def register_blueprints(app): """Registers flask blueprints.""" import crabber_api import crabber_rss # Rate-limit site limiter = Limiter( app, key_func=get_remote_address, default_limits=[ f"{config.SITE_RATE_LIMIT_MINUTE}/minute", f"{config.SITE_RATE_LIMIT_SECOND}/second", ], ) # Exempt API from site-limits limiter.exempt(crabber_api.API) # Rate-limit API api_limiter = Limiter(app, key_func=crabber_api.get_api_key) api_limiter.limit(f"{config.API_RATE_LIMIT_SECOND}/second;" f"{config.API_RATE_LIMIT_MINUTE}/minute;" f"{config.API_RATE_LIMIT_HOUR}/hour")(crabber_api.API) # Register API V1 blueprint app.register_blueprint(crabber_api.API, url_prefix="/api/v1") # Register RSS blueprint app.register_blueprint(crabber_rss.RSS, url_prefix="/rss") return limiter
def create_app(test_config=None): """Создаёт и конфигурирует Flask-приложение""" app = Flask(__name__) app.config.from_mapping( SECRET_KEY=os.getenv('APP_SECRET_KEY', str(uuid.uuid4())), MONGO_URI=os.getenv('APP_MONGO_URI'), RATELIMIT_STORAGE_URL=os.getenv('APP_REDIS_URI'), # Для авторизации стороннего сервиса LOGIN=os.getenv('APP_LOGIN'), PASSWORD=os.getenv('APP_PASSWORD'), ) if test_config is not None: app.config.update(test_config) app.secret_key = app.config['SECRET_KEY'] limiter = Limiter( app, key_func=get_remote_address, ) # Важно: импорт моделей должен идти после вызова connect (особенность pymodm) # http://pymodm.readthedocs.io/en/latest/api/index.html#module-pymodm.connection from miles import db db.init_app(app) from miles import v1 # Чтобы трудно было подобрать код, ставим лимит на запросы limiter.limit("10/hour")(v1.login) app.register_blueprint(v1.bp) return app
def test_invalid_decorated_static_limit_blueprint(caplog): app = Flask(__name__) limiter = Limiter( app, default_limits=["1/second"], key_func=get_remote_address ) bp = Blueprint("bp1", __name__) @bp.route("/t1") def t1(): return "42" limiter.limit("2/sec")(bp) app.register_blueprint(bp) with app.test_client() as cli: with hiro.Timeline().freeze(): assert cli.get("/t1").status_code == 200 assert cli.get("/t1").status_code == 429 assert ( "failed to configure" in caplog.records[0].msg ) assert ( "exceeded at endpoint" in caplog.records[1].msg )
def create_app(): app = Flask(__name__) app.config['CELERY_BROKER_URL'] = CELERY_BROKER_URL app.config['CELERY_RESULT_BACKEND'] = 'redis://localhost:6379/0' celery.conf.update(app.config) bootstrap = Bootstrap(app) app.config['SECRET_KEY'] = 'hard to guess string' app.config['UPLOAD_FOLDER'] = '/tmp/submissions/' app.config['MAX_CONTENT_LENGTH'] = 3 * 1024 * 1024 app.config['ALLOWED_EXTENSIONS'] = set(['apk']) if not os.path.exists(app.config['UPLOAD_FOLDER']): os.makedirs(app.config['UPLOAD_FOLDER']) import views app.register_blueprint(views.status) app.register_blueprint(views.uploadbp) models.init_db() emu_manager.init_emulators() limiter = Limiter(app, default_limits=["1/second"], key_func=get_remote_address) limiter.limit("20/hour")(views.uploadbp) return app, limiter
def create_app(): app = Flask(__name__) CSRFProtect(app) app.secret_key = os.getenv("SECRET_KEY") or os.urandom(24) app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///santa.sqlite" app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False db.init_app(app) if os.environ.get("RESET_DB") == "1": with app.app_context(): from secret_santa.models import Address, Group, Member, User # noqa: F811 logger.debug("Reseting DB") meta = db.metadata for table in reversed(meta.sorted_tables): db.session.execute(table.delete()) logger.debug(f"truncating table {table}") db.create_all() db.session.commit() # register blueprints from secret_santa.templates.views import main as main_blueprint app.register_blueprint(main_blueprint) from secret_santa.auth.views import auth as auth_blueprint app.register_blueprint(auth_blueprint, url_prefix="/auth") from secret_santa.users.views import users as users_blueprint app.register_blueprint(users_blueprint, url_prefix="/users") from secret_santa.groups.views import groups as groups_blueprint app.register_blueprint(groups_blueprint, url_prefix="/groups") login_manager = LoginManager() login_manager.login_view = "auth.login" login_manager.init_app(app) @login_manager.user_loader def load_user(user_id): from secret_santa.models import User # noqa: F811 return User.query.get(int(user_id)) limiter = Limiter(app, key_func=get_remote_address, default_limits=["5/second"]) limiter.limit("60/hour")(auth_blueprint) # Redirect all non existent URLsto index.html @app.errorhandler(404) def page_not_found(e): flash("Ooops! The requested page doesn't exist!", "is-danger") return redirect(url_for("main.index")) return app
