from flask import Flask from flask_sqlalchemy import SQLAlchemy import os import pymysql from flask_restful import Api from flask_migrate import Migrate from flask_wtf import CSRFProtect ## 导入csrf保护 pymysql.install_as_MySQLdb() app = Flask(__name__) BASE_DIR = os.path.abspath(os.path.dirname(__file__)) ##当前文件 项目所在的根目录 app.config.from_pyfile("settings.py") ## 使用python文件做配置文件 app.config.from_object("settings.TestConfig") app.secret_key = "dsfdsfdsfdsfs" db = SQLAlchemy(app) api = Api(app) ## 负责收集路由 收集类视图的注册信息 migrate = Migrate(app, db) ### 安装数据库管理插件 csrf = CSRFProtect(app) ## 使用csrf保护
from flask_mail import Mail from flask_rq import RQ from flask_sqlalchemy import SQLAlchemy from flask_wtf import CSRFProtect from flask_migrate import Migrate from app.assets import app_css, app_js, vendor_css, vendor_js from config import config as Config basedir = os.path.abspath(os.path.dirname(__file__)) mail = Mail() db = SQLAlchemy() migrate = Migrate() csrf = CSRFProtect() #compress = Compress() # Set up Flask-Login login_manager = LoginManager() login_manager.session_protection = 'strong' login_manager.login_view = 'account.login' def create_app(config): app = Flask(__name__) config_name = config if not isinstance(config, str): config_name = os.getenv('FLASK_CONFIG', 'default')
def create_app(config_name): global user_datastore app = Flask(__name__) app.config.from_object(app_config[config_name]) csrf = CSRFProtect() csrf.init_app(app) assets = Environment(app) create_assets(assets) via = Via() via.init_app(app) # Ipload in several models - - - - from app.user import user_photo from app.restaurant import restaurant_photo from app.food import food_photo configure_uploads(app, (restaurant_photo, food_photo, user_photo)) engine = create_engine(app.config['SQLALCHEMY_DATABASE_URI']) if not database_exists(engine.url): create_database(engine.url) security = Security(app, user_datastore, register_form=SecurityRegisterForm) create_security_admin(app=app, path=os.path.join(os.path.dirname(__file__))) with app.app_context(): db.init_app(app) #Conditionally create admin/end_user db.create_all() user_datastore.find_or_create_role(name='admin', description='Administrator') db.session.commit() user_datastore.find_or_create_role(name='end-user', description='End user') db.session.commit() # Create two Users for testing purposes -- unless they already exists. # In each case, use Flask-Security utility function to encrypt the password. encrypted_password = utils.encrypt_password('password') if not user_datastore.get_user('*****@*****.**'): user_datastore.create_user(email='*****@*****.**', password=encrypted_password) if not user_datastore.get_user('*****@*****.**'): user_datastore.create_user(email='*****@*****.**', password=encrypted_password) # Commit any database changes; the User and Roles must exist before we can add a Role to the User db.session.commit() # Give one User has the "end-user" role, while the other has the "admin" role. (This will have no effect if the # Users already have these Roles.) Again, commit any database changes. user_datastore.add_role_to_user('*****@*****.**', 'end-user') user_datastore.add_role_to_user('*****@*****.**', 'admin') db.session.commit() @app.route('/', methods=['GET']) @app.route('/home', methods=['GET']) def index(): return render_template('index.html') @app.errorhandler(403) def forbidden(error): return render_template('error/403.html', title='Forbidden'), 403 @app.errorhandler(404) def page_not_found(error): return render_template('error/404.html', title='Page Not Found'), 404 @app.errorhandler(500) def internal_server_error(error): db.session.rollback() return render_template('error/500.html', title='Server Error'), 500 return app
# Import flask and template operators from flask import Flask, render_template, url_for from flask_bootstrap import Bootstrap from flask_wtf import CSRFProtect, Form from .config import config from flask_admin.base import Admin, MenuLink from flask_admin.contrib.fileadmin import FileAdmin from flask_admin.contrib.sqla import ModelView bootstrap = Bootstrap() csrf_token = CSRFProtect() admin = Admin(template_mode='bootstrap3', name='', url='/') class MyFileAdmin(FileAdmin): form_base_class = Form can_upload = False can_mkdir = False can_rename = True def create_app(): app = Flask(__name__) app.config.from_object(config) bootstrap.init_app(app) csrf_token.init_app(app) admin.init_app(app) from .views import views as views_blueprint
def configure_wtf(self): if self.config["WTF_CSRF_ENABLED"]: csrf = CSRFProtect(self.flask_app) csrf_exempt_list = self.config["WTF_CSRF_EXEMPT_LIST"] for ex in csrf_exempt_list: csrf.exempt(ex)
