def main(global_config, **settings):
config = Configurator(settings=settings)
config.set_authentication_policy(AuthenticationPolicy(None))
config.set_authorization_policy(AuthorizationPolicy())
config.add_renderer('prettyjson', JSON(indent=4))
config.add_renderer('jsonp', JSONP(param_name='opt_jsonp'))
config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp'))
config.add_subscriber(set_renderer, NewRequest)
config.include("cornice")
config.route_prefix = '/api/{}'.format(VERSION)
config.scan("openprocurement.api.views")
# CouchDB connection
server = Server(settings.get('couchdb.url'))
config.registry.couchdb_server = server
db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
if db_name not in server:
server.create(db_name)
config.registry.db = server[db_name]
# sync couchdb views
sync_design(config.registry.db)
# migrate data
migrate_data(config.registry.db)
# S3 connection
if 'aws.access_key' in settings and 'aws.secret_key' in settings and 'aws.bucket' in settings:
connection = S3Connection(settings['aws.access_key'], settings['aws.secret_key'])
config.registry.s3_connection = connection
bucket_name = settings['aws.bucket']
if bucket_name not in [b.name for b in connection.get_all_buckets()]:
connection.create_bucket(bucket_name, location=Location.EU)
config.registry.bucket_name = bucket_name
return config.make_wsgi_app()
def main(global_config, **settings):
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=AuthenticationPolicy(settings['auth.file'], __name__),
authorization_policy=AuthorizationPolicy(),
route_prefix=route_prefix(settings),
)
config.include('pyramid_exclog')
config.include("cornice")
config.add_forbidden_view(forbidden)
config.add_request_method(request_params, 'params', reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_request_method(extract_tender, 'tender', reify=True)
config.add_request_method(check_accreditation)
config.add_request_method(json_body, 'json_body', reify=True)
config.add_renderer('json', JSON(serializer=simplejson.dumps))
config.add_renderer('prettyjson', JSON(indent=4, serializer=simplejson.dumps))
config.add_renderer('jsonp', JSONP(param_name='opt_jsonp', serializer=simplejson.dumps))
config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp', serializer=simplejson.dumps))
config.add_subscriber(add_logging_context, NewRequest)
config.add_subscriber(set_logging_context, ContextFound)
config.add_subscriber(set_renderer, NewRequest)
config.add_subscriber(beforerender, BeforeRender)
config.scan("openprocurement.api.views.spore")
config.scan("openprocurement.api.views.health")
# tender procurementMethodType plugins support
config.add_route_predicate('procurementMethodType', isTender)
config.registry.tender_procurementMethodTypes = {}
config.add_request_method(tender_from_data)
config.add_directive('add_tender_procurementMethodType', register_tender_procurementMethodType)
# search for plugins
plugins = settings.get('plugins') and settings['plugins'].split(',')
for entry_point in iter_entry_points('openprocurement.api.plugins'):
if not plugins or entry_point.name in plugins:
plugin = entry_point.load()
plugin(config)
# CouchDB connection
db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
server = Server(settings.get('couchdb.url'), session=Session(retry_delays=range(10)))
if 'couchdb.admin_url' not in settings and server.resource.credentials:
try:
server.version()
except Unauthorized:
server = Server(extract_credentials(settings.get('couchdb.url'))[0])
config.registry.couchdb_server = server
if 'couchdb.admin_url' in settings and server.resource.credentials:
aserver = Server(settings.get('couchdb.admin_url'), session=Session(retry_delays=range(10)))
config.registry.admin_couchdb_server = aserver
users_db = aserver['_users']
if SECURITY != users_db.security:
LOGGER.info("Updating users db security", extra={'MESSAGE_ID': 'update_users_security'})
users_db.security = SECURITY
username, password = server.resource.credentials
user_doc = users_db.get('org.couchdb.user:{}'.format(username), {'_id': 'org.couchdb.user:{}'.format(username)})
if not user_doc.get('derived_key', '') or PBKDF2(password, user_doc.get('salt', ''), user_doc.get('iterations', 10)).hexread(int(len(user_doc.get('derived_key', '')) / 2)) != user_doc.get('derived_key', ''):
