def create_access_codes(self):
token = SeaSurf()._generate_token()
new_access_codes = {
'access_granted':
token,
'expiration': (datetime.datetime.now() + datetime.timedelta(
seconds=self.config['permissions_cache_expiry']))
}
self._access_codes = new_access_codes
return self._access_codes
def create_app():
app = Flask(__name__)
app.url_map.strict_slashes = False
app.config.from_pyfile("config.cfg")
app.wsgi_app = SassMiddleware(
app.wsgi_app,
{f"{__name__}": ("static/sass", "static/css", "/static/css")})
from routes.auth import auth
app.register_blueprint(auth)
from routes.main import main
app.register_blueprint(main)
@app.errorhandler(403)
def does_not_exist(err):
return render_template(
"errors/client.html",
code="403",
title="403 Forbidden",
message="You do not have access to this page."), 403
@app.errorhandler(404)
def does_not_exist(err):
return render_template("errors/client.html",
code="404",
title="404 Not Found",
message="Page not found."), 404
@app.errorhandler(500)
def does_not_exist(err):
return render_template("errors/error.html",
title="500 Server Error"), 500
login_manager = LoginManager()
login_manager.session_protection = "strong"
login_manager.login_view = "auth.login"
login_manager.init_app(app)
@login_manager.user_loader
def load_user(username: str):
return User(username, True)
limiter = Limiter(app,
key_func=get_remote_address,
default_limits=["1 per second"])
@limiter.request_filter
def ip_whitelist():
return request.remote_addr == "127.0.0.1"
SeaSurf(app)
return app
def setUp(self):
app = Flask(__name__)
app.debug = True
self.app = app
csrf = SeaSurf(app)
csrf._csrf_disable = False
self.csrf = csrf
@csrf.exempt
@app.route('/foo', methods=['POST'])
def foo():
return 'bar'
@app.route('/bar', methods=['POST'])
def bar():
return 'foo'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.config['SEASURF_INCLUDE_OR_EXEMPT_VIEWS'] = 'exempt'
self.app = app
csrf = SeaSurf(app)
csrf._csrf_disable = False
self.csrf = csrf
@csrf.exempt
@app.route('/foo', methods=['POST'])
def foo():
return 'bar'
@app.route('/bar', methods=['POST'])
def bar():
return 'foo'
def create_app(test_config=None):
"""Create and configure an instance of the Flask application."""
app = Flask(__name__)
aconf = CRACK_CONF['app']
#CORS(app, resources={r'/*': {'origins': 'http://localhost:8081',
# 'supports_credentials': True},
# })
app.config['SESSION_TYPE'] = aconf['SESSION_TYPE']
app.config['SQLALCHEMY_DATABASE_URI'] = aconf['SQLALCHEMY_DATABASE_URI']
app.config['SESSION_COOKIE_HTTPONLY'] = aconf['SESSION_COOKIE_HTTPONLY']
app.config['SESSION_COOKIE_SECURE'] = aconf['SESSION_COOKIE_SECURE']
app.config['PERMANENT_SESSION_LIFETIME'] = int(
aconf['PERMANENT_SESSION_LIFETIME'])
app.config['SESSION_PERMANENT'] = True
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
#Talisman(app, strict_transport_security=False)
csrf = SeaSurf()
app.config['CSRF_COOKIE_NAME'] = 'csrftoken'
csrf.init_app(app)
db.init_app(app)
with app.app_context():
db.create_all()
api = Api(app)
api.add_resource(cq_api.Login, '/api/login')
api.add_resource(cq_api.Sso, '/api/sso')
api.add_resource(cq_api.Logout, '/api/logout')
api.add_resource(cq_api.Options, '/api/options')
api.add_resource(cq_api.Queuing, '/api/queuing/<job_id>')
api.add_resource(cq_api.Adder, '/api/add')
api.add_resource(cq_api.Reports, '/api/reports')
#login_manager = LoginManager()
#login_manager.session_protection = "strong"
login_manager.init_app(app)
session = Session(app)
session.init_app(app)
session.app.session_interface.db.create_all()
return app
def __init__(self, *args, **kwargs):
Flask.__init__(self, *args, **kwargs)
self.unauthenticated_routes = {'static': True}
self.csrf = SeaSurf(self)
if not config.ok:
log.error("Configuration is not correctly set. Please correct it")
self.secret_key = "NOT THE REAL SECRET KEY"
return
self.config.update(
SECRET_KEY=config.application.session_key,
SESSION_COOKIE_SECURE=config.application.session_cookie_secure,
SESSION_COOKIE_HTTPONLY=config.application.session_cookie_httponly
)
# PREFERRED_URL_SCHEME only valid in flask 0.9+
if Version(flask.__version__) >= Version('0.9'):
self.config.update(
PREFERRED_URL_SCHEME=config.application.preferred_url_scheme
)
self.secret_key = config.application.session_key # Do we need this?