def create_app(config_name): setup_log(config_name) # 创建flask对象 app = Flask(__name__) # 添加参数到flask对象中 app.config.from_object(config[config_name]) # mysql数据库实例绑定 db.init_app(app) # redis数据库实例的创建,Return a Redis client object global redis_store redis_store = redis.StrictRedis(host=Config.REDIS_HOST, port=Config.REDIS_PORT, decode_responses=True) # 对flask对象开启CSRFProtect保护 CSRFProtect(app) @app.after_request def after_request(response): csrf_token = generate_csrf() response.set_cookie("csrf_token", csrf_token) return response # 导入Session以便把flask对象中的session数据存入redis数据库 Session(app) # 主页蓝图注册到app中 from info.modules.index import index_blue app.register_blueprint(index_blue) # 登录和注册蓝图注册到app中 from info.modules.passport import passport_blue app.register_blueprint(passport_blue) # 新闻详情注册 from info.modules.news import news_blue app.register_blueprint(news_blue) # 注册排行榜的根据索引进行匹配样式的过滤器 from info.utils.common import click_list_class_filter app.add_template_filter(click_list_class_filter, "indexClass") # 注册用户个人中心蓝图 from info.modules.user import profile_blue app.register_blueprint(profile_blue) from info.utils.common import user_login_data @app.errorhandler(404) @user_login_data def not_found(error): user = g.user data = {"user_info": user.to_dict() if user else None} return render_template("news/404.html", data=data) from info.modules.admin import admin_blue app.register_blueprint(admin_blue) return app
def create_app(config_name): app = Flask(__name__) # 加载配置 app.config.from_object(config[config_name]) # 初始化mysql数据库对象 db.init_app(app) # 初始化Redis数据库对象 global redis_store redis_store = StrictRedis(host=config[config_name].REDIS_HOST, port=config[config_name].REDIS_PORT, db=0, decode_responses=True) # 开启CSRF保护 CSRFProtect(app) @app.after_request def after_request(response): """ CSRFProtect只验证request中的csrf_token和cookie中的csrf_token是否一致, cookie中的csrf_token和表单/request中的csrf_token需要我们自己实现 """ # 生成一个csrf_token csrf_token = generate_csrf() # 将csrf_token存入cookie response.set_cookie('csrf_token', csrf_token) return response # 设置session保存指定的位置 Session(app) # 配置项目日志 setup_log(config_name) from info.utils.common import user_login_data @app.errorhandler(404) @user_login_data def page_not_found(e): user = g.user data = {"user": user.to_dict() if user else None} return render_template('news/404.html', data=data) # 将蓝图注册到app中 from info.modules.index import index_blue app.register_blueprint(index_blue) from info.modules.passport import passport_blue app.register_blueprint(passport_blue) from info.modules.news import news_blue app.register_blueprint(news_blue) from info.modules.center import center_blue app.register_blueprint(center_blue) from info.modules.admin import admin_blue app.register_blueprint(admin_blue) # 注册自定义过滤器 from info.utils.common import index_to_class app.add_template_filter(index_to_class, 'index_to_class') return app
# __init__.py import logging import os from .settings import DevConfig from flask import Flask, g from flask_wtf import CSRFProtect from app.extensions import db, migrate, ckeditor, Session from app.models import GeneratorConfig, Article, Category from app.routes.main import main from app.site_builder.builder import set_builder_conf crsf = CSRFProtect() def create_app(fs: str = 'settings.py'): app = Flask(__name__) cnf = os.getenv('FLASK_ENV') if cnf.lower().startswith('dev'): app.config.from_object(DevConfig) else: app.config.from_object(DevConfig) crsf.init_app(app) # Server-side session config app.config["SESSION_TYPE"] = 'sqlalchemy' app.config["SESSION_PERMANENT"] = True
def create_app(config_name): # 1.创建app对象 app = Flask(__name__) # 2.将配置信息添加到app上 config_class = config_dict[config_name] # DevelopmentConfig # 记录日志 write_log(config_class) # DevelopmentConfig --->赋予app属性为开发模式app #ProductionConfig---> 赋予app属性为:线上模式app app.config.from_object(config_class) # 3.数据对象(mysql和redis) # mysql 数据库对象 # 延迟加载,懒加载,当app有值时才真正进行数据库初始化工作 db.init_app(app) # redis 数据库对象 global redis_store redis_store = StrictRedis(host=config_class.REDIS_HOST, port=config_class.REDIS_PORT, decode_responses=True) # 4.给项目添加csrf保护机制 # 1.提取cookie中的csrf_tocken # 2.如果数据是通过表单发送:提取表单中csrf_token,如果数据是通过ajax请求发送的;提取请求头中的字段X-CSRFToken # 3.对比两个值是否一致 CSRFProtect(app) # 利用钩子函数在每次请求之后设置csrf_token 值到cookie中 @app.after_request def set_csrf_token(response): """补充csrf_token的逻辑""" # 1.生成csrf_token随机值 csrf_token = generate_csrf() # 2.获取相应对象,统一设置csrf_token值到cookie中 response.set_cookie("csrf_token", csrf_token) # 3.