user_doc.update({
"name": username,
"roles": [],
"type": "user",
"password": password
})
LOGGER.info("Updating api db main user", extra={'MESSAGE_ID': 'update_api_main_user'})
users_db.save(user_doc)
security_users = [username, ]
if 'couchdb.reader_username' in settings and 'couchdb.reader_password' in settings:
reader_username = settings.get('couchdb.reader_username')
reader = users_db.get('org.couchdb.user:{}'.format(reader_username), {'_id': 'org.couchdb.user:{}'.format(reader_username)})
if not reader.get('derived_key', '') or PBKDF2(settings.get('couchdb.reader_password'), reader.get('salt', ''), reader.get('iterations', 10)).hexread(int(len(reader.get('derived_key', '')) / 2)) != reader.get('derived_key', ''):
reader.update({
"name": reader_username,
"roles": ['reader'],
"type": "user",
"password": settings.get('couchdb.reader_password')
})
LOGGER.info("Updating api db reader user", extra={'MESSAGE_ID': 'update_api_reader_user'})
users_db.save(reader)
security_users.append(reader_username)
if db_name not in aserver:
aserver.create(db_name)
db = aserver[db_name]
SECURITY[u'members'][u'names'] = security_users
if SECURITY != db.security:
LOGGER.info("Updating api db security", extra={'MESSAGE_ID': 'update_api_security'})
db.security = SECURITY
auth_doc = db.get(VALIDATE_DOC_ID, {'_id': VALIDATE_DOC_ID})
if auth_doc.get('validate_doc_update') != VALIDATE_DOC_UPDATE % username:
auth_doc['validate_doc_update'] = VALIDATE_DOC_UPDATE % username
LOGGER.info("Updating api db validate doc", extra={'MESSAGE_ID': 'update_api_validate_doc'})
db.save(auth_doc)
# sync couchdb views
sync_design(db)
db = server[db_name]
else:
if db_name not in server:
server.create(db_name)
db = server[db_name]
# sync couchdb views
sync_design(db)
config.registry.db = db
# readjust couchdb json decoder
couchdb_json_decode()
# Document Service key
config.registry.docservice_url = settings.get('docservice_url')
config.registry.docservice_username = settings.get('docservice_username')
config.registry.docservice_password = settings.get('docservice_password')
config.registry.docservice_upload_url = settings.get('docservice_upload_url')
config.registry.docservice_key = dockey = Signer(settings.get('dockey', '').decode('hex'))
config.registry.keyring = keyring = {}
dockeys = settings.get('dockeys') if 'dockeys' in settings else dockey.hex_vk()
for key in dockeys.split('\0'):
keyring[key[:8]] = Verifier(key)
# migrate data
if not os.environ.get('MIGRATION_SKIP'):
for entry_point in iter_entry_points('openprocurement.api.migrations'):
plugin = entry_point.load()
plugin(config.registry)
config.registry.server_id = settings.get('id', '')
config.registry.health_threshold = float(settings.get('health_threshold', 99))
config.registry.update_after = asbool(settings.get('update_after', True))
return config.make_wsgi_app()
def main(global_config, **settings):
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=AuthenticationPolicy(settings['auth.file'],
__name__),
authorization_policy=AuthorizationPolicy(),
route_prefix=ROUTE_PREFIX,
)
config.include('pyramid_exclog')
config.include("cornice")
config.add_forbidden_view(forbidden)
config.add_request_method(request_params, 'params', reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_request_method(check_accreditation)
config.add_request_method(json_body, 'json_body', reify=True)
config.add_renderer('json', JSON(serializer=simplejson.dumps))
config.add_renderer('prettyjson',
JSON(indent=4, serializer=simplejson.dumps))
config.add_renderer(
'jsonp', JSONP(param_name='opt_jsonp', serializer=simplejson.dumps))
config.add_renderer(
'prettyjsonp',
JSONP(indent=4, param_name='opt_jsonp', serializer=simplejson.dumps))
# search for plugins
plugins = settings.get('plugins') and settings['plugins'].split(',')
load_plugins(config, group='openregistry.api.plugins', plugins=plugins)
# CouchDB connection
aserver, server, db = set_api_security(settings)
config.registry.couchdb_server = server
if aserver:
config.registry.admin_couchdb_server = aserver
config.registry.db = db
couchdb_json_decode()
