 | }


--------------------------------------------------------------------------------
/src/docker-compose.yaml:
--------------------------------------------------------------------------------
 1 | version: "3.0"
 2 | services:
 3 |   backend:
 4 |     build: ./backend
 5 |     image: flask-app
 6 |     expose:
 7 |       - "5000"
 8 |     volumes:
 9 |       - /greengrass/v2:/greengrass/v2
10 |     environment:
11 |       - AWS_REGION
12 |       - SVCUID
13 |       - AWS_GG_NUCLEUS_DOMAIN_SOCKET_FILEPATH_FOR_COMPONENT
14 |       - AWS_CONTAINER_AUTHORIZATION_TOKEN
15 |       - AWS_CONTAINER_CREDENTIALS_FULL_URI
16 |       - AWS_IOT_THING_NAME
17 |   frontend:
18 |     build: ./frontend
19 |     image: react-webapp
20 |     ports:
21 |       - "3000:3001"
22 |     volumes:
23 |       - /greengrass/v2:/greengrass/v2


--------------------------------------------------------------------------------
/tests/test_subscribe_to_core.py:
--------------------------------------------------------------------------------
 1 | import pytest
 2 | from flask import Flask
 3 | from flask_socketio import SocketIO, send
 4 | from artifacts.backend.app import subscribe_to_core
 5 | 
 6 | 
 7 | def test_subscribe_to_core(mocker, monkeypatch):
 8 |     """Subscribe to AWS IoT Core for relaying to Socket.IO"""
 9 | 
10 |     monkeypatch.setenv("AWS_IOT_THING_NAME", "TestDevice")
11 |     ipc_connect = mocker.patch("awsiot.greengrasscoreipc.connect")
12 | 
13 |     app = Flask(__name__)
14 |     socket_io = SocketIO(app, cors_allowed_origins="*")
15 | 
16 |     subscribe_to_core(socket_io)
17 | 
18 |     ipc_connect.assert_called_once()
19 | 


--------------------------------------------------------------------------------
/src/frontend/src/index.js:
--------------------------------------------------------------------------------
 1 | import React from 'react';
 2 | import ReactDOM from 'react-dom';
 3 | import './index.css';
 4 | import App from './App';
 5 | import reportWebVitals from './reportWebVitals';
 6 | import 'bootstrap/dist/css/bootstrap.css';
 7 | 
 8 | ReactDOM.render(
 9 |   <React.StrictMode>
10 |     <App />
11 |   </React.StrictMode>,
12 |   document.getElementById('root')
13 | );
14 | 
15 | // If you want to start measuring performance in your app, pass a function
16 | // to log results (for example: reportWebVitals(console.log))
17 | // or send to an analytics endpoint. Learn more: https://bit.ly/CRA-vitals
18 | reportWebVitals();
19 | 


--------------------------------------------------------------------------------
/tests/test_subscribe_topic_handler.py:
--------------------------------------------------------------------------------
 1 | import pytest
 2 | import json
 3 | from flask import Flask
 4 | from flask_socketio import SocketIO, send
 5 | import awsiot.greengrasscoreipc.model as model
 6 | from artifacts.backend.app import SubscribeTopicHandler
 7 | 
 8 | 
 9 | def test_subscribe_topic_handler(mocker, monkeypatch):
10 |     """Subscribe to AWS IoT Core for relaying to Socket.IO"""
11 | 
12 |     app = Flask(__name__)
13 |     socket_io = SocketIO(app, cors_allowed_origins="*")
14 | 
15 |     stream_handler = SubscribeTopicHandler(socket_io)
16 | 
17 |     event = model.IoTCoreMessage(
18 |         message=model.MQTTMessage(
19 |             topic_name=None, payload=json.dumps({"test": "test"}).encode()
20 |         )
21 |     )
22 | 
23 |     stream_handler.on_stream_event(event)
24 | 


--------------------------------------------------------------------------------
/src/frontend/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:14.16.0-slim AS builder
 2 | RUN npm install -g react-scripts --silent
 3 | 
 4 | COPY . .
 5 | 
 6 | RUN yarn install
 7 | RUN yarn run build
 8 | 
 9 | FROM nginx:stable
10 | 
11 | COPY --from=builder /build /usr/share/nginx/html
12 | COPY nginx.default.conf /etc/nginx/conf.d/default.conf
13 | 
14 | COPY req.conf /
15 | 
16 | RUN mkdir -p /certs
17 | COPY ssl.crt /certs
18 | COPY ssl.key /certs
19 | 
20 | RUN chown -R nginx:nginx /usr/share/nginx/html && chmod -R 755 /usr/share/nginx/html && \
21 |         chown -R nginx:nginx /certs && \
22 |         chown -R nginx:nginx /var/cache/nginx && \
23 |         chown -R nginx:nginx /var/log/nginx && \
24 |         chown -R nginx:nginx /etc/nginx/conf.d
25 | RUN touch /var/run/nginx.pid && \
26 |         chown -R nginx:nginx /var/run/nginx.pid
27 | 
28 | USER nginx


--------------------------------------------------------------------------------
/src/frontend/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "aws.greengrass.labs.LocalWebServer",
 3 |   "version": "0.1.0",
 4 |   "private": true,
 5 |   "dependencies": {
 6 |     "@testing-library/jest-dom": "^5.11.4",
 7 |     "@testing-library/react": "^11.1.0",
 8 |     "@testing-library/user-event": "^12.1.10",
 9 |     "axios": "0.24.0",
10 |     "bootstrap": "^5.1.3",
11 |     "react": "^17.0.2",
12 |     "react-dom": "^17.0.2",
13 |     "react-scripts": "4.0.3",
14 |     "socket.io-client": "4.2.0",
15 |     "web-vitals": "^1.0.1"
16 |   },
17 |   "scripts": {
18 |     "start": "react-scripts start",
19 |     "build": "react-scripts build",
20 |     "test": "react-scripts test",
21 |     "eject": "react-scripts eject"
22 |   },
23 |   "eslintConfig": {
24 |     "extends": [
25 |       "react-app",
26 |       "react-app/jest"
27 |     ]
28 |   },
29 |   "browserslist": {
30 |     "production": [
31 |       ">0.2%",
32 |       "not dead",
33 |       "not op_mini all"
34 |     ],
35 |     "development": [
36 |       "last 1 chrome version",
37 |       "last 1 firefox version",
38 |       "last 1 safari version"
39 |     ]
40 |   }
41 | }


--------------------------------------------------------------------------------
/src/frontend/nginx.default.conf:
--------------------------------------------------------------------------------
 1 | server {
 2 |     listen                  3001 ssl;
 3 |     server_name             localhost;
 4 |     ssl_certificate         /certs/ssl.crt;
 5 |     ssl_certificate_key     /certs/ssl.key;
 6 | 
 7 |     root   /usr/share/nginx/html;
 8 |     index index.html;
 9 |     error_page   500 502 503 504  /50x.html;
10 | 
11 |     location / {
12 |         try_files $uri $uri/ =404;
13 |         add_header Cache-Control "no-cache";
14 |     }
15 | 
16 |     location /static {
17 |         expires 1y;
18 |         add_header Cache-Control "public";
19 |     }
20 | 
21 |     location /socket.io {
22 |         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
23 |         proxy_set_header Host $host;
24 | 
25 |         proxy_http_version 1.1;
26 |         proxy_buffering off;
27 |         proxy_set_header Upgrade $http_upgrade;
28 |         proxy_set_header Connection "Upgrade";
29 |         proxy_pass http://backend:5000/socket.io;
30 |     }
31 | 
32 |     location /api {
33 |         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
34 |         proxy_set_header Host $host;
35 | 
36 |         proxy_http_version 1.1;
37 |         proxy_buffering off;
38 |         proxy_set_header Upgrade $http_upgrade;
39 |         proxy_set_header Connection "Upgrade";
40 |         proxy_pass http://backend:5000/api;
41 |     }
42 | }
43 | 