返回响应对象 return response # 通过app对象将函数添加到系统过滤器中 app.add_template_filter(do_ranklist_class, "ranklist_class") # 捕获404异常,返回404统一页面 # 注意: 需要接受err信息 @app.errorhandler(404) @get_user_info def handler_404notfound(err): # 1.查询用户信息 user = g.user data = {"user_info": user.to_dict() if user else None} # 2.返回404页面 return render_template("news/404.html", data=data) # return "123" # 5.创建Flask_session工具类对象:将flask.session的存储从 服务器内存 调整到redis 数据库 Session(app) # 注意:真正使用蓝图对象时才导入,能够解决循环导入问题 # 在app 上注册蓝图 # 注册首页蓝图对象 from info.modules.index import index_bp app.register_blueprint(index_bp) # 注册新闻的蓝图对象 # from info.modules.news import news_bp # app.register_blueprint(news_bp) # 添加注册模块蓝图 # from info.modules.passport import passport_bp # app.register_blueprint(passport_bp) return app
SECRET_KEY=pwgen(64), BABEL_TRANSLATION_DIRECTORIES="../translations") print("\nWARNING: c3bottles is not configured properly and this\n" "instance fell back to the default configuration. This means\n" "that the secret key will change on every restart of the\n" "server and all users will be logged out forcibly!\n") Compress(c3bottles) db = SQLAlchemy(c3bottles, session_options={"autoflush": False}) lm = LoginManager(c3bottles) bcrypt = Bcrypt(c3bottles) csrf = CSRFProtect(c3bottles) babel = Babel(c3bottles) languages = ("en", "de") locales = {l: Locale(l) for l in languages} language_list = sorted([l for l in languages], key=lambda k: locales[k].get_display_name()) def get_locale(): """ Get the locale from the session. If no locale is available, set it. """ if "lang" not in session or session["lang"] not in language_list: set_locale()
from flask import Flask, request, jsonify, Response, redirect, render_template, flash, url_for, session from flask_pymongo import PyMongo from werkzeug.security import generate_password_hash, check_password_hash # biblioteca para criptografar senhas from bson import json_util from bson.objectid import ObjectId from forms import * from flask_wtf import CSRFProtect from functools import wraps app = Flask(__name__) app.config['MONGO_URI'] = 'mongodb://localhost/bdpmi' # Base de dados mongo = PyMongo(app) app.secret_key = 'chavesecreta' csrf = CSRFProtect(app) # Função do Flask para proteger Form # Controle de sessão do usuario def login_required(run): @wraps(run) def wrap(*args, **kwargs): if 'usuario' in session: return run(*args, **kwargs) else: flash('Por favor! Efetue o login primeiro!') return redirect(url_for('login')) return wrap ################################################################################## # ROTA HOME /
def create_app(config_name): app = Flask(__name__) #设置日志 setup_log(config_name) app.config.from_object(config[config_name]) #初始化db db.init_app(app) global redis_store #初始化redis,存储表单 redis_store = StrictRedis(host=config[config_name].REDIS_HOST,port =config[config_name].REDIS_PORT,decode_responses=True) #开启当前项目CSRF保护,制作服务器验证功能,cookie中的csrf_token和表单csrf_token需要我们自己实现.. # CSRFProtect(app) #设置session保存位置 Session(app) from info.utils.common import do_index_class from info.utils.common import user_login_data #添加过滤器 app.add_template_filter(do_index_class,"indexclass") @app.after_request def after_request(response): #生成随机的csrftoken csrf_token=generate_csrf() #设置一个csrf response.set_cookie("csrf_token",csrf_token) return response @app.errorhandler(404) @user_login_data def page_not_fount(*args,**kwargs): user =g.user data = {'user':user.to_dict() if user else None} return render_template('news/404.html',data=data) #注册蓝图 from info.modules.index import index_blu app.register_blueprint(index_blu) from info.modules.passport import passport_blu app.register_blueprint(passport_blu) from info.modules.news import news_blu app.register_blueprint(news_blu) from info.modules.profile import profile_blu app.register_blueprint(profile_blu) from info.modules.admin import admin_blu app.register_blueprint(admin_blu) return app