def register_blueprints(_app): """ register blueprints to the app """ # Limit authentication blueprint requests to 30 per minute limiter = Limiter(_app, key_func=get_remote_address) limiter.limit("30/minute")(authentication_routes.blueprint) _app.register_blueprint(static_routes.blueprint) # register static routes _app.register_blueprint(admin_routes.blueprint) # register admin views _app.register_blueprint(authentication_routes.blueprint) # register login/logout views _app.register_blueprint(calibration_routes.blueprint) # register calibration views _app.register_blueprint(general_routes.blueprint) # register general routes _app.register_blueprint(method_routes.blueprint) # register method views _app.register_blueprint(page_routes.blueprint) # register page views _app.register_blueprint(remote_admin_routes.blueprint) # register remote admin views _app.register_blueprint(settings_routes.blueprint) # register settings views
def create_app(test_config=None): app = Flask(__name__, instance_relative_config=True) CORS(app, resources={r"/*": {"origins": "*"}}) app.config.from_mapping( SECRET_KEY='dev', DATABASE=os.path.join(app.instance_path, 'flaskr.sqlite'), ) if test_config is None: # load the instance config, if it exists, when not testing app.config.from_pyfile('config.py', silent=True) else: # load the test config if passed in app.config.from_mapping(test_config) # ensure the instance folder exists try: os.makedirs(app.instance_path) except OSError: pass @app.errorhandler(404) def not_found_error(error): return 'Page not found', 404 from . import db db.init_app(app) from . import post limiter = Limiter(app, key_func=get_remote_address) limiter.limit("5/minute", methods=['POST'])(post.bp) limiter.limit("10/second", methods=['GET'])(post.bp) app.register_blueprint(post.bp) return app
def test_invalid_decorated_dynamic_limits_blueprint(caplog): app = Flask(__name__) app.config.setdefault("X", "2 per sec") limiter = Limiter( app, default_limits=["1/second"], key_func=get_remote_address ) bp = Blueprint("bp1", __name__) @bp.route("/t1") def t1(): return "42" limiter.limit(lambda: current_app.config.get("X"))(bp) app.register_blueprint(bp) with app.test_client() as cli: with hiro.Timeline().freeze(): assert cli.get("/t1").status_code == 200 assert cli.get("/t1").status_code == 429 assert len(caplog.records) == 3 assert "failed to load ratelimit" in caplog.records[0].msg assert "failed to load ratelimit" in caplog.records[1].msg assert "exceeded at endpoint" in caplog.records[2].msg
from api.indass_select import SelectView app = Flask(__name__, static_folder=config.Config.STATIC_PATH, static_url_path='') manager = Manager(app) app.config['SECRET_KEY'] = config.Config.SECRET_KEY csrf = CSRFProtect(app) app.config.from_object(config.config["development"]) limiter = Limiter(app, key_func=get_remote_address, default_limits=["200 per minute"]) app.add_url_rule("/", view_func=HomeView.as_view("homeview")) login_view = limiter.limit("12 per minute")(LoginView.as_view("loginview")) app.add_url_rule("/login", view_func=login_view) app.add_url_rule("/logout", view_func=LogoutView.as_view("logoutview")) app.add_url_rule("/select/<username>", view_func=SelectView.as_view("selectview")) app.add_url_rule("/<username>/<project_id>/<data_marker>", view_func=AnalyzeView.as_view("analyzeview")) data_view = limiter.limit("12 per minute")(DataView.as_view("dataview")) app.add_url_rule("/api/v1.0/<username>/<project_id>/<data_marker>", view_func=data_view) @app.errorhandler(404) def error(e): return render_template("404.html")
import config import models from resources.courses import courses_api from resources.reviews import reviews_api from resources.users import users_api app = Flask(__name__) app.register_blueprint(courses_api, url_prefix='/api/v1') app.register_blueprint(reviews_api, url_prefix='/api/v1') app.register_blueprint(users_api, url_prefix='/api/v1') limiter = Limiter(app, global_limits=[config.DEFAULT_RATE], key_func=get_ipaddr) limiter.limit('10/day')(users_api) limiter.limit(config.DEFAULT_RATE, per_method=True, methods=['post', 'put', 'delete'])(courses_api) limiter.limit(config.DEFAULT_RATE, per_method=True, methods=['post', 'put', 'delete'])(reviews_api) # limiter.exempt(courses_api) # limiter.exempt(reviews_api) @app.route('/') def hello_world(): return 'Hello World!'