--------------------------------------------------------------------------------
/src/frontend/.gitignore:
--------------------------------------------------------------------------------
 1 | .DS_STORE
 2 | node_modules
 3 | scripts/flow/*/.flowconfig
 4 | .flowconfig
 5 | *~
 6 | *.pyc
 7 | .grunt
 8 | _SpecRunner.html
 9 | __benchmarks__
10 | build/
11 | remote-repo/
12 | coverage/
13 | .module-cache
14 | fixtures/dom/public/react-dom.js
15 | fixtures/dom/public/react.js
16 | test/the-files-to-test.generated.js
17 | *.log*
18 | chrome-user-data
19 | *.sublime-project
20 | *.sublime-workspace
21 | .idea
22 | *.iml
23 | .vscode
24 | *.swp
25 | *.swo
26 | *.tar
27 | 
28 | packages/react-devtools-core/dist
29 | packages/react-devtools-extensions/chrome/build
30 | packages/react-devtools-extensions/chrome/*.crx
31 | packages/react-devtools-extensions/chrome/*.pem
32 | packages/react-devtools-extensions/firefox/build
33 | packages/react-devtools-extensions/firefox/*.xpi
34 | packages/react-devtools-extensions/firefox/*.pem
35 | packages/react-devtools-extensions/shared/build
36 | packages/react-devtools-extensions/.tempUserDataDir
37 | packages/react-devtools-inline/dist
38 | packages/react-devtools-shell/dist
39 | packages/react-devtools-scheduling-profiler/dist
40 | .idea/.gitignore
41 | .idea/aws.xml
42 | .idea/codeStyles/
43 | .idea/inspectionProfiles/
44 | .idea/misc.xml
45 | .idea/modules.xml
46 | .idea/sg2ui.iml
47 | .idea/vcs.xml
48 | node_modules/
49 | # See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
50 | 
51 | # dependencies
52 | /node_modules
53 | /.pnp
54 | .pnp.js
55 | 
56 | # testing
57 | /coverage
58 | 
59 | # production
60 | /build
61 | 
62 | # misc
63 | .DS_Store
64 | .env.local
65 | .env.development.local
66 | .env.test.local
67 | .env.production.local
68 | 
69 | npm-debug.log*
70 | yarn-debug.log*
71 | yarn-error.log*
72 | 
73 | yarn.lock
74 | 


--------------------------------------------------------------------------------
/src/frontend/public/index.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="en">
 3 | 
 4 | <head>
 5 |   <meta charset="utf-8" />
 6 |   <link rel="icon" href="%PUBLIC_URL%/favicon.ico" />
 7 |   <meta name="viewport" content="width=device-width, initial-scale=1" />
 8 |   <meta name="theme-color" content="#000000" />
 9 |   <meta name="description" content="Web site created using create-react-app" />
10 |   <link rel="apple-touch-icon" href="%PUBLIC_URL%/logo192.png" />
11 |   <!--
12 |       manifest.json provides metadata used when your web app is installed on a
13 |       user's mobile device or desktop. See https://developers.google.com/web/fundamentals/web-app-manifest/
14 |     -->
15 |   <link rel="manifest" href="%PUBLIC_URL%/manifest.json" />
16 |   <!--
17 |       Notice the use of %PUBLIC_URL% in the tags above.
18 |       It will be replaced with the URL of the `public` folder during the build.
19 |       Only files inside the `public` folder can be referenced from the HTML.
20 | 
21 |       Unlike "/favicon.ico" or "favicon.ico", "%PUBLIC_URL%/favicon.ico" will
22 |       work correctly both with client-side routing and a non-root public URL.
23 |       Learn how to configure a non-root public URL by running `npm run build`.
24 |     -->
25 |   <title>greengrass-v2-local-web-server</title>
26 | </head>
27 | 
28 | <body>
29 |   <noscript>You need to enable JavaScript to run this app.</noscript>
30 |   <div id="root"></div>
31 |   <!--
32 |       This HTML file is a template.
33 |       If you open it directly in the browser, you will see an empty page.
34 | 
35 |       You can add webfonts, meta tags, or analytics to this file.
36 |       The build step will place the bundled scripts into the <body> tag.
37 | 
38 |       To begin the development, run `npm start` or `yarn start`.
39 |       To create a production bundle, use `npm run build` or `yarn build`.
40 |     -->
41 | </body>
42 | 
43 | </html>


--------------------------------------------------------------------------------
/recipe.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | RecipeFormatVersion: "2020-01-25"
 3 | ComponentName: "aws.greengrass.labs.LocalWebServer"
 4 | ComponentVersion: "1.0.0"
 5 | ComponentDescription: Component to demonstrate running Local Web Server on Greengrass v2 (with Flask-Socket.io, and React)
 6 | ComponentPublisher: Amazon
 7 | ComponentDependencies:
 8 |   aws.greengrass.Nucleus:
 9 |     VersionRequirement: ">=2.4.0"
10 |   aws.greengrass.SecretManager:
11 |     VersionRequirement: ">=2.0.9"
12 | ComponentConfiguration:
13 |   DefaultConfiguration:
14 |     accessControl:
15 |       aws.greengrass.ipc.mqttproxy:
16 |         "aws.greengrass.labs.LocalWebServer:pub:0":
17 |           policyDescription: Allows access to publish to IoT Core topic(s).
18 |           operations:
19 |             - aws.greengrass#PublishToIoTCore
20 |           resources:
21 |             - "*"
22 |         "aws.greengrass.labs.LocalWebServer:sub:0":
23 |           policyDescription: Allows access to subscribe to IoT Core topic(s).
24 |           operations:
25 |             - aws.greengrass#SubscribeToIoTCore
26 |           resources:
27 |             - "*"
28 |       aws.greengrass.ipc.pubsub:
29 |         "aws.greengrass.labs.LocalWebServer:pub:1":
30 |           policyDescription: Allows access to publish to local topics.
31 |           operations:
32 |             - aws.greengrass#PublishToTopic
33 |           resources:
34 |             - "*"
35 |         "aws.greengrass.labs.LocalWebServer:sub:1":
36 |           policyDescription: Allows access to subscribe to local topics.
37 |           operations:
38 |             - aws.greengrass#SubscribeToTopic
39 |           resources:
40 |             - "*"
41 |       aws.greengrass.SecretManager:
42 |         "aws.greengrass.labs.LocalWebServer:secrets:1":
43 |           policyDescription: Allows access to Secret Manager values
44 |           operations:
45 |             - "aws.greengrass#GetSecretValue"
46 |           resources:
47 |             - "*"
48 | Manifests:
49 |   - Platform:
50 |       os: linux
51 |     Lifecycle:
52 |       Install:
53 |         RequiresPrivilege: true
54 |         Script: |
55 |           docker load -i {artifacts:decompressedPath}/aws.greengrass.labs.LocalWebServer/custom-build/aws.greengrass.labs.LocalWebServer/react-webapp.tar && docker load -i {artifacts:decompressedPath}/aws.greengrass.labs.LocalWebServer/custom-build/aws.greengrass.labs.LocalWebServer/flask-app.tar
56 |       Run:
57 |         RequiresPrivilege: true
58 |         Script: |
59 |           docker-compose -f {artifacts:decompressedPath}/aws.greengrass.labs.LocalWebServer/custom-build/aws.greengrass.labs.LocalWebServer/docker-compose.yaml up --no-build
60 |     Artifacts:
61 |       - URI: s3://BUCKET_NAME/COMPONENT_NAME/COMPONENT_VERSION/aws.greengrass.labs.LocalWebServer.zip
62 |         Unarchive: ZIP
63 | 


