/electionguard-api-python

ElectionGuard Web API in python to demonstrate usage of electionguard-python in performing ballot encryption, casting, spoiling, and tallying.

Primary LanguagePythonMIT LicenseMIT

Microsoft Defending Democracy Program: ElectionGuard

๐Ÿ—ณ๏ธ ElectionGuard Web API

docker version docker pulls Language grade: Python Total alerts Documentation Status license

The ElectionGuard Web API is a python-based application that provides a thin, stateless wrapper around the electionguard-python library to perform ballot encryption, casting, spoiling, and tallying. This API is implemented using FastAPI.

If you aren't familiar with ElectionGuard and its concepts, first take a stroll through the official documentation.

๐Ÿ‘ฏโ€โ™€๏ธ Two APIs in One

Before you begin you should be aware that the application can run in one of two modes:

  • guardian mode runs features used by Guardians (key ceremony actions, partial tally decryption, etc.)
  • mediator mode runs features used by Mediators (ballot encryption, casting, spoiling, etc.)

In practice, you will likely need to run at least one instance of each mode. We provide a single codebase and Docker image, but the mode can be set at runtime as described below.

โญ Getting Started

This codebase can be run using one of three different approaches:

  1. ๐Ÿณ Running with Docker
  2. ๐Ÿณ Developing with Docker
  3. ๐Ÿ Developing with Python

๐Ÿณ 1. Running with Docker

This approach runs an official published image. This approach is not intended for development. It works on Windows, Mac, and Linux.

For convenience the Docker image is hosted on both Github Packages and DockerHub. You can choose whichever container image library works best for you.

1.1 Pulling from Github Packages

Note: GitHub Packages requires authentication to retrieve the package. This requires a GitHub Access Token and using docker login. Follow GitHub instructions.

# Pull the image from Github
docker pull docker.pkg.github.com/microsoft/electionguard-web-api/electionguard-web-api:main

# Start a container for the API in mediator mode, exposed on port 80 of the host machine
docker run -d -p 80:8000 --env API_MODE=mediator docker.pkg.github.com/microsoft/electionguard-web-api/electionguard-web-api:main

1.2 Pulling from DockerHub

Pulling from DockerHub is simpler as it requires no additional authentication.

# Pull the image from DockerHub
docker pull electionguard/electionguard-web-api:latest

# Start a container for the API in mediator mode, exposed on port 80 of the host machine
docker run -d -p 80:8000 --env API_MODE=mediator electionguard/electionguard-web-api:latest

๐Ÿณ 2. Developing with Docker

Developing with Docker is the fastest approach for getting started because it has virtually no local dependencies (e.g. Python). This approach works on Windows, Mac, and Linux. It uses a Dockerfile and docker-compose.yml.

โœ… 2.1 Prerequisities

๐Ÿƒโ€โ™€๏ธ 2.2 Running ๐Ÿƒโ€โ™‚๏ธ

To get started run both APIs at the same time:

make docker-run

Or run both APIs in development mode, with automatic reloading on file change:

make docker-dev

After either command, you will find the mediator API running at http://127.0.0.1:8000 and the guardian API at http://127.0.0.1:8001

๐Ÿ 3. Developing with Python

Developing with Python provides the fastest developer inner loop (speed from code changes to seeing effects of changes), but is more work to set up initially. It works on Mac and Linux. It also works via WSL 2 on Windows.

โœ… 3.1. Windows Prerequisites

On Windows you can use an IDE of your choice in Windows, and run the make and Python commands in WSL which will expose API's in Windows. Developing with Python on Windows involves the following additional setup that is not required for Linux or Mac.

  1. Install WSL 2
  2. Install Ubuntu (other Linux distributions should also work with minor modifications to the instructions below)
  3. Install pyenv prerequisites. Technically you could just install Python and it would be simpler, but this approach will provide more flexibility. To install the prerequisites:
sudo apt-get update
sudo apt-get install make build-essential libssl-dev zlib1g-dev \
  libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm \
  libncursesw5-dev xz-utils tk-dev libxml2-dev libxmlsec1-dev libffi-dev liblzma-dev
  1. Install pyenv via pyenv-installer and add it the startup scripts:
curl https://pyenv.run | bash
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
echo -e 'if command -v pyenv 1>/dev/null 2>&1; then\n eval "$(pyenv init -)"\nfi' >> ~/.bashrc
sed -Ei -e '/^([^#]|$)/ {a \
  export PYENV_ROOT="$HOME/.pyenv"
  a \
  export PATH="$PYENV_ROOT/bin:$PATH"
  a \
  ' -e ':a' -e '$!{n;ba};}' ~/.profile
echo 'eval "$(pyenv init --path)"' >>~/.profile

echo 'eval "$(pyenv init -)"' >> ~/.bashrc
  1. Restart shell
  2. Install Python 3.9 via pyenv
pyenv install 3.9.9
pyenv global 3.9.9

โœ… 3.2 Mac/Linux Prerequisites

Install Python 3.9. We additionally recommend pyenv to assist with Python version management (see detailed instructions in the Windows section above starting with Step 3).

๐Ÿƒโ€โ™€๏ธ 3.2 Running ๐Ÿƒโ€โ™‚๏ธ

Using make, install and setup the environment:

make environment

Start the api as mediator

make start API_MODE=mediator

OR as guardian

make start API_MODE=guardian

Debugging Mac/Linux

For local debugging with Visual Studio Code, choose the Guardian Web API or Mediator Web API options from the dropdown in the Run menu. Once the server is up, you can easily hit your breakpoints.

If the code fails to run, make sure your Python interpreter is set to use your poetry environment.

Debugging Windows

With Visual Studio Code:

  1. Install the Remote WSL extension
  2. In the bottom left click the Green Icon and "New WSL Window using Distro", select Ubuntu
  3. F5
  4. Choose either Guardian Web API or Mediator Web API

๐Ÿงช Testing

End-to-end integration tests can be found in the /tests/integration folder. To see them in action, run:

make test-integration

A Postman collection is also available to test the API located in the /tests/postman folder. You can do a few things with this:

  • Import into Postman for easy manual testing.
  • Run locally with the Newman CLI.
  • Run the APIs and tests entirely in Docker by running:
    make docker-postman-test

๐Ÿ“ Documentation

FastApi defaultly has API documentation built in. The following is available after running:

Overviews of the API itself are available on:

๐Ÿ—„ Archived

As of 06/15/2020, the previous C wrapped implementation was transitioned to the python version. ElectionGuard development has transitioned to the ElectionGuard-Python Repo. The old version is available using the dotnet-api tag.

๐Ÿค Contributing

This project encourages community contributions for development, testing, documentation, code review, and performance analysis, etc. For more information on how to contribute, see the contribution guidelines

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Reporting Issues

Please report any bugs, feature requests, or enhancements using the GitHub Issue Tracker. Please do not report any security vulnerabilities using the Issue Tracker. Instead, please report them to the Microsoft Security Response Center (MSRC) at https://msrc.microsoft.com/create-report. See the Security Documentation for more information.

Have Questions?

Electionguard would love for you to ask questions out in the open using GitHub Issues. If you really want to email the ElectionGuard team, reach out at electionguard@microsoft.com.

License

This repository is licensed under the MIT License