# Document Service key
config.registry.docservice_url = settings.get('docservice_url')
config.registry.docservice_username = settings.get('docservice_username')
config.registry.docservice_password = settings.get('docservice_password')
config.registry.docservice_upload_url = settings.get(
'docservice_upload_url')
config.registry.docservice_key = dockey = Signer(
settings.get('dockey', '').decode('hex'))
config.registry.keyring = keyring = {}
dockeys = settings.get(
'dockeys') if 'dockeys' in settings else dockey.hex_vk()
for key in dockeys.split('\0'):
keyring[key[:8]] = Verifier(key)
# migrate data
if not os.environ.get('MIGRATION_SKIP'):
load_plugins(config.registry, group='openregistry.api.migrations')
config.registry.server_id = settings.get('id', '')
# search subscribers
subscribers_keys = [k for k in settings if k.startswith('subscribers.')]
for k in subscribers_keys:
subscribers = settings[k].split(',')
for subscriber in subscribers:
load_plugins(config,
group='openregistry.{}'.format(k),
name=subscriber)
config.registry.health_threshold = float(
settings.get('health_threshold', 512))
config.registry.health_threshold_func = settings.get(
'health_threshold_func', 'all')
config.registry.update_after = asbool(settings.get('update_after', True))
return config.make_wsgi_app()
def main(global_config, **settings):
dsn = settings.get("sentry.dsn") or os.environ.get("SENTRY_DSN")
if dsn:
sentry_sdk.init(
dsn=dsn,
integrations=[
LoggingIntegration(),
PyramidIntegration(),
],
send_default_pii=True,
request_bodies="always",
environment=settings.get("sentry.environment"),
)
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=AuthenticationPolicy(settings['auth.file'], __name__),
authorization_policy=AuthorizationPolicy(),
route_prefix=ROUTE_PREFIX,
)
config.include('pyramid_exclog')
config.include("cornice")
config.add_forbidden_view(forbidden)
config.add_request_method(request_params, 'params', reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_request_method(check_accreditation)
config.add_renderer('json', JSON(serializer=simplejson.dumps))
config.add_renderer('prettyjson', JSON(indent=4, serializer=simplejson.dumps))
config.add_renderer('jsonp', JSONP(param_name='opt_jsonp', serializer=simplejson.dumps))
config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp', serializer=simplejson.dumps))
# search for plugins
plugins = settings.get('plugins') and settings['plugins'].split(',')
for entry_point in iter_entry_points('openprocurement.audit.api.plugins'):
if not plugins or entry_point.name in plugins:
plugin = entry_point.load()
plugin(config)
pass
# CouchDB connection
aserver, server, db = set_api_security(settings)
config.registry.couchdb_server = server
if aserver:
config.registry.admin_couchdb_server = aserver
config.registry.db = db
# readjust couchdb json decoder
couchdb_json_decode()
# Document Service key
config.registry.docservice_url = settings.get('docservice_url')
config.registry.docservice_username = settings.get('docservice_username')
config.registry.docservice_password = settings.get('docservice_password')
config.registry.docservice_upload_url = settings.get('docservice_upload_url')
# config.registry.docservice_key = dockey = Signer(settings.get('dockey', '').decode('hex'))
# config.registry.keyring = keyring = {}
# dockeys = settings.get('dockeys') if 'dockeys' in settings else dockey.hex_vk()
# for key in dockeys.split('\0'):
# keyring[key[:8]] = Verifier(key)
signing_key = settings.get('dockey', '')
signer = SigningKey(signing_key, encoder=HexEncoder) if signing_key else SigningKey.generate()
config.registry.docservice_key = signer
verifier = signer.verify_key
config.registry.keyring = {
verifier.encode(encoder=HexEncoder)[:8].decode(): verifier
}
dockeys = settings.get('dockeys', '')
for key in dockeys.split('\0'):
if key:
config.registry.keyring[key[:8]] = VerifyKey(key, encoder=HexEncoder)
# migrate data
if not os.environ.get('MIGRATION_SKIP'):
for entry_point in iter_entry_points('openprocurement.audit.api.migrations'):
plugin = entry_point.load()
plugin(config.registry)
config.registry.server_id = settings.get('id', '')
# search subscribers
subscribers_keys = [k for k in settings if k.startswith('subscribers.')]