--------------------------------------------------------------------------------
/tests/test_handle_message.py:
--------------------------------------------------------------------------------
 1 | import pytest
 2 | import json
 3 | from artifacts.backend.app import app, socket_io, get_secret
 4 | 
 5 | 
 6 | def test_api_endpoints(mocker, monkeypatch):
 7 |     """Test Flask API endpoints"""
 8 | 
 9 |     # log the user in through Flask test client
10 |     flask_test_client = app.test_client()
11 | 
12 |     # log in via HTTP
13 |     r = flask_test_client.post(
14 |         "/api/login", json={"username": "invalid", "password": "invalid"}
15 |     )
16 |     assert r.status_code == 200
17 |     assert json.loads(r.data.decode())["authenticated"] == False
18 | 
19 |     # log in via HTTP
20 |     r = flask_test_client.post(
21 |         "/api/login", json={"username": "test", "password": "test"}
22 |     )
23 |     assert r.status_code == 200
24 |     assert json.loads(r.data.decode())["authenticated"] == True
25 | 
26 |     # log in via HTTP
27 |     r = flask_test_client.get("/api/authenticated")
28 |     assert r.status_code == 200
29 |     assert json.loads(r.data.decode())["authenticated"] == True
30 | 
31 |     # log in via HTTP
32 |     r = flask_test_client.get("/api/logout")
33 |     assert r.status_code == 200
34 |     assert json.loads(r.data.decode())["authenticated"] == False
35 | 
36 | 
37 | def test_handle_message(mocker, monkeypatch):
38 |     """Test relaying message back to MQTT"""
39 | 
40 |     # log the user in through Flask test client
41 |     flask_test_client = app.test_client()
42 | 
43 |     # connect to Socket.IO without being logged in
44 |     socketio_test_client = socket_io.test_client(
45 |         app, flask_test_client=flask_test_client
46 |     )
47 | 
48 |     # make sure the server rejected the connection
49 |     assert not socketio_test_client.is_connected()
50 | 
51 |     # log in via HTTP
52 |     r = flask_test_client.post(
53 |         "/api/login", json={"username": "test", "password": "test"}
54 |     )
55 |     assert r.status_code == 200
56 |     assert json.loads(r.data.decode())["authenticated"] == True
57 | 
58 |     # connect to Socket.IO again, but now as a logged in user
59 |     socketio_test_client = socket_io.test_client(
60 |         app, flask_test_client=flask_test_client
61 |     )
62 | 
63 |     # make sure the server accepted the connection
64 |     r = socketio_test_client.get_received()
65 |     assert len(r) == 1
66 | 
67 |     monkeypatch.setenv("AWS_IOT_THING_NAME", "TestDevice")
68 |     ipc_connect = mocker.patch("awsiot.greengrasscoreipc.connect")
69 | 
70 |     socketio_test_client.emit("publish", "test")
71 |     r = socketio_test_client.get_received()
72 | 
73 |     ipc_connect.assert_called_once()
74 | 
75 | 
76 | def test_get_secret(mocker, monkeypatch):
77 |     """Test get_secret from Secrets Manager"""
78 | 
79 |     monkeypatch.setenv("AWS_IOT_THING_NAME", "TestDevice")
80 |     ipc_connect = mocker.patch("awsiot.greengrasscoreipc.connect")
81 |     mocker.patch("json.loads", return_value={"username": "test", "password": "test"})
82 | 
83 |     get_secret()
84 | 
85 |     ipc_connect.assert_called_once()
86 | 


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
 1 | # Contributing Guidelines
 2 | 
 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
 4 | documentation, we greatly value feedback and contributions from our community.
 5 | 
 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
 7 | information to effectively respond to your bug report or contribution.
 8 | 
 9 | 
10 | ## Reporting Bugs/Feature Requests
11 | 
12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features.
13 | 
14 | When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already
15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
16 | 
17 | * A reproducible test case or series of steps
18 | * The version of our code being used
19 | * Any modifications you've made relevant to the bug
20 | * Anything unusual about your environment or deployment
21 | 
22 | 
23 | ## Contributing via Pull Requests
24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
25 | 
26 | 1. You are working against the latest source on the *main* branch.
27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
29 | 
30 | To send us a pull request, please:
31 | 
32 | 1. Fork the repository.
33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
34 | 3. Ensure local tests pass.
35 | 4. Commit to your fork using clear commit messages.
36 | 5. Send us a pull request, answering any default questions in the pull request interface.
37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
38 | 
39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
41 | 
42 | 
43 | ## Finding contributions to work on
44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start.
45 | 
46 | 
47 | ## Code of Conduct
48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
50 | opensource-codeofconduct@amazon.com with any additional questions or comments.
51 | 
52 | 
53 | ## Security issue notifications
54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
55 | 
56 | 
57 | ## Licensing
58 | 
59 | See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
60 | 


--------------------------------------------------------------------------------
/src/frontend/README.md:
--------------------------------------------------------------------------------
 1 | # Getting Started with Create React App
 2 | 
 3 | This project was bootstrapped with [Create React App](https://github.com/facebook/create-react-app).
 4 | 
 5 | ## Available Scripts
 6 | 
 7 | In the project directory, you can run:
 8 | 
 9 | ### `yarn start`
10 | 
11 | Runs the app in the development mode.\
12 | Open [http://localhost:3000](http://localhost:3000) to view it in the browser.
13 | 
14 | The page will reload if you make edits.\
15 | You will also see any lint errors in the console.
16 | 
17 | ### `yarn test`
18 | 
19 | Launches the test runner in the interactive watch mode.\
20 | See the section about [running tests](https://facebook.github.io/create-react-app/docs/running-tests) for more information.
21 | 
22 | ### `yarn build`
23 | 
24 | Builds the app for production to the `build` folder.\
25 | It correctly bundles React in production mode and optimizes the build for the best performance.
26 | 
27 | The build is minified and the filenames include the hashes.\
28 | Your app is ready to be deployed!
29 | 
30 | See the section about [deployment](https://facebook.github.io/create-react-app/docs/deployment) for more information.
31 | 
32 | ### `yarn eject`
33 | 
34 | **Note: this is a one-way operation. Once you `eject`, you can’t go back!**
35 | 
36 | If you aren’t satisfied with the build tool and configuration choices, you can `eject` at any time. This command will remove the single build dependency from your project.
37 | 
38 | Instead, it will copy all the configuration files and the transitive dependencies (webpack, Babel, ESLint, etc) right into your project so you have full control over them. All of the commands except `eject` will still work, but they will point to the copied scripts so you can tweak them. At this point you’re on your own.
39 | 
40 | You don’t have to ever use `eject`. The curated feature set is suitable for small and middle deployments, and you shouldn’t feel obligated to use this feature. However we understand that this tool wouldn’t be useful if you couldn’t customize it when you are ready for it.
41 | 
42 | ## Learn More
43 | 
44 | You can learn more in the [Create React App documentation](https://facebook.github.io/create-react-app/docs/getting-started).
45 | 
46 | To learn React, check out the [React documentation](https://reactjs.org/).
47 | 
48 | ### Code Splitting
49 | 
50 | This section has moved here: [https://facebook.github.io/create-react-app/docs/code-splitting](https://facebook.github.io/create-react-app/docs/code-splitting)
51 | 
52 | ### Analyzing the Bundle Size
53 | 
54 | This section has moved here: [https://facebook.github.io/create-react-app/docs/analyzing-the-bundle-size](https://facebook.github.io/create-react-app/docs/analyzing-the-bundle-size)
55 | 
56 | ### Making a Progressive Web App
57 | 
58 | This section has moved here: [https://facebook.github.io/create-react-app/docs/making-a-progressive-web-app](https://facebook.github.io/create-react-app/docs/making-a-progressive-web-app)
59 | 
60 | ### Advanced Configuration
61 | 
62 | This section has moved here: [https://facebook.github.io/create-react-app/docs/advanced-configuration](https://facebook.github.io/create-react-app/docs/advanced-configuration)
63 | 
64 | ### Deployment
65 | 
66 | This section has moved here: [https://facebook.github.io/create-react-app/docs/deployment](https://facebook.github.io/create-react-app/docs/deployment)
67 | 
68 | ### `yarn build` fails to minify
69 | 
70 | This section has moved here: [https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify](https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify)
71 | 


