diff --git a/README.md b/README.md index 5c036e8..1553352 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,23 @@ # Coughvid Simple web application for the collection of sound records of cough from patients with Covid-19. This website was created with hugo+syna. The source project for the static part of the web is the syna-epfl folder. Once compiled, this is the "public" folder, that has been updated in the following way: - Add the `cgi-bin` folder for the ubuntu script. - Add the `js` folder and the app, jquery and progressbar sources. - Add the server SSL keys: `key.pem` and `cert.pem` -- Modify `index.html` to assign an id to the Record button, add the `#progressBar` and `#thanks` components, and the corresponding minor CSS tweaks. Also, include the required js files. \ No newline at end of file +- Modify `index.html` to assign an id to the Record button, add the `#progressBar` and `#thanks` components, and the corresponding minor CSS tweaks. Also, include the required js files. + +### Deployment instructions on coughvid.epfl.ch + +- All files and folders in the repository have to be copied to `/var/www/html/` (except `.git`, of course). +- The `upload.py` cgi script has to be copied to `/var/www/cgi-bin/`, with execution permissions. +- Update `upload.py` to set `DB_PATH = '/data/coughvid_records'`, and remove `cgitb`. +- The problems we found with SELinux so far were: + - Permission for running CGI scripts. Make sure that there is the appropriate rule in SELinux for the `/var/www/cgi-bin/` folder, with the command: `$ semanage fcontext --list | grep cgi-bin` + - `/var/www/cgi-bin(/.*)? all files system_u:object_r:httpd_sys_script_exec_t:s0` + - If still not working, `$ restorecon -Rv /var/www/**cgi**-bin/`. + - Add a rule in SELinux to give write permissions in the database folder: + - `$ semanage fcontext -a -t httpd_sys_rw_content_t "/data/coughvid_records(/.*)?"` + - `$ restorecon -Rv /data/coughvid_records/` \ No newline at end of file diff --git a/cert.pem b/cert.pem deleted file mode 100644 index d7484ae..0000000 --- a/cert.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID+zCCAuOgAwIBAgIUOjqG7ibjzu9KRwPHy9ZI6NjywK0wDQYJKoZIhvcNAQEL -BQAwgYwxCzAJBgNVBAYTAkNIMQ0wCwYDVQQIDARWYXVkMREwDwYDVQQHDAhMYXVz -YW5uZTENMAsGA1UECgwERVBGTDEMMAoGA1UECwwDRVNMMRcwFQYDVQQDDA5Ub21h -cyBUZWlqZWlybzElMCMGCSqGSIb3DQEJARYWdG9tYXMudGVpamVpcm9AZXBmbC5j -aDAeFw0yMDAzMjcxODU5NDdaFw0yMTAzMjcxODU5NDdaMIGMMQswCQYDVQQGEwJD -SDENMAsGA1UECAwEVmF1ZDERMA8GA1UEBwwITGF1c2FubmUxDTALBgNVBAoMBEVQ -RkwxDDAKBgNVBAsMA0VTTDEXMBUGA1UEAwwOVG9tYXMgVGVpamVpcm8xJTAjBgkq -hkiG9w0BCQEWFnRvbWFzLnRlaWplaXJvQGVwZmwuY2gwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDC60Pwuqjd5/sgyUfk1zlRIjm5atxBUY5mgbBb+qT4 -D+I8yaFGU/V3/kzxdsdfppmDCVrFFmEZZPzBWKx1KREwxSiiruodbvBW1nb+xDuU -hjPJrga0QBj/okZt5PCB1wWDfXx67blYHXqs50Z36TceFFQmoC08Nb/pr0Zvnf98 -/BLOu+j4vPr38CKpJirxkwsd//ZZx+nsgwi3i48czXXQPzb1HVDpvxwxGYLOoBMY -RW/rxTEeurMiKfXxP/eyYpC1w6aUzmhmrm0iw+eO4NP/f2D8D2r+Jqi/pgf7M/uJ -/p75k5lsfxwMnihi8bNedNqWKFhdDFsPSDNW9xPMOf7/AgMBAAGjUzBRMB0GA1Ud -DgQWBBQLuCl1Lo12J4kmBv/NH84xf2+CCzAfBgNVHSMEGDAWgBQLuCl1Lo12J4km -Bv/NH84xf2+CCzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC8 -0yhPVsSDvHBhgXm5/tBwg0XVYBgMK41+gkDNQHNUT5RNmoo5OtQD5Lh9q5E95ruu -4dTFVUzWwGBmvT0eagC0v4XoK4yN5gekp+1flEUlpGQbrACn4MXJAoquA1RH5mqz -j1/yJegH7+jn66Ft/b6SjdpLKkg8JdFlXgJ9InFcUaeU0GMT3gYh+s8ywHfxmf9T -57p2W+x863isYiXZgvIG8cU5N0n/uAXTv9B2/9goBCjAkMLS5B7s6GB01PB+ziNV -+b2jGzcxPRYxeQ/F660GI+Ga1k1ADlKQPZ2NooJ7s+8lVzxBysEKqWCPCnD30SDy -vmOz3gbKW5nWXUO4MoGz ------END CERTIFICATE----- diff --git a/cgi-bin/upload.py b/cgi-bin/upload.py index edd960f..1167e0f 100755 --- a/cgi-bin/upload.py +++ b/cgi-bin/upload.py @@ -1,48 +1,48 @@ #!