def main():
'''Start the infirmary server'''
args = _parseArgs()
logging.basicConfig(level=args.loglevel)
_logger.info('🏥 Infirmary version %s', VERSION)
config = Configurator(registry=getGlobalSiteManager(), root_factory=Root)
config.setup_registry()
config.set_authentication_policy(BasicAuthAuthenticationPolicy(_checkCredentials))
config.set_authorization_policy(ACLAuthorizationPolicy())
config.add_route('home', '/')
config.add_route('ping', '/ping')
config.add_route('hello', '/hello/{name}', factory=Root)
config.add_route('clinicalCores', '/clinicalCores', factory=Root)
config.add_route('clinicalCore', '/clinicalCores/{participant_ID}', factory=Root)
config.add_route('organs', '/organs', factory=Root)
config.add_route('organ', '/organs/{identifier}', factory=Root)
config.add_route('specimens', '/specimens', factory=Root)
config.add_route('specimen', '/specimens/{specimen_ID}', factory=Root)
config.add_route('genomics', '/genomics', factory=Root)
config.add_route('genomic', '/genomics/{specimen_ID}', factory=Root)
config.add_route('images', '/images', factory=Root)
config.add_route('image', '/images/{identifier}', factory=Root)
config.add_subscriber(cors_callback, NewRequest)
config.scan()
provideUtility(AppStats(sys.argv[0]))
provideUtility(Directory(args.ldap_server))
provideUtility(Database(args.database))
app = config.make_wsgi_app()
_logger.debug('🏃♀️ Starting server on port %d', args.port)
server = make_server('0.0.0.0', args.port, app)
server.serve_forever()
def main(*args, **settings):
from pyramid.config import Configurator
from pyramid.events import NewRequest, ContextFound
from pyramid.authentication import BasicAuthAuthenticationPolicy
from pyramid.authorization import ACLAuthorizationPolicy
from pyramid.renderers import JSON, JSONP
logger.info('Start registry api...')
read_users(settings['auth.file'])
config = Configurator(autocommit=True,
settings=settings,
authentication_policy=BasicAuthAuthenticationPolicy(
auth_check, __name__),
authorization_policy=ACLAuthorizationPolicy(),
root_factory=Root,
route_prefix=ROUTE_PREFIX)
config.include('pyramid_exclog')
config.add_forbidden_view(forbidden)
config.add_request_method(request_params, 'params', reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_renderer('prettyjson', JSON(indent=4))
config.add_renderer('jsonp', JSONP(param_name='opt_jsonp'))
config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp'))
config.add_subscriber(add_logging_context, NewRequest)
config.add_subscriber(set_logging_context, ContextFound)
config.add_subscriber(set_renderer, NewRequest)
config.add_route('health', '/health')
config.add_route('registry', '/registry/{param}.json')
config.scan('openprocurement.medicines.registry.api.views')
return config.make_wsgi_app()
def main(global_config, **settings):
settings["global_config"] = global_config
config = Configurator(settings=settings)
# Jinja 2 templates as .html files
config.include('pyramid_jinja2')
config.add_jinja2_renderer('.html')
config.add_jinja2_search_path('pyramid_notebook:demo/templates',
name='.html')
config.add_route('home', '/')
config.add_route('login', '/login')
config.add_route('shell1', '/shell1')
config.add_route('shell2', '/shell2')
config.add_route('shutdown_notebook', '/notebook/shutdown')
config.add_route('notebook_proxy', '/notebook/*remainder')
config.scan(views)
authn_policy = auth.AuthTktAuthenticationPolicy('seekrITT',
callback=auth.groupfinder)
config.set_authentication_policy(BasicAuthAuthenticationPolicy(mycheck))
config.set_authorization_policy(authn_policy)
# Make sure we can target Pyramid router debug messages in logging configuration
pyramid_debug_logger = logging.getLogger("pyramid_debug")
config.registry.registerUtility(pyramid_debug_logger, IDebugLogger)
return config.make_wsgi_app()
def includeme(config):
authentication_policy = BasicAuthAuthenticationPolicy(check)
authorization_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authentication_policy)
config.set_authorization_policy(authorization_policy)
config.set_root_factory(lambda request: RootFactory())
def main():
# Stupid workaround to wait for mysql actually starting inside of a container
time.sleep(15)
# Just init the database at the start for simplicity
db.create.init()
p = BackgroundEventPersister(Events)
p.start()
DBSession.configure(bind=Engine)
Base.metadata.bind = Engine
with Configurator() as config:
config.include('pyramid_tm')
config.add_request_method(get_user, 'user', reify=True)
config.add_route('place_order', '/orders', request_method='POST')
config.add_route('list_orders', '/orders', request_method='GET')
config.add_route('cancel_order', '/order/{orderId}', request_method='DELETE')
config.scan('views')
auth_policy = BasicAuthAuthenticationPolicy(check_credentials)
config.set_authentication_policy(auth_policy)
config.set_authorization_policy(ACLAuthorizationPolicy())
config.set_root_factory(lambda request: Root())
app = config.make_wsgi_app()
serve(app, host='0.0.0.0', port=8888)
def create_authentication(settings):
timeout = settings.get("authtkt_timeout")
timeout = None if timeout is None else int(timeout)
reissue_time = settings.get("reissue_time")
reissue_time = None if reissue_time is None else int(reissue_time)
http_only = settings.get("authtkt_http_only", "True")
http_only = http_only.lower() in ("true", "yes", "1")
secure = settings.get("authtkt_secure", "True")
secure = secure.lower() in ("true", "yes", "1")
samesite = settings.get("authtkt_samesite", "Lax")
secret = settings["authtkt_secret"]
if len(secret) < 64:
raise Exception(
'"authtkt_secret should be at least 64 characters.'
