def test_proxy_fix(self, environ, assumed_addr, assumed_host): @Request.application def app(request): return Response('%s|%s' % ( request.remote_addr, # do not use request.host as this fixes too :) request.environ['wsgi.url_scheme'] + '://' + get_host(request.environ))) app = fixers.ProxyFix(app, num_proxies=2) has_host = 'HTTP_HOST' in environ environ = dict(create_environ(), **environ) if not has_host: del environ[ 'HTTP_HOST'] # create_environ() defaults to 'localhost' response = Response.from_app(app, environ) assert response.get_data() == to_bytes('{}|{}'.format( assumed_addr, assumed_host)) # And we must check that if it is a redirection it is # correctly done: redirect_app = redirect('/foo/bar.hml') response = Response.from_app(redirect_app, environ) wsgi_headers = response.get_wsgi_headers(environ) assert wsgi_headers['Location'] == '{}/foo/bar.hml'.format( assumed_host)
def test_proxy_fix(self): @Request.application def app(request): return Response('%s|%s' % ( request.remote_addr, # do not use request.host as this fixes too :) request.environ['HTTP_HOST'])) app = fixers.ProxyFix(app, num_proxies=2) environ = dict(create_environ(), HTTP_X_FORWARDED_PROTO="https", HTTP_X_FORWARDED_HOST='example.com', HTTP_X_FORWARDED_FOR='1.2.3.4, 5.6.7.8', REMOTE_ADDR='127.0.0.1', HTTP_HOST='fake') response = Response.from_app(app, environ) assert response.data == '1.2.3.4|example.com' # And we must check that if it is a redirection it is # correctly done: redirect_app = redirect('/foo/bar.hml') response = Response.from_app(redirect_app, environ) wsgi_headers = response.get_wsgi_headers(environ) assert wsgi_headers['Location'] == 'https://example.com/foo/bar.hml'
def setup_app_middleware(app): # NOTE(morgan): Load the middleware, in reverse order, we wrap the app # explicitly; reverse order to ensure the first element in _APP_MIDDLEWARE # processes the request first. MW = _APP_MIDDLEWARE IMW = _KEYSTONE_MIDDLEWARE # Add in optional (config-based) middleware # NOTE(morgan): Each of these may need to be in a specific location # within the pipeline therefore cannot be magically appended/prepended if CONF.wsgi.debug_middleware: # Add in the Debug Middleware MW = (_Middleware(namespace='keystone.server_middleware', ep='debug', conf={}), ) + _APP_MIDDLEWARE # Apply internal-only Middleware (e.g. AuthContextMiddleware). These # are below all externally loaded middleware in request processing. for mw in reversed(IMW): app.wsgi_app = mw(app.wsgi_app) # Apply the middleware to the application. for mw in reversed(MW): # TODO(morgan): Explore moving this to ExtensionManager, but we # want to be super careful about what middleware we load and in # what order. DriverManager gives us that capability and only loads # the entry points we care about rather than all of them. # Load via Stevedore, initialize the class via the factory so we can # initialize the "loaded" entrypoint with the currently bound # object pointed at "application". We may need to eventually move away # from the "factory" mechanism. loaded = stevedore.DriverManager(mw.namespace, mw.ep, invoke_on_load=False) # NOTE(morgan): global_conf (args[0]) to the factory is always empty # and local_conf (args[1]) will be the mw.conf dict. This allows for # configuration to be passed for middleware such as oslo CORS which # expects oslo_config_project or "allowed_origin" to be in the # local_conf, this is all a hold-over from paste-ini and pending # reworking/removal(s) factory_func = loaded.driver.factory({}, **mw.conf) app.wsgi_app = factory_func(app.wsgi_app) # Apply werkzeug speficic middleware app.wsgi_app = fixers.ProxyFix(app.wsgi_app) return app
def create_app(): # instantiate the app app = Flask(__name__) # enable CORS CORS(app) # set config app_settings = os.getenv('APP_SETTINGS') app.config.from_object(app_settings) app_config = app.config # set up extensions db.init_app(app) bcrypt.init_app(app) migrate.init_app(app, db) app.wsgi_app = fixers.ProxyFix(app.wsgi_app) # register blueprints register_api(app) return app