# MAH has it's own logging mechanism, and this should be used for flask
# extensions (such as seasurf)
for handler in log.handlers:
self.logger.addHandler(handler) # pylint: disable=E1101
"Define environment variable APP_CONFIG_FILE to point to a configuration file "
"to customize configuration from the defaults.")
#
# verify MONGODB_URL has been set successfully in our configuration
#
if "MONGODB_URL" not in flask_app.config:
flask_app.logger.error("Could not find required setting MONGODB_URL.")
else:
flask_app.logger.info("Using MongoDB at {}".format(
flask_app.config["MONGODB_URL"]))
if 'FLASK_ENV' in flask_app.config and flask_app.config[
'FLASK_ENV'] != 'development':
# enable csrf when not using swagger, client must present csrf token
csrf = SeaSurf(flask_app)
selected_csp_policy = {
'font-src': '\'self\'',
'img-src': '\'self\'',
'frame-src': '\'self\'',
'script-src': '\'self\'',
'style-src': '\'self\'',
'default-src': '\'self\'',
}
else:
#
# Swagger isn't SeaSurf aware, so do not enable it in development mode.
#
# Talisman will prevent the swaggerui from loading in the browser due to unsafe inlines in the swagger web content,
# so modify the CSP so swagger can work when in development mode.
#
def create_app(config=None):
sentry_sdk.init(send_default_pii=False, integrations=[FlaskIntegration()])
app = Flask(__name__)
config = config or 'sfa_dash.config.DevConfig'
app.config.from_object(config)
app.secret_key = app.config['SECRET_KEY']
SeaSurf(app)
register_jinja_filters(app)
error_handlers.register_handlers(app)
if app.config['SQLALCHEMY_DATABASE_URI']:
db.init_app(app)
db.create_all(app=app)
make_auth0_blueprint(app,
base_url=app.config['AUTH0_OAUTH_BASE_URL'],
storage=session_storage)
def protect_endpoint():
try:
authorized = oauth_request_session.authorized
except ValueError:
# no token set for user/no user set
authorized = False
# authorized == True means we have a token, not necessarily that it
# hasn't expired, but refreshing is handled
# by request_oauthlib and oauthlib
# and the api validates expiration
if not authorized:
session['redirect_path'] = request.path
return redirect(url_for('auth0.login'))
@app.route('/')
def index():
# move index to app so all blueprints are secured
# should probably test if authorized and show one
# page, show a different page w/ login link otherwise
return render_template('index.html')
@app.route('/documentation/')
def documentation():
return render_template('documentation.html')
@app.route('/changelog/')
def changelog():
return render_template('changelog.html')
@app.context_processor
def inject_globals():
# Injects variables into all rendered templates
global_template_args = {}
global_template_args['user'] = session.get('userinfo')
global_template_args.update(template_variables())
return global_template_args
@app.errorhandler(500)
def server_error_handler(error):
return render_template("500.html",
sentry_event_id=sentry_sdk.last_event_id(),
dsn=os.getenv('SENTRY_DSN', '')), 500
from sfa_dash.blueprints.main import data_dash_blp
from sfa_dash.blueprints.form import forms_blp
from sfa_dash.blueprints.admin import admin_blp
for blp in (data_dash_blp, forms_blp, admin_blp):
blp.before_request(protect_endpoint)
app.register_blueprint(blp)
return app
filename=os.path.join(os.path.dirname(__file__), 'locator-tool.log'),
format='[%(asctime)s] %(levelname)s in %(module)s: %(message)s',
level=logging.DEBUG,
)
app = Flask(__name__, static_url_path='', static_folder='static/')
app.config.from_pyfile('config.py')
# HTTP security headers
Talisman(app, content_security_policy={})
# CSRF protection. settings fitting Angular $httpProvider
app.config['CSRF_COOKIE_NAME'] = 'XSRF-TOKEN'
app.config['CSRF_HEADER_NAME'] = 'X-XSRF-TOKEN'
app.config['CSRF_COOKIE_PATH'] = '/locator-tool/'
SeaSurf(app)
mwoauth = MWOAuth(base_url='https://commons.wikimedia.org/w',
clean_url='https://commons.wikimedia.org/wiki',
consumer_key=app.config['OAUTH_CONSUMER_KEY'],
consumer_secret=app.config['OAUTH_CONSUMER_SECRET'])
