#! /usr/bin/env python # -*- coding: utf-8 -*- from werkzeug.middleware.proxy_fix import ProxyFix from jarr.api import create_app application = ProxyFix(create_app(), x_for=1, x_proto=1, x_host=1, x_port=1)
def create_app(config_class=Config):
app = Flask(__name__)
app.config.from_object(config_class)
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1)
db.init_app(app)
migrate.init_app(app, db)
login.init_app(app)
mail.init_app(app)
bootstrap.init_app(app)
moment.init_app(app)
app.elasticsearch = Elasticsearch([app.config['ELASTICSEARCH_URL']]) \
if app.config['ELASTICSEARCH_URL'] else None
from app.errors import bp as errors_bp
app.register_blueprint(errors_bp)
from app.auth import bp as auth_bp
app.register_blueprint(auth_bp, url_prefix='/auth')
from app.main import bp as main_bp
app.register_blueprint(main_bp)
from app.util import filters
filters.register(app)
app.redis = Redis.from_url(app.config['REDIS_URL'])
app.task_queue = rq.Queue('microblog-tasks', connection=app.redis)
from app.api import bp as api_bp
app.register_blueprint(api_bp, url_prefix='/api')
if not app.debug and not app.testing:
if app.config['MAIL_SERVER']:
auth = None
if app.config['MAIL_USERNAME'] or app.config['MAIL_PASSWORD']:
auth = (app.config['MAIL_USERNAME'],
app.config['MAIL_PASSWORD'])
secure = None
if app.config['MAIL_USE_TLS']:
secure = ()
mail_handler = SMTPHandler(
mailhost=(app.config['MAIL_SERVER'], app.config['MAIL_PORT']),
fromaddr='no-reply@' + app.config['MAIL_SERVER'],
toaddrs=app.config['ADMINS'],
subject='Microblog Failure',
credentials=auth,
secure=secure)
mail_handler.setLevel(logging.ERROR)
app.logger.addHandler(mail_handler)
if app.config['LOG_TO_STDOUT']:
stream_handler = logging.StreamHandler()
stream_handler.setLevel(logging.INFO)
app.logger.addHandler(stream_handler)
else:
if not os.path.exists('logs'):
os.mkdir('logs')
file_handler = RotatingFileHandler('logs/microblog.log',
maxBytes=10240,
backupCount=10)
file_handler.setFormatter(
logging.Formatter('%(asctime)s %(levelname)s: %(message)s '
'[in %(pathname)s:%(lineno)d]'))
file_handler.setLevel(logging.INFO)
app.logger.addHandler(file_handler)
app.logger.setLevel(logging.INFO)
app.logger.info('Microblog startup')
# if not os.path.exists('logs'):
# os.mkdir('logs')
# file_handler = RotatingFileHandler('logs/microblog.log', maxBytes=10240,
# backupCount=10)
# file_handler.setFormatter(logging.Formatter(
# '%(asctime)s %(levelname)s: %(message)s [in %(pathname)s:%(lineno)d]'))
# file_handler.setLevel(logging.INFO)
# app.logger.addHandler(file_handler)
# create static directories
try:
os.makedirs('static/profile_photos')
except FileExistsError:
pass
return app
"formatters": {"default": {"format": "[%(asctime)s] %(levelname)s in %(module)s: %(message)s"}},
"handlers": {
"console": {"class": "logging.StreamHandler", "formatter": "default", "level": "DEBUG"},
"wsgi": {
"class": "logging.StreamHandler",
"stream": "ext://flask.logging.wsgi_errors_stream",
"formatter": "default",
"level": "DEBUG",
},
},
"root": {"level": "DEBUG" if os.environ.get("FLASK_ENV") == "development" else "INFO", "handlers": ["wsgi"]},
}
)
app = Flask(__name__)
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_port=1)
app.config.from_object("config")
session_obj = Session()
session_obj.init_app(app)
class Context:
req = None
auth = None
class SAMLView(views.MethodView):
def __init__(self, saml_path):
self.saml_path = saml_path
from flask import Flask, json, render_template
import json, pytz, dateutil.parser, time, logging
from werkzeug.middleware.proxy_fix import ProxyFix
from cron import data_up, data_last, data_now, data_up, live_status
import cron
hanayori = Flask(__name__, static_url_path='/static')
hanayori.wsgi_app = ProxyFix(hanayori.wsgi_app)
@hanayori.route('/')
def main():
return render_template('index.html')
@hanayori.route('/Upcome')
def up():
return render_template('upcome.html',
title='Upcoming',
data=cron.data_up,
status=cron.live_status)
@hanayori.route('/Live')
def live():
return render_template('live.html',
title='Live',
data=cron.data_now,
status=cron.live_status)
dropzone = Dropzone(application)
# application.config['DROPZONE_UPLOAD_MULTIPLE'] = True
# application.config['DROPZONE_PARALLEL_UPLOADS'] = 3
DEVELOPMENT = os.environ.get('environment',
'production').lower() == 'development'
if not DEVELOPMENT and os.path.exists("/version"):
PIPELINE_POSTFIX = "." + open("/version").read().strip()
else:
PIPELINE_POSTFIX = ""
if not DEVELOPMENT:
# In some setups this proved to be necessary for url_for() to pick up HTTPS
application.wsgi_app = ProxyFix(application.wsgi_app, x_proto=1)
CORS(application)
application.config['SWAGGER'] = {
'title':
os.environ.get('APP_NAME', 'ifc-pipeline request API'),
'openapi':
'3.0.2',
"specs": [
{
"version": "0.1",
"title": os.environ.get('APP_NAME', 'ifc-pipeline request API'),
"description": os.environ.get('APP_NAME',
'ifc-pipeline request API'),
"endpoint": "spec",
"route": "/apispec",
def create_app(config="CTFd.config.Config"):
app = CTFdFlask(__name__)
with app.app_context():
app.config.from_object(config)
app.theme_loader = ThemeLoader(os.path.join(app.root_path, "themes"),
followlinks=True)
# Weird nested solution for accessing plugin templates
app.plugin_loader = jinja2.PrefixLoader({
"plugins":
jinja2.FileSystemLoader(searchpath=os.path.join(
app.root_path, "plugins"),
followlinks=True)
})
# Load from themes first but fallback to loading from the plugin folder
app.jinja_loader = jinja2.ChoiceLoader(
[app.theme_loader, app.plugin_loader])
from CTFd.models import ( # noqa: F401
db, Teams, Solves, Challenges, Fails, Flags, Tags, Files, Tracking,
)
url = create_database()
# This allows any changes to the SQLALCHEMY_DATABASE_URI to get pushed back in
# This is mostly so we can force MySQL's charset
app.config["SQLALCHEMY_DATABASE_URI"] = str(url)
# Register database
db.init_app(app)
# Register Flask-Migrate
migrations.init_app(app, db)
# Alembic sqlite support is lacking so we should just create_all anyway
if url.drivername.startswith("sqlite"):