def test_proxy_fix_new(self, kwargs, base, url_root): @Request.application def app(request): # for header assert request.remote_addr == '192.168.0.1' # proto, host, port, prefix headers assert request.url_root == url_root urls = url_map.bind_to_environ(request.environ) # build includes prefix assert urls.build('parrot') == '/'.join( (request.script_root, 'parrot')) # match doesn't include prefix assert urls.match('/parrot')[0] == 'parrot' return Response('success') url_map = Map([Rule('/parrot', endpoint='parrot')]) app = fixers.ProxyFix(app, **kwargs) base.setdefault('REMOTE_ADDR', '192.168.0.1') environ = create_environ(environ_overrides=base) # host is always added, remove it if the test doesn't set it if 'HTTP_HOST' not in base: del environ['HTTP_HOST'] # ensure app request has correct headers response = Response.from_app(app, environ) assert response.get_data() == b'success' # ensure redirect location is correct redirect_app = redirect( url_map.bind_to_environ(environ).build('parrot')) response = Response.from_app(redirect_app, environ) location = response.headers['Location'] assert location == url_root + 'parrot'
def create_app(): # instantiate the app # enable CORS CORS(app) # set config app.config.from_object( os.getenv('APP_SETTINGS', 'app.config.ProductionConfig')) # set up extensions db.init_app(app) bcrypt.init_app(app) Migrate(app, db) # migrate.init_app(app, db) _manager = Manager(app) _manager.add_command('db', MigrateCommand) app.wsgi_app = fixers.ProxyFix(app.wsgi_app) # register blueprints with app.app_context(): register_api(app) return app, _manager, db
def init_app(self, app): self.app = fixers.ProxyFix(app.wsgi_app) app.wsgi_app = self
flask.url_for('ui.login', next=flask.request.endpoint)) @app.context_processor def inject_defaults(): signup_domains = models.Domain.query.filter_by(signup_enabled=True).all() return dict(current_user=flask_login.current_user, signup_domains=signup_domains, config=app.config) # Import views from mailu import ui, internal app.register_blueprint(ui.ui, url_prefix='/ui') app.register_blueprint(internal.internal, url_prefix='/internal') # Create the prefix middleware class PrefixMiddleware(object): def __init__(self, app): self.app = app def __call__(self, environ, start_response): prefix = environ.get('HTTP_X_FORWARDED_PREFIX', '') if prefix: environ['SCRIPT_NAME'] = prefix return self.app(environ, start_response) app.wsgi_app = PrefixMiddleware(fixers.ProxyFix(app.wsgi_app))
from bob_emploi.frontend.api import association_pb2 from bob_emploi.frontend.api import config_pb2 from bob_emploi.frontend.api import chantier_pb2 from bob_emploi.frontend.api import event_pb2 from bob_emploi.frontend.api import feedback_pb2 from bob_emploi.frontend.api import job_pb2 from bob_emploi.frontend.api import commute_pb2 from bob_emploi.frontend.api import jobboard_pb2 from bob_emploi.frontend.api import project_pb2 from bob_emploi.frontend.api import stats_pb2 from bob_emploi.frontend.api import user_pb2 from bob_emploi.frontend.api import export_pb2 app = flask.Flask(__name__) # pylint: disable=invalid-name # Get original host and scheme used before proxies (load balancer, nginx, etc). app.wsgi_app = fixers.ProxyFix(app.wsgi_app) _DB = pymongo.MongoClient(os.getenv('MONGO_URL', 'mongodb://localhost/test'))\ .get_default_database() _SERVER_TAG = {'_server': os.getenv('SERVER_VERSION', 'dev')} _SLACK_FEEDBACK_URL = os.getenv('SLACK_FEEDBACK_URL') _ADMIN_AUTH_TOKEN = os.getenv('ADMIN_AUTH_TOKEN') _TEST_USER_REGEXP = re.compile( os.getenv('TEST_USER_REGEXP', r'@(bayes.org|example.com)$')) _ALPHA_USER_REGEXP = re.compile( os.getenv('ALPHA_USER_REGEXP', r'@example.com$')) _SHOW_UNVERIFIED_DATA_USER_REGEXP = \
def init_app(self, app): self.app = fixers.ProxyFix(app.wsgi_app, x_for=1, x_proto=1) app.wsgi_app = self