/usr/bin/env python3 """ Created on Sat Mar 28 19:29:28 2020 This module implements a CGI service for uploading voice records in the coughvid web application. @author: T. Teijeiro """ import cgi import datetime #TODO disable cgitb in production import cgitb cgitb.enable() #Point this variable to the folder where the data will be stored DB_PATH = '/tmp' form = cgi.FieldStorage() # Get filename here. fileitem = form['audio_data'] latitude = form.getvalue('lat') longitude = form.getvalue('lon') mimeType = form.getvalue('mimeType') ext = 'wav' -if mimeType.startswith('audio/ogg;'): +if 'ogg' in mimeType: ext = 'ogg' -elif mimeType.startswith('audio/webm;'): +elif 'webm' in mimeType: ext = 'webm' label = 1 data = fileitem.file.read() #We limit the file size to 1MB, to prevent possible flooding attacks. if len(data) < 1000000: # Test if the file was uploaded filename = f'{datetime.datetime.now().isoformat()}_{latitude}_{longitude}_{label}.{ext}' with open(f'{DB_PATH}/{filename}', 'wb') as fout: fout.write(data) message = 'The recording was uploaded successfully' else: message = 'Record too long.' print(f"""\ Content-Type: text/html\n

{message}

""") diff --git a/key.pem b/key.pem deleted file mode 100644 index dba2f31..0000000 --- a/key.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIkN0kLBYnHqkCAggA -MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIR3UogH3u7NBIIEyDaAUCFYD/u2 -kV0Jl4J9AwF01JBfaQl3sqr6x2Z8qcEvMxA4Y7Wpv4WnUeA3SQdxAcTmmoNSQH8g -HZY4auvNkzZTpFO3WfscnyplCDEcRCUKFH4oxlp8GBWoW2CP13I0T9OuGFr1AUYG -LFrbBA+LE0isoYrD2aT2ps75NEtY1//gisE9hLLk5C6qv03dINn8UeSrUW+JijGp -Y1pmNLQB6eeBJTnZJ+Xmw2VU9FqxPHeZqJIeD/lhX5P7QZKVC1M+Znh7WN4G4GUg -rtrntT2vDLlAUCG8v1injzm1NCQ27UxPBXyZZFTXyonb26cmS3Oa9cvRwG+4/HCX -PgKGu7bQ+WqV/Quk4O6J1CO0Hj7P+EskBIXbUPA+vif/DGwsiwIcIEYBkPz8Xdv3 -qP5fWMlrwx3OQWYcvWXaQO9IVVFqMhXyE5yr9vHKoiFHZduhJSp/ich1JKVqPrHL -JNr2vCL5HJnjJXWsKjZxzdXVLoujtONzeXRU5M11tiu/8uDzsWeEcEtlzLsdBJ/g -SPqWRJXoupWOJP8YES1Wgdum/8smmwQ33HUf9Jhrliy/Ne6n3S5xgvetdN+33RB4 -CLVty3OCUnk9441KIFVweSxS+rwjSQQKvGxFUIkXB11RqkhwIlJmfTovvVWXUyXI -eZZ6sdRBmYxxBRtEvyefZPzdXp1fYe+XKsz3GJMKd+aIVjAp9w+iw79KzS1r+Epk -hfoGapu3XEX2cRnH3ravEoTAQP9M2y+Q2kfAMmevT9rfXwqmjfcUdzRFBtr6zBrl -Vc12go216AAfHta8++mYOEhiVDwbhW/xjhbMOzm1Npx2tlTUEUS2K+mZrWXFLfH8 -U6l21OxDA6eEXg8xZEoF4eVcKo9SsQKHLhGLwh0EgVuHrkH1E2zPj69Sa983hxn6 -O4yymohVG1xFZX4df3Zeo4Dd9sEQBk86NMsJPbWjNINbvqQdavP9G3ONA5bzaD+e -04YbkX1zaacv/nzzDYvBq6qmeJLWRIbaSwMND6fcMVVNDB5LsxrvGrYuLLJl8mDX -J/JknZMCqHm5HsdViHgKRZQji17cOr/k7uOszpTMKfcd0TyKKKqvs2HcB5tq3V1I -vBqB/eEEifx7T/B7SzT/RlLyptAVY4JxrsLfl3mTekXLgY7n0KLP8GfVCz39QjHJ -Lu+77DmsL/cD4BARc+UQ3XSD3ZQCj6tzL9XsJowBZSixQv8nLdrUfw5QKhksMCmO -CbMtWZ7jJ74L89H8xUqFZox822oiNxXtVBXbFszeiiIBpMMAIhLKlz94Mse2dmOb -EuaSH8bcdnpkcQkKXSIi0nLdy/w0whrTlc9cChig7uGcytCA/qrQRrbu/hqf4xR/ -3LjdhGDIdvhP/1YqA9zocIT1sZsa5aD4LyDlWZxcOMRyMgAFCxlqu3aVqHMOmkSd -1Cg34vCSp2R0Rxjq/qYn1cWGdy+vP/wv3VcKropG6pn+tlfOOqBgr+f2WUKwWVaw -axH2k8Oy6TIhWnpiH3On0y1+CRWrmPBAgLn50khbLOfzdWX1Dgk6jZr6zTSgDMTy -REUtxSdxuWBowtiRXOC22PDunel0GnYipBbP4pSguPrLnZORhv3U95oOiOSHbfMU -ZZDNv1ckNMDgrow1ASNQ/w== ------END ENCRYPTED PRIVATE KEY-----