for k in subscribers_keys:
subscribers = settings[k].split(',')
for subscriber in subscribers:
for entry_point in iter_entry_points('openprocurement.{}'.format(k), subscriber):
if entry_point:
plugin = entry_point.load()
plugin(config)
config.registry.health_threshold = float(settings.get('health_threshold', 512))
config.registry.health_threshold_func = settings.get('health_threshold_func', 'all')
config.registry.update_after = asbool(settings.get('update_after', True))
config.registry.disable_opt_fields_filter = asbool(settings.get('disable_opt_fields_filter', False))
return config.make_wsgi_app()
def main(global_config, **settings):
dsn = settings.get("sentry.dsn", None)
if dsn:
LOGGER.info("Init sentry sdk for {}".format(dsn))
sentry_sdk.init(
dsn=dsn,
integrations=[
LoggingIntegration(level=None, event_level=None),
PyramidIntegration()
],
send_default_pii=True,
request_bodies="always",
environment=settings.get("sentry.environment", None),
debug=settings.get("sentry.debug", False),
)
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=AuthenticationPolicy(settings["auth.file"],
__name__),
authorization_policy=AuthorizationPolicy(),
route_prefix=ROUTE_PREFIX,
)
config.include("pyramid_exclog")
config.include("cornice")
config.add_forbidden_view(forbidden)
config.add_view(precondition, context=HTTPPreconditionFailed)
config.add_request_method(request_params, "params", reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_request_method(check_accreditations)
config.add_request_method(get_currency_rates,
name="currency_rates",
reify=True)
config.add_renderer("json", JSON(serializer=simplejson.dumps))
config.add_renderer("prettyjson",
JSON(indent=4, serializer=simplejson.dumps))
config.add_renderer(
"jsonp", JSONP(param_name="opt_jsonp", serializer=simplejson.dumps))
config.add_renderer(
"prettyjsonp",
JSONP(indent=4, param_name="opt_jsonp", serializer=simplejson.dumps))
# search for plugins
plugins = settings.get("plugins") and [
plugin.strip() for plugin in settings["plugins"].split(",")
]
for entry_point in iter_entry_points("openprocurement.api.plugins"):
if not plugins or entry_point.name in plugins:
plugin = entry_point.load()
plugin(config)
# CouchDB connection
aserver, server, db = set_api_security(settings)
config.registry.couchdb_server = server
if aserver:
config.registry.admin_couchdb_server = aserver
config.registry.db = db
# CouchDB specific databases connections
config.registry.databases = Databases(
admin_connection=aserver or server,
connection=server,
migrations=settings.get("couchdb.migrations_db_name"),
frameworks=settings.get("couchdb.frameworks_db_name"),
submissions=settings.get("couchdb.submissions_db_name"),
qualifications=settings.get("couchdb.qualifications_db_name"),
agreements=settings.get("couchdb.agreements_db_name"),
transfers=settings.get("couchdb.transfers_db_name"),
plans=settings.get("couchdb.plans_db_name"),
contracts=settings.get("couchdb.contracts_db_name"),
)
# readjust couchdb json decoder
couchdb_json_decode()
# Document Service key
config.registry.docservice_url = settings.get("docservice_url")
config.registry.docservice_username = settings.get("docservice_username")
config.registry.docservice_password = settings.get("docservice_password")
config.registry.docservice_upload_url = settings.get(
"docservice_upload_url")
signing_key = settings.get('dockey', '')
signer = SigningKey(
signing_key,
encoder=HexEncoder) if signing_key else SigningKey.generate()
config.registry.docservice_key = signer
verifier = signer.verify_key