app.register_blueprint(mwoauth.bp)
@app.route('/')
def index():
return app.send_static_file('index.html')
@app.route('/user')
def user():
def __init__(self,
name=None,
server=None,
static_folder=None,
url_base_pathname='/',
csrf_protect=True):
# allow users to supply their own flask server
if server is not None:
self.server = server
else:
if name is None:
name = 'dash'
self.server = Flask(name, static_folder=static_folder)
if self.server.secret_key is None:
# If user supplied their own server, they might've supplied a
# secret_key with it
secret_key_name = 'dash_{}_secret_key'.format(
# replace any invalid characters
re.sub('[\W_]+', '_', name))
secret_key = os.environ.get(secret_key_name,
SeaSurf()._generate_token())
os.environ[secret_key_name] = secret_key
self.server.secret_key = secret_key
self.url_base_pathname = url_base_pathname
self.config = _AttributeDict({
'suppress_callback_exceptions':
False,
'routes_pathname_prefix':
url_base_pathname,
'requests_pathname_prefix':
url_base_pathname
})
# list of dependencies
self.callback_map = {}
# gzip
Compress(self.server)
# csrf protect
if csrf_protect:
self._csrf = SeaSurf(self.server)
# static files from the packages
self.css = Css()
self.scripts = Scripts()
self.registered_paths = {}
# urls
def add_url(name, view_func, methods=['GET']):
self.server.add_url_rule(name,
view_func=view_func,
endpoint=name,
methods=methods)
add_url('{}_dash-layout'.format(self.config['routes_pathname_prefix']),
self.serve_layout)
add_url(
'{}_dash-dependencies'.format(
self.config['routes_pathname_prefix']), self.dependencies)
add_url(
'{}_dash-update-component'.format(
self.config['routes_pathname_prefix']), self.dispatch,
['POST'])
add_url(('{}_dash-component-suites'
'/<string:package_name>'
'/<path:path_in_package_dist>').format(
self.config['routes_pathname_prefix']),
self.serve_component_suites)
add_url('{}_dash-routes'.format(self.config['routes_pathname_prefix']),
self.serve_routes)
add_url(self.config['routes_pathname_prefix'], self.index)
# catch-all for front-end routes
add_url('{}<path:path>'.format(self.config['routes_pathname_prefix']),
self.index)
self.server.before_first_request(self._setup_server)
self._layout = None
self._cached_layout = None
self.routes = []
def create_app(test_config=None):
# Create app
app = Flask(__name__, instance_relative_config=True)
app.version = __version__
# Configure app
app.config.from_object("contextualise.settings")
app.config.from_envvar("CONTEXTUALISE_SETTINGS")
app.config.from_mapping(
DEBUG=False,
DATABASE_PATH=os.path.join(app.instance_path,
app.config["DATABASE_FILE"]),
SECRET_KEY=os.environ.get(
"SECRET_KEY", "ppBcUQ5AL7gEmvb0blMDyEOpiBEQUupGmk_a3DMaF34"),
SECURITY_PASSWORD_SALT=os.environ.get(
"SECURITY_PASSWORD_SALT",
"139687009245803364536588051620840970665"),
SECURITY_REGISTERABLE=True,
SECURITY_RECOVERABLE=True,
SECURITY_URL_PREFIX="/auth",
SECURITY_POST_LOGIN_VIEW="/maps/",
SECURITY_POST_REGISTER_VIEW="/maps/",
MAIL_SERVER=app.config["EMAIL_SERVER"],
MAIL_PORT=app.config["EMAIL_PORT"],
MAIL_USERNAME=app.config["EMAIL_USERNAME"],
MAIL_PASSWORD=app.config["EMAIL_PASSWORD"],
MAIL_DEFAULT_SENDER=app.config["EMAIL_SENDER"],
MAIL_USE_SSL=False,
MAX_CONTENT_LENGTH=4 * 1024 * 1024, # 4 megabytes
)
# Set up app
mail = Mail(app)
csrf = SeaSurf(app)
if test_config is None:
# Load the instance config, if it exists, when not testing
app.config.from_pyfile("config.py", silent=True)
else:
# Load the test config if passed in
app.config.from_mapping(test_config)
# Ensure the instance folder exists
try:
os.makedirs(app.instance_path)
except OSError:
pass
@app.route("/")
def home():
maps = get_topic_store().get_promoted_maps()
maps = [map for map in maps if map.published]
# Reset breadcrumbs and (current) scope
session["breadcrumbs"] = []
session["current_scope"] = UNIVERSAL_SCOPE
session["scope_filter"] = 1
return render_template("index.html", maps=maps, version=app.version)
@app.route("/health")
def hello():
return "Healthy!"