def create_app(config_name): """返回app""" # 1.设置日志 setup_log(config_name) # 2.创建app app = Flask(__name__) # 3.加载配置 config_object = config[config_name] app.config.from_object(config_object) # 4.加载各种扩展 # 4.1初始化数据库 db.init_app(app) # 4.2开启CSRF项目保护,只做服务器的验证 from flask_wtf import CSRFProtect CSRFProtect(app) @app.after_request def after_request(response): from flask_wtf.csrf import generate_csrf csrf_token = generate_csrf() response.set_cookie('csrf_token', csrf_token) return response # 4.3 统一对网站的404错误做处理 from info.utils.common import user_login_data @app.errorhandler(404) @user_login_data def page_not_found(e): user = g.user return render_template('news/404.html', data={'user': user.to_dict() if user else None}) # 4.4设置session保存到指定位置 from flask_session import Session Session(app) # 5初始化全局变量 # 5.1初始化redis存储对象 global redis_store from redis import StrictRedis redis_store = StrictRedis(host=config_object.REDIS_HOST, port=config_object.REDIS_PORT, decode_responses=True) # 注册过滤器 # 主页排行过滤器 from info.utils.common import do_index_class, do_index_active app.add_template_filter(do_index_class, 'index_class') app.add_template_filter(do_index_active, 'index_active') # 6.注册蓝图 # 6.1主页蓝图 from info.modules.index import index_blu app.register_blueprint(index_blu) # 6.2 登录与注册蓝图 from info.modules.passport import passport_blu app.register_blueprint(passport_blu) # 6.3 新闻蓝图 from info.modules.news import news_blu app.register_blueprint(news_blu) # 6.3 用户信息管理蓝图 from info.modules.profile import profile_blu app.register_blueprint(profile_blu) # 6.4 管理员信息管理蓝图 from info.modules.admin import admin_blu app.register_blueprint(admin_blu) # 7.返回app对象 return app
def create_app(): app = Flask( __name__ ) # this is the name of the module/package that is calling this app app.debug = True app.secret_key = 'pineapples' #set the app configuration data #the folder to store images UPLOAD_FOLDER = '/static/img' app.config["UPLOAD_FOLDER"] = UPLOAD_FOLDER #Disable security due to CSRF token bug app.config['WTF_CSRF_ENABLED'] = False app.config['WTF_CSRF_SECRET_KEY'] = 'pineapples' csrf = CSRFProtect() csrf.init_app(app) #app.config['SQLALCHEMY_DATABASE_URI']='sqlite:///marketplace.sqlite' app.config.from_mapping( # #Flask SQLAlchemy settings SQLALCHEMY_DATABASE_URI=os.environ['DATABASE_URL'], ) #initialize db with flask app db.init_app(app) ctx = app.app_context() ctx.push() db.create_all() bootstrap = Bootstrap(app) #initialize the login manager login_manager = LoginManager() #set the name of the login function that lets user login # in our case it is auth.login (blueprintname.viewfunction name) login_manager.login_view = 'auth.authenticate' login_manager.init_app(app) #create a user loader function takes userid and returns User #from .models import User # importing here to avoid circular references @login_manager.user_loader def load_user(user_id): return User.query.get(int(user_id)) @login_manager.unauthorized_handler def unauthorized(): return redirect(url_for('auth.authenticate')) login_manager.session_protection = 'basic' #importing views module here to avoid circular references # a commonly used practice. from . import views app.register_blueprint(views.bp) from . import products app.register_blueprint(products.bp) from . import auth app.register_blueprint(auth.bp) #Define global variables for access inside jinja templates app.jinja_env.globals.update(ProductType=ProductType) app.jinja_env.globals.update(SubTypes=SubTypes) #Error handling returns set pages @app.errorhandler(404) def not_found_error(error): return render_template('404.html'), 404 @app.errorhandler(400) def bad_request_error(error): return render_template('400.html'), 400 @app.errorhandler(500) def internal_error(error): return render_template('500.html'), 500 return app
import os from flask_sqlalchemy import SQLAlchemy from flask_bcrypt import Bcrypt from flask_login import LoginManager from flask_wtf import CSRFProtect from sqlalchemy_searchable import SearchQueryMixin from flask_mail import Mail from flask_session import Session from flask_migrate import Migrate db = SQLAlchemy() bcrypt = Bcrypt() csrf_protect = CSRFProtect() login = LoginManager() login.login_view = 'login.index' login.login_message = ('Please log in to access this page.') mail = Mail() migrate = Migrate()
def create_app(config_name): # 配置日志,并且传入配置的名字,以便能获取到指定配置所对应的日志等级 setup_log(config_name) # 创建Flask对象 app = Flask(__name__) app.config.from_object(config[config_name]) # 通过app初始化 db.init_app(app) # 初始化redis存储对象 global redis_store redis_store = StrictRedis(host=config[config_name].REDIS_HOST, port=config[config_name].REDIS_PORT) # 开启当前项目csrf保护 # 帮我们做了:从cookie中取出随机值,从表单中取出随机值,然后进行校验,并且响应校验结果 # 我们需要做:1.在界面加载的时候。往cookie中添加一个csrf_token ,并且在表单中添加一个隐藏的csrf_token # 而我们现在在登录或者注册不是使用表单,而是使用ajax请求,所以我们需要在 ajax请求的时候带上csrf_token这个随机值 CSRFProtect(app) Session(app) # 添加自定义过滤器 from info.utils.common import to_index_class app.add_template_filter(to_index_class, "index_class") from info.utils.common import user_login_data @app.errorhandler(404) @user_login_data def page_not_fount(e): data = {"user": g.user.to_dict()} return render_template("news/404.html", data=data) @app.after_request def after_response(response): # 生成随机的csrf_token的值 csrf_token = generate_csrf() # 设置一个cookie response.set_cookie("csrf_token", csrf_token) return response # 注册蓝图 from info.modules.index import index_blu app.register_blueprint(index_blu) from info.modules.passport import passport_blu app.register_blueprint(passport_blu) # 注册新闻详情页信息的蓝图 from info.modules.news import news_blu app.register_blueprint(news_blu) from info.modules.profile import profile_blu app.register_blueprint(profile_blu) from info.modules.admin import admin_blu app.register_blueprint(admin_blu, url_prefix="/admin") return app