# Enable foreign keys for SQLite. This must be before the
# db.create_all call because tests use the in-memory SQLite
# database (each connection, including db creation, is a new db).
# https://docs.sqlalchemy.org/en/13/dialects/sqlite.html#foreign-key-support
from sqlalchemy.engine import Engine
from sqlalchemy import event
@event.listens_for(Engine, "connect")
def set_sqlite_pragma(dbapi_connection, connection_record):
cursor = dbapi_connection.cursor()
cursor.execute("PRAGMA foreign_keys=ON")
cursor.close()
db.create_all()
stamp_latest_revision()
else:
# This creates tables instead of db.create_all()
# Allows migrations to happen properly
upgrade()
from CTFd.models import ma
ma.init_app(app)
app.db = db
app.VERSION = __version__
app.CHANNEL = __channel__
from CTFd.cache import cache
cache.init_app(app)
app.cache = cache
reverse_proxy = app.config.get("REVERSE_PROXY")
if reverse_proxy:
if type(reverse_proxy) is str and "," in reverse_proxy:
proxyfix_args = [int(i) for i in reverse_proxy.split(",")]
app.wsgi_app = ProxyFix(app.wsgi_app, *proxyfix_args)
else:
app.wsgi_app = ProxyFix(app.wsgi_app,
x_for=1,
x_proto=1,
x_host=1,
x_port=1,
x_prefix=1)
version = utils.get_config("ctf_version")
# Upgrading from an older version of CTFd
if version and (StrictVersion(version) < StrictVersion(__version__)):
if confirm_upgrade():
run_upgrade()
else:
exit()
if not version:
utils.set_config("ctf_version", __version__)
if not utils.get_config("ctf_theme"):
utils.set_config("ctf_theme", "core")
update_check(force=True)
init_request_processors(app)
init_template_filters(app)
init_template_globals(app)
# Importing here allows tests to use sensible names (e.g. api instead of api_bp)
from CTFd.views import views
from CTFd.teams import teams
from CTFd.users import users
from CTFd.challenges import challenges
from CTFd.scoreboard import scoreboard
from CTFd.auth import auth
from CTFd.admin import admin
from CTFd.api import api
from CTFd.events import events
from CTFd.errors import page_not_found, forbidden, general_error, gateway_error
app.register_blueprint(views)
app.register_blueprint(teams)
app.register_blueprint(users)
app.register_blueprint(challenges)
app.register_blueprint(scoreboard)
app.register_blueprint(auth)
app.register_blueprint(api)
app.register_blueprint(events)
app.register_blueprint(admin)
app.register_error_handler(404, page_not_found)
app.register_error_handler(403, forbidden)
app.register_error_handler(500, general_error)
app.register_error_handler(502, gateway_error)
init_logs(app)
init_events(app)
init_plugins(app)
return app
from app import app
from werkzeug.middleware.proxy_fix import ProxyFix
app = ProxyFix(app, x_for=1, x_host=1)
if __name__ == "__main__":
app.run()
def __init__(self, config_dir=os.environ.get('HATTA_CONFIG_DIR')):
ProxyFix.__init__(self, self.host_dispatcher_app, x_prefix=1)
self.apps = {}
self.load_config_files(config_dir)
def create_app(config=None, session=None, testing=False, app_name="Airflow"):
global app, appbuilder
app = Flask(__name__)
if conf.getboolean('webserver', 'ENABLE_PROXY_FIX'):
app.wsgi_app = ProxyFix(
app.wsgi_app,
num_proxies=None,
x_for=1,
x_proto=1,
x_host=1,
x_port=1,
x_prefix=1
)
app.secret_key = conf.get('webserver', 'SECRET_KEY')
app.config.from_pyfile(settings.WEBSERVER_CONFIG, silent=True)
app.config['APP_NAME'] = app_name
app.config['TESTING'] = testing
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
app.config['SESSION_COOKIE_HTTPONLY'] = True
app.config['SESSION_COOKIE_SECURE'] = conf.getboolean('webserver', 'COOKIE_SECURE')
app.config['SESSION_COOKIE_SAMESITE'] = conf.get('webserver', 'COOKIE_SAMESITE')
if config:
app.config.from_mapping(config)
# Configure the JSON encoder used by `|tojson` filter from Flask
app.json_encoder = AirflowJsonEncoder
csrf.init_app(app)
db = SQLA(app)
from airflow import api
api.load_auth()
api.API_AUTH.api_auth.init_app(app)
# flake8: noqa: F841
cache = Cache(app=app, config={'CACHE_TYPE': 'filesystem', 'CACHE_DIR': '/tmp'})
from airflow.www.blueprints import routes
app.register_blueprint(routes)
configure_logging()
configure_manifest_files(app)
with app.app_context():
from airflow.www.security import AirflowSecurityManager
security_manager_class = app.config.get('SECURITY_MANAGER_CLASS') or \
AirflowSecurityManager
if not issubclass(security_manager_class, AirflowSecurityManager):
raise Exception(
"""Your CUSTOM_SECURITY_MANAGER must now extend AirflowSecurityManager,
not FAB's security manager.""")