'See https://docs.pylonsproject.org/projects/pyramid/en/latest/api/session.html'
)
cookie_authentication_policy = AuthTktAuthenticationPolicy(
secret,
callback=defaultgroupsfinder,
cookie_name=settings["authtkt_cookie_name"],
samesite=None if samesite == '' else samesite,
timeout=timeout,
max_age=timeout,
reissue_time=reissue_time,
hashalg="sha512",
http_only=http_only,
secure=secure,
)
basic_authentication_policy = BasicAuthAuthenticationPolicy(
c2cgeoportal_check)
policies = [cookie_authentication_policy, basic_authentication_policy]
return MultiAuthenticationPolicy(policies)
def setup_basic_http_auth(config):
"""
Initialize HTTP Basic Auth support.
"""
realm = "Sandglass API"
basic_auth = BasicAuthAuthenticationPolicy(auth_callback, realm=realm)
config.set_authentication_policy(basic_auth)
config.add_forbidden_view(handle_basic_auth_challenge)
def main(global_config, **settings):
from openprocurement.integrations.edr.auth import (authenticated_role)
from openprocurement.integrations.edr.utils import (
forbidden, add_logging_context, set_logging_context, request_params,
set_renderer, Root, read_users)
from openprocurement.integrations.edr.utils import auth_check
from pyramid.authentication import BasicAuthAuthenticationPolicy
from pyramid.authorization import ACLAuthorizationPolicy
from pyramid.config import Configurator
from pyramid.events import NewRequest, ContextFound
from pyramid.renderers import JSON, JSONP
LOGGER.info('Start edr api')
read_users(settings['auth.file'])
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=BasicAuthAuthenticationPolicy(
auth_check, __name__),
authorization_policy=ACLAuthorizationPolicy(),
root_factory=Root,
route_prefix=ROUTE_PREFIX,
)
config.include('pyramid_exclog')
config.add_forbidden_view(forbidden)
config.add_request_method(request_params, 'params', reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_renderer('prettyjson', JSON(indent=4))
config.add_renderer('jsonp', JSONP(param_name='opt_jsonp'))
config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp'))
config.add_renderer(
'yaml', 'openprocurement.integrations.edr.renderers.YAMLRenderer')
config.add_subscriber(add_logging_context, NewRequest)
config.add_subscriber(set_logging_context, ContextFound)
config.add_subscriber(set_renderer, NewRequest)
# Init edr connection
config.registry.edr_client = EdrClient(
settings.get('edr_api_server'), settings.get('edr_api_token'),
int(settings.get('edr_api_port')),
float(settings.get('edr_timeout_min', 1)),
float(settings.get('edr_timeout_max', 60)),
float(settings.get('edr_timeout_step', 2)),
settings.get('edr_timeout_mode', 'mult'))
config.registry.cache_db = Db(settings)
config.registry.time_to_live = settings.get("time_to_live", 300)
config.registry.time_to_live_negative = settings.get(
"time_to_live_negative", 30)
LOGGER.info("SANDBOX_MODE = {}".format(SANDBOX_MODE))
# Include views
config.add_route('verify', '/verify')
config.add_route('details', '/details/{id}')
config.add_route('health', '/health')
config.scan("openprocurement.integrations.edr.views")
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
with Configurator(settings=settings) as config:
config.route_prefix = 'api'
config.include('cornice')
config.include('cornice_swagger')
swagger_data = SWAGGER
if settings.get('api.swagger'):
swagger_data.update(read_datafile(settings.get('api.swagger')))
config.registry.settings['api_specs'] = swagger_data
config.add_route('cornice_swagger.open_api_path', '/swagger.json')
config.add_route('health', '/health')
config.add_route('self.schema', '/release-schema.json')
config.cornice_enable_openapi_explorer(api_explorer_path='/swagger.ui')
config.include('.models')
config.add_renderer('simplejson', JSON(serializer=simplejson.dumps))
config.add_request_method(release_package, name='release_package')
config.add_request_method(record_package, name='record_package')
config.registry.page_size = int(settings.get('api.page_size', 100))
config.registry.publisher = read_datafile(
settings.get('api.publisher'))
config.registry.schema = read_datafile(settings.get('api.schema'))
config.registry.merge_rules = get_merge_rules(
settings.get('api.schema'))
BASE['extensions'] = settings.get('api.extensions', '').split()
config.registry.models = {
'Release': config.registry.schema,
'Record': RECORD
}
config.set_authorization_policy(ACLAuthorizationPolicy())
tokens = [t.strip() for t in settings.get('api.tokens', '').split(',')]
if tokens:
config.registry.tokens = frozenset(tokens)
config.set_authentication_policy(
BasicAuthAuthenticationPolicy(check_credentials))
config.registry.validator = None
if settings.get('api.force_validation', False):
config.registry.validator = fastjsonschema.compile(
config.registry.schema)
apps = settings.get('apps', '').split(',')
for pname in apps:
if not pname:
continue
try:
app = getattr(config.maybe_dotted(pname), 'includeme', '')
if app:
app(config)
logger.info(f"Installed app {pname}")
except KeyError as e:
logger.error(
f"Unable to load {pname} plugin. Error: {repr(e)}")
config.scan()
return config.make_wsgi_app()
def setUp(self):
settings = {
'pyramlson.apidef_path': os.path.join(DATA_DIR, 'test-api.raml'),
}
auth_policy = BasicAuthAuthenticationPolicy(dummy_check, 'TEST REALM')
self.config = testing.setUp(settings=settings)
self.config.set_authorization_policy(ACLAuthorizationPolicy())
self.config.set_authentication_policy(auth_policy)
self.config.include('pyramlson')
self.config.scan('.resource')
from webtest import TestApp
self.testapp = TestApp(self.config.make_wsgi_app())
def includeme(config):
if auth_activated(config.registry):
logger.debug("basic authentication is activated.")