def create_app(config_name): app = Flask(__name__) # 根据传入的配置名称,获取对应的配置类 config = config_dict.get(config_name) # 记录日志信息的方法 log_file(config.LEVEL) # 加载配置类信息 app.config.from_object(config) # 创建SQLALCHEMY对象,管理app # db = SQLAlchemy(app) db.init_app(app) # 创建redis对象 global redis_store redis_store = redis.StrictRedis(host=config.REDIS_HOST, port=config.REDIS_PORT, decode_responses=True) # 初始化Session,读取app身上session的配置信息 Session(app) # 保护app,使用CSRFProtect CSRFProtect(app) #注册首页蓝图index_blue,到app中 from info.modules.index import index_blue app.register_blueprint(index_blue) # 注册认证蓝图passport_blue到app中 from info.modules.passport import passport_blue app.register_blueprint(passport_blue) # 注册新闻蓝图new_blue到app中 from info.modules.news import news_blue app.register_blueprint(news_blue) # 注册个人中心蓝图user_blue到app中 from info.modules.user import user_blue app.register_blueprint(user_blue) # 注册管理员蓝图admin_blue到app中 from info.modules.admin import admin_blue app.register_blueprint(admin_blue) # 将过滤器添加到过滤器模板列表中 app.add_template_filter(index_class, "index_class") # 捕捉404页面的异常 @app.errorhandler(404) @user_login_data def item_notfound(e): data = {"user_info": g.user.to_dict() if g.user else ""} return render_template("news/404.html", data=data) # 使用请求钩子after_request,对所有的响应进行拦截,做统一的csrf_token的设置 @app.after_request def after_request(resp): value = generate_csrf() resp.set_cookie("csrf_token", value) return resp print(app.url_map) return app
def create_app(config=None): """Create the Flask app instance that is used throughout the application. Args: config: Path to configuration file as a string or an object with config directives. Returns: Application object (instance of flask.Flask). """ template_folder = 'frontend/dist' static_folder = 'frontend/dist' app = Flask(__name__, template_folder=template_folder, static_folder=static_folder) if not config: # Where to find the config file default_path = '/etc/timesketch/timesketch.conf' # Fall back to legacy location of the config file legacy_path = '/etc/timesketch.conf' if os.path.isfile(default_path): config = default_path else: config = legacy_path if isinstance(config, six.text_type): os.environ['TIMESKETCH_SETTINGS'] = config try: app.config.from_envvar('TIMESKETCH_SETTINGS') except IOError: sys.stderr.write( 'Config file {0} does not exist.\n'.format(config)) sys.exit() else: app.config.from_object(config) # Make sure that SECRET_KEY is configured. if not app.config['SECRET_KEY']: sys.stderr.write('ERROR: Secret key not present. ' 'Please update your configuration.\n' 'To generate a key you can use openssl:\n\n' '$ openssl rand -base64 32\n\n') sys.exit() # Plaso version that we support if app.config['UPLOAD_ENABLED']: try: # pylint: disable=import-outside-toplevel from plaso import __version__ as plaso_version app.config['PLASO_VERSION'] = plaso_version except ImportError: sys.stderr.write('Upload is enabled, but Plaso is not installed.') # Setup the database. configure_engine(app.config['SQLALCHEMY_DATABASE_URI']) db = init_db() # Alembic migration support: # http://alembic.zzzcomputing.com/en/latest/ migrate = Migrate() migrate.init_app(app, db) # Register blueprints. Blueprints are a way to organize your Flask # Flask application. See this for more information: # http://flask.pocoo.org/docs/latest/blueprints/ app.register_blueprint(spa_views) app.register_blueprint(auth_views) # Setup URL routes for the API. api_v1 = Api(app, prefix='/api/v1') for route in V1_API_ROUTES: api_v1.add_resource(*route) # Register error handlers # pylint: disable=unused-variable @app.errorhandler(ApiHTTPError) def handle_api_http_error(error): """Error handler for API HTTP errors. Returns: HTTP response object (instance of flask.wrappers.Response) """ return error.build_response() # Setup the login manager. login_manager = LoginManager() login_manager.init_app(app) login_manager.login_view = 'user_views.login' # This is used by the flask_login extension. # pylint: disable=unused-variable @login_manager.user_loader def load_user(user_id): """Based on a user_id (database primary key for a user) this function loads a user from the database. It is used by the Flask-Login extension to setup up the session for the user. Args: user_id: Integer primary key for the user. Returns: A user object (Instance of timesketch.models.user.User). """ return User.query.get(user_id) # Setup CSRF protection for the whole application CSRFProtect(app) return app