config.registry.keyring = {
verifier.encode(encoder=HexEncoder)[:8].decode(): verifier
}
dockeys = settings.get('dockeys', '')
for key in dockeys.split('\0'):
if key:
config.registry.keyring[key[:8]] = VerifyKey(key,
encoder=HexEncoder)
# migrate data
if not os.environ.get("MIGRATION_SKIP"):
for entry_point in iter_entry_points("openprocurement.api.migrations"):
plugin = entry_point.load()
plugin(config.registry)
config.registry.server_id = settings.get("id", "")
# search subscribers
subscribers_keys = [k for k in settings if k.startswith("subscribers.")]
for k in subscribers_keys:
subscribers = settings[k].split(",")
for subscriber in subscribers:
for entry_point in iter_entry_points(
"openprocurement.{}".format(k), subscriber):
if entry_point:
plugin = entry_point.load()
plugin(config)
config.registry.health_threshold = float(
settings.get("health_threshold", 512))
config.registry.health_threshold_func = settings.get(
"health_threshold_func", "all")
config.registry.update_after = asbool(settings.get("update_after", True))
return config.make_wsgi_app()
def main(global_config, **settings):
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=AuthenticationPolicy(settings['auth.file'],
__name__),
authorization_policy=AuthorizationPolicy(),
route_prefix=ROUTE_PREFIX,
)
config.include('pyramid_exclog')
config.include("cornice")
config.add_forbidden_view(forbidden)
config.add_request_method(request_params, 'params', reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_request_method(extract_tender, 'tender', reify=True)
config.add_renderer('prettyjson', JSON(indent=4))
config.add_renderer('jsonp', JSONP(param_name='opt_jsonp'))
config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp'))
config.add_subscriber(add_logging_context, NewRequest)
config.add_subscriber(set_logging_context, ContextFound)
config.add_subscriber(set_renderer, NewRequest)
config.add_subscriber(beforerender, BeforeRender)
config.scan("openprocurement.api.views.spore")
# tender procurementMethodType plugins support
config.add_route_predicate('procurementMethodType', isTender)
config.registry.tender_procurementMethodTypes = {}
config.add_request_method(tender_from_data)
config.add_directive('add_tender_procurementMethodType',
register_tender_procurementMethodType)
# search for plugins
plugins = settings.get('plugins') and settings['plugins'].split(',')
for entry_point in iter_entry_points('openprocurement.api.plugins'):
if not plugins or entry_point.name in plugins:
plugin = entry_point.load()
plugin(config)
# CouchDB connection
db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
server = Server(settings.get('couchdb.url'),
session=Session(retry_delays=range(10)))
if 'couchdb.admin_url' not in settings and server.resource.credentials:
try:
server.version()
except Unauthorized:
server = Server(
extract_credentials(settings.get('couchdb.url'))[0])
config.registry.couchdb_server = server
if 'couchdb.admin_url' in settings and server.resource.credentials:
aserver = Server(settings.get('couchdb.admin_url'),
session=Session(retry_delays=range(10)))
users_db = aserver['_users']
if SECURITY != users_db.security:
LOGGER.info("Updating users db security",
extra={'MESSAGE_ID': 'update_users_security'})
users_db.security = SECURITY
username, password = server.resource.credentials
user_doc = users_db.get(
'org.couchdb.user:{}'.format(username),
{'_id': 'org.couchdb.user:{}'.format(username)})
if not user_doc.get(
'derived_key', '') or PBKDF2(password, user_doc.get(