from auth import auth import config import models from resources.courses import courses_api from resources.reviews import reviews_api from resources.users import users_api app = Flask(__name__) app.register_blueprint(courses_api) app.register_blueprint(reviews_api, url_prefix='/api/v1') app.register_blueprint(users_api, url_prefix='/api/v1') limiter = Limiter(app, global_limits=[config.DEFAULT_RATE], key_func=get_ipaddr) limiter.limit("40/day")(users_api) limiter.limit(config.DEFAULT_RATE, per_method=True, methods=["post", "put", "delete"])(courses_api) limiter.limit(config.DEFAULT_RATE, per_method=True, methods=["post", "put", "delete"])(reviews_api) #limiter.exempt(courses_api) #limiter.exempt(reviews_api) @app.route('/') def hello_world(): return 'Hello World' @app.route('/api/v1/users/token', methods=['GET']) @auth.login_required def get_auth_token(): token = g.user.generate_auth_token() return jsonify({'token': token.decode('ascii')})
app.config['ALLOWED_TOKENS'] = environ.get('ALLOWED_TOKENS') app.config['CHANNEL'] = environ.get('CHANNEL') redis_client = FlaskRedis(app) limiter = Limiter(app, key_func=get_remote_address, default_limits=[], headers_enabled=True, strategy='fixed-window-elastic-expiry') @limiter.request_filter def ip_whitelist(): return request.remote_addr == "127.0.0.1" from app.api import email from app.api import telegram limiter.limit("10 per second")(email.bp) limiter.limit("10 per second")(telegram.bp) app.register_blueprint(email.bp) app.register_blueprint(telegram.bp) @app.route("/ping") @limiter.limit("5 per minute", override_defaults=False) def ping(): return "PONG"
from auth import auth import config import models from resources.courses import courses_api from resources.reviews import reviews_api from resources.users import users_api app = Flask(__name__) app.register_blueprint(courses_api) app.register_blueprint(reviews_api, url_prefix='/api/v1') app.register_blueprint(users_api, url_prefix='/api/v1') limiter = Limiter(app, global_limits=[config.DEFAULT_RATE], key_func=get_ipaddr) limiter.limit("40/day")(users_api) limiter.limit(config.DEFAULT_RATE, per_method=True, methods=["post", "put", "delete"])(courses_api) limiter.limit(config.DEFAULT_RATE, per_method=True, methods=["post", "put", "delete"])(reviews_api) #Limiter.exempt(courses_api) #Limiter.exempt(reviews_api) @app.route('/') def hello_world(): return 'Hello World'
def register_extensions(app): """ register extensions to the app """ app.jinja_env.add_extension('jinja2.ext.do') # Global values in jinja # Uncomment to enable profiler # See scripts/profile_analyzer.py to analyze output # app = setup_profiler(app) # Compress app responses with gzip compress = Compress() compress.init_app(app) # Influx db time-series database db.init_app(app) influx_db.init_app(app) # Limit authentication blueprint requests to 200 per minute limiter = Limiter(app, key_func=get_ip_address) limiter.limit("200/minute")(routes_authentication.blueprint) # Language translations babel = Babel(app) @babel.localeselector def get_locale(): try: user = User.query.filter( User.id == flask_login.current_user.id).first() if user and user.language != '': for key in LANGUAGES: if key == user.language: return key # Bypass endpoint test error "'AnonymousUserMixin' object has no attribute 'id'" except AttributeError: pass return request.accept_languages.best_match(LANGUAGES.keys()) # User login management login_manager = flask_login.LoginManager() login_manager.init_app(app) @login_manager.user_loader def user_loader(user_id): user = User.query.filter(User.id == user_id).first() if not user: return return user @login_manager.unauthorized_handler def unauthorized(): flash(gettext('Please log in to access this page'), "error") return redirect(url_for('routes_authentication.do_login')) # Create and populate database if it doesn't exist with app.app_context(): db.create_all() populate_db() # This is disabled because there's a bug that messes up user databases # The upgrade script will execute alembic to upgrade the database # alembic_upgrade_db() # Check user option to force all web connections to use SSL # Fail if the URI is empty (pytest is running) if app.config['SQLALCHEMY_DATABASE_URI'] != 'sqlite://': with session_scope( app.config['SQLALCHEMY_DATABASE_URI']) as new_session: misc = new_session.query(Misc).first() if misc and misc.force_https: SSLify(app)