#这个文件存放着app的创建与管理,蓝图的创建 from flask import Flask from flask_sqlalchemy import SQLAlchemy from flask_wtf import CSRFProtect import pymysql pymysql.install_as_MySQLdb() csrfya = CSRFProtect() models = SQLAlchemy() def Create_app(): app = Flask(__name__) app.config.from_object('DB_settings.DebugConfig') csrfya.init_app(app) models.init_app(app) from .main import main as main_blueprint app.register_blueprint(main_blueprint) return app
def create_app(config=None): """Create the Flask app instance that is used throughout the application. Args: config: Path to configuration file as a string or an object with config directives. Returns: Application object (instance of flask.Flask). """ # Setup the Flask app and load the config. app = Flask(__name__, template_folder=u'templates', static_folder=u'static') if not config: config = u'/etc/timesketch.conf' if isinstance(config, unicode): os.environ[u'TIMESKETCH_SETTINGS'] = config try: app.config.from_envvar(u'TIMESKETCH_SETTINGS') except IOError: sys.stderr.write( u'Config file {0} does not exist.\n'.format(config)) sys.exit() else: app.config.from_object(config) # Make sure that SECRET_KEY is configured. if not app.config[u'SECRET_KEY']: sys.stderr.write(u'ERROR: Secret key not present. ' u'Please update your configuration.\n' u'To generate a key you can use openssl:\n\n' u'$ openssl rand -base64 32\n\n') sys.exit() # Plaso version that we support if app.config[u'UPLOAD_ENABLED']: try: from plaso import __version__ as plaso_version except ImportError: sys.stderr.write(u'Upload is enabled, but Plaso is not installed.') sys.exit() app.config[u'PLASO_VERSION'] = plaso_version # Setup the database. configure_engine(app.config[u'SQLALCHEMY_DATABASE_URI']) db = init_db() # Alembic migration support: # http://alembic.zzzcomputing.com/en/latest/ migrate = Migrate() migrate.init_app(app, db) # Register blueprints. Blueprints are a way to organize your Flask # Flask application. See this for more information: # http://flask.pocoo.org/docs/latest/blueprints/ app.register_blueprint(user_views) app.register_blueprint(home_views) app.register_blueprint(sketch_views) app.register_blueprint(story_views) # Setup URL routes for the API. api_v1 = Api(app, prefix=u'/api/v1') api_v1.add_resource(SketchListResource, u'/sketches/') api_v1.add_resource(SketchResource, u'/sketches/<int:sketch_id>/') api_v1.add_resource(AggregationResource, u'/sketches/<int:sketch_id>/aggregation/') api_v1.add_resource(ExploreResource, u'/sketches/<int:sketch_id>/explore/') api_v1.add_resource(EventResource, u'/sketches/<int:sketch_id>/event/') api_v1.add_resource(EventAnnotationResource, u'/sketches/<int:sketch_id>/event/annotate/') api_v1.add_resource(ViewListResource, u'/sketches/<int:sketch_id>/views/') api_v1.add_resource(ViewResource, u'/sketches/<int:sketch_id>/views/<int:view_id>/') api_v1.add_resource(SearchTemplateListResource, u'/searchtemplate/') api_v1.add_resource(SearchTemplateResource, u'/searchtemplate/<int:searchtemplate_id>/') api_v1.add_resource(UploadFileResource, u'/upload/') api_v1.add_resource(TaskResource, u'/tasks/') api_v1.add_resource(StoryListResource, u'/sketches/<int:sketch_id>/stories/') api_v1.add_resource(StoryResource, u'/sketches/<int:sketch_id>/stories/<int:story_id>/') api_v1.add_resource(QueryResource, u'/sketches/<int:sketch_id>/explore/query/') api_v1.add_resource(CountEventsResource, u'/sketches/<int:sketch_id>/count/') api_v1.add_resource(TimelineListResource, u'/sketches/<int:sketch_id>/timelines/') api_v1.add_resource( TimelineResource, u'/sketches/<int:sketch_id>/timelines/<int:timeline_id>/') api_v1.add_resource(SearchIndexListResource, u'/searchindices/') api_v1.add_resource(SearchIndexResource, u'/searchindices/<int:searchindex_id>/') api_v1.add_resource(GraphResource, u'/sketches/<int:sketch_id>/explore/graph/') # Experimental API resources api_experimental = Api(app, prefix=u'/api/experimental') api_experimental.add_resource(WinLoginsResource, u'/sketches/<int:sketch_id>/win_logins/') api_experimental.add_resource(WinServicesResource, u'/sketches/<int:sketch_id>/win_services/') api_experimental.add_resource(CreateGraphResource, u'/sketches/<int:sketch_id>/create_graph/') api_experimental.add_resource(DeleteGraphResource, u'/sketches/<int:sketch_id>/delete_graph/') # Register