'salt', ''), user_doc.get('iterations', 10)).hexread(
int(len(user_doc.get('derived_key', '')) /
2)) != user_doc.get('derived_key', ''):
user_doc.update({
"name": username,
"roles": [],
"type": "user",
"password": password
})
LOGGER.info("Updating api db main user",
extra={'MESSAGE_ID': 'update_api_main_user'})
users_db.save(user_doc)
security_users = [
username,
]
if 'couchdb.reader_username' in settings and 'couchdb.reader_password' in settings:
reader_username = settings.get('couchdb.reader_username')
reader = users_db.get(
'org.couchdb.user:{}'.format(reader_username),
{'_id': 'org.couchdb.user:{}'.format(reader_username)})
if not reader.get('derived_key', '') or PBKDF2(
settings.get('couchdb.reader_password'),
reader.get('salt', ''), reader.get(
'iterations', 10)).hexread(
int(len(reader.get('derived_key', '')) /
2)) != reader.get('derived_key', ''):
reader.update({
"name":
reader_username,
"roles": ['reader'],
"type":
"user",
"password":
settings.get('couchdb.reader_password')
})
LOGGER.info("Updating api db reader user",
extra={'MESSAGE_ID': 'update_api_reader_user'})
users_db.save(reader)
security_users.append(reader_username)
if db_name not in aserver:
aserver.create(db_name)
db = aserver[db_name]
SECURITY[u'members'][u'names'] = security_users
if SECURITY != db.security:
LOGGER.info("Updating api db security",
extra={'MESSAGE_ID': 'update_api_security'})
db.security = SECURITY
auth_doc = db.get(VALIDATE_DOC_ID, {'_id': VALIDATE_DOC_ID})
if auth_doc.get(
'validate_doc_update') != VALIDATE_DOC_UPDATE % username:
auth_doc['validate_doc_update'] = VALIDATE_DOC_UPDATE % username
LOGGER.info("Updating api db validate doc",
extra={'MESSAGE_ID': 'update_api_validate_doc'})
db.save(auth_doc)
# sync couchdb views
sync_design(db)
db = server[db_name]
else:
if db_name not in server:
server.create(db_name)
db = server[db_name]
# sync couchdb views
sync_design(db)
config.registry.db = db
# migrate data
migrate_data(config.registry.db)
# S3 connection
if 'aws.access_key' in settings and 'aws.secret_key' in settings and 'aws.s3_bucket' in settings:
connection = S3Connection(settings['aws.access_key'],
settings['aws.secret_key'])
config.registry.s3_connection = connection
bucket_name = settings['aws.s3_bucket']
if bucket_name not in [b.name for b in connection.get_all_buckets()]:
connection.create_bucket(bucket_name, location=Location.EU)
config.registry.bucket_name = bucket_name
config.registry.server_id = settings.get('id', '')
return config.make_wsgi_app()
def main(global_config, **settings):
def strip_sensitive_data(event, hint):
return event
if settings.has_key("sentry.dsn"):
dsn = settings.get("sentry.dsn")
LOGGER.info("Init sentry sdk for {}".format(dsn))
sentry_sdk.init(
dsn=dsn,
integrations=[
LoggingIntegration(level=None, event_level=None),
PyramidIntegration()
],
send_default_pii=True,
request_bodies="always",
environment=settings.get("sentry.environment", None),
)
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=AuthenticationPolicy(settings["auth.file"],
__name__),
authorization_policy=AuthorizationPolicy(),
route_prefix=ROUTE_PREFIX,
)
config.include("pyramid_exclog")
config.include("cornice")
config.add_forbidden_view(forbidden)
config.add_view(precondition, context=HTTPPreconditionFailed)
config.add_request_method(request_params, "params", reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_request_method(check_accreditations)
config.add_renderer("json", JSON(serializer=simplejson.dumps))
config.add_renderer("prettyjson",
JSON(indent=4, serializer=simplejson.dumps))