--------------------------------------------------------------------------------
/src/backend/app.py:
--------------------------------------------------------------------------------
  1 | import json
  2 | import logging
  3 | import os
  4 | import sys
  5 | from datetime import timedelta
  6 | 
  7 | import awsiot.greengrasscoreipc
  8 | import awsiot.greengrasscoreipc.client as client
  9 | import awsiot.greengrasscoreipc.model as model
 10 | from flask import Flask, jsonify, request
 11 | from flask_login import LoginManager, UserMixin, current_user, login_user, logout_user
 12 | from flask_socketio import SocketIO, disconnect, send
 13 | 
 14 | # Setup logging to stdout
 15 | logger = logging.getLogger(__name__)
 16 | logging.basicConfig(stream=sys.stdout, level=logging.DEBUG)
 17 | 
 18 | app = Flask(__name__)
 19 | app.config.update(
 20 |     DEBUG=True,
 21 |     SECRET_KEY="greengrass-v2-example",
 22 |     PERMANENT_SESSION_LIFETIME=timedelta(minutes=15),
 23 | )
 24 | login_manager = LoginManager()
 25 | login_manager.init_app(app)
 26 | TIMEOUT = 10
 27 | socket_io = SocketIO(app, cors_allowed_origins="*")
 28 | users = [{"id": 46, "username": "test", "password": "test"}]
 29 | 
 30 | 
 31 | class User(UserMixin):
 32 |     pass
 33 | 
 34 | 
 35 | def get_user(user_id: int):
 36 |     for user in users:
 37 |         if int(user["id"]) == int(user_id):
 38 |             return user
 39 | 
 40 | 
 41 | @login_manager.user_loader
 42 | def user_loader(id: int):
 43 |     user = get_user(id)
 44 |     if user:
 45 |         user_model = User()
 46 |         user_model.id = user["id"]
 47 |         return user_model
 48 | 
 49 | 
 50 | @app.route("/api/login", methods=["POST"])
 51 | def login():
 52 |     data = request.json
 53 |     username = data.get("username")
 54 |     password = data.get("password")
 55 | 
 56 |     for user in users:
 57 |         if user["username"] == username and user["password"] == password:
 58 |             user_model = User()
 59 |             user_model.id = user["id"]
 60 |             login_user(user_model)
 61 |             return jsonify({"authenticated": True})
 62 | 
 63 |     return jsonify({"authenticated": False})
 64 | 
 65 | 
 66 | @app.route("/api/logout", methods=["GET"])
 67 | def logout():
 68 |     logout_user()
 69 |     return jsonify({"authenticated": False})
 70 | 
 71 | 
 72 | @app.route("/api/authenticated", methods=["GET"])
 73 | def check_authenticated():
 74 |     return jsonify({"authenticated": current_user.is_authenticated})
 75 | 
 76 | 
 77 | class SubscribeTopicHandler(client.SubscribeToIoTCoreStreamHandler):
 78 |     """
 79 |     Event handler for SubscribeToTopicOperation
 80 | 
 81 |     Inherit from this class and override methods to handle
 82 |     stream events during a SubscribeToTopicOperation.
 83 |     """
 84 | 
 85 |     def __init__(self, socket_io_app):
 86 |         super().__init__()
 87 |         self.socket_io = socket_io_app
 88 | 
 89 |     def on_stream_event(self, event: model.IoTCoreMessage) -> None:
 90 |         """
 91 |         Invoked when a SubscriptionResponseMessage is received.
 92 |         """
 93 |         payload = {"payload": json.loads(event.message.payload.decode())}
 94 | 
 95 |         self.socket_io.emit("message", payload)
 96 |         logger.info("message sent from SubscribeTopicHandler!")
 97 | 
 98 | 
 99 | def subscribe_to_core(socket_io_app):
100 |     ipc_client = awsiot.greengrasscoreipc.connect()
101 | 
102 |     subscribe_operation = ipc_client.new_subscribe_to_iot_core(
103 |         stream_handler=SubscribeTopicHandler(socket_io_app)
104 |     )
105 |     subscribe_operation.activate(
106 |         request=model.SubscribeToIoTCoreRequest(
107 |             topic_name="{}/subscribe".format(os.environ["AWS_IOT_THING_NAME"]),
108 |             qos=model.QOS.AT_LEAST_ONCE,
109 |         )
110 |     )
111 | 
112 | 
113 | @socket_io.on("connect")
114 | def connect_handler():
115 |     if current_user.is_authenticated:
116 |         socket_io.emit(
117 |             "message", {"payload": "New socket has connected"}, broadcast=True,
118 |         )
119 |         logger.info("connect() - authenticated user!")
120 |     else:
121 |         return False
122 | 
123 | 
124 | @socket_io.on("publish")
125 | def handle_message(msg):
126 | 
127 |     if current_user.is_authenticated:
128 | 
129 |         ipc_client = awsiot.greengrasscoreipc.connect()
130 | 
131 |         topic = "{}/publish".format(os.environ["AWS_IOT_THING_NAME"])
132 |         data = {"msg": msg}
133 | 
134 |         publish_operation = ipc_client.new_publish_to_iot_core()
135 |         publish_operation.activate(
136 |             request=model.PublishToIoTCoreRequest(
137 |                 topic_name=topic,
138 |                 qos=model.QOS.AT_MOST_ONCE,
139 |                 payload=json.dumps(data).encode(),
140 |             )
141 |         )
142 | 
143 | 
144 | def get_secret():
145 | 
146 |     ipc_client = awsiot.greengrasscoreipc.connect()
147 | 
148 |     get_secret_value = ipc_client.new_get_secret_value()
149 |     get_secret_value.activate(
150 |         request=model.GetSecretValueRequest(secret_id="localwebserver_credentials")
151 |     )
152 |     secret_response = get_secret_value.get_response().result()
153 |     secrets = json.loads(secret_response.secret_value.secret_string)
154 |     get_secret_value.close()
155 | 
156 |     users = [
157 |         {"id": 1, "username": secrets["username"], "password": secrets["password"]}
158 |     ]
159 | 
160 | 
161 | if __name__ == "__main__":  # pragma: no cover
162 | 
163 |     get_secret()
164 |     subscribe_to_core(socket_io)
165 |     socket_io.run(app, host="0.0.0.0", port=5000)
166 | 


