krrish-sehgal
diff --git a/‎.github/workflows/encrypt-and-upload-model.yml‎
Lines changed: 51 additions & 0 deletions b/‎.github/workflows/encrypt-and-upload-model.yml‎
Lines changed: 51 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 1 deletion b/‎.gitignore‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎backend/.env‎
Lines changed: 1 addition & 1 deletion b/‎backend/.env‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎backend/.gitignore‎
Lines changed: 2 additions & 0 deletions b/‎backend/.gitignore‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎backend/core/__pycache__/apps.cpython-311.pyc‎
528 Bytes b/‎backend/core/__pycache__/apps.cpython-311.pyc‎
528 Bytes
diff --git a/‎backend/core/__pycache__/tasks.cpython-311.pyc‎
1.84 KB b/‎backend/core/__pycache__/tasks.cpython-311.pyc‎
1.84 KB
diff --git a/‎backend/core/__pycache__/urls.cpython-311.pyc‎
-140 Bytes b/‎backend/core/__pycache__/urls.cpython-311.pyc‎
-140 Bytes
diff --git a/‎backend/core/__pycache__/views.cpython-311.pyc‎
-1.06 KB b/‎backend/core/__pycache__/views.cpython-311.pyc‎
-1.06 KB
diff --git a/‎backend/core/apps.py‎
Lines changed: 11 additions & 4 deletions b/‎backend/core/apps.py‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎backend/core/tasks.py‎
Lines changed: 44 additions & 16 deletions b/‎backend/core/tasks.py‎
Lines changed: 44 additions & 16 deletions
@@ -0,0 +1,51 @@
+name: Encrypt and Upload Model
+
+on:
+  push:
+    paths:
+      - models/** # Trigger workflow when files in the models folder change
+
+jobs:
+  upload-model:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Step 1: Checkout the repo
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      # Step 2: Install AWS CLI
+      - name: Install AWS CLI
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y awscli
+
+      # Step 3: Configure AWS credentials
+      - name: Configure AWS credentials
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+        run: |
+          aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
+          aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
+          aws configure set region $AWS_REGION
+
+      # Step 4: Encrypt the model using AWS KMS
+      - name: Encrypt model
+        run: |
+          MODEL_FILE=$(find models -type f) # Find the model file in the models folder
+          ENCRYPTED_FILE="${MODEL_FILE}.encrypted"
+          aws kms encrypt \
+            --key-id ${{ secrets.KMS_KEY_ID }} \
+            --plaintext fileb://$MODEL_FILE \
+            --output text \
+            --query CiphertextBlob \
+            > $ENCRYPTED_FILE
+
+      # Step 5: Upload encrypted model to S3
+      - name: Upload to S3
+        run: |
+          MODEL_FILE=$(find models -type f)
+          ENCRYPTED_FILE="${MODEL_FILE}.encrypted"
+          aws s3 cp $ENCRYPTED_FILE s3://${{ secrets.S3_BUCKET_NAME }}/encrypted_models/$(basename $ENCRYPTED_FILE)
@@ -1,2 +1,3 @@
 .DS_Store
-node_modules
+node_modules
+.env
@@ -1 +1 @@
-ENCRYPTION_KEY = "Hello"
+ENCRYPTION_KEY=Or58qxhsliuNqOqf93YMUHbJOGG/5k9ncuttg9f4VkE=
@@ -0,0 +1,2 @@
+.env
+media
@@ -1,15 +1,22 @@
+# core/apps.py
+
 from django.apps import AppConfig
+from django.db.models.signals import post_migrate
+from .tasks import encrypt_model_if_needed
 
 
 class CoreConfig(AppConfig):
     default_auto_field = "django.db.models.BigAutoField"
     name = "core"
 
     def ready(self):
-        # Import the task function
-        from .tasks import encrypt_model_if_needed
-        
-        # Run the function immediately on startup
+        post_migrate.connect(run_encryption_on_startup, sender=self)
         encrypt_model_if_needed()
 
 
+def run_encryption_on_startup(sender, **kwargs):
+    """
+    A helper function that will run encrypt_model_if_needed after Django has finished migrating.
+    """
+    print("In run_encryption_on_startup function")
+
@@ -1,26 +1,54 @@
-# core/tasks.py
-
-# from celery import shared_task
 import os
 from django.conf import settings
-
 from utils.encryption_utils import encrypt_model
 
-# @shared_task
 def encrypt_model_if_needed():
+    # Paths for the model and encrypted model
     model_path = os.path.join(settings.MEDIA_ROOT, 'models', 'model.onnx')
+    encrypted_model_path = os.path.join(settings.MEDIA_ROOT, 'encrypted_models', 'model.onnx.enc')
     model_version_path = os.path.join(settings.MEDIA_ROOT, 'models', 'model_version.txt')
 
-    # Check if the model needs to be updated
-    if os.path.exists(model_version_path):
-        with open(model_version_path, 'r') as f:
-            stored_version = f.read().strip()
-
-        # Compare version or timestamp to determine if update is needed
-        current_version = get_model_version(model_path)  # Implement this function based on your versioning strategy
+    # Ensure the encrypted_models directory exists
+    if not os.path.exists(os.path.dirname(encrypted_model_path)):
+        os.makedirs(os.path.dirname(encrypted_model_path))
+    
+    # Check if the encrypted model already exists
+    if not os.path.exists(encrypted_model_path):
+        print("Encrypted model not found or directory is empty. Encrypting the model.")
 
-        if current_version != stored_version:
-            encrypt_model(model_path)  # Call encryption function
-            # Update stored version file
+        # Encrypt the model and save it to the encrypted_models folder
+        encrypt_model(model_path, encrypted_model_path)  # Pass the path to save the encrypted model
+        
+        # After encryption, create or update the model version file
+        model_timestamp = str(int(os.path.getmtime(model_path)))
+        with open(model_version_path, 'w') as f:
+            f.write(model_timestamp)  # Store the current model's last modified timestamp
+    else:
+        # If encrypted model exists, check if an update is needed based on timestamps
+        if os.path.exists(model_version_path):
+            with open(model_version_path, 'r') as f:
+                stored_timestamp = f.read().strip()  # Read the stored timestamp
+
+            # Get the last modified timestamp of the model file
+            model_timestamp = str(int(os.path.getmtime(model_path)))  # Last modified time as a string
+
+            # Compare timestamps to determine if update is needed
+            if model_timestamp != stored_timestamp:
+                print("Model has been updated. Encrypting the updated model.")
+                
+                # Encrypt the model and save it to the encrypted_models folder
+                encrypt_model(model_path, encrypted_model_path)  # Pass the path to save the encrypted model
+                
+                # Update the stored timestamp file
+                with open(model_version_path, 'w') as f:
+                    f.write(model_timestamp)  # Store the current model's last modified timestamp
+        else:
+            # If model_version.txt doesn't exist, assume the model needs to be encrypted
+            print("Model version file not found. Encrypting the model.")
+            model_timestamp = str(int(os.path.getmtime(model_path)))
+            
+            # Encrypt the model and save it to the encrypted_models folder
+            encrypt_model(model_path, encrypted_model_path)  # Pass the path to save the encrypted model
+            
             with open(model_version_path, 'w') as f:
-                f.write(current_version)
+                f.write(model_timestamp)  # Create the timestamp file with the current model's timestamp
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-ENCRYPTION_KEY = "Hello"`
	`1`	`+ENCRYPTION_KEY=Or58qxhsliuNqOqf93YMUHbJOGG/5k9ncuttg9f4VkE=`