config.add_renderer(
"jsonp", JSONP(param_name="opt_jsonp", serializer=simplejson.dumps))
config.add_renderer(
"prettyjsonp",
JSONP(indent=4, param_name="opt_jsonp", serializer=simplejson.dumps))
# search for plugins
plugins = settings.get("plugins") and settings["plugins"].split(",")
for entry_point in iter_entry_points("openprocurement.api.plugins"):
if not plugins or entry_point.name in plugins:
plugin = entry_point.load()
plugin(config)
# CouchDB connection
aserver, server, db = set_api_security(settings)
config.registry.couchdb_server = server
if aserver:
config.registry.admin_couchdb_server = aserver
config.registry.db = db
# readjust couchdb json decoder
couchdb_json_decode()
# Document Service key
config.registry.docservice_url = settings.get("docservice_url")
config.registry.docservice_username = settings.get("docservice_username")
config.registry.docservice_password = settings.get("docservice_password")
config.registry.docservice_upload_url = settings.get(
"docservice_upload_url")
config.registry.docservice_key = dockey = Signer(
settings.get("dockey", "").decode("hex"))
config.registry.keyring = keyring = {}
dockeys = settings.get(
"dockeys") if "dockeys" in settings else dockey.hex_vk()
for key in dockeys.split("\0"):
keyring[key[:8]] = Verifier(key)
# Archive keys
arch_pubkey = settings.get("arch_pubkey", None)
config.registry.arch_pubkey = PublicKey(
arch_pubkey.decode("hex") if arch_pubkey else SecretKey().pk)
# migrate data
if not os.environ.get("MIGRATION_SKIP"):
for entry_point in iter_entry_points("openprocurement.api.migrations"):
plugin = entry_point.load()
plugin(config.registry)
config.registry.server_id = settings.get("id", "")
# search subscribers
subscribers_keys = [k for k in settings if k.startswith("subscribers.")]
for k in subscribers_keys:
subscribers = settings[k].split(",")
for subscriber in subscribers:
for entry_point in iter_entry_points(
"openprocurement.{}".format(k), subscriber):
if entry_point:
plugin = entry_point.load()
plugin(config)
config.registry.health_threshold = float(
settings.get("health_threshold", 512))
config.registry.health_threshold_func = settings.get(
"health_threshold_func", "all")
config.registry.update_after = asbool(settings.get("update_after", True))
return config.make_wsgi_app()
def main(global_config, **settings):
config = Configurator(
autocommit=True,
settings=settings,
authentication_policy=AuthenticationPolicy(settings['auth.file'],
__name__),
authorization_policy=AuthorizationPolicy(),
route_prefix=route_prefix(settings),
)
config.include('pyramid_exclog')
config.include("cornice")
config.add_forbidden_view(forbidden)
config.add_request_method(request_params, 'params', reify=True)
config.add_request_method(authenticated_role, reify=True)
config.add_request_method(extract_tender, 'tender', reify=True)
config.add_request_method(check_accreditation)
config.add_renderer('prettyjson', JSON(indent=4))
config.add_renderer('jsonp', JSONP(param_name='opt_jsonp'))
config.add_renderer('prettyjsonp', JSONP(indent=4, param_name='opt_jsonp'))
config.add_subscriber(add_logging_context, NewRequest)
config.add_subscriber(set_logging_context, ContextFound)
config.add_subscriber(set_renderer, NewRequest)
config.add_subscriber(beforerender, BeforeRender)
config.scan("openprocurement.edge.views.spore")
config.scan("openprocurement.edge.views.health")
config.scan("openprocurement.edge.views.tenders")
if auctions_core:
config.add_request_method(extract_auction, 'auction', reify=True)
config.scan("openprocurement.edge.views.auctions")