# Security policies for basic auth
authn_policy = BasicAuthAuthenticationPolicy(check=groupfinder,
realm="Birdhouse")
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.set_root_factory(root_factory)
config.add_request_method(_get_username, 'username', reify=True)
config.add_request_method(_get_password, 'password', reify=True)
def create_authentication(
settings: Dict[str, Any]) -> MultiAuthenticationPolicy:
timeout = settings.get("authtkt_timeout")
timeout = None if timeout is None or timeout.lower() == "none" else int(
timeout)
reissue_time = settings.get("authtkt_reissue_time")
reissue_time = None if reissue_time is None or reissue_time.lower(
) == "none" else int(reissue_time)
max_age = settings.get("authtkt_max_age")
max_age = None if max_age is None or max_age.lower() == "none" else int(
max_age)
http_only = settings.get("authtkt_http_only", "True")
http_only = http_only.lower() in ("true", "yes", "1")
secure = settings.get("authtkt_secure", "True")
secure = secure.lower() in ("true", "yes", "1")
samesite = settings.get("authtkt_samesite", "Lax")
secret = settings["authtkt_secret"]
basicauth = settings.get("basicauth",
"False").lower() in ("true", "yes", "1")
if len(secret) < 64:
raise Exception(
'"authtkt_secret should be at least 64 characters.'
"See https://docs.pylonsproject.org/projects/pyramid/en/latest/api/session.html"
)
policies = []
url_authentication_policy = UrlAuthenticationPolicy(
settings.get("urllogin", {}).get("aes_key"),
defaultgroupsfinder,
)
policies.append(url_authentication_policy)
cookie_authentication_policy = AuthTktAuthenticationPolicy(
secret,
callback=defaultgroupsfinder,
cookie_name=settings["authtkt_cookie_name"],
samesite=None if samesite == "" else samesite,
timeout=timeout,
max_age=max_age,
reissue_time=reissue_time,
hashalg="sha512",
http_only=http_only,
secure=secure,
)
policies.append(cookie_authentication_policy)
if basicauth:
basic_authentication_policy = BasicAuthAuthenticationPolicy(
c2cgeoportal_check)
policies.append(basic_authentication_policy)
return MultiAuthenticationPolicy(policies)
def create_authentication(settings):
timeout = settings.get("authtkt_timeout", None)
timeout = None if timeout is None else int(timeout)
cookie_authentication_policy = AuthTktAuthenticationPolicy(
settings["authtkt_secret"],
callback=defaultgroupsfinder,
cookie_name=settings["authtkt_cookie_name"],
timeout=timeout, max_age=timeout,
hashalg="sha512", http_only=True,
)
basic_authentication_policy = BasicAuthAuthenticationPolicy(c2cgeoportal_check)
policies = [cookie_authentication_policy, basic_authentication_policy]
return MultiAuthenticationPolicy(policies)
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
read_users(settings['auth.file'])
config = Configurator(
settings=settings,
authentication_policy=BasicAuthAuthenticationPolicy(
auth_check, __name__),
authorization_policy=ACLAuthorizationPolicy(),
root_factory=Root,
)
config.add_request_method(request_params, 'params', reify=True)
config.add_subscriber(new_request_subscriber, NewRequest)
config.add_subscriber(add_logging_context, ContextFound)
config.include('pyramid_exclog')
config.add_route('status', '/')
config.add_route('register', '/register')
config.add_route('upload', '/upload')
config.add_route('upload_file', '/upload/{doc_id}')
config.add_route('get', '/get/{doc_id}')
config.scan(ignore='openprocurement.documentservice.tests')
config.registry.signer = signer = Signer(
settings.get('dockey', '').decode('hex'))
config.registry.dockey = dockey = signer.hex_vk()[:8]
verifier = Verifier(signer.hex_vk())
config.registry.dockeyring = dockeyring = {dockey: verifier}
dockeys = settings.get(
'dockeys') if 'dockeys' in settings else Signer().hex_vk()
for key in dockeys.split('\0'):
dockeyring[key[:8]] = Verifier(key)
config.registry.keyring = keyring = {dockey: verifier}
apikeys = settings.get(
'apikeys') if 'apikeys' in settings else Signer().hex_vk()
for key in apikeys.split('\0'):
keyring[key[:8]] = Verifier(key)
config.registry.apikey = key[:8]
config.registry.upload_host = settings.get('upload_host')
config.registry.get_host = settings.get('get_host')
# search for storage
storage = settings.get('storage')
for entry_point in iter_entry_points(
'openprocurement.documentservice.plugins', storage):
plugin = entry_point.load()
config.registry.storage = plugin(config)
return config.make_wsgi_app()
def setUp(self):
def check_cred(username, *args, **kwargs):
return [username]
@implementer(IAuthorizationPolicy)
class AuthorizationPolicy(object):
def permits(self, context, principals, permission):
return permission in principals
self.config = testing.setUp()
self.config.include('cornice')
self.config.add_route('noservice', '/noservice')
self.config.set_authorization_policy(AuthorizationPolicy())
self.config.set_authentication_policy(
BasicAuthAuthenticationPolicy(check_cred))
self.config.set_default_permission('readwrite')
self.config.scan('cornice.tests.test_cors')
self.app = TestApp(CatchErrors(self.config.make_wsgi_app()))
def includeme(config):
config.include('pyramid_contextauth')
tkt_policy = AuthTktAuthenticationPolicy('secret')
config.register_authentication_policy(
tkt_policy,
Context1,
)
config.register_authentication_policy(
BasicAuthAuthenticationPolicy('realm'),
Context2,
)
config.register_authentication_policy(Context345Policy(),
(Context3, Context4))
config.register_authentication_policy(LocationAwarePolicy(), Root)