--------------------------------------------------------------------------------
/src/frontend/src/App.js:
--------------------------------------------------------------------------------
  1 | import React from 'react';
  2 | import './App.css';
  3 | import { io } from "socket.io-client";
  4 | import axios from 'axios';
  5 | 
  6 | const intervalMilliseconds = 10000;
  7 | let endPoint = "https://localhost:3000";
  8 | let socket = io(endPoint, {
  9 |   autoConnect: false
 10 | });
 11 | let intervalId = null;
 12 | 
 13 | 
 14 | class App extends React.Component {
 15 | 
 16 |   constructor(props) {
 17 |     super(props);
 18 |     this.state = {
 19 |       username: '',
 20 |       password: '',
 21 |       authenticated: true,
 22 |       publishString: '',
 23 |       incomingMessages: ''
 24 |     };
 25 | 
 26 |     this.publishMessage = this.publishMessage.bind(this);
 27 |     this.handleInputChange = this.handleInputChange.bind(this);
 28 |     this.handleSubmit = this.handleSubmit.bind(this);
 29 |     this.logout = this.logout.bind(this);
 30 |   }
 31 | 
 32 |   handleInputChange(event) {
 33 |     const target = event.target;
 34 |     const value = target.value;
 35 |     const name = target.name;
 36 | 
 37 |     this.setState({
 38 |       [name]: value
 39 |     });
 40 |   }
 41 | 
 42 |   handleSubmit(event) {
 43 | 
 44 |     this.login();
 45 |     event.preventDefault();
 46 | 
 47 |   }
 48 | 
 49 |   componentDidMount() {
 50 | 
 51 |     this.check_authentication();
 52 | 
 53 |   }
 54 | 
 55 |   publishMessage() {
 56 |     const { publishString } = this.state;
 57 |     socket.emit('publish', publishString);
 58 |   }
 59 | 
 60 |   login() {
 61 |     const { username, password } = this.state;
 62 |     axios.post(endPoint + '/api/login', {
 63 |       "username": username,
 64 |       "password": password
 65 |     }).then(response => {
 66 |       this.setState({ authenticated: response.data.authenticated });
 67 |       this.start_socket();
 68 |     });
 69 |   }
 70 | 
 71 |   logout() {
 72 | 
 73 |     axios.get(endPoint + '/api/logout')
 74 |       .then(response => {
 75 |         this.setState({ authenticated: response.data.authenticated });
 76 |         this.close_socket();
 77 |       });
 78 |   }
 79 | 
 80 |   close_socket() {
 81 |     clearInterval(intervalId);
 82 |     socket.off();
 83 |     socket.disconnect();
 84 |   }
 85 | 
 86 |   start_socket() {
 87 | 
 88 |     socket.connect();
 89 | 
 90 |     intervalId = setInterval(() => {
 91 | 
 92 |       axios.get(endPoint + '/api/authenticated')
 93 |         .then(response => {
 94 |           this.setState({ authenticated: response.data.authenticated });
 95 |           const { authenticated } = this.state;
 96 |           if (!authenticated) {
 97 |             this.close_socket();
 98 |           }
 99 |         });
100 | 
101 |     }, intervalMilliseconds);
102 | 
103 |     socket.on('connect', () => {
104 | 
105 |     });
106 | 
107 |     socket.on('message', msg => {
108 |       console.log(msg);
109 |       const date = new Date();
110 |       let dateString = date.toISOString();
111 |       this.setState(prevState => ({ incomingMessages: prevState.incomingMessages.concat(`\n${dateString} - ${JSON.stringify(msg["payload"])}`) }))
112 |     });
113 | 
114 |   }
115 | 
116 |   check_authentication() {
117 | 
118 |     axios.get(endPoint + '/api/authenticated')
119 |       .then(response => {
120 |         this.setState({ authenticated: response.data.authenticated });
121 |         const { authenticated } = this.state;
122 |         if (authenticated) {
123 |           this.start_socket();
124 |         }
125 |       });
126 |   }
127 | 
128 |   render() {
129 |     const { authenticated } = this.state;
130 |     return (
131 |       <div className="App">
132 |         <header className="App-header">
133 |           {!authenticated && <form className="row row-cols-lg-auto g-3 align-items-center" onSubmit={this.handleSubmit}>
134 |             <div className="col-12">
135 |               <input id="username" name="username" placeholder="Username" type="text" className="form-control" value={this.state.username} onChange={this.handleInputChange} />
136 |             </div>
137 |             <div className="col-12">
138 |               <input id="password" name="password" placeholder="Password" type="password" className="form-control" value={this.state.password} onChange={this.handleInputChange} />
139 |             </div>
140 |             <div className="col-12">
141 |               <button type="submit" className="btn btn-primary">Login</button>
142 |             </div>
143 |           </form>}
144 |           {authenticated &&
145 |             <div>
146 |               <div className="App-logout">
147 |                 <button className="btn btn-primary" onClick={this.logout}>Logout</button>
148 |               </div>
149 |               <br />
150 |               <div className="mb-3">
151 |                 <label htmlFor="incoming_messages" className="form-label">Incoming messages from AWS IoT Core</label>
152 |                 <div id="incoming_messages_help" className="form-text">Subscribed to the topic AWS_IOT_THING_NAME/publish</div>
153 |                 <textarea disabled rows="5" className="form-control" id="incomingMessages" name="incomingMessages" aria-describedby="incoming_messages_help" value={this.state.incomingMessages} onChange={this.handleInputChange} />
154 |               </div>
155 |               <div className="mb-3">
156 |                 <label htmlFor="publish_string" className="form-label">Publish a message to AWS IoT Core</label>
157 |                 <div id="publishHelp" className="form-text">Published to the topic AWS_IOT_THING_NAME/subscribe</div>
158 |                 <input id="publishString" name="publishString" placeholder="String to publish" type="text" className="form-control" value={this.state.publishString} onChange={this.handleInputChange} />
159 |               </div>
160 |               <button className="btn btn-success" onClick={this.publishMessage}>Publish</button>
161 |             </div>
162 |           }
163 | 
164 |         </header>
165 |       </div>
