def create_app(test_config=None):
"""Create and configure an instance of the Flask application."""
app = Flask(__name__)
aconf = CRACK_CONF['app']
#CORS(app, resources={r'/*': {'origins': 'http://localhost:8081',
# 'supports_credentials': True},
# })
app.config['SESSION_TYPE'] = aconf['SESSION_TYPE']
app.config['SQLALCHEMY_DATABASE_URI'] = aconf['SQLALCHEMY_DATABASE_URI']
app.config['SESSION_COOKIE_HTTPONLY'] = aconf['SESSION_COOKIE_HTTPONLY']
app.config['SESSION_COOKIE_SECURE'] = aconf['SESSION_COOKIE_SECURE']
app.config['PERMANENT_SESSION_LIFETIME'] = int(
aconf['PERMANENT_SESSION_LIFETIME'])
app.config['SESSION_PERMANENT'] = True
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
#Talisman(app, strict_transport_security=False)
csrf = SeaSurf()
app.config['CSRF_COOKIE_NAME'] = 'csrftoken'
csrf.init_app(app)
db.init_app(app)
with app.app_context():
db.create_all()
api = Api(app)
api.add_resource(cq_api.Login, '/api/login')
api.add_resource(cq_api.Sso, '/api/sso')
api.add_resource(cq_api.Logout, '/api/logout')
api.add_resource(cq_api.Options, '/api/options')
api.add_resource(cq_api.Queuing, '/api/queuing/<job_id>')
api.add_resource(cq_api.Adder, '/api/add')
api.add_resource(cq_api.Reports, '/api/reports')
#login_manager = LoginManager()
#login_manager.session_protection = "strong"
login_manager.init_app(app)
session = Session(app)
session.init_app(app)
session.app.session_interface.db.create_all()
return app
def create_app():
"""Create and configure an instance of the Flask application."""
app = Flask(__name__)
aconf = CRACK_CONF['app']
#CORS(app, resources={r'/*': {'origins': 'http://localhost:8081',
# 'supports_credentials': True},
# })
app.config['DEBUG'] = False
app.config['JSON_SORT_KEYS'] = False
app.config['SESSION_TYPE'] = aconf['SESSION_TYPE']
app.config['SQLALCHEMY_DATABASE_URI'] = aconf['SQLALCHEMY_DATABASE_URI']
app.config['SESSION_COOKIE_HTTPONLY'] = aconf['SESSION_COOKIE_HTTPONLY']
app.config['SESSION_COOKIE_SECURE'] = aconf['SESSION_COOKIE_SECURE']
app.config['PERMANENT_SESSION_LIFETIME'] = int(
aconf['PERMANENT_SESSION_LIFETIME'])
app.config['SESSION_PERMANENT'] = True
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
csrf = SeaSurf()
app.config['CSRF_COOKIE_NAME'] = 'csrftoken'
csrf.init_app(app)
db.init_app(app)
with app.app_context():
db.create_all()
admin_view = cq_api.Admin.as_view('admin')
profile_view = cq_api.Profile.as_view('profile')
bench_view = cq_api.Benchmark.as_view('benchmark')
login_view = cq_api.Login.as_view('login')
logout_view = cq_api.Logout.as_view('logout')
sso_view = cq_api.Sso.as_view('sso')
options_view = cq_api.Options.as_view('options')
queuing_view = cq_api.Queuing.as_view('queuing')
add_view = cq_api.Adder.as_view('adder')
report_view = cq_api.Reports.as_view('reports')
tasks_view = cq_api.TasksView.as_view('tasks')
templates_view = cq_api.TemplatesView.as_view('templates')
app.add_url_rule('/api/admin/',
defaults={'user_id': None},
view_func=admin_view,
methods=['POST', 'GET'])
app.add_url_rule('/api/admin/<uuid:user_id>',
view_func=admin_view,
methods=['GET', 'DELETE', 'PUT', 'PATCH'])
app.add_url_rule('/api/admin/', view_func=admin_view, methods=['POST'])
app.add_url_rule('/api/profile/',
view_func=profile_view,
methods=['GET', 'POST'])
app.add_url_rule('/api/benchmark/',
view_func=bench_view,
methods=['GET', 'POST'])
app.add_url_rule('/api/login',
view_func=login_view,
methods=['GET', 'POST'])
app.add_url_rule('/api/sso', view_func=sso_view, methods=['GET', 'POST'])
app.add_url_rule('/api/logout', view_func=logout_view, methods=['GET'])
app.add_url_rule('/api/options', view_func=options_view, methods=['GET'])
app.add_url_rule('/api/queuing/<string:job_id>',
view_func=queuing_view,
methods=['GET', 'DELETE', 'PUT', 'PATCH'])
app.add_url_rule('/api/add', view_func=add_view, methods=['POST'])
app.add_url_rule('/api/reports',
view_func=report_view,
methods=['GET', 'POST'])
app.add_url_rule('/api/tasks/templates',
defaults={'temp_id': None},
view_func=templates_view,
methods=['GET', 'PUT', 'DELETE'])
app.add_url_rule('/api/tasks/templates/<uuid:temp_id>',
view_func=templates_view,
methods=['DELETE'])
app.add_url_rule('/api/tasks',
view_func=tasks_view,
methods=['GET', 'POST'])
app.add_url_rule('/api/tasks/<uuid:task_id>',
view_func=tasks_view,
methods=['DELETE'])
login_manager.init_app(app)
session = Session(app)
session.init_app(app)
migrate = Migrate()
migrate.init_app(app, db, compare_type=True, render_as_batch=True)
session.app.session_interface.db.create_all()
return app
#app.config['USE_X_SENDFILE'] = True
app.config['SERVER_NAME'] = "cwby.biz"
# session management with Redis
app.session_interface = sesh.RedisSessionInterface()
# CSRF prevention with SeaSurf
app.config['CSRF_COOKIE_NAME'] = "_csrf_token"
app.config['CSRF_COOKIE_TIMEOUT'] = 2678400 # 31 days in seconds
app.config['CSRF_COOKIE_SECURE'] = FORCE_HTTPS
# app.config['CSRF_COOKIE_PATH']
app.config['CSRF_COOKIE_DOMAIN'] = "cwby.biz"
app.config['CSRF_COOKIE_SAMESITE'] = "Lax"
#app.config['CSRF_DISABLE'] = True
csrf = SeaSurf(app)
csrf.init_app(app)
# Configure mail
app.config['MAIL_SERVER'] = 'smtp.gmail.com'
app.config['MAIL_PORT'] = 465
app.config['MAIL_USE_SSL'] = True
app.config.from_object('settings.cfg')
# instantiate mail with app config
mail = Mail(app)
mail.init_app(app)
# Enforce CSP
Talisman(app,
force_https=FORCE_HTTPS,
content_security_policy=CSP,
content_security_policy_nonce_in=CSP_nonce_in)