appbuilder = AppBuilder(
app,
db.session if not session else session,
security_manager_class=security_manager_class,
base_template='appbuilder/baselayout.html')
def init_views(appbuilder):
from airflow.www import views
appbuilder.add_view_no_menu(views.Airflow())
appbuilder.add_view_no_menu(views.DagModelView())
appbuilder.add_view_no_menu(views.ConfigurationView())
appbuilder.add_view_no_menu(views.VersionView())
appbuilder.add_view(views.DagRunModelView,
"DAG Runs",
category="Browse",
category_icon="fa-globe")
appbuilder.add_view(views.JobModelView,
"Jobs",
category="Browse")
appbuilder.add_view(views.LogModelView,
"Logs",
category="Browse")
appbuilder.add_view(views.SlaMissModelView,
"SLA Misses",
category="Browse")
appbuilder.add_view(views.TaskInstanceModelView,
"Task Instances",
category="Browse")
appbuilder.add_link("Configurations",
href='/configuration',
category="Admin",
category_icon="fa-user")
appbuilder.add_view(views.ConnectionModelView,
"Connections",
category="Admin")
appbuilder.add_view(views.PoolModelView,
"Pools",
category="Admin")
appbuilder.add_view(views.VariableModelView,
"Variables",
category="Admin")
appbuilder.add_view(views.XComModelView,
"XComs",
category="Admin")
appbuilder.add_link("Documentation",
href='https://airflow.apache.org/',
category="Docs",
category_icon="fa-cube")
appbuilder.add_link("GitHub",
href='https://github.com/apache/airflow',
category="Docs")
appbuilder.add_link('Version',
href='/version',
category='About',
category_icon='fa-th')
def integrate_plugins():
"""Integrate plugins to the context"""
from airflow.plugins_manager import (
flask_appbuilder_views, flask_appbuilder_menu_links
)
for v in flask_appbuilder_views:
log.debug("Adding view %s", v["name"])
appbuilder.add_view(v["view"],
v["name"],
category=v["category"])
for ml in sorted(flask_appbuilder_menu_links, key=lambda x: x["name"]):
log.debug("Adding menu link %s", ml["name"])
appbuilder.add_link(ml["name"],
href=ml["href"],
category=ml["category"],
category_icon=ml["category_icon"])
integrate_plugins()
# Garbage collect old permissions/views after they have been modified.
# Otherwise, when the name of a view or menu is changed, the framework
# will add the new Views and Menus names to the backend, but will not
# delete the old ones.
def init_plugin_blueprints(app):
from airflow.plugins_manager import flask_blueprints
for bp in flask_blueprints:
log.debug("Adding blueprint %s:%s", bp["name"], bp["blueprint"].import_name)
app.register_blueprint(bp["blueprint"])
init_views(appbuilder)
init_plugin_blueprints(app)
security_manager = appbuilder.sm
security_manager.sync_roles()
from airflow.www.api.experimental import endpoints as e
# required for testing purposes otherwise the module retains
# a link to the default_auth
if app.config['TESTING']:
import importlib
importlib.reload(e)
app.register_blueprint(e.api_experimental, url_prefix='/api/experimental')
@app.context_processor
def jinja_globals():
return {
'hostname': socket.getfqdn(),
'navbar_color': conf.get('webserver', 'NAVBAR_COLOR'),
}
@app.teardown_appcontext
def shutdown_session(exception=None):
settings.Session.remove()
return app, appbuilder
def create_app(config=None, testing=False):
app = Flask(__name__)
if conf.getboolean('webserver', 'ENABLE_PROXY_FIX'):
app.wsgi_app = ProxyFix(app.wsgi_app,
num_proxies=conf.get("webserver",
"PROXY_FIX_NUM_PROXIES",
fallback=None),
x_for=conf.get("webserver",
"PROXY_FIX_X_FOR",
fallback=1),
x_proto=conf.get("webserver",
"PROXY_FIX_X_PROTO",
fallback=1),
x_host=conf.get("webserver",
"PROXY_FIX_X_HOST",
fallback=1),
x_port=conf.get("webserver",
"PROXY_FIX_X_PORT",
fallback=1),
x_prefix=conf.get("webserver",
"PROXY_FIX_X_PREFIX",
fallback=1))
app.secret_key = conf.get('webserver', 'SECRET_KEY')
app.config['LOGIN_DISABLED'] = not conf.getboolean('webserver',
'AUTHENTICATE')
app.config['SESSION_COOKIE_HTTPONLY'] = True
app.config['SESSION_COOKIE_SECURE'] = conf.getboolean(
'webserver', 'COOKIE_SECURE')
app.config['SESSION_COOKIE_SAMESITE'] = conf.get('webserver',
'COOKIE_SAMESITE')
if config:
app.config.from_mapping(config)
csrf.init_app(app)
app.config['TESTING'] = testing
airflow.load_login()
airflow.login.LOGIN_MANAGER.init_app(app)
from airflow import api
api.load_auth()
api.API_AUTH.api_auth.init_app(app)