config.commit()
def make_app(server_config):
config = Configurator(settings=server_config,
root_factory=APIFactory,
default_permission="access")
config.include("pyramid_jinja2")
def check_function(username, password, request):
if (password == server_config["admin_secret"]
and username == server_config["admin_user"]):
return "admin", username
return None
authn_policy = BasicAuthAuthenticationPolicy(check_function,
realm="ChannelStream")
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
json_renderer = JSON(serializer=json.dumps, indent=4)
json_renderer.add_adapter(datetime.datetime, datetime_adapter)
json_renderer.add_adapter(uuid.UUID, uuid_adapter)
config.add_renderer("json", json_renderer)
config.add_subscriber("channelstream.subscribers.handle_new_request",
"pyramid.events.NewRequest")
config.add_request_method("channelstream.utils.handle_cors", "handle_cors")
config.include("channelstream.wsgi_views")
config.scan("channelstream.wsgi_views.server")
config.scan("channelstream.wsgi_views.error_handlers")
config.scan("channelstream.events")
config.include("pyramid_apispec.views")
config.pyramid_apispec_add_explorer(
spec_route_name="openapi_spec",
script_generator="channelstream.utils:swagger_ui_script_template",
permission=NO_PERMISSION_REQUIRED,
)
app = config.make_wsgi_app()
return app
def includeme(config):
"""
For inclusion by Pyramid.
"""
config.add_request_method(get_user, str('user'), reify=True)
config.add_request_method(get_acls, str('acls'), reify=True)
config.add_request_method(get_settings, str('settings'), reify=True)
settings = config.registry.settings
authn_policy = PluginAuthenticationPolicy(
SessionAuthenticationPolicy(callback=find_princs), {
'/dav':
DigestAuthenticationPolicy(
settings.get('netprofile.auth.secret'),
find_princs_digest,
realm=settings.get('netprofile.auth.digest.realm',
'NetProfile UI'),
check_timestamp=asbool(
settings.get('netprofile.auth.digest.check_timestamp',
'true')),
timestamp_max_ahead=int(
settings.get('netprofile.auth.digest.timestamp_max_ahead',
5)),
timestamp_max_behind=int(
settings.get('netprofile.auth.digest.timestamp_max_behind',
120))),
'/api':
BasicAuthAuthenticationPolicy(
find_princs_basic,
settings.get('netprofile.auth.rpc_realm', 'NetProfile RPC'),
settings.get('netprofile.debug'))
})
authz_policy = ACLAuthorizationPolicy()
config.set_authorization_policy(authz_policy)
config.set_authentication_policy(authn_policy)
config.add_subscriber(_auth_to_db, ContextFound)
config.add_subscriber(_check_session, PluginPolicySelected)
def create_authentication(settings):
timeout = settings.get("authtkt_timeout")
timeout = None if timeout is None else int(timeout)
reissue_time = settings.get("reissue_time")
reissue_time = None if reissue_time is None else int(reissue_time)
http_only = settings.get("authtkt_http_only", "True")
http_only = http_only.lower() in ("true", "yes", "1")
secure = settings.get("authtkt_secure", "True")
secure = secure.lower() in ("true", "yes", "1")
cookie_authentication_policy = AppAwareAuthTktAuthenticationPolicy(
settings["authtkt_secret"],
callback=defaultgroupsfinder,
cookie_name=settings["authtkt_cookie_name"],
timeout=timeout,
max_age=timeout,
reissue_time=reissue_time,
hashalg="sha512",
http_only=http_only,
secure=secure,
parent_domain=True)
basic_authentication_policy = BasicAuthAuthenticationPolicy(
c2cgeoportal_check)
policies = [cookie_authentication_policy, basic_authentication_policy]
return MultiAuthenticationPolicy(policies)
def __init__(self, secret, realm='Realm', hardcoded=()):
""" We need to initialise variables here for both forms of auth which
we're planning on using.
:param secret: A hashing secret for AuthTkt, which should be generated outside
the Pyhton process.
:param realm: The Basic Auth realm which is probably set to eos_db.
:param hardcoded: Triplets of user:password:group that should not be looked
up in the database.
"""
self.hardcoded = {x[0]: (x[1], x[2]) for x in hardcoded}
#DELETE ME
#self.check = check # Password check routine passed to the constructor.
#self.realm = realm # Basic Auth realm.
# Now initialise both Auth Policies. AuthTkt has sha256 specified in
# place of the default MD5 in order to suppress warnings about
# security.
self.bap = BasicAuthAuthenticationPolicy(check=self.passwordcheck,
realm=realm)
self.tap = AuthTktAuthenticationPolicy(secret=secret,
callback=self.groupfinder,
cookie_name='auth_tkt',
hashalg='sha256')
def create_authentication(settings):
timeout = settings.get("authtkt_timeout")
timeout = None if timeout is None else int(timeout)
reissue_time = settings.get("reissue_time")
reissue_time = None if reissue_time is None else int(reissue_time)
http_only = settings.get("authtk_http_only")
http_only = True if http_only is None else http_only != "False"
secure = settings.get("authtk_secure")
secure = True if secure is None else secure != "False"
cookie_authentication_policy = AuthTktAuthenticationPolicy(
settings["authtkt_secret"],
callback=defaultgroupsfinder,
cookie_name=settings["authtkt_cookie_name"],
timeout=timeout,
max_age=timeout,
reissue_time=reissue_time,
hashalg="sha512",
http_only=http_only,
secure=secure,
)
basic_authentication_policy = BasicAuthAuthenticationPolicy(
c2cgeoportal_check)
policies = [cookie_authentication_policy, basic_authentication_policy]
return MultiAuthenticationPolicy(policies)
def main(settings):
"""Create and return a WSGI application."""