def create_app(env: str = "development"): app = Flask(__name__) app.config.from_object(settings.app_config[env]) db.init_app(app) migrate.init_app(app, db) jwt.init_app(app) json_schema_manager.init_app(app) Q.init_app(app) redis_client.init_app(app) CORS(app) stripe.api_key = app.config["STRIPE_KEY"] stripe.api_base = app.config["STRIPE_ENDPOINT"] from app.jobs.nomad_cleanup import check_all_boxes, find_unused_boxes # queue job every day at noon (UTC!) find_unused_boxes.cron("*/15 * * * *", "Finding unused tunnels") check_all_boxes.cron("0 0 12 * *", "Check running tunnels") from app.routes.tunnels import tunnel_blueprint from app.routes.subdomains import subdomain_blueprint from app.routes.authentication import auth_blueprint from app.routes.account import account_blueprint from app.routes.admin import admin_blueprint from app.routes.root import root_blueprint from app.commands import plan, redis from querystring_parser.parser import parse as qs_parse # This is required for route limits to be effective while behind Fabio. app.wsgi_app = ProxyFix(app.wsgi_app, num_proxies=1) # type: ignore if env != "test": limiter = Limiter(app, key_func=get_remote_address) limiter.limit("3/second")(auth_blueprint) app.register_blueprint(auth_blueprint) app.register_blueprint(tunnel_blueprint) app.register_blueprint(subdomain_blueprint) app.register_blueprint(account_blueprint) app.register_blueprint(admin_blueprint) app.register_blueprint(root_blueprint) app.cli.add_command(plan) app.cli.add_command(redis) from app.serializers import ErrorSchema from app.utils.errors import ( OldAPIVersion, MalformedAPIHeader, TooManyRequestsError, NotFoundError, InternalServerError, ) import re @app.shell_context_processor def ctx(): return {"app": app, "db": db} @app.before_first_request def init_rollbar(): if env == "production": rollbar.init( app.config["ROLLBAR_TOKEN"], app.config["ROLLBAR_ENV"], # server root directory, makes tracebacks prettier root=os.path.dirname(os.path.realpath(__file__)), # flask already sets up logging allow_logging_basic_config=False, ) # send exceptions from `app` to rollbar, using flask's signal system. got_request_exception.connect(rollbar.contrib.flask.report_exception, app) @app.errorhandler(429) def too_many_requests(_): return json_api(TooManyRequestsError, ErrorSchema), 429 @app.errorhandler(500) def debug_error_handler(e): if env == "production": rollbar.report_exc_info() return json_api(InternalServerError, ErrorSchema), 500 else: return ( json_api( InternalServerError( detail=str(e), backtrace=traceback.format_exc().split("\n") ), ErrorSchema, ), 500, ) @app.errorhandler(404) def page_not_found(e): return json_api(NotFoundError(detail=e.description), ErrorSchema), 404 @app.before_request def parse_query_params(): if request.query_string: request.query_params = qs_parse(request.query_string) else: request.query_params = dict() def check_version(date): return version.parse(date) >= version.parse(app.config["MIN_CALVER"]) @app.before_request def check_api_version(): if "Api-Version" in request.headers: if not re.match(r"^\d+\.\d+\.\d+\.\d+$", request.headers["Api-Version"]): return json_api(MalformedAPIHeader, ErrorSchema), 403 if check_version(request.headers["Api-Version"]): return else: return json_api(OldAPIVersion, ErrorSchema), 400 @app.after_request def session_commit(response): if response.status_code >= 400: return response try: db.session.commit() except DatabaseError: db.session.rollback() raise return response return app
def get_limiter(app): from limits.storage import RedisInteractor, Storage class redisclient_storage(RedisInteractor, Storage): """ Storage backend for flask-limiters backend (limiter). This is essentially a copy of limiter.storage.RedisStorage, if we disregard the usage of ..redisclient and the merging of initialize_storage and __init__. However, this is not a verbatim copy, as we'd rarther refer to RedisInteractor instead of self/RedisClient. """ STORAGE_SCHEME = "rcs" def __init__(self, *args, **kwargs): self.storage = None def _maybee_do_init(f): @functools.wraps(f) def wrapper(self, *args, **kwargs): if self.storage is None: from ..redisclient import store self.storage = store self.lua_moving_window = self.storage.register_script( RedisInteractor.SCRIPT_MOVING_WINDOW) self.lua_acquire_window = self.storage.register_script( RedisInteractor.SCRIPT_ACQUIRE_MOVING_WINDOW) self.lua_clear_keys = self.storage.register_script( RedisInteractor.SCRIPT_CLEAR_KEYS) self.lua_incr_expire = self.storage.register_script( RedisInteractor.SCRIPT_INCR_EXPIRE) return f(self, *args, **kwargs) return wrapper @_maybee_do_init def incr(self, key, expiry, elastic_expiry=False): if elastic_expiry: return super(redisclient_storage, self).incr(key, expiry, self.storage, elastic_expiry) else: return self.lua_incr_expire([key], [expiry]) @_maybee_do_init def get(self, key): return super(redisclient_storage, self).get(key, self.storage) @_maybee_do_init def acquire_entry(self, key, limit, expiry, no_add=False): return super(redisclient_storage, self).acquire_entry(key, limit, expiry, self.storage, no_add=no_add) @_maybee_do_init def get_expiry(self, key): return super(redisclient_storage, self).get_expiry(key, self.storage) @_maybee_do_init def check(self): return super(redisclient_storage, self).check(self.storage) @_maybee_do_init def reset(self): cleared = self.lua_clear_keys(['LIMITER*']) return cleared redis_url = "rcs://" limiter = Limiter(app, key_func=get_remote_address, storage_uri=redis_url, strategy='moving-window') for handler in app.logger.handlers: limiter.logger.addHandler(handler) def e(): raise RateLimitError() limiter.limit = functools.partial(limiter.limit, error_message=e) return limiter