# flake8: noqa: F841
cache = Cache(app=app,
config={
'CACHE_TYPE': 'filesystem',
'CACHE_DIR': '/tmp'
})
app.register_blueprint(routes)
configure_logging()
with app.app_context():
from airflow.www import views
admin = Admin(
app,
name='Airflow',
static_url_path='/admin',
index_view=views.HomeView(endpoint='', url='/admin', name="DAGs"),
template_mode='bootstrap3',
)
av = admin.add_view
vs = views
av(vs.Airflow(name='DAGs', category='DAGs'))
if not conf.getboolean('core', 'secure_mode'):
av(vs.QueryView(name='Ad Hoc Query', category="Data Profiling"))
av(
vs.ChartModelView(models.Chart,
Session,
name="Charts",
category="Data Profiling"))
av(
vs.KnownEventView(models.KnownEvent,
Session,
name="Known Events",
category="Data Profiling"))
av(
vs.SlaMissModelView(models.SlaMiss,
Session,
name="SLA Misses",
category="Browse"))
av(
vs.TaskInstanceModelView(models.TaskInstance,
Session,
name="Task Instances",
category="Browse"))
av(vs.LogModelView(models.Log, Session, name="Logs",
category="Browse"))
av(
vs.JobModelView(jobs.BaseJob,
Session,
name="Jobs",
category="Browse"))
av(
vs.PoolModelView(models.Pool,
Session,
name="Pools",
category="Admin"))
av(vs.ConfigurationView(name='Configuration', category="Admin"))
av(
vs.UserModelView(models.User,
Session,
name="Users",
category="Admin"))
av(
vs.ConnectionModelView(Connection,
Session,
name="Connections",
category="Admin"))
av(
vs.VariableView(models.Variable,
Session,
name="Variables",
category="Admin"))
av(vs.XComView(models.XCom, Session, name="XComs", category="Admin"))
if "dev" in version.version:
airflow_doc_site = "https://airflow.readthedocs.io/en/latest"
else:
airflow_doc_site = 'https://airflow.apache.org/docs/{}'.format(
version.version)
admin.add_link(
base.MenuLink(category='Docs',
name='Documentation',
url=airflow_doc_site))
admin.add_link(
base.MenuLink(category='Docs',
name='GitHub',
url='https://github.com/apache/airflow'))
av(vs.VersionView(name='Version', category="About"))
av(
vs.DagRunModelView(models.DagRun,
Session,
name="DAG Runs",
category="Browse"))
av(vs.DagModelView(models.DagModel, Session, name=None))
# Hack to not add this view to the menu
admin._menu = admin._menu[:-1]
def integrate_plugins():
"""Integrate plugins to the context"""
log = LoggingMixin().log
from airflow.plugins_manager import (admin_views, flask_blueprints,
menu_links)
for v in admin_views:
log.debug('Adding view %s', v.name)
admin.add_view(v)
for bp in flask_blueprints:
log.debug("Adding blueprint %s:%s", bp["name"],
bp["blueprint"].import_name)
app.register_blueprint(bp["blueprint"])
for ml in sorted(menu_links, key=lambda x: x.name):
log.debug('Adding menu link %s', ml.name)
admin.add_link(ml)
integrate_plugins()
import airflow.www.api.experimental.endpoints as e
# required for testing purposes otherwise the module retains
# a link to the default_auth
if app.config['TESTING']:
six.moves.reload_module(e)
app.register_blueprint(e.api_experimental,
url_prefix='/api/experimental')
@app.context_processor
def jinja_globals():
return {
'hostname': get_hostname(),
'navbar_color': conf.get('webserver', 'NAVBAR_COLOR'),
}
@app.teardown_appcontext
def shutdown_session(exception=None):
settings.Session.remove()
return app
from database import Base, create_session
from decorators import template_renderer
from log_configuration import LogConfiguration
from mailer import Mailer
from mod_auth.controllers import mod_auth
from mod_ci.controllers import mod_ci
from mod_customized.controllers import mod_customized
from mod_deploy.controllers import mod_deploy
from mod_home.controllers import mod_home
from mod_regression.controllers import mod_regression
from mod_sample.controllers import mod_sample
from mod_test.controllers import mod_test
from mod_upload.controllers import mod_upload
app = Flask(__name__)
app.wsgi_app = ProxyFix(app.wsgi_app) # type: ignore
# Load config
try:
config = parse_config('config')
except ImportStringError:
traceback.print_exc()
raise MissingConfigError()
app.config.from_mapping(config)
try:
app.config['DEBUG'] = os.environ['DEBUG']
except KeyError:
app.config['DEBUG'] = False
# embed flask-migrate in the app itself
try:
def start():
"""
Starts up a HTTP server attached to the provider port, and optionally
in development mode (which is ideal for local development but unideal
for production use).