config = Configurator()
config.registry.engine = init_db(settings)
def db(request):
connection = request.registry.engine.connect()
transaction = connection.begin()
def cleanup(request):
if request.exception is not None:
transaction.rollback()
else:
transaction.commit()
connection.close()
request.add_finished_callback(cleanup)
return connection
config.add_request_method(db, reify=True)
# Configure authentication / authorization
authn_policy = BasicAuthAuthenticationPolicy(check_credentials)
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(ACLAuthorizationPolicy())
config.set_root_factory(lambda request: Root())
config.add_forbidden_view(forbidden_view)
config.add_view(view=error_view, context=Exception, renderer="json")
config.add_static_view(name="static", path="../../queryduck-web/static")
config.add_route("post_query", "/{target}/query", request_method="POST")
config.add_route("get_query", "/{target}/query", request_method="GET")
config.add_route("get_statements", "/statements", request_method="GET")
config.add_route("submit_transaction",
"/statements/transaction",
request_method="POST")
config.add_route("get_statement",
"/statements/{reference}",
request_method="GET")
config.add_route("create_statements", "/statements", request_method="POST")
config.add_route("create_volume",
"/volumes/{reference}",
request_method="PUT")
config.add_route("delete_volume",
"/volumes/{reference}",
request_method="DELETE")
config.add_route("get_volume", "/volumes/{reference}")
config.add_route("list_volumes", "/volumes")
config.add_route("create_blob", "/blobs/new", request_method="POST")
config.add_route("get_blob", "/blobs/{reference}")
config.add_route("list_blobs", "/blobs")
config.add_route("list_volume_files",
"/volumes/{volume_reference}/files",
request_method="GET")
config.add_route(
"mutate_volume_files",
"/volumes/{volume_reference}/files",
request_method="POST",
)
config.add_route(
"get_volume_file",
"/volumes/{volume_reference}/files/{file_path}",
request_method="GET",
)
config.scan(".controllers")
config.scan(".transaction.controllers")
config.scan(".storage.controllers")
app = config.make_wsgi_app()
return app
def __init__(self, check=None):
if check is None:
check = AuthClientPolicy.check
self._basic_auth_policy = BasicAuthAuthenticationPolicy(check=check)
def getBasicAuthAuthenticationPolicy():
"""Define basic auth authentication policy"""
return BasicAuthAuthenticationPolicy( # pragma: no cover
Configuration.get('pyramid_basicauth_check'),
debug=Configuration.get('pyramid_authentication_debug'))
def create_authentication(
settings: Dict[str, Any]) -> MultiAuthenticationPolicy:
"""Create all the authentication policies."""
timeout = settings.get("authtkt_timeout")
timeout = None if timeout is None or timeout.lower() == "none" else int(
timeout)
reissue_time = settings.get("authtkt_reissue_time")
reissue_time = None if reissue_time is None or reissue_time.lower(
) == "none" else int(reissue_time)
max_age = settings.get("authtkt_max_age")
max_age = None if max_age is None or max_age.lower() == "none" else int(
max_age)
http_only = settings.get("authtkt_http_only", "True")
http_only = http_only.lower() in ("true", "yes", "1")
secure = settings.get("authtkt_secure", "True")
secure = secure.lower() in ("true", "yes", "1")
samesite = settings.get("authtkt_samesite", "Lax")
secret = settings["authtkt_secret"]
basicauth = settings.get("basicauth",
"False").lower() in ("true", "yes", "1")
if len(secret) < 64:
raise Exception(
'"authtkt_secret should be at least 64 characters.'
