Smartdoor Host Web Application

A Django web application to manage NFC keys for smartdoor cliant.

Caption: This website's Homepage, where the administrator can see and manage the list of user's keys.

This repository includes Dockerfile and docker-compose.yaml files so that you can easily setup the web application in a docker container. The instruction to deploy is given as follows.

Before getting started

The paulczar/omgwtfssl container image is used to create SSL certification, however, there is no arm64 version of this image for now. Therefore, if you use the arm based machine, you need to build the image by downloading sources from github repository (https://github.com/paulczar/omgwtfssl) and building its docker image like the following:

git clone https://github.com/paulczar/omgwtfssl.git
cd omgwtfssl
docker build -t paulczar/omgwtfssl .

Then, docker-compose can handle the built image when orchestrating containers.

0. Clone this repository

Clone this repository into your home directory.

git clone https://github.com/munechika-koyo/smartdoor_host.git
cd smartdoor_host

1. Set environmental values

Before starting docker containers, you need to write environmental values in .env file. The following script is the example to write in .env file.

# === PostgreSQL ==========================================
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres


# === Django app ==========================================
# Database process name
DATABASE=postgres

# database connection settings
DB_ENGINE=django.db.backends.postgresql
DB_NAME=postgres
DB_USER=postgres
DB_PASSWORD=postgres
DB_HOST=db
DB_PORT=5432

# basic settings
ALLOWED_HOSTS=127.0.0.1,localhost

DJANGO_SECRET_KEY=XXX

CSRF_TRUSTED_ORIGINS=http://127.0.0.1,http://localhost


# === SSL/TLS setting =========================================================
CA_SUBJECT=NFC-key-ca
CA_EXPIRE=3600
SSL_EXPIRE=3600
SSL_SUBJECT=localhost
SSL_DNS=localhost

CSRF_TRUSTED_ORIGINS must contain the host server's address.

The .env file must be placed in the same directory where Dockerfile is located.

2. Create Login User

After starting up the container with the following command for the first time:

docker compose up -d

you need to set the login username and password.

Attach to the running docker container:

docker exec -it gunicorn-django bash

and excute the manage.py by python interpreter with createsuperuser command:

python manage.py createsuperuser

Please refer to how to create admin user.

After setting username and password, you can access the login page (https://localhost/login/) and input username/passward.

Caption: Login page

NOTE

• When starting up containers, SSL certificates are automatically generated in ssl_certs directory. You can use CA certs there named as ca.pem if you would like to access webpage without any security warning.

3. Register NFC Key's IDm

When registering the NFC keys in this system, access the registration page by pushing the Registration button on the upper navigation bar, and fill in the form. The IDm information associated with each NFC device can manually input by keyboard or scanning an NFC tag with a NFC reader.

Caption: Demonstration of the NFC key registration.

The system of reading an NFC tag's IDm is based on SDK for NFC Web client offered by SONY. Please check out the requirements to use this SDK, recommended NFC readers, etc.

---

Launch development server

You can lauch the local server which Django offers. Moving into the smartdoor_prj directory, and excute the following command:

python manage.py runserver --settings=smartdoor_prj.settings_dev

Then, the webpage will be available by accessing the http://localhost:8000.

settings_dev.py is a setting file written about Django configurations for development.

Authenticate an IDm for Smartdoor client with the web API

In order for a smartdoor client to authenticate an detected IDm, this web sever offers the useful WebAPIs. Access the keymanagement host address adding the authenticate endpoint (like http://<host ip address>/authenticate/), and send the IDm in the following json format using html POST method:

{"idm": "xxxaaayyyzzz"}

Before sending the above json data, it is required to obtain the CSRF token with html GET methd and apply it to the POST html header.

If the IDm is authenticated, the following json data is responsed:

{
    "auth": "valid",
    "name": "Name",
    "allow_423": true,
    "allow_475": false,
}

"Name" means registerd user name in the host server. "Allow_xxx" means the allowed room number.

if not authenticated,

{
    "auth": "invalid",
}

Smartdoor client app is been developped here. You can install and use it as a smartdoor client.

Start up automatically when booting

Registering commands as a systemd service, you can start up the web application automatically when booting. To register the service, move into the service directory and excute the following command:

source register.sh

This script also registers the service of database backup which is automatically executed every week. A backup file is created in the home directory. The default user name is pi, so the backup file is created as /home/pi/smartdoor_backup.tar. If you would like to change the user name, edit User name at the service/*.service files.

If you would like to start these services manually, excute the following command:

sudo systemctl start smartdoor.service
sudo systemctl start smartdoor_backup.timer

or, reboot the system.

If you restore the database from the backup file, move into the service directory and excute the following command:

source restore.sh