add_auction_design()
if contracting:
config.add_request_method(extract_contract, 'contract', reify=True)
config.scan("openprocurement.edge.views.contracts")
add_contract_design()
if planning:
config.add_request_method(extract_plan, 'plan', reify=True)
config.scan("openprocurement.edge.views.plans")
add_plan_design()
# CouchDB connection
db_name = os.environ.get('DB_NAME', settings['couchdb.db_name'])
server = Server(settings.get('couchdb.url'),
session=Session(retry_delays=range(10)))
if 'couchdb.admin_url' not in settings and server.resource.credentials:
try:
server.version()
except Unauthorized:
server = Server(
extract_credentials(settings.get('couchdb.url'))[0])
config.registry.couchdb_server = server
if 'couchdb.admin_url' in settings and server.resource.credentials:
aserver = Server(settings.get('couchdb.admin_url'),
session=Session(retry_delays=range(10)))
config.registry.admin_couchdb_server = aserver
users_db = aserver['_users']
if SECURITY != users_db.security:
LOGGER.info("Updating users db security",
extra={'MESSAGE_ID': 'update_users_security'})
users_db.security = SECURITY
username, password = server.resource.credentials
user_doc = users_db.get(
'org.couchdb.user:{}'.format(username),
{'_id': 'org.couchdb.user:{}'.format(username)})
if not user_doc.get(
'derived_key', '') or PBKDF2(password, user_doc.get(
'salt', ''), user_doc.get('iterations', 10)).hexread(
int(len(user_doc.get('derived_key', '')) /
2)) != user_doc.get('derived_key', ''):
user_doc.update({
"name": username,
"roles": [],
"type": "user",
"password": password
})
LOGGER.info("Updating edge db main user",
extra={'MESSAGE_ID': 'update_edge_main_user'})
users_db.save(user_doc)
security_users = [
username,
]
if 'couchdb.reader_username' in settings and 'couchdb.reader_password' in settings:
reader_username = settings.get('couchdb.reader_username')
reader = users_db.get(
'org.couchdb.user:{}'.format(reader_username),
{'_id': 'org.couchdb.user:{}'.format(reader_username)})
if not reader.get('derived_key', '') or PBKDF2(
settings.get('couchdb.reader_password'),
reader.get('salt', ''), reader.get(
'iterations', 10)).hexread(
int(len(reader.get('derived_key', '')) /
2)) != reader.get('derived_key', ''):
reader.update({
"name":
reader_username,
"roles": ['reader'],
"type":
"user",
"password":
settings.get('couchdb.reader_password')
})
LOGGER.info("Updating edge db reader user",
extra={'MESSAGE_ID': 'update_edge_reader_user'})
users_db.save(reader)
security_users.append(reader_username)
if db_name not in aserver:
aserver.create(db_name)
db = aserver[db_name]
SECURITY[u'members'][u'names'] = security_users
if SECURITY != db.security:
LOGGER.info("Updating edge db security",
extra={'MESSAGE_ID': 'update_edge_security'})
db.security = SECURITY
auth_doc = db.get(VALIDATE_DOC_ID, {'_id': VALIDATE_DOC_ID})
if auth_doc.get(
'validate_doc_update') != VALIDATE_DOC_UPDATE % username:
auth_doc['validate_doc_update'] = VALIDATE_DOC_UPDATE % username
LOGGER.info("Updating edge db validate doc",
extra={'MESSAGE_ID': 'update_edge_validate_doc'})
db.save(auth_doc)
# sync couchdb views
sync_design(db)
db = server[db_name]
else:
if db_name not in server:
server.create(db_name)
db = server[db_name]
# sync couchdb views
sync_design(db)
config.registry.db = db
config.registry.server_id = settings.get('id', '')
config.registry.health_threshold = float(
settings.get('health_threshold', 99))
config.registry.update_after = asbool(settings.get('update_after', True))
return config.make_wsgi_app()