"See https://docs.pylonsproject.org/projects/pyramid/en/latest/api/session.html"
)
policies = []
policies.append(
UrlAuthenticationPolicy(
settings.get("urllogin", {}).get("aes_key"),
defaultgroupsfinder,
))
policies.append(
AuthTktAuthenticationPolicy(
secret,
callback=defaultgroupsfinder,
cookie_name=settings["authtkt_cookie_name"],
samesite=None if samesite == "" else samesite,
timeout=timeout,
max_age=max_age,
reissue_time=reissue_time,
hashalg="sha512",
http_only=http_only,
secure=secure,
))
policies.append(OAuth2AuthenticationPolicy())
if basicauth:
if settings["authentication"].get("two_factor", False):
LOG.warning(
"Basic auth and tow factor auth should not be enable toogether, "
"you should use OAuth2 instead of Basic auth")
basic_authentication_policy = BasicAuthAuthenticationPolicy(
c2cgeoportal_check)
policies.append(basic_authentication_policy)
# Consider empty string as not configured
if "DEV_LOGINNAME" in os.environ and os.environ["DEV_LOGINNAME"]:
policies.append(DevAuthenticationPolicy())
return MultiAuthenticationPolicy(policies)
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
load_processing_settings(settings)
load_local_settings(settings, settings["appname"])
settings.update({"version": version})
config = Configurator(root_factory=Root, settings=settings)
config.set_authorization_policy(ACLAuthorizationPolicy())
config.set_authentication_policy(
BasicAuthAuthenticationPolicy(check=groupfinder, ))
# set forbidden view to basic auth
def forbidden_view(request):
resp = HTTPUnauthorized()
resp.www_authenticate = 'Basic realm="Thinkhazard"'
return resp
config.add_forbidden_view(forbidden_view)
config.include("pyramid_jinja2")
config.include("papyrus")
config.include("thinkhazard.session")
config.add_tween("thinkhazard.tweens.notmodified_tween_factory", over=MAIN)
config.add_static_view("static", "static", cache_max_age=3600)
config.add_static_view("lib",
settings.get("node_modules"),
cache_max_age=86000)
config.add_translation_dirs("thinkhazard:locale")
config.set_locale_negotiator("thinkhazard.i18n.custom_locale_negotiator")
config.add_route("healthcheck", "/healthcheck")
if settings["appname"] == "public":
config.include(add_public_routes)
config.add_route("sitemap", "/sitemap.xml")
if settings["appname"] == "admin":
# Celery
from thinkhazard.celery import app as celery_app
config.add_request_method(lambda x: celery_app,
"celery_app",
reify=True)
config.set_default_permission("admin")
config.include(add_public_routes, route_prefix="preview")
config.add_route("admin_index", "/")
config.add_route("admin_add_task", "/addtask")
config.add_route("admin_technical_rec", "/technical_rec")
config.add_route("admin_technical_rec_new", "/technical_rec/new")
config.add_route("admin_technical_rec_edit", "/technical_rec/{id:\d+}")
config.add_route("admin_technical_rec_delete",
"/technical_rec/{id:\d+}/delete")
config.add_route("admin_admindiv_hazardsets", "/admindiv_hazardsets")
config.add_route("admin_admindiv_hazardsets_export",
"/admindiv_hazardsets_export")
config.add_route(
"admin_admindiv_hazardsets_hazardtype",
"/admindiv_hazardsets/{hazardtype:([A-Z]{2})}",
)
config.add_route("admin_climate_rec", "/climate_rec")
config.add_route("admin_climate_rec_hazardtype",
"/climate_rec/{hazard_type:([A-Z]{2})}")
config.add_route("admin_climate_rec_new",
"/climate_rec/{hazard_type:([A-Z]{2})}/new")
config.add_route("admin_climate_rec_edit", "/climate_rec/{id:\d+}")
config.add_route("admin_climate_rec_delete",
"/climate_rec/{id:\d+}/delete")
config.add_route("admin_hazardcategories", "/hazardcategories")
config.add_route(
"admin_hazardcategory",
"/hazardcategory/{hazard_type:([A-Z]{2})}"
"/{hazard_level:([A-Z]{3})}",
)
config.add_route("admin_hazardsets", "/hazardsets")
config.add_route("admin_hazardset", "/hazardset/{hazardset}")
config.add_route("admin_contacts", "/contacts")
config.add_route("admin_contact_new", "/contact/new")
config.add_route("admin_contact_edit", "/contact/{id:\d+}")
config.add_route("admin_contact_delete", "/contact/{id:\d+}/delete")
config.add_route("admin_contact_admindiv_hazardtype_association",
"/contact/CAdHt_form")
config.add_renderer("geojson", GeoJSON())
config.add_renderer("csv", "thinkhazard.renderers.CSVRenderer")
config.add_request_method(
lambda r: S3Helper(r.registry.settings),
"s3_helper",
property=True,
reify=True,
)
scan_ignore = []
if settings["appname"] != "public":
scan_ignore.append("thinkhazard.views.sitemap")
if settings["appname"] != "admin":
scan_ignore.append("thinkhazard.views.admin")
config.scan(ignore=scan_ignore)
return config.make_wsgi_app()
def main(global_config, **settings):
Service.cors_origins = ('*', )
settings = settings_expandvars(settings)
config = Configurator(settings=settings, root_factory=RootFactory)
config.include("cornice")
# Redirect to the current version of the API if the prefix isn't used.
config.add_route(name='redirect_to_version',
pattern='/{path:(?!%s).*}' % API_VERSION)
config.add_view(view=redirect_to_version, route_name='redirect_to_version')
config.route_prefix = '/%s' % API_VERSION
# Permission management
policies = [
BasicAuthAuthenticationPolicy(check_credentials),
HawkAuthenticationPolicy(decode_hawk_id=get_credentials),
]
authn_policy = MultiAuthenticationPolicy(policies)
# Unauthorized view
config.add_forbidden_view(forbidden_view)
# Global permissions
model_creators = settings.get("daybed.can_create_model", "Everyone")
token_creators = settings.get("daybed.can_create_token", "Everyone")
token_managers = settings.get("daybed.can_manage_token", None)
authz_policy = DaybedAuthorizationPolicy(
model_creators=build_list(model_creators),
token_creators=build_list(token_creators),
token_managers=build_list(token_managers),
)
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
# We need to scan AFTER setting the authn / authz policies
config.scan("daybed.views")
# Attach the token to the request, coming from Pyramid as userid
def get_credentials_id(request):
try:
credentials_id, _ = get_credentials(request,
request.authenticated_userid)
return credentials_id
except ValueError:
return None
config.add_request_method(get_credentials_id, 'credentials_id', reify=True)
# Events
# Helper for notifying events
def notify(request, event, *args):
klass = config.maybe_dotted('daybed.events.' + event)
event = klass(*(args + (request, )))
request.registry.notify(event)
config.add_request_method(notify, 'notify')
# Backend
config.registry.tokenHmacKey = settings['daybed.tokenHmacKey']
# backend initialisation
backend_class = config.maybe_dotted(settings['daybed.backend'])
config.registry.backend = backend_class.load_from_config(config)
# Indexing
# Connect client to hosts in conf
index_hosts = build_list(
settings.get('elasticsearch.hosts', "localhost:9200"))
indices_prefix = settings.get('elasticsearch.indices_prefix', 'daybed_')
config.registry.index = index = indexer.ElasticSearchIndexer(
index_hosts, indices_prefix)
# Suscribe index methods to API events
config.add_subscriber(index.on_model_created, events.ModelCreated)
config.add_subscriber(index.on_model_updated, events.ModelUpdated)
config.add_subscriber(index.on_model_deleted, events.ModelDeleted)
config.add_subscriber(index.on_record_created, events.RecordCreated)
config.add_subscriber(index.on_record_updated, events.RecordUpdated)
config.add_subscriber(index.on_record_deleted, events.RecordDeleted)
# Renderers
# Force default accept header to JSON
def add_default_accept(event):
json_mime = 'application/json'
accept = event.request.headers.get('Accept', json_mime)
if json_mime in accept:
accept = json_mime
event.request.headers["Accept"] = accept
config.add_subscriber(add_default_accept, NewRequest)
# JSONP
config.add_renderer('jsonp', JSONP(param_name='callback'))
# Geographic data renderer
config.add_renderer('geojson', GeoJSON())
# Requests attachments
def attach_objects_to_request(event):
event.request.db = config.registry.backend
event.request.index = config.registry.index
http_scheme = event.request.registry.settings.get('daybed.http_scheme')
if http_scheme:
event.request.scheme = http_scheme
config.add_subscriber(attach_objects_to_request, NewRequest)
# Plugins
try:
config.include("daybed_browserid")
except ImportError:
pass
return config.make_wsgi_app()
def web(global_config, **local_settings):
""" This function returns a Pyramid WSGI application.
"""
settings = global_config
settings.update(local_settings)
# set CFG object
app_config = CFG(settings)
app_config.configure_filedepot()
settings['CFG'] = app_config
configurator = Configurator(settings=settings, autocommit=True)
# Add BasicAuthPolicy
authn_policy = BasicAuthAuthenticationPolicy(
basic_auth_check_credentials,
realm=BASIC_AUTH_WEBUI_REALM,
)
configurator.include(add_cors_support)
# make sure to add this before other routes to intercept OPTIONS
configurator.add_cors_preflight_handler()
# Default authorization : Accept anything.
configurator.set_authorization_policy(AcceptAllAuthorizationPolicy())
configurator.set_authentication_policy(authn_policy)
# INFO - GM - 11-04-2018 - set default perm
# setting default perm is needed to force authentification
# mecanism in all views.
configurator.set_default_permission(TRACIM_DEFAULT_PERM)
# Override default request
configurator.set_request_factory(TracimRequest)
# Pyramids "plugin" include.
configurator.include('pyramid_jinja2')
# Add SqlAlchemy DB
configurator.include('.models')
# set Hapic
context = PyramidContext(
configurator=configurator,
default_error_builder=ErrorSchema(),
debug=app_config.DEBUG,
)
hapic.set_context(context)
# INFO - G.M - 2018-07-04 - global-context exceptions
# Not found
context.handle_exception(NotFound, HTTPStatus.NOT_FOUND)
# Bad request
context.handle_exception(WorkspaceNotFoundInTracimRequest,
HTTPStatus.BAD_REQUEST) # nopep8
context.handle_exception(UserNotFoundInTracimRequest,
HTTPStatus.BAD_REQUEST) # nopep8
context.handle_exception(ContentNotFoundInTracimRequest,
HTTPStatus.BAD_REQUEST) # nopep8
context.handle_exception(WorkspaceNotFound, HTTPStatus.BAD_REQUEST)
context.handle_exception(UserDoesNotExist, HTTPStatus.BAD_REQUEST)
context.handle_exception(ContentNotFound, HTTPStatus.BAD_REQUEST)
context.handle_exception(ContentTypeNotAllowed, HTTPStatus.BAD_REQUEST)
context.handle_exception(InvalidId, HTTPStatus.BAD_REQUEST)
# Auth exception
context.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
context.handle_exception(UserNotActive, HTTPStatus.FORBIDDEN)
context.handle_exception(AuthenticationFailed, HTTPStatus.FORBIDDEN)
context.handle_exception(InsufficientUserRoleInWorkspace,
HTTPStatus.FORBIDDEN) # nopep8
context.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
# Internal server error
context.handle_exception(OperationalError,
HTTPStatus.INTERNAL_SERVER_ERROR)
context.handle_exception(Exception, HTTPStatus.INTERNAL_SERVER_ERROR)
# Add controllers
session_controller = SessionController()
system_controller = SystemController()
user_controller = UserController()
workspace_controller = WorkspaceController()
comment_controller = CommentController()
html_document_controller = HTMLDocumentController()
thread_controller = ThreadController()
file_controller = FileController()
configurator.include(session_controller.bind, route_prefix=BASE_API_V2)
configurator.include(system_controller.bind, route_prefix=BASE_API_V2)
configurator.include(user_controller.bind, route_prefix=BASE_API_V2)
configurator.include(workspace_controller.bind, route_prefix=BASE_API_V2)
configurator.include(comment_controller.bind, route_prefix=BASE_API_V2)
configurator.include(html_document_controller.bind,
route_prefix=BASE_API_V2) # nopep8
configurator.include(thread_controller.bind, route_prefix=BASE_API_V2)
configurator.include(file_controller.bind, route_prefix=BASE_API_V2)
hapic.add_documentation_view(
'/api/v2/doc',
'Tracim v2 API',
'API of Tracim v2',
)
return configurator.make_wsgi_app()
def getBasicAuthAuthenticationPolicy():
"""Define the authentication policy for a basic auth"""
return BasicAuthAuthenticationPolicy(
Configuration.get('pyramid_basicauth_check'),
debug=Configuration.get('pyramid_authentication_debug'))
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
authn_policy = BasicAuthAuthenticationPolicy(
groupfinder,
realm=settings['reliquary.realm'],
debug=settings['pyramid.debug'])
authz_policy = ACLAuthorizationPolicy()
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
config = Configurator(
settings=settings,
authentication_policy=authn_policy,
authorization_policy=authz_policy,
root_factory=Root,
)
config.include('pyramid_chameleon')
#config.add_static_view('static', 'static', cache_max_age=3600)
# ui
config.add_route('home', '/api/v1/', request_method='GET')
# basic api
config.add_route('put_relic', '/api/v1/raw/{channel}/{index}/{relic_name}', request_method='PUT')
config.add_route('get_relic', '/api/v1/raw/{channel}/{index}/{relic_name}', request_method='GET')
# autoindex (nginx autogenerate index page compatible)
config.add_route('autoindex', '/api/v1/autoindex/{channel}/{index}/', request_method='GET')
# python package index (PEP-503 compliant)
# PROXY
config.add_route('pypi_proxy_simple_package', '/api/v1/python/proxy/{channel}/{index}/simple/{package}/', request_method='GET')
config.add_route('pypi_proxy_simple', '/api/v1/python/proxy/{channel}/{index}/simple/', request_method='GET')
# just to keep compat with pypi.python.org package locations -- calls out
# to upstream or to get_relic route
config.add_route('pypi_proxy_package', '/api/v1/python/proxy/{channel}/{index}/packages/{parta}/{partb}/{hash}/{package}', request_method='GET')
# SELF-HOSTED
config.add_route('pypi_simple_package', '/api/v1/python/{channel}/{index}/simple/{package}/', request_method='GET')
config.add_route('pypi_simple', '/api/v1/python/{channel}/{index}/simple/', request_method='GET')
# commonjs registry (http://wiki.commonjs.org/wiki/Packages/Registry)
# npmjs.org is historically based on this, and npm should be compatible
# PROXY
# these mostly try to replicate the npmjs registry public api in function
# npmjs registry api: https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md
# set the registry used with npm-config (.npmrc files): https://docs.npmjs.com/files/npmrc
# http://registry.npmjs.org/<name>/<version>
config.add_route('commonjs_proxy_registry_package_version', '/api/v1/commonjs/proxy/{channel}/{index}/{package}/{version}/', request_method='GET')
# http://registry.npmjs.org/<name>/
config.add_route('commonjs_proxy_registry_package_root', '/api/v1/commonjs/proxy/{channel}/{index}/{package}/', request_method='GET')
# http://registry.npmjs.org/-/all
config.add_route('commonjs_proxy_registry_root', '/api/v1/commonjs/proxy/{channel}/{index}/', request_method='GET')
# http://registry.npmjs.org/-/<package>-<version>.tgz
config.add_route('commonjs_proxy_package', '/api/v1/commonjs/proxy/package/{channel}/{index}/{package}/{version}', request_method='GET')
# SELF HOSTED
config.add_route('commonjs_registry_root', '/api/v1/commonjs/{channel}/{index}/', request_method='GET')
config.add_route('commonjs_registry_package_root', '/api/v1/commonjs/{channel}/{index}/{package}/', request_method='GET')
config.add_route('commonjs_registry_package_version', '/api/v1/commonjs/{channel}/{index}/{package}/{version}/', request_method='GET')
# debian repository (https://wiki.debian.org/RepositoryFormat)
# additional info: http://www.ibiblio.org/gferg/ldp/giles/repository/repository-2.html
# these are the minimum required paths
# example sources.list entry: deb http://127.0.0.1/api/v1/debian/wildcard trusty main
config.add_route('debian_distrelease', '/api/v1/debian/{channel}/dist/{index}/Release', request_method='GET')
config.add_route('debian_archrelease', '/api/v1/debian/{channel}/dist/{index}/main/binary-{arch}/Release', request_method='GET')
config.add_route('debian_archpackages', '/api/v1/debian/{channel}/dist/{index}/main/binary-{arch}/Packages', request_method='GET')
config.add_route('debian_archpackagesgz', '/api/v1/debian/{channel}/dist/{index}/main/binary-{arch}/Packages.gz', request_method='GET')
config.add_route('debian_archpackagesbz2', '/api/v1/debian/{channel}/dist/{index}/main/binary-{arch}/Packages.bz2', request_method='GET')
config.add_route('debian_poolpackage', '/api/v1/debian/{channel}/pool/{index}/{relic_name}', request_method='GET')
# additional paths that could be just a directory listing of some sort (like autoindex)
config.add_route('debian_archindex', '/api/v1/debian/{channel}/dist/{index}/main/binary-{arch}/', request_method='GET')
config.add_route('debian_compindex', '/api/v1/debian/{channel}/dist/{index}/main/', request_method='GET')
config.add_route('debian_distindex', '/api/v1/debian/{channel}/dist/{index}/', request_method='GET')
config.add_route('debian_distrootindex', '/api/v1/debian/{channel}/dist/', request_method='GET')
config.add_route('debian_channelindex', '/api/v1/debian/{channel}/', request_method='GET')
config.add_route('debian_pooldistindex', '/api/v1/debian/{channel}/pool/{index}/', request_method='GET')
config.add_route('debian_poolrootindex', '/api/v1/debian/{channel}/pool/', request_method='GET')
config.add_notfound_view(notfound, append_slash=True)
config.scan('.views')
return config.make_wsgi_app()