# HTTP error handlers
def forbidden(e):
return render_template("403.html"), 403
app.register_error_handler(403, forbidden)
def page_not_found(e):
return render_template("404.html"), 404
app.register_error_handler(404, page_not_found)
def internal_server_error(e):
return render_template("500.html"), 500
app.register_error_handler(500, internal_server_error)
def request_entity_too_large(e):
return render_template("413.html"), 413
app.register_error_handler(413, request_entity_too_large)
# Setup Flask-Security
engine = create_engine(f"sqlite:///{app.config['DATABASE_PATH']}")
db_session = scoped_session(
sessionmaker(autocommit=False, autoflush=False, bind=engine))
Base = declarative_base()
Base.query = db_session.query_property()
class RolesUsers(Base):
__tablename__ = "roles_users"
id = Column(Integer(), primary_key=True)
user_id = Column("user_id", Integer(), ForeignKey("user.id"))
role_id = Column("role_id", Integer(), ForeignKey("role.id"))
class Role(Base, RoleMixin):
__tablename__ = "role"
id = Column(Integer(), primary_key=True)
name = Column(String(80), unique=True)
description = Column(String(255))
class User(Base, UserMixin):
__tablename__ = "user"
id = Column(Integer, primary_key=True)
email = Column(String(255), unique=True)
username = Column(String(255), unique=True, nullable=True)
password = Column(String(255), nullable=False)
last_login_at = Column(DateTime())
current_login_at = Column(DateTime())
last_login_ip = Column(String(100))
current_login_ip = Column(String(100))
login_count = Column(Integer)
active = Column(Boolean())
fs_uniquifier = Column(String(255), unique=True, nullable=False)
confirmed_at = Column(DateTime())
roles = relationship("Role",
secondary="roles_users",
backref=backref("users", lazy="dynamic"))
user_datastore = SQLAlchemySessionUserDatastore(db_session, User, Role)
security = Security(app, user_datastore)
@user_registered.connect_via(app)
def user_registered_handler(app, user, confirm_token, form_data,
**extra_args):
default_role = user_datastore.find_role("user")
user_datastore.add_role_to_user(user, default_role)
db_session.commit()
@user_authenticated.connect_via(app)
def user_authenticated_handler(app, user, authn_via, **extra_args):
app.logger.info(
f"User logged in successfully: [{user.email}], authentication method: [{authn_via}]"
)
@app.before_first_request
def create_user():
Base.metadata.create_all(bind=engine)
# Create roles
admin_role = user_datastore.find_or_create_role(
name="admin", description="Administrator")
user_role = user_datastore.find_or_create_role(name="user",
description="End user")
db_session.commit()
# Create users
admin_user = user_datastore.find_user(email="*****@*****.**")
if not admin_user:
admin_user = user_datastore.create_user(
email="*****@*****.**",
password=hash_password("Passw0rd1"))
db_session.commit()
user_user = user_datastore.find_user(email="*****@*****.**")
if not user_user:
user_user = user_datastore.create_user(
email="*****@*****.**",
password=hash_password("Passw0rd1"))
db_session.commit()
# Assign roles
user_datastore.add_role_to_user(user_user, user_role)
user_datastore.add_role_to_user(admin_user, admin_role)
db_session.commit()
# Create database structure
get_topic_store().create_database()
@app.teardown_request
def checkin_db(exc):
db_session.remove()
# Register custom filters
filters.register_filters(app)
# Register Blueprints
from contextualise import api
app.register_blueprint(api.bp)
csrf.exempt(api.create_topic)
csrf.exempt(api.create_association)
from contextualise import map
app.register_blueprint(map.bp)
from contextualise import topic
app.register_blueprint(topic.bp)
from contextualise import image
app.register_blueprint(image.bp)
from contextualise import file
app.register_blueprint(file.bp)
from contextualise import link
app.register_blueprint(link.bp)
from contextualise import video
app.register_blueprint(video.bp)
from contextualise import association
app.register_blueprint(association.bp)
from contextualise import note
app.register_blueprint(note.bp)
from contextualise import three_d
app.register_blueprint(three_d.bp)
from contextualise import attribute
app.register_blueprint(attribute.bp)
from contextualise import visualisation
app.register_blueprint(visualisation.bp)
from contextualise import tag
app.register_blueprint(tag.bp)
# Set up logging
if not app.debug:
logs_directory = os.path.join(app.instance_path, "logs")
if not os.path.exists(logs_directory):
os.mkdir(logs_directory)
file_handler = RotatingFileHandler(os.path.join(
logs_directory, "contextualise.log"),
maxBytes=10240,
backupCount=10)
file_handler.setFormatter(
logging.Formatter(
"%(asctime)s %(levelname)s: %(message)s [in %(pathname)s:%(lineno)d]"
))
file_handler.setLevel(logging.INFO)
app.logger.addHandler(file_handler)
app.logger.setLevel(logging.INFO)
app.logger.info("Contextualise startup")
return app