from flask_limiter import Limiter from decorators import admins_only, redirect_if_not_logged_in app = Flask(__name__) limiter = Limiter(app) @app.errorhandler(429) def error_handler(optional_argument=""): if "tid" in session: logger.log("spam", logger.CRITICAL, "%s is using the api too quickly!", session["tid"]) return make_response(jsonify(message="Slow down!"), 200) app.debug = True app.secret_key = open(".secret_key", "r").read() app.jinja_env.trim_blocks = True limiter.limit("10/minute", error_message=error_handler, exempt_when=lambda: is_admin())(api) app.register_blueprint(api) conn = sqlite3.connect("introctf.db", check_same_thread=False) conn.text_factory = str @app.route('/') def index(): return render_template("index.html", logged_in=is_logged_in(), admin=is_admin()) @app.route("/scoreboard") def scoreboard(): scoreboard = teamdb.get_scoreboard_data() return render_template("scoreboard.html", logged_in=is_logged_in(), admin=is_admin(), scoreboard=scoreboard) @app.route("/problems")
#connection to db dbLogin = '' dbPassword = '' try: dbLogin = os.environ['DatabaseLogin'] dbPassword = os.environ['DatabasePassword'] except KeyError: print( 'Please define environment variable DatabaseLogin and DatabasePassword' ) sys.exit(1) db = pymysql.connect(host=dbAddr, port=int(dbPort), user=dbLogin, password=dbPassword, db='fictionalinvention') cursor = db.cursor() app.config['db'] = db app.config["cursor"] = cursor #secret key for JWT signing secretKey = os.urandom(64).hex() app.config["secretKey"] = secretKey limiter = Limiter(app, key_func=get_remote_address, default_limits=["100 per minute"]) limiter.limit("3 per minute")(session) app.register_blueprint(static) app.register_blueprint(session) app.register_blueprint(dbquery) app.run(host=appHost, port=int(appPort))
fh.setLevel(ConfigClass.flask_log_level) fh.setFormatter(formatter) logger.addHandler(fh) sh = logging.StreamHandler() sh.setLevel(ConfigClass.flask_log_level) sh.setFormatter(formatter) logger.addHandler(sh) # Initialize Flask Limiter extension limiter = Limiter(app, headers_enabled=ConfigClass.xrate_limit_headers_enabled, strategy='fixed-window-elastic-expiry', storage_uri=ConfigClass.redis_cache_uri) # set rate limits for each module/blueprint limiter.limit("1/second;5/minute")(api_blueprint) limiter.limit("1/second;10/minute")(users_blueprint) limiter.limit("1/second;3/minute")(site_blueprint) # register blueprints app.register_blueprint(api_blueprint) app.register_blueprint(users_blueprint) app.register_blueprint(site_blueprint) if __name__ == '__main__': if ConfigClass.debug_mode: app.run(host=ConfigClass.debug_host, port=ConfigClass.debug_port, debug=True) else: app.run(debug=False)
from auth import auth DEBUG = True PORT = 8800 HOST = '0.0.0.0' SECRET_KEY = 'da;lfkjadlfdsafasdfjfdaopsifdsaifdoisafakldf=jdaff' app = Flask(__name__) app.secret_key = SECRET_KEY app.register_blueprint(courses_api) app.register_blueprint(reviews_api, url_prefix='/api/v1') app.register_blueprint(users_api, url_prefix='/api/v1') limiter = Limiter(app, global_limits=['6/hour'], key_func=get_ipaddr) limiter.limit("40/day")(users_api) limiter.limit('100/hour', per_method=True, methods=['post', 'put', 'delete'])(courses_api) limiter.limit('100/hour', per_method=True, methods=['post', 'put', 'delete'])(reviews_api) # limiter.exempt(courses_api) # limiter.exempt(reviews_api) @app.route('/') def hello_world(): return 'Hello world' @app.route('/api/v1/users/token', methods=['GET']) @auth.login_required
from flask import Flask, g, jsonify, render_template from flask_limiter import Limiter from flask_limiter.util import get_ipaddr from auth import auth import config import models from resources.tasks import todos_api from resources.users import users_api app = Flask(__name__) app.register_blueprint(todos_api, url_prefix='/api/v1') app.register_blueprint(users_api, url_prefix='/api/v1') limiter = Limiter(app, global_limits=[config.DEFAULT_RATE], key_func=get_ipaddr) limiter.limit("40/day")(users_api) limiter.limit(config.DEFAULT_RATE, per_method=True, methods=['post', 'put', 'delete'])(todos_api) @app.route('/') def my_todos(): return render_template('index.html') if __name__ == '__main__': models.initialize() app.run(debug=config.DEBUG, host=config.HOST, port=config.PORT)