166 |     );
167 |   }
168 | }
169 | 
170 | export default App;
171 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | 
  2 | # Created by https://www.toptal.com/developers/gitignore/api/pycharm,python
  3 | # Edit at https://www.toptal.com/developers/gitignore?templates=pycharm,python
  4 | 
  5 | ### PyCharm ###
  6 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
  7 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
  8 | 
  9 | # User-specific stuff
 10 | .idea/**/workspace.xml
 11 | .idea/**/tasks.xml
 12 | .idea/**/usage.statistics.xml
 13 | .idea/**/dictionaries
 14 | .idea/**/shelf
 15 | 
 16 | # AWS User-specific
 17 | .idea/**/aws.xml
 18 | 
 19 | # Generated files
 20 | .idea/**/contentModel.xml
 21 | 
 22 | # Sensitive or high-churn files
 23 | .idea/**/dataSources/
 24 | .idea/**/dataSources.ids
 25 | .idea/**/dataSources.local.xml
 26 | .idea/**/sqlDataSources.xml
 27 | .idea/**/dynamic.xml
 28 | .idea/**/uiDesigner.xml
 29 | .idea/**/dbnavigator.xml
 30 | 
 31 | # Gradle
 32 | .idea/**/gradle.xml
 33 | .idea/**/libraries
 34 | 
 35 | # Gradle and Maven with auto-import
 36 | # When using Gradle or Maven with auto-import, you should exclude module files,
 37 | # since they will be recreated, and may cause churn.  Uncomment if using
 38 | # auto-import.
 39 | # .idea/artifacts
 40 | # .idea/compiler.xml
 41 | # .idea/jarRepositories.xml
 42 | # .idea/modules.xml
 43 | # .idea/*.iml
 44 | # .idea/modules
 45 | # *.iml
 46 | # *.ipr
 47 | 
 48 | # CMake
 49 | cmake-build-*/
 50 | 
 51 | # Mongo Explorer plugin
 52 | .idea/**/mongoSettings.xml
 53 | 
 54 | # File-based project format
 55 | *.iws
 56 | 
 57 | # IntelliJ
 58 | out/
 59 | 
 60 | # mpeltonen/sbt-idea plugin
 61 | .idea_modules/
 62 | 
 63 | # JIRA plugin
 64 | atlassian-ide-plugin.xml
 65 | 
 66 | # Cursive Clojure plugin
 67 | .idea/replstate.xml
 68 | 
 69 | # Crashlytics plugin (for Android Studio and IntelliJ)
 70 | com_crashlytics_export_strings.xml
 71 | crashlytics.properties
 72 | crashlytics-build.properties
 73 | fabric.properties
 74 | 
 75 | # Editor-based Rest Client
 76 | .idea/httpRequests
 77 | 
 78 | # Android studio 3.1+ serialized cache file
 79 | .idea/caches/build_file_checksums.ser
 80 | 
 81 | ### PyCharm Patch ###
 82 | # Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721
 83 | 
 84 | # *.iml
 85 | # modules.xml
 86 | # .idea/misc.xml
 87 | # *.ipr
 88 | 
 89 | # Sonarlint plugin
 90 | # https://plugins.jetbrains.com/plugin/7973-sonarlint
 91 | .idea/**/sonarlint/
 92 | 
 93 | # SonarQube Plugin
 94 | # https://plugins.jetbrains.com/plugin/7238-sonarqube-community-plugin
 95 | .idea/**/sonarIssues.xml
 96 | 
 97 | # Markdown Navigator plugin
 98 | # https://plugins.jetbrains.com/plugin/7896-markdown-navigator-enhanced
 99 | .idea/**/markdown-navigator.xml
100 | .idea/**/markdown-navigator-enh.xml
101 | .idea/**/markdown-navigator/
102 | 
103 | # Cache file creation bug
104 | # See https://youtrack.jetbrains.com/issue/JBR-2257
105 | .idea/$CACHE_FILE$
106 | 
107 | # CodeStream plugin
108 | # https://plugins.jetbrains.com/plugin/12206-codestream
109 | .idea/codestream.xml
110 | 
111 | ### Python ###
112 | # Byte-compiled / optimized / DLL files
113 | __pycache__/
114 | *.py[cod]
115 | *$py.class
116 | 
117 | # C extensions
118 | *.so
119 | 
120 | # Distribution / packaging
121 | .Python
122 | build/
123 | custom-build/
124 | greengrass-build/
125 | develop-eggs/
126 | dist/
127 | downloads/
128 | eggs/
129 | .eggs/
130 | lib/
131 | lib64/
132 | parts/
133 | sdist/
134 | var/
135 | wheels/
136 | share/python-wheels/
137 | *.egg-info/
138 | .installed.cfg
139 | *.egg
140 | MANIFEST
141 | 
142 | # PyInstaller
143 | #  Usually these files are written by a python script from a template
144 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
145 | *.manifest
146 | *.spec
147 | 
148 | # Installer logs
149 | pip-log.txt
150 | pip-delete-this-directory.txt
151 | 
152 | # Unit test / coverage reports
153 | htmlcov/
154 | .tox/
155 | .nox/
156 | .coverage
157 | .coverage.*
158 | .cache
159 | nosetests.xml
160 | coverage.xml
161 | *.cover
162 | *.py,cover
163 | .hypothesis/
164 | .pytest_cache/
165 | cover/
166 | 
167 | # Translations
168 | *.mo
169 | *.pot
170 | 
171 | # Django stuff:
172 | *.log
173 | local_settings.py
174 | db.sqlite3
175 | db.sqlite3-journal
176 | 
177 | # Flask stuff:
178 | instance/
179 | .webassets-cache
180 | 
181 | # Scrapy stuff:
182 | .scrapy
183 | 
184 | # Sphinx documentation
185 | docs/_build/
186 | 
187 | # PyBuilder
188 | .pybuilder/
189 | target/
190 | 
191 | # Jupyter Notebook
192 | .ipynb_checkpoints
193 | 
194 | # IPython
195 | profile_default/
196 | ipython_config.py
197 | 
198 | # pyenv
199 | #   For a library or package, you might want to ignore these files since the code is
200 | #   intended to run in multiple environments; otherwise, check them in:
201 | # .python-version
202 | 
203 | # pipenv
204 | #   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
205 | #   However, in case of collaboration, if having platform-specific dependencies or dependencies
206 | #   having no cross-platform support, pipenv may install dependencies that don't work, or not
207 | #   install all needed dependencies.
208 | #Pipfile.lock
209 | 
210 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow
211 | __pypackages__/
212 | 
213 | # Celery stuff
214 | celerybeat-schedule
215 | celerybeat.pid
216 | 
217 | # SageMath parsed files
218 | *.sage.py
219 | 
220 | # Environments
221 | .env
222 | .venv
223 | env/
224 | venv/
225 | ENV/
226 | env.bak/
227 | venv.bak/
228 | 
229 | # Spyder project settings
230 | .spyderproject
231 | .spyproject
232 | 
233 | # Rope project settings
234 | .ropeproject
235 | 
236 | # mkdocs documentation
237 | /site
238 | 
239 | # mypy
240 | .mypy_cache/
241 | .dmypy.json
242 | dmypy.json
243 | 
244 | # Pyre type checker
245 | .pyre/
246 | 
247 | # pytype static type analyzer
248 | .pytype/
249 | 
250 | # Cython debug symbols
251 | cython_debug/
252 | 
253 | # End of https://www.toptal.com/developers/gitignore/api/pycharm,python
254 | 
255 | .idea/*
256 | 
257 | ./custom-build
258 | ./greengrass-build
259 | .coverage
260 | 
261 | *.crt
262 | *.key
263 | *.srl
264 | *.csr