error handlers # pylint: disable=unused-variable @app.errorhandler(ApiHTTPError) def handle_api_http_error(error): """Error handler for API HTTP errors. Returns: HTTP response object (instance of flask.wrappers.Response) """ return error.build_response() # Setup the login manager. login_manager = LoginManager() login_manager.init_app(app) login_manager.login_view = u'user_views.login' # This is used by the flask_login extension. # pylint: disable=unused-variable @login_manager.user_loader def load_user(user_id): """Based on a user_id (database primary key for a user) this function loads a user from the database. It is used by the Flask-Login extension to setup up the session for the user. Args: user_id: Integer primary key for the user. Returns: A user object (Instance of timesketch.models.user.User). """ return User.query.get(user_id) # Setup CSRF protection for the whole application CSRFProtect(app) return app
def csrfProtectCanBeImportedFromFlaskWtfDirectly(): from flask import Flask from flask_wtf import CSRFProtect app = Flask(__name__) # Compliant CSRFProtect(app)
from flask_wtf import CSRFProtect from config import config configName = os.getenv('FLASK_CONFIG') or 'default' # # 實例化一個全局logger對象 xlogger = logging.getLogger(config[configName].LOG_NAME) # Flask_SQLALChemy组件初始化 db = SQLAlchemy() # 實例化一個flask-session對象 session = Session() # # 實例化一些插件的全局对象 loginmanager = LoginManager() bootstrap = Bootstrap() mail = Mail() moment = Moment() # # 實例化一个CSRF保护的全局对象 csrf = CSRFProtect() # 安全KEY使用flask默认的SECRET_KEY # Flask_uploads组件初始化,创建一个flask_uploads集合,供manage.py中的处理函数引用. # 之所以放到这里初始化,是因为这些上传的文件被我视为数据库的一部分,当然也可以在别的地址初始化它 # 通过UploadSet函数创建一个Set,允许上传哪些类型的文件 #uploadSetPhotos = UploadSet('photos', IMAGES) pass
import os from flask import Flask, render_template, redirect, request, session from flask_wtf import FlaskForm, CSRFProtect from wtforms import StringField, PasswordField, SubmitField application = Flask(__name__, instance_relative_config=True) application.config.from_pyfile("config.py") csrf = CSRFProtect(application) application.config["DEBUG"] = True @application.before_request def is_logged_in(): if not session.get("logged_in") and request.endpoint not in ("login", "static"): session["url"] = request.url return redirect("/login") class UserForm(FlaskForm): username = StringField(label="Username") password = PasswordField(label="Password") submit = SubmitField(label="Log in") @application.route("/login", methods=["GET", "POST"]) def login(): form = UserForm() status = 200 if form.validate_on_submit():
message="Doit être compris entre 1000 et 98000") ]) submit = SubmitField('Prédire') # inference fonction, parameters have passed form filters before reaching this function # still user can input inexistant code postal (verification could be implimented from flat file or db) def make_inference(type_bien: str, surface: int, nb_pieces: int, code_postal: int): with open(f"ml_models/tree_{type_bien}.pkl", "rb") as file: tree = pickle.load(file) prediction = tree.predict([[surface, nb_pieces, code_postal]]) return prediction[0] csrf = CSRFProtect() app = Flask(__name__) try: app.config.from_pyfile('config_dev.py') except: app.config['SECRET_KEY'] = os.environ["FLASK_KEY"] csrf.init_app(app) @app.route('/', methods=['GET']) @app.route('/home', methods=['GET']) def home(): return render_template('home.html') @app.route('/about', methods=['GET'])
import appengine_config import logging from flask import Flask from flask_restful import Api from flask_wtf import CSRFProtect from flask_cors import CORS app = Flask(__name__) app.config.from_object(__name__) csrf_protect = CSRFProtect(app) api = Api(app, decorators=[csrf_protect.exempt]) cors = CORS(app, resources={r"/api/*": {"origins": "*"}}) if appengine_config.GAE_DEV: logging.warning('Using a dummy secret key') app.secret_key = 'MyS3cr3tKey' app.debug = True DEBUG = True else: import app_secrets app.secret_key = app_secrets.app_secret_key
import random import json import re import sys import qiniu from io import BytesIO import base64 app = Flask(__name__) app.register_blueprint(cms_bp) app.register_blueprint(front_bp) # 加载配置文件 app.config.from_object(config) CSRFProtect(app=app) db.init_app(app) mail.init_app(app) # app.config["WTF_CSRF_ENABLED"] = False UEDITOR_UPLOAD_PATH = "images" # 上传到本地服务器的路径 UEDITOR_UPLOAD_TO_QINIU = False # 是否上传到七牛云 UEDITOR_QINIU_ACCESS_KEY = "" UEDITOR_QINIU_SECRET_KEY = "" UEDITOR_QINIU_BUCKET_NAME = "" UEDITOR_QINIU_DOMAIN = "peouv6xac.bkt.clouddn.com" @app.before_first_request def before_first_request(): global UEDITOR_UPLOAD_TO_QINIU