def register_extensions(app): """ register extensions to the app """ app.jinja_env.add_extension('jinja2.ext.do') # Global values in jinja # Uncomment to enable profiler # See scripts/profile_analyzer.py to analyze output # app = setup_profiler(app) # Compress app responses with gzip compress = Compress() compress.init_app(app) # Influx db time-series database db.init_app(app) influx_db.init_app(app) # Limit authentication blueprint requests to 200 per minute limiter = Limiter(app, key_func=get_ip_address) limiter.limit("200/minute")(routes_authentication.blueprint) # Language translations babel = Babel(app) @babel.localeselector def get_locale(): try: user = User.query.filter( User.id == flask_login.current_user.id).first() if user and user.language != '': for key in LANGUAGES: if key == user.language: return key # Bypass endpoint test error "'AnonymousUserMixin' object has no attribute 'id'" except AttributeError: pass return request.accept_languages.best_match(LANGUAGES.keys()) # User login management login_manager = flask_login.LoginManager() login_manager.init_app(app) @login_manager.user_loader def user_loader(user_id): user = User.query.filter(User.id == user_id).first() if not user: return return user @login_manager.unauthorized_handler def unauthorized(): flash(gettext('Please log in to access this page'), "error") return redirect(url_for('routes_authentication.do_login')) # Create and populate database if it doesn't exist with app.app_context(): db.create_all() populate_db() # This is disabled because there's a bug that messes up user databases # The upgrade script will execute alembic to upgrade the database # alembic_upgrade_db() # Check user option to force all web connections to use SSL # Fail if the URI is empty (pytest is running) if app.config['SQLALCHEMY_DATABASE_URI'] != 'sqlite://': with session_scope(app.config['SQLALCHEMY_DATABASE_URI']) as new_session: misc = new_session.query(Misc).first() if misc and misc.force_https: SSLify(app)
def extension_limiter(app): limiter = Limiter(app, key_func=get_key_func, headers_enabled=True) limiter.limit("300/hour")(routes_authentication.blueprint) limiter.limit("20/hour")(routes_password_reset.blueprint) limiter.limit("200/minute")(api_blueprint) return app
from flask import Flask, request from api.resources import search from flask_restful import Api from flask_limiter import Limiter from flask_limiter.util import get_remote_address app = Flask(__name__) api = Api(app) # Rate Limiting limiter = Limiter(app, key_func=get_remote_address, default_limits=[ '50/hour', '200/day']) rate = limiter.limit('1/second, 5/minute', error_message={ 'Rate Limit Exceeded': '1/second, 5/minutes, 50/hour, 200/day'}) @limiter.request_filter def ip_whitelist(): return request.remote_addr == "127.0.0.1" search.CVE.decorators.append(rate) search.CVE_Year.decorators.append(rate) search.CVE_Modified.decorators.append(rate) search.CVE_Recent.decorators.append(rate) search.CVE_All.decorators.append(rate) search.Schema.decorators.append(rate) # API endpoints api.add_resource(search.CVE, '/nvd-api/v1/<cve_id>')
from flask import Flask, render_template from flask_limiter import Limiter from flask_limiter.util import get_ipaddr import config import models from resources.todos import todos_api app = Flask(__name__) app.register_blueprint(todos_api, url_prefix='/api/v1') limiter = Limiter(app, default_limits=[config.DEFAULT_RATE], key_func=get_ipaddr) limiter.limit('100/day', per_method=True, methods=['post', 'put', 'delete'])(todos_api) @app.route('/') def my_todos(): return render_template('index.html') if __name__ == '__main__': models.initialize() app.run(debug=config.DEBUG, host=config.HOST, port=config.PORT)
from resources.todo import tasks_api from resources.user import users_api from auth import auth import config import models app = Flask(__name__) app.register_blueprint(tasks_api, url_prefix='/api/v1') app.register_blueprint(users_api, url_prefix='/api/v1') limiter = Limiter(app, default_limits=[config.DEFAULT_RATE], key_func=get_ipaddr) limiter.limit("40/day;10/hour;1/min")(users_api) limiter.limit(config.DEFAULT_RATE, per_method=True, methods=['post', 'put', 'delete'])(tasks_api) @app.route('/') def my_todos(): return render_template('index.html') @app.route('/api/v1/users/token', methods=['GET']) @auth.login_required def get_auth_token(): token = g.user.generate_token() return jsonify({'token': token.decode('ascii')})
'MAILGUN_DOMAIN') or os.environ.get('SERVER_NAME') app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY') app.config['SQLALCHEMY_DATABASE_URI'] = db_url db.app = app db.init_app(app) # CSS directives must be inlined in HTML emails. @app.template_filter('inline_styles') def inline_styles(html): return premailer.transform(html) limiter = Limiter(app, global_limits=['5/second']) limiter.limit('100/hour')(ui) limiter.limit('10/minute')(api) limiter.limit('100/day')(api) app.register_blueprint(ui) app.register_blueprint(api) if __name__ == '__main__': print "Running in debug mode" app.debug = True app.run() else: handler = logging.StreamHandler() handler.setLevel(logging.INFO) app.logger.setLevel(logging.INFO) app.logger.addHandler(handler)
import models from resources.courses import courses_api from resources.reviews import reviews_api from resources.users import users_api app = Flask(__name__) app.register_blueprint(courses_api, url_prefix='/api/v1') app.register_blueprint(reviews_api, url_prefix='/api/v1') app.register_blueprint(users_api, url_prefix='/api/v1') limiter = Limiter(app, default_limits=[config.DEFAULT_RATE], key_func=get_ipaddr ) # sets the limit and uses ip address to identifyy a user limiter.limit("40/day")(users_api) # add an additional limit to a resource # per_method makes it sensitive to the method involved # we make an exception to limiting GET requests but limit the other methods limiter.limit(config.DEFAULT_RATE, per_method=True, methods=['POST', 'PUT', 'DELETE'])(courses_api) limiter.limit(config.DEFAULT_RATE, per_method=True, methods=['POST', 'PUT', 'DELETE'])(reviews_api) # limiter.exempt(courses_api) # limiter.exempt(reviews_api) @app.route('/') def hello_world(): return 'Hello World'
datefmt='%Y-%m-%d %H:%M:%S') ch_console.setFormatter(formatter) logger.addHandler(ch_console) limiter = Limiter(app, key_func=get_remote_address, default_limits=[], headers_enabled=True, strategy='fixed-window-elastic-expiry') limiter.logger.addHandler(ch_console) @limiter.request_filter def ip_whitelist(): return request.remote_addr == "127.0.0.1" from app.api import v1, v2 limiter.limit("5 per second")(v1.bp) limiter.limit("5 per second")(v2.bp) app.register_blueprint(v1.bp) app.register_blueprint(v2.bp) @app.route("/ping") @limiter.limit("2 per minute", override_defaults=False) def ping(): return "PONG"
import forms import models from auth import auth from resources.todos import todos_api from resources.users import users_api app = Flask(__name__) app.secret_key = config.SECRET_KEY app.register_blueprint(users_api, url_prefix='/api/v1') app.register_blueprint(todos_api, url_prefix='/api/v1') limiter = Limiter(app, default_limits=[config.DEFAULT_RATE], key_func=get_ipaddr) limiter.limit("40/day")(users_api) login_manager = LoginManager() login_manager.init_app(app) login_manager.login_view = 'login' @login_manager.user_loader def load_user(userid): try: return models.User.get(models.User.id == userid) except models.DoesNotExist: return None @app.before_request
from flask_limiter import Limiter from flask_limiter.util import get_ipaddr import config import models from resources.companies import companies_api from resources.marinas import marinas_api from resources.users import users_api app = Flask(__name__) app.register_blueprint(companies_api, url_prefix='/api/v1') app.register_blueprint(marinas_api, url_prefix='/api/v1') app.register_blueprint(users_api, url_prefix='/api/v1') limiter = Limiter(app, global_limits=[config.DEFAULT_RATE], key_func=get_ipaddr) limiter.limit('40/day')(users_api) limiter.limit(config.DEFAULT_RATE, per_method=True, methods=['post', 'put', 'delete'](companies_api) # limiter.exempt(companies_api) # limiter.exempt(marinas_api) @app.route('/') @app.route('/index') def index(): return render_template('index.html') @app.route('/api/v1/users/token', methods=['GET']) @auth.login_required def get_auth_token(): token = g.user.generate_auth_token() return jsonify({'token': token.decode('ascii')})
#!/usr/bin/env python from flask import Flask, render_template from flask_limiter import Limiter from flask_limiter.util import get_remote_address from routes.email_api import email_api from routes.photos_api import photos_api application = app = Flask(__name__) limiter = Limiter(app, key_func=get_remote_address) limiter.limit('1/second')(email_api) app.register_blueprint(email_api) app.register_blueprint(photos_api) # catch all to redirect all paths to be handled on client-side by react router @app.route('/', defaults={'path': ''}) @app.route('/<path:path>') def load_app(path): return render_template('index.html') if __name__ == '__main__': app.run(debug=False)
from flask import Flask, jsonify from flask_restful import Resource, Api from flask_limiter import Limiter from flask_limiter.util import get_remote_address from flask_caching import Cache from .course import course from .invalid import * app = Flask(__name__) api = Api(app, prefix="/cutimetable/v1") limiter = Limiter(app, key_func=get_remote_address, default_limits=["2 per 5 second"]) app.config["JSON_SORT_KEYS"] = False app.config["JSON_AS_ASCII"] = False # app.register_blueprint(course.bp, url_prefix="/cutimetable/v1") course.Course.method_decorators.append(limiter.limit("10 per minute")) api.add_resource(course.Course, "/course/<string:id>") @app.errorhandler(InvalidUsage) def handle_invalid_usage(error): response = jsonify(error.to_dict()) response.status_code = error.status_code return response