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # aws.greengrass.labs.LocalWebServer
  2 | 
  3 | This repository contains code artifacts deploying an interactive local web server hosted on a Linux-based Greengrass v2 device.
  4 | 
  5 | This component demonstrates how to implement a local web server on Greengrass v2.  Some industrial IoT solutions require customers to have a HMI (human machine interface) to visualize/interact with the state of the device(s). This implementation includes a Flask (Python) backend, and a React (JavaScript) frontend. The aws.greengrass.labs.LocalWebServer component shows how Flask + SocketIO can be integrated with the (Python) AWS IoT Device SDK for interprocess communication (IPC) on Greengrass v2. With a Flask + SocketIO application integrated with Greengrass IPC, a process using the SocketIO client can access the MQTT broker (via proxy) over SocketIO.  A basic [create-react-app](https://github.com/facebook/create-react-app) application using the JavaScript SocketIO client can publish/subscribe messages to the Flask + SocketIO server, which acts as a bridge to the local MQTT broker on Greengrass.
  6 | 
  7 | ## Architecture
  8 | 
  9 | ### Component
 10 | 
 11 | There are three artifacts included in this component: a docker-compose.yaml file, and two Docker images for each the React application and the Flask+SocketIO application.  When docker-compose up is executed (as defined in the Greengrass component recipe), both containers are initialized and a local network is created - the Flask+SocketIO application is exposed over port 5000, while the React application is exposed over port 3000. In addition, a NGINX server is included in the React app Docker image, for serving the React application, and providing a reverse proxy for all API calls to the Flask+SocketIO container.
 12 | 
 13 | ![Architecture - Component](docs/aws.greengrass.labs.LocalWebServer.png)
 14 | 
 15 | ## Requirements
 16 | ### AWS IoT Greengrass v2
 17 | 
 18 | If you haven't already installed the Greengrass v2 runtime on your device, you can follow the tutorial [here](https://docs.aws.amazon.com/greengrass/v2/developerguide/getting-started.html).
 19 | 
 20 | ### Docker
 21 | 
 22 | On the Greengrass v2 core device, the following must be installed:
 23 |     
 24 | * [Docker](https://docs.docker.com/get-docker/)
 25 | * [docker-compose](https://docs.docker.com/compose/install/)
 26 |     
 27 | 
 28 | ### Create secret in AWS Secrets Manager
 29 | 
 30 | First, we need to provide a username and password for authenticating into local web server on the device. Make sure to take note of the ARN for deployment!
 31 | 
 32 | > NOTE: you will need the [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) installed to run the following commands. You can optionally create this secret in the AWS Management Console instead
 33 | 
 34 | > NOTE: make sure you close this terminal session after the tutorial to protect your password.
 35 | 
 36 | > NOTE: in macOS, run `bash` before running the following commands.
 37 | 
 38 | ```console
 39 | read -s -p "Enter user:" LOCALWEBSERVER_USER
 40 | read -s -p "Enter password:" LOCALWEBSERVER_PASSWORD
 41 | aws secretsmanager create-secret --name localwebserver_credentials
 42 | aws secretsmanager put-secret-value --secret-id localwebserver_credentials --secret-string "{\"username\":\"$LOCALWEBSERVER_USER\",\"password\":\"$LOCALWEBSERVER_PASSWORD\"}"
 43 | ```
 44 | 
 45 | ## Dependencies
 46 | 
 47 | When you deploy a component, AWS IoT Greengrass also deploys compatible versions of its dependencies. This means that you must meet the requirements for the component and all of its dependencies to successfully deploy the component. This section lists the dependencies for the released versions of this component and the semantic version constraints that define the component versions for each dependency. You can also view the dependencies for each version of the component in the [AWS IoT Greengrass console](https://console.aws.amazon.com/greengrass). On the component details page, look for the Dependencies list.
 48 | 
 49 | ### 1.0.0
 50 | 
 51 | | Dependency | Compatible versions | Dependency type |
 52 | |---|---|---|
 53 | | aws.greengrass.Nucleus | >=2.4.0 | Soft |
 54 | | aws.greengrass.SecretManager | >=2.0.9 | Soft |
 55 | 
 56 | ## Build and publish Greengrass component
 57 | 
 58 | ### Update the GDK configuration file
 59 | 
 60 | Update the **bucket** and **region** values in **gdk-config.json** to values of your choosing.
 61 | 
 62 | ### Add a SSL certificate/key 
 63 | 
 64 | The front-end Docker image in this Greengrass component uses SSL, and expects both a certificate and key at build-time.
 65 | 
 66 | If you already have a valid SSL certificate and key for your web server, rename to **ssl.crt** and **ssl.key**, and copy both to **src/frontend**.
 67 | 
 68 | If you need a temporary SSL certificate and key for development purposes only, follow the instructions below.
 69 | 
 70 | First, we need to create a certificate authority that we will use to sign SSL certificates for localhost development/debugging. For a production environment, you should acquire/purchase a certificate verified by a trusted certificate authority.
 71 | 
 72 | > NOTE: the following -subj arguments can be modified, and are example values only
 73 | 
 74 | ```console
 75 | openssl genrsa -out localhostRootCA.key 2048
 76 | openssl req -x509 -new -nodes -key localhostRootCA.key -sha256 -days 3650 -out localhostRootCA.crt -subj "/C=US/ST=Washington/L=Seattle/O=Localhost Signing Authority/CN=Localhost Signing Authority"
 77 | ```
 78 | 
 79 | Next, we will create a SSL certificate and key using the previously created certificate authority and the parameters configured in **req.conf**.
 80 | 
 81 | > NOTE: the values in req.conf can be modified, and are example values only
 82 | 
 83 | ```console
 84 | openssl req -new -sha256 -nodes -newkey rsa:2048 -keyout ssl.key -out ssl.csr -config req.conf
 85 | openssl x509 -req -in ssl.csr -CA localhostRootCA.crt -CAkey localhostRootCA.key -CAcreateserial -out ssl.crt -sha256 -days 3650 -extfile req.conf -extensions v3_ca
 86 | ```
 87 | 
 88 | Lastly, copy both **ssl.crt** and **ssl.key** to **src/frontend**.
 89 | 
 90 | If you needed to create a development certificate authority, you need trust this certificate authority (the localhostRootCA.crt file) in your device browser (i.e. in Chrome, go to **Settings > Privacy and security > Security > Manage Certificates** to import a new certificate authority.  You will only need to import this certificate authority once per device.
 91 | 
 92 | ### Run GDK commands
 93 | 
 94 | ```console
 95 | gdk component build
 96 | ```
 97 | 
 98 | ```console
 99 | gdk component publish
100 | ```
101 | 
102 | ## Configure and update Greengrass deployment
103 | 
104 | ### Update IAM role for Greengrass role alias
105 | 
106 | You will need to grant permissions for the IAM role to read from the S3 bucket with your component(s), and also read the secret created in AWS Secrets Manager.
107 | 
108 | ### Navigate to AWS IoT Greengrass & Deployments
109 | 
110 | In the AWS Management Console, navigate to AWS IoT Greengrass, and click **Deployments**
111 | 
112 | Notice the different deployments that are listed - one for the specific Core device, and another for the Thing group that the Core device is associated to. Click **Deployment for YOUR_GROUP_NAME**.
113 |  
114 | ### Revise an existing Deployment
115 | 
116 | Notice the IoT Job featured at the top - this is responsible for continuously deploying this deployment configuration out to associated targets. Click Revise to update the deployment.
117 | 
118 | If prompted, click **Revise Deployment**.
119 | 
120 | In **Step 1 - Specify Target**, click **Next**.
121 | 
122 | ### Add component
123 | 
124 | Unselect **Show only selected components** under **My Components** and **Public Components**. Then make sure the following components are checked:
125 | 
126 | * aws.greengrass.labs.LocalWebServer
127 | * aws.greengrass.SecretManager
128 | 
129 | Then, click Next.
130 | 
131 | ### Finish deployment
132 | 
133 | In **Step 3 - Configure components**, select **aws.greengrass.SecretManager**, and click **Configure component**.
134 | 
135 | In **Configuration to merge**, paste the following JSON with your secret ARN for the local web server (from previous instruction). Then click **Confirm**.
136 | 
137 | ```json
138 | { "cloudSecrets": [{ "arn": "arn:aws:secretsmanager:REGION:ACCOUNT:secret:localwebserver_credentials-SUFFIX" }] }
139 | ```
140 | 
141 | In **Step 4 - Configure advanced settings**, click **Next**.
142 | 
143 | In **Step 5 - Review**, click **Deploy**.
144 | 
145 | ## Using the component
146 | 
147 | ### Navigate to AWS IoT MQTT test client
148 | 
149 | * In the AWS Management Console, navigate to AWS IoT, and click **Test >> MQTT Test client**
150 | * Enter **#** in **Subscription topic** and click **Subscribe to topic**
151 | * You should see different state/actions information being published in console below when interacting with React application.
152 | 
153 | ### Edge device interaction
154 | 
155 | On the device, open the url **https://localhost:3000** in a browser (i.e. Chromium). You will be prompted to login with the credentials you stored in AWS Secrets Manager:
156 | 
157 | ![Login](docs/login.png)
158 | 
159 | After logging in, you can see incoming messages that were published on the topic **<AWS_IOT_THING_NAME>/subscribe**, and you can also publish messages to **<AWS_IOT_THING_NAME>/publish**
160 | 
161 | > NOTE: Login sessions are configured to last for 15 minutes by default. You will automatically be logged out after this duration has passed.
162 | 
163 | ![Authenticated](docs/authenticated.png)
164 | 
165 | ## Testing
166 | 
167 | ## PyTest + Coverage
168 | 
169 | Make sure you have the following packages installed:
170 | 
171 | ```console
172 | pip install pytest pytest-mock pytest-cov flask-socketio flask-login awsiotsdk
173 | ```
174 | 
175 | Then run the following to get coverage tests on the backend application that will run on the device:
176 | 
177 | ```console
178 | pytest --cov=src/ --cov-report=html
179 | ```
180 | 
181 | ## Changelog
182 | 
183 | The following table describes the changes in each version of the component.
184 | 
185 | | Version | Changes |
186 | |---|---|
187 | | 1.0.0 | Initial version |
188 | 
189 | ## Security
190 | 
191 | See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.
192 | 
193 | ## License
194 | 
195 | This project is licensed under the Apache-2.0 License.
196 | 
197 | 
198 | 
199 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 | 
  2 |                                  Apache License
  3 |                            Version 2.0, January 2004
  4 |                         http://www.apache.org/licenses/