from flask import Flask, request, current_app from flask_babel import Babel from flask_redis import FlaskRedis from flask_wtf import CSRFProtect from pony.flask import Pony from config import Config from db import db as mysql # flask flask_app = Flask(__name__) flask_app.config.from_object(Config) flask_app.jinja_env.add_extension('jinja2.ext.i18n') CSRFProtect(flask_app) # mysql mysql.bind(**flask_app.config['PONY']) mysql.generate_mapping() pony = Pony(flask_app) # redis redis = FlaskRedis(flask_app) babel = Babel(flask_app) @babel.localeselector def get_locale(): locale = request.cookies.get('locale', '') if locale:
from flask import Flask, render_template, request, flash from flask_wtf import CSRFProtect import os import checkfuelprice as fp import settings as settings import search_view as sv # print("Current path: ", os.getcwd()) app = Flask(__name__) app.config.from_object(settings.Config) csrf = CSRFProtect(app) @app.route('/', methods=('GET', 'POST')) def search(): form = sv.SearchForm(request.form) if form.validate_on_submit(): if form.suburbs.data == '-1': flash('Please select suburb.', 'error') return render_template('search.html', form=form) if form.brand.data == '0': brand = 'All brands' else: brand = dict(form.brand.choices).get(int(form.brand.data)) if form.surrounding.data == 'yes': surrounding = 'Yes' else: surrounding = 'No'
from flask_wtf import CSRFProtect # 初始化app app = Flask(__name__) #注册蓝图 app.register_blueprint(cms_bp) app.register_blueprint(front_bp) app.register_blueprint(common_bp) #导入配置文件 app.config.from_object(config) db.init_app(app) #注册csrf模块 csrf = CSRFProtect() csrf.exempt(front_bp) csrf.exempt(cms_bp) csrf.exempt(common_bp) csrf.init_app(app) # 处理404错误 @app.errorhandler(404) def page_not_found(e): return render_template('404.html'), 404 #处理500错误 @app.errorhandler(500) def page_not_found(e):
# Make environment specific choice of configuration if os.environ["PPT_ENVIRONMENT"] == "prod": app.config.from_pyfile('../config/settings_prod.py') elif os.environ["PPT_ENVIRONMENT"] == "test": app.config.from_pyfile('../config/settings_test.py') else: app.config.from_pyfile('../config/settings_dev.py') app.secret_key = app.config["SECRET_KEY"] # Load/initialize extensions # CSRFProtect is for csrf protecting POST requests that do not contain a form. # By initializing it, all POST requests must send an X-CSRFToken header # to be allowed to connect. csrf = CSRFProtect() csrf.init_app(app) cors = CORS(app) db = SQLAlchemy(app) lm = LoginManager() lm.init_app(app) principals = Principal(app) wtforms_json.init() # authentication/login form methods. We use flask_jwt for authentication, and # send out a JSON web token that is stored in the client and sent back with # every request. The authentication back end is LDAP. We send out LDAP groups # the user is in for use in role-based authorization on the front end (what to # show the user). We do check the directory again when handling each request.
def create_app(config_str): app = Flask(__name__) # 从字典中获取类 app.config.from_object(config_dict[config_str]) # 日志初始化 setup_log(config_str) # mysql初始化 db.init_app(app) # 初始化redis数据库 global redis_store # redis_store = StrictRedis( # host="REDIS_HOST", # port="REDIS_PORT", # db="REDIS_DB", # ) redis_store = StrictRedis( host=app.config.get('REDIS_HOST'), port=app.config.get('REDIS_PORT'), db=app.config.get('REDIS_DB') ) # 导入蓝图 # 蓝图注入app 中 from info.modules.index import index_blueprint app.register_blueprint(index_blueprint) from info.modules.passport import passport_blueprint app.register_blueprint(passport_blueprint) from info.modules.news import new_blueprint app.register_blueprint(new_blueprint) from info.modules.profile import profile_blueprint app.register_blueprint(profile_blueprint) from info.modules.admin import admin_blueprint app.register_blueprint(admin_blueprint) # csrf保护 CSRFProtect(app) # session 保存在redis中 Session(app) @app.after_request def after(response): # 完善CSRF验证 from flask_wtf.csrf import generate_csrf # 生成csrf口令 token = generate_csrf() # 输出到浏览器cookie中 response.set_cookie('csrf_token', token) return response from info.utils.common import longin_wrappes @app.errorhandler(404) @longin_wrappes def header_404(e): data = { "user": g.user } return render_template("news/404.html",data = data) return app