app.config['PREFERRED_URL_SCHEME'] = 'https' app.config['SERVER_NAME'] = os.environ.get('SERVER_NAME') app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY') app.config['SQLALCHEMY_DATABASE_URI'] = os.environ.get('DATABASE_URL') db.app = app db.init_app(app) # CSS directives must be inlined in HTML emails. @app.template_filter('inline_styles') def inline_styles(html): return premailer.transform(html) limiter = Limiter(app, global_limits=['5/second']) limiter.limit('100/hour')(ui) limiter.limit('10/minute')(api) limiter.limit('100/day')(api) app.register_blueprint(ui) app.register_blueprint(api) if __name__ == '__main__': print "Running in debug mode" app.debug = True app.run() else: handler = logging.StreamHandler() handler.setLevel(logging.INFO) app.logger.setLevel(logging.INFO) app.logger.addHandler(handler)
formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(module)s %(funcName)s : %(message)s') fh = logging.FileHandler(ConfigClass.flask_logfile) fh.setLevel(ConfigClass.flask_log_level) fh.setFormatter(formatter) logger.addHandler(fh) sh = logging.StreamHandler() sh.setLevel(ConfigClass.flask_log_level) sh.setFormatter(formatter) logger.addHandler(sh) # Initialize Flask Limiter extension limiter = Limiter(app, headers_enabled=ConfigClass.xrate_limit_headers_enabled, strategy='fixed-window-elastic-expiry', storage_uri=ConfigClass.redis_cache_uri) # set rate limits for each module/blueprint limiter.limit("1/second;5/minute")(api_blueprint) limiter.limit("1/second;10/minute")(users_blueprint) # register blueprints app.register_blueprint(api_blueprint) app.register_blueprint(users_blueprint) if __name__ == '__main__': if ConfigClass.debug_mode: app.run(host=ConfigClass.debug_host, port=ConfigClass.debug_port, debug=True) else: app.run(debug=False)
def create_app(): app = Flask(__name__, instance_relative_config=True) app.config.from_pyfile('config.py') db.init_app(app) from briefly.models.users import Users from briefly.models.authors import Authors redis_client.init_app(app) ch_file = handlers.RotatingFileHandler('logs/briefly.log', maxBytes=1000000, backupCount=5) formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s: %(message)s', datefmt='%Y-%m-%d %H:%M:%S') ch_file.setFormatter(formatter) limiter = Limiter( app, key_func=get_remote_address, default_limits= [], # [count] [per|/] [n (optional)] [second|minute|hour|day|month|year] headers_enabled=True, strategy='fixed-window-elastic-expiry') limiter.logger.addHandler(ch_file) limiter.init_app(app) @limiter.request_filter def ip_whitelist(): return request.remote_addr == "127.0.0.1" from briefly.api.v1 import endpoints as api_v1 limiter.limit("20 per second")(api_v1.bp) app.register_blueprint(api_v1.bp) @app.route('/') def index(): return render_template('index.html') @app.route('/about') def about(): return render_template('about.html') @app.route('/api') def api(): return render_template('api.html') @app.route('/reg', methods=['GET']) def reg(): return render_template('reg.html', email=email) @app.route('/regme', methods=['POST']) @limiter.limit('5 per day') def regme(): if request.method == 'POST' and request.form['emailaddress']: token = uuid.uuid4() email = request.form['emailaddress'] ip = request.remote_addr if not email: message = 'E-mail is required.' else: is_user_present = Users.query.filter_by( user_email=email).first() if is_user_present is None: new_user = Users(user_email=email, user_token=str(token), user_reg_ip=ip) db.session.add(new_user) db.session.commit() message = 'Token was sent to your e-mail' text_body = render_template('emails/new_user.txt', token=token) Thread(target=send_async_email, args=(current_app._get_current_object(), email, text_body)).start() else: message = 'E-mail is already registered.' flash(message) return redirect(url_for('reg')) @app.route('/authors/<letter>', methods=['GET']) @limiter.limit('100/second') def letter(letter): answer = {'status': False, 'number_of_records': 0, 'authors': []} letters = [ 'А', 'Б', 'В', 'Г', 'Д', 'Е', 'Ж', 'З', 'И', 'К', 'Л', 'М', 'Н', 'О', 'П', 'Р', 'С', 'Т', 'У', 'Ф', 'Х', 'Ц', 'Ч', 'Ш', 'Э', 'Ю', 'Я' ] if len(letter) == 1 and letter in letters: answer['status'] = True sql = f'SELECT id, author_fullname, author_url ' \ f'FROM authors ' \ f'WHERE author_fullname ' \ f'REGEXP "[а-яА-Я]+ [а-яА-Я]+ {letter}"' authors = Authors.query.from_statement(text(sql)).all() if authors: answer['number_of_records'] = len(authors) for author in authors: answer['authors'].append({ 'id': author.id, 'author_fullname': author.author_fullname, 'author_url': author.author_url }) return jsonify(answer), 200 @app.errorhandler(429) def ratelimit_handler(e): return make_response(jsonify(error="Too Many Requests"), 429) @app.errorhandler(400) def badrequest_handler(e): return make_response(jsonify(error="Bad Request"), 400) @app.errorhandler(405) def method_not_allowd_handler(e): return make_response(jsonify(error="Method Not Allowed"), 405) return app