  5 | 
  6 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  7 | 
  8 |    1. Definitions.
  9 | 
 10 |       "License" shall mean the terms and conditions for use, reproduction,
 11 |       and distribution as defined by Sections 1 through 9 of this document.
 12 | 
 13 |       "Licensor" shall mean the copyright owner or entity authorized by
 14 |       the copyright owner that is granting the License.
 15 | 
 16 |       "Legal Entity" shall mean the union of the acting entity and all
 17 |       other entities that control, are controlled by, or are under common
 18 |       control with that entity. For the purposes of this definition,
 19 |       "control" means (i) the power, direct or indirect, to cause the
 20 |       direction or management of such entity, whether by contract or
 21 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 22 |       outstanding shares, or (iii) beneficial ownership of such entity.
 23 | 
 24 |       "You" (or "Your") shall mean an individual or Legal Entity
 25 |       exercising permissions granted by this License.
 26 | 
 27 |       "Source" form shall mean the preferred form for making modifications,
 28 |       including but not limited to software source code, documentation
 29 |       source, and configuration files.
 30 | 
 31 |       "Object" form shall mean any form resulting from mechanical
 32 |       transformation or translation of a Source form, including but
 33 |       not limited to compiled object code, generated documentation,
 34 |       and conversions to other media types.
 35 | 
 36 |       "Work" shall mean the work of authorship, whether in Source or
 37 |       Object form, made available under the License, as indicated by a
 38 |       copyright notice that is included in or attached to the work
 39 |       (an example is provided in the Appendix below).
 40 | 
 41 |       "Derivative Works" shall mean any work, whether in Source or Object
 42 |       form, that is based on (or derived from) the Work and for which the
 43 |       editorial revisions, annotations, elaborations, or other modifications
 44 |       represent, as a whole, an original work of authorship. For the purposes
 45 |       of this License, Derivative Works shall not include works that remain
 46 |       separable from, or merely link (or bind by name) to the interfaces of,
 47 |       the Work and Derivative Works thereof.
 48 | 
 49 |       "Contribution" shall mean any work of authorship, including
 50 |       the original version of the Work and any modifications or additions
 51 |       to that Work or Derivative Works thereof, that is intentionally
 52 |       submitted to Licensor for inclusion in the Work by the copyright owner
 53 |       or by an individual or Legal Entity authorized to submit on behalf of
 54 |       the copyright owner. For the purposes of this definition, "submitted"
 55 |       means any form of electronic, verbal, or written communication sent
 56 |       to the Licensor or its representatives, including but not limited to
 57 |       communication on electronic mailing lists, source code control systems,
 58 |       and issue tracking systems that are managed by, or on behalf of, the
 59 |       Licensor for the purpose of discussing and improving the Work, but
 60 |       excluding communication that is conspicuously marked or otherwise
 61 |       designated in writing by the copyright owner as "Not a Contribution."
 62 | 
 63 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 64 |       on behalf of whom a Contribution has been received by Licensor and
 65 |       subsequently incorporated within the Work.
 66 | 
 67 |    2. Grant of Copyright License. Subject to the terms and conditions of
 68 |       this License, each Contributor hereby grants to You a perpetual,
 69 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 70 |       copyright license to reproduce, prepare Derivative Works of,
 71 |       publicly display, publicly perform, sublicense, and distribute the
 72 |       Work and such Derivative Works in Source or Object form.
 73 | 
 74 |    3. Grant of Patent License. Subject to the terms and conditions of
 75 |       this License, each Contributor hereby grants to You a perpetual,
 76 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 77 |       (except as stated in this section) patent license to make, have made,
 78 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 79 |       where such license applies only to those patent claims licensable
 80 |       by such Contributor that are necessarily infringed by their
 81 |       Contribution(s) alone or by combination of their Contribution(s)
 82 |       with the Work to which such Contribution(s) was submitted. If You
 83 |       institute patent litigation against any entity (including a
 84 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 85 |       or a Contribution incorporated within the Work constitutes direct
 86 |       or contributory patent infringement, then any patent licenses
 87 |       granted to You under this License for that Work shall terminate
 88 |       as of the date such litigation is filed.
 89 | 
 90 |    4. Redistribution. You may reproduce and distribute copies of the
 91 |       Work or Derivative Works thereof in any medium, with or without
 92 |       modifications, and in Source or Object form, provided that You
 93 |       meet the following conditions:
 94 | 
 95 |       (a) You must give any other recipients of the Work or
 96 |           Derivative Works a copy of this License; and
 97 | 
 98 |       (b) You must cause any modified files to carry prominent notices
 99 |           stating that You changed the files; and
100 | 
101 |       (c) You must retain, in the Source form of any Derivative Works
102 |           that You distribute, all copyright, patent, trademark, and
103 |           attribution notices from the Source form of the Work,
104 |           excluding those notices that do not pertain to any part of
105 |           the Derivative Works; and
106 | 
107 |       (d) If the Work includes a "NOTICE" text file as part of its
108 |           distribution, then any Derivative Works that You distribute must
109 |           include a readable copy of the attribution notices contained
110 |           within such NOTICE file, excluding those notices that do not
111 |           pertain to any part of the Derivative Works, in at least one
112 |           of the following places: within a NOTICE text file distributed
113 |           as part of the Derivative Works; within the Source form or
114 |           documentation, if provided along with the Derivative Works; or,
115 |           within a display generated by the Derivative Works, if and
116 |           wherever such third-party notices normally appear. The contents
117 |           of the NOTICE file are for informational purposes only and
118 |           do not modify the License. You may add Your own attribution
119 |           notices within Derivative Works that You distribute, alongside
120 |           or as an addendum to the NOTICE text from the Work, provided
121 |           that such additional attribution notices cannot be construed
122 |           as modifying the License.
123 | 
124 |       You may add Your own copyright statement to Your modifications and
125 |       may provide additional or different license terms and conditions
126 |       for use, reproduction, or distribution of Your modifications, or
127 |       for any such Derivative Works as a whole, provided Your use,
128 |       reproduction, and distribution of the Work otherwise complies with
129 |       the conditions stated in this License.
130 | 
131 |    5. Submission of Contributions. Unless You explicitly state otherwise,
132 |       any Contribution intentionally submitted for inclusion in the Work
133 |       by You to the Licensor shall be under the terms and conditions of
134 |       this License, without any additional terms or conditions.
135 |       Notwithstanding the above, nothing herein shall supersede or modify
136 |       the terms of any separate license agreement you may have executed
137 |       with Licensor regarding such Contributions.
138 | 
139 |    6. Trademarks. This License does not grant permission to use the trade
140 |       names, trademarks, service marks, or product names of the Licensor,
141 |       except as required for reasonable and customary use in describing the
142 |       origin of the Work and reproducing the content of the NOTICE file.
143 | 
144 |    7. Disclaimer of Warranty. Unless required by applicable law or
145 |       agreed to in writing, Licensor provides the Work (and each
146 |       Contributor provides its Contributions) on an "AS IS" BASIS,
147 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148 |       implied, including, without limitation, any warranties or conditions
149 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150 |       PARTICULAR PURPOSE. You are solely responsible for determining the
151 |       appropriateness of using or redistributing the Work and assume any
152 |       risks associated with Your exercise of permissions under this License.
153 | 
154 |    8. Limitation of Liability. In no event and under no legal theory,
155 |       whether in tort (including negligence), contract, or otherwise,
156 |       unless required by applicable law (such as deliberate and grossly
157 |       negligent acts) or agreed to in writing, shall any Contributor be
158 |       liable to You for damages, including any direct, indirect, special,
159 |       incidental, or consequential damages of any character arising as a
160 |       result of this License or out of the use or inability to use the
161 |       Work (including but not limited to damages for loss of goodwill,
162 |       work stoppage, computer failure or malfunction, or any and all
163 |       other commercial damages or losses), even if such Contributor
164 |       has been advised of the possibility of such damages.
165 | 
166 |    9. Accepting Warranty or Additional Liability. While redistributing
167 |       the Work or Derivative Works thereof, You may choose to offer,
168 |       and charge a fee for, acceptance of support, warranty, indemnity,
169 |       or other liability obligations and/or rights consistent with this
170 |       License. However, in accepting such obligations, You may act only
171 |       on Your own behalf and on Your sole responsibility, not on behalf
172 |       of any other Contributor, and only if You agree to indemnify,
173 |       defend, and hold each Contributor harmless for any liability
174 |       incurred by, or claims asserted against, such Contributor by reason
175 |       of your accepting any such warranty or additional liability.


--------------------------------------------------------------------------------