"""
parser = argparse.ArgumentParser(
description='Starts your application\'s HTTP server.')
parser.add_argument('--port',
'-p',
help='The port to listen on',
default=8000)
parser.add_argument(
'--prod',
help='If specified the server is started in production mode, where ' +
'the server isn\'t restarted as changes to the source code occur.',
action='store_true')
args = parser.parse_args()
# Locally we don't specify any handlers, which causes `basicConfig` to set
# up one for us that writes human readable messages.
handlers = None
# If we're in production we setup a handler that writes JSON log messages
# in a format that Google likes.
if args.prod:
json_handler = logging.StreamHandler()
json_handler.setFormatter(StackdriverJsonFormatter())
handlers = [json_handler]
logging.basicConfig(level=os.environ.get('LOG_LEVEL',
default=logging.INFO),
handlers=handlers)
logger = logging.getLogger()
logger.debug("AHOY! Let's get this boat out to water...")
app = Flask("app")
# Bind the API functionality to our application. You can add additional
# API endpoints by editing api.py.
logger.debug("Starting: init API...")
app.register_blueprint(create_api(), url_prefix='/')
logger.debug("Complete: init API...")
# In production we use a HTTP server appropriate for production.
if args.prod:
logger.debug("Starting: gevent.WSGIServer...")
# There are two proxies -- the one that's run as a sibling of this process, and
# the Ingress controller that runs on the cluster.
# See: https://skiff.allenai.org/templates.html
num_proxies = 2
proxied_app = ProxyFix(app,
x_for=num_proxies,
x_proto=num_proxies,
x_host=num_proxies,
x_port=num_proxies)
http_server = WSGIServer(('0.0.0.0', args.port),
proxied_app,
log=logger,
error_log=logger)
app.logger.info(f'Server listening at http://0.0.0.0:{args.port}')
http_server.serve_forever()
else:
logger.debug("Starting: Flask development server...")
num_proxies = 1
proxied_app = ProxyFix(app,
x_for=num_proxies,
x_proto=num_proxies,
x_host=num_proxies,
x_port=num_proxies)
app.run(host='0.0.0.0', port=args.port)
from werkzeug.middleware.proxy_fix import ProxyFix
from app import create_app
from dotenv import load_dotenv
load_dotenv()
sentry_sdk.init(dsn=os.environ.get('SENTRY_URL', ''),
integrations=[
CeleryIntegration(),
FlaskIntegration(),
RedisIntegration(),
SqlalchemyIntegration()
],
release="notify-api@" + os.environ.get('GIT_SHA', ''))
application = Flask('api')
application.wsgi_app = ProxyFix(application.wsgi_app)
create_app(application)
if os.environ.get('USE_LOCAL_JINJA_TEMPLATES') == 'True':
print('')
print('========================================================')
print('')
print('WARNING: USING LOCAL JINJA from /jinja_templates FOLDER!')
print('.env USE_LOCAL_JINJA_TEMPLATES=True')
print('')
print('========================================================')
print('')
def create_app(test_config: dict = None) -> Flask:
app = Flask(__name__)
# for usage with proxies
app.wsgi_app = ProxyFix(app.wsgi_app)
if test_config is not None:
app.config.from_mapping(test_config)
app.config.update(
((v[6:], os.environ[v]) for v in os.environ if v[:6] == "FLASK_"))
print([(v[6:], os.environ[v]) for v in os.environ if v[:6] == "FLASK_"])
from .app_view import AppRouteView, response
from . import auth, models, content_manager
for item in [auth, models, content_manager]:
if getattr(item, "init_app", None) is not None:
item.init_app(app)
if getattr(item, "blueprint", None) is not None:
app.register_blueprint(item.blueprint)
if app.config["SQLALCHEMY_DATABASE_URI"][-8:] == ":memory:":
with app.app_context():
models.db.create_all()
if (app.config["ENV"] == "production"
and app.config.get("PROXY_MODE") is None):
# require HTTPS in production, do not require in development
@app.before_request
def redirect_insecure():
if not request.is_secure:
return redirect(request.url.replace("http", "https", 1))
@app.errorhandler(403)
def not_authorized(e):
return render_template("errors/_403.html"), 403
@app.errorhandler(gs.e.FormError)
def form_error(e):
status_code = 400
value = response("Error for form submission (%s)" % e,
payload={
"type": str(type(e)),
"msg": str(e)
},
status_code=status_code)
# return a JSON payload for a FormError
if request.is_json:
return jsonify(value), status_code
# redirect to the current page, clears the form and allows refreshing
return redirect(request.url_rule.rule)
class Index(AppRouteView):
"""
mediaPanel dashboard index page.
HTML version contains a device status (online/offline/out of date), an
expiring/upcoming ads overview, an upcoming calendar and events
overview, and a storage space overview.
"""
decorators = [auth.login_redirect]
template_name = "index.html"
def get_device_stats(self, data):
now = datetime.now()
devices = []
online = []
offline = []
out_of_date = []
for device in g.user.allowed_devices:
last_ping = device.last_ping
storage_percentage = 1 - device.free_disk / device.total_disk
offline_delta = now - last_ping
offline_for = human_readable_timedelta(offline_delta)
version_numbers = device.system_version.split(".")
version = (version_numbers[0] +
version_numbers[1].rjust(2, "0") +
version_numbers[2].rjust(2, "0"))
device_json = {
"device_id": device.device_id,
"nickname": device.nickname,
"system_version": version,
"offline_for": offline_for,
"last_ping": last_ping.timestamp(),
"storage_percentage": storage_percentage * 100,
}
devices.append(device_json)
# Sorting online vs offline
if offline_delta.days or offline_delta.seconds > 300:
offline.append(device_json)
else:
online.append(device_json)
# List of out of date devices
if version < data["current_version"]:
out_of_date.append(device_json)
return devices, online, offline, out_of_date
def populate(self):
now = datetime.now()
data = {
"current_time": int(now.timestamp()),
"current_version": "60708", # ::TODO:: get from VERSION.json?
}
# Get device information {{{
devices, online, offline, out_of_date = self.get_device_stats(data)
data["devices"] = devices
data["online"] = online
data["offline"] = offline
data["out_of_date"] = out_of_date
# }}}
# Get ads information {{{
try:
client_id = g.client.client_id
ads_mgr = StorageManager("media_scheduler", "index", client_id)
ads_report = ads_mgr.load()
expiring = ads_report["expiring"]
upcoming = ads_report["upcoming"]
data["ads"] = {
"expiring": expiring,
"upcoming": upcoming,
}
except IOError as e:
# Any IO error from StorageManager loading the files
logging.error("No ads report found: %r", e)
finally:
if "ads" not in data:
data["ads"] = {"expiring_ads": [], "upcoming_ads": []}
# }}}
# Get upcoming calendar and events {{{
# TODO applet-ify
upcoming_events = []
upcoming_range = timedelta(days=30)
for device in devices:
try:
event_config = EventsConfig.from_v6_id(
g.client.client_id,
device["device_id"],
base_path=app.config["RESOURCES_FOLDER"])
except FileNotFoundError:
# Expected if a device has no events
logging.debug("Could not find events for: %s",
device["device_id"])
continue
except IOError as e:
logging.error("Could not load events for %s: %r",
device["device_id"], e)
continue
for event_name, event in event_config.events.items():
for person, date in event.events:
event_range = date.replace(year=now.year) - now.date()
if timedelta(0) < event_range < upcoming_range:
upcoming_events.append((event_name, person.name,
date.strftime("%B %d")))
data["events"] = {"upcoming_events": upcoming_events}
# }}}
return data
app.add_url_rule("/", view_func=Index.as_view("index"))
return app
def create_app(config=None):
from . import models, routes, services
from .assets import assets
app = Flask(__name__)
# Read log level from environment variable
log_level_name = os.environ.get('PDNS_ADMIN_LOG_LEVEL', 'WARNING')
log_level = logging.getLevelName(log_level_name.upper())
# Setting logger
logging.basicConfig(
level=log_level,
format=
"[%(asctime)s] [%(filename)s:%(lineno)d] %(levelname)s - %(message)s")
# If we use Docker + Gunicorn, adjust the
# log handler
if "GUNICORN_LOGLEVEL" in os.environ:
gunicorn_logger = logging.getLogger("gunicorn.error")
app.logger.handlers = gunicorn_logger.handlers
app.logger.setLevel(gunicorn_logger.level)
# Proxy
app.wsgi_app = ProxyFix(app.wsgi_app)
# CSRF protection
csrf = SeaSurf(app)
csrf.exempt(routes.index.dyndns_checkip)
csrf.exempt(routes.index.dyndns_update)
csrf.exempt(routes.index.saml_authorized)
csrf.exempt(routes.api.api_login_create_zone)
csrf.exempt(routes.api.api_login_delete_zone)
csrf.exempt(routes.api.api_generate_apikey)
csrf.exempt(routes.api.api_delete_apikey)
csrf.exempt(routes.api.api_update_apikey)
csrf.exempt(routes.api.api_zone_subpath_forward)
csrf.exempt(routes.api.api_zone_forward)
csrf.exempt(routes.api.api_create_zone)
# Load config from env variables if using docker
if os.path.exists(os.path.join(app.root_path, 'docker_config.py')):
app.config.from_object('powerdnsadmin.docker_config')
else:
# Load default configuration
app.config.from_object('powerdnsadmin.default_config')
# Load config file from FLASK_CONF env variable
if 'FLASK_CONF' in os.environ:
app.config.from_envvar('FLASK_CONF')
# Load app sepecified configuration
if config is not None:
if isinstance(config, dict):
app.config.update(config)
elif config.endswith('.py'):
app.config.from_pyfile(config)
# HSTS
if app.config.get('HSTS_ENABLED'):
from flask_sslify import SSLify
_sslify = SSLify(app) # lgtm [py/unused-local-variable]
# SMTP
app.mail = Mail(app)
# Load app's components
assets.init_app(app)
models.init_app(app)
routes.init_app(app)
services.init_app(app)
# Register filters
app.jinja_env.filters['display_record_name'] = utils.display_record_name
app.jinja_env.filters['display_master_name'] = utils.display_master_name
app.jinja_env.filters['display_second_to_time'] = utils.display_time
app.jinja_env.filters[
'email_to_gravatar_url'] = utils.email_to_gravatar_url
app.jinja_env.filters[
'display_setting_state'] = utils.display_setting_state
# Register context proccessors
from .models.setting import Setting
@app.context_processor
def inject_sitename():
setting = Setting().get('site_name')
return dict(SITE_NAME=setting)
@app.context_processor
def inject_setting():
setting = Setting()
return dict(SETTING=setting)
@app.context_processor
def inject_mode():
setting = app.config.get('OFFLINE_MODE', False)
return dict(OFFLINE_MODE=setting)
return app
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /myprefix;
}
:param app: the WSGI application
'''
def __init__(self, app):
self.app = app
def __call__(self, environ, start_response):
script_name = environ.get('HTTP_X_SCRIPT_NAME', '')
if script_name:
environ['SCRIPT_NAME'] = script_name
path_info = environ['PATH_INFO']
if path_info.startswith(script_name):
environ['PATH_INFO'] = path_info[len(script_name):]
scheme = environ.get('HTTP_X_SCHEME', '')
if scheme:
environ['wsgi.url_scheme'] = scheme
return self.app(environ, start_response)
application = app
# patch app to handle non root url-s behind proxy & wsgi
app.wsgi_app = ReverseProxyPathFix(ProxyFix(application.wsgi_app))
if __name__ == "__main__":
run()
def create_app(config=None, session=None, testing=False, app_name="Airflow"):
global app, appbuilder
app = Flask(__name__)
if conf.getboolean('webserver', 'ENABLE_PROXY_FIX'):
app.wsgi_app = ProxyFix(app.wsgi_app,
x_for=conf.getint("webserver",
"PROXY_FIX_X_FOR",
fallback=1),
x_proto=conf.getint("webserver",
"PROXY_FIX_X_PROTO",
fallback=1),
x_host=conf.getint("webserver",
"PROXY_FIX_X_HOST",
fallback=1),
x_port=conf.getint("webserver",
"PROXY_FIX_X_PORT",
fallback=1),
x_prefix=conf.getint("webserver",
"PROXY_FIX_X_PREFIX",
fallback=1))
app.secret_key = conf.get('webserver', 'SECRET_KEY')
session_lifetime_days = conf.getint('webserver',
'SESSION_LIFETIME_DAYS',
fallback=30)
app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(
days=session_lifetime_days)
app.config.from_pyfile(settings.WEBSERVER_CONFIG, silent=True)
app.config['APP_NAME'] = app_name
app.config['TESTING'] = testing
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
app.config['SESSION_COOKIE_HTTPONLY'] = True
app.config['SESSION_COOKIE_SECURE'] = conf.getboolean(
'webserver', 'COOKIE_SECURE')
app.config['SESSION_COOKIE_SAMESITE'] = conf.get('webserver',
'COOKIE_SAMESITE')
if config:
app.config.from_mapping(config)
# Configure the JSON encoder used by `|tojson` filter from Flask
app.json_encoder = AirflowJsonEncoder
csrf.init_app(app)
db = SQLA(app)
from airflow import api
api.load_auth()
api.API_AUTH.api_auth.init_app(app)
Cache(app=app, config={'CACHE_TYPE': 'filesystem', 'CACHE_DIR': '/tmp'})
from airflow.www.blueprints import routes
app.register_blueprint(routes)
configure_logging()
configure_manifest_files(app)
with app.app_context():
from airflow.www.security import AirflowSecurityManager
security_manager_class = app.config.get('SECURITY_MANAGER_CLASS') or \
AirflowSecurityManager
if not issubclass(security_manager_class, AirflowSecurityManager):
raise Exception(
"""Your CUSTOM_SECURITY_MANAGER must now extend AirflowSecurityManager,
not FAB's security manager.""")
appbuilder = AppBuilder(app,
db.session if not session else session,
security_manager_class=security_manager_class,
base_template='airflow/master.html',
update_perms=conf.getboolean(
'webserver', 'UPDATE_FAB_PERMS'))
def init_views(appbuilder):
from airflow.www import views
# Remove the session from scoped_session registry to avoid
# reusing a session with a disconnected connection
appbuilder.session.remove()
appbuilder.add_view_no_menu(views.Airflow())
appbuilder.add_view_no_menu(views.DagModelView())
appbuilder.add_view(views.DagRunModelView,
"DAG Runs",
category="Browse",
category_icon="fa-globe")
appbuilder.add_view(views.JobModelView, "Jobs", category="Browse")
appbuilder.add_view(views.LogModelView, "Logs", category="Browse")
appbuilder.add_view(views.SlaMissModelView,
"SLA Misses",
category="Browse")
appbuilder.add_view(views.TaskInstanceModelView,
"Task Instances",
category="Browse")
appbuilder.add_view(views.ConfigurationView,
"Configurations",
category="Admin",
category_icon="fa-user")
appbuilder.add_view(views.ConnectionModelView,
"Connections",
category="Admin")
appbuilder.add_view(views.PoolModelView, "Pools", category="Admin")
appbuilder.add_view(views.VariableModelView,
"Variables",
category="Admin")
appbuilder.add_view(views.XComModelView, "XComs", category="Admin")
if "dev" in version.version:
airflow_doc_site = "https://airflow.readthedocs.io/en/latest"
else:
airflow_doc_site = 'https://airflow.apache.org/docs/{}'.format(
version.version)
appbuilder.add_link("Website",
href='https://airflow.apache.org',
category="Docs",
category_icon="fa-globe")
appbuilder.add_link("Documentation",
href=airflow_doc_site,
category="Docs",
category_icon="fa-cube")
appbuilder.add_link("GitHub",
href='https://github.com/apache/airflow',
category="Docs")
appbuilder.add_view(views.VersionView,
'Version',
category='About',
category_icon='fa-th')
def integrate_plugins():
"""Integrate plugins to the context"""
from airflow import plugins_manager
plugins_manager.ensure_plugins_loaded()
for v in plugins_manager.flask_appbuilder_views:
log.debug("Adding view %s", v["name"])
appbuilder.add_view(v["view"],
v["name"],
category=v["category"])
for ml in sorted(plugins_manager.flask_appbuilder_menu_links,
key=lambda x: x["name"]):
log.debug("Adding menu link %s", ml["name"])
appbuilder.add_link(ml["name"],
href=ml["href"],
category=ml["category"],
category_icon=ml["category_icon"])
integrate_plugins()
# Garbage collect old permissions/views after they have been modified.
# Otherwise, when the name of a view or menu is changed, the framework
# will add the new Views and Menus names to the backend, but will not
# delete the old ones.
def init_plugin_blueprints(app):
from airflow.plugins_manager import flask_blueprints
for bp in flask_blueprints:
log.debug("Adding blueprint %s:%s", bp["name"],
bp["blueprint"].import_name)
app.register_blueprint(bp["blueprint"])
init_views(appbuilder)
init_plugin_blueprints(app)
if conf.getboolean('webserver', 'UPDATE_FAB_PERMS'):
security_manager = appbuilder.sm
security_manager.sync_roles()
from airflow.www.api.experimental import endpoints as e
# required for testing purposes otherwise the module retains
# a link to the default_auth
if app.config['TESTING']:
import importlib
importlib.reload(e)
app.register_blueprint(e.api_experimental,
url_prefix='/api/experimental')
@app.context_processor
def jinja_globals(): # pylint: disable=unused-variable
globals = {
'hostname':
socket.getfqdn() if conf.getboolean(
'webserver', 'EXPOSE_HOSTNAME', fallback=True) else
'redact',
'navbar_color':
conf.get('webserver', 'NAVBAR_COLOR'),
'log_fetch_delay_sec':
conf.getint('webserver', 'log_fetch_delay_sec', fallback=2),
'log_auto_tailing_offset':
conf.getint('webserver',
'log_auto_tailing_offset',
fallback=30),
'log_animation_speed':
conf.getint('webserver', 'log_animation_speed', fallback=1000)
}
if 'analytics_tool' in conf.getsection('webserver'):
globals.update({
'analytics_tool':
conf.get('webserver', 'ANALYTICS_TOOL'),
'analytics_id':
conf.get('webserver', 'ANALYTICS_ID')
})
return globals
@app.before_request
def before_request():
_force_log_out_after = conf.getint('webserver',
'FORCE_LOG_OUT_AFTER',
fallback=0)
if _force_log_out_after > 0:
flask.session.permanent = True
app.permanent_session_lifetime = datetime.timedelta(
minutes=_force_log_out_after)
flask.session.modified = True
flask.g.user = flask_login.current_user
@app.after_request
def apply_caching(response):
_x_frame_enabled = conf.getboolean('webserver',
'X_FRAME_ENABLED',
fallback=True)
if not _x_frame_enabled:
response.headers["X-Frame-Options"] = "DENY"
return response
@app.teardown_appcontext
def shutdown_session(exception=None): # pylint: disable=unused-variable
settings.Session.remove()
@app.before_request
def make_session_permanent():
flask_session.permanent = True
return app, appbuilder
def init_app(cls, app):
Config.init_app(app)
from werkzeug.middleware.proxy_fix import ProxyFix
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_port=1)
##############
# Server
# imports move to top of file
################
app = Flask(__name__)
app.secret_key = os.environ.get("SECRET_KEY") or os.urandom(24)
oauth = OAuth(app)
ip_ban = IpBan(ban_seconds=200)
ip_ban.init_app(app)
blockip = os.getenv("blockip")
if blockip:
ip_ban.block(blockip)
app.wsgi_app = ProxyFix(app.wsgi_app, x_prefix=1)
###
## Auth
#########
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
# if g.user is None:
if (AUTH_MODE == 'service'):
if session.get('token') is None:
return redirect(url_for('login', next=request.url))
else:
session['token'] = AUTH_TOKEN
session['user'] = AUTH_USER
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import Session, sessionmaker, scoped_session
from sqlalchemy import *
from sqlalchemy.pool import QueuePool
import threading
import requests
import random
from redis import BlockingConnectionPool
from werkzeug.middleware.proxy_fix import ProxyFix
_version = "2.18.0"
app = Flask(__name__, template_folder='./templates', static_folder='./static')
app.wsgi_app = ProxyFix(app.wsgi_app, num_proxies=2)
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
app.config['DATABASE_URL'] = environ.get("DATABASE_CONNECTION_POOL_URL",
environ.get("DATABASE_URL"))
app.config['SQLALCHEMY_READ_URIS'] = [
environ.get("DATABASE_CONNECTION_POOL_READ_01_URL"),
environ.get("DATABASE_CONNECTION_POOL_READ_02_URL"),
environ.get("DATABASE_CONNECTION_POOL_READ_03_URL")
]
app.config['SECRET_KEY'] = environ.get('MASTER_KEY')
app.config["SERVER_NAME"] = environ.get("domain",
environ.get("SERVER_NAME", None))
app.config["SESSION_COOKIE_NAME"] = "session_ruqqus"
def create_app(config="CTFd.config.Config"):
app = CTFdFlask(__name__)
with app.app_context():
app.config.from_object(config)
theme_loader = ThemeLoader(
os.path.join(app.root_path, "themes"), followlinks=True
)
app.jinja_loader = theme_loader
from CTFd.models import ( # noqa: F401
db,
Teams,
Solves,
Challenges,
Fails,
Flags,
Tags,
Files,
Tracking,
)
url = create_database()
# This allows any changes to the SQLALCHEMY_DATABASE_URI to get pushed back in
# This is mostly so we can force MySQL's charset
app.config["SQLALCHEMY_DATABASE_URI"] = str(url)
# Register database
db.init_app(app)
# Register Flask-Migrate
migrations.init_app(app, db)
# Alembic sqlite support is lacking so we should just create_all anyway
if url.drivername.startswith("sqlite"):
db.create_all()
stamp_latest_revision()
else:
# This creates tables instead of db.create_all()
# Allows migrations to happen properly
upgrade()
from CTFd.models import ma
ma.init_app(app)
app.db = db
app.VERSION = __version__
from CTFd.cache import cache
cache.init_app(app)
app.cache = cache
reverse_proxy = app.config.get("REVERSE_PROXY")
if reverse_proxy:
if "," in reverse_proxy:
proxyfix_args = [int(i) for i in reverse_proxy.split(",")]
app.wsgi_app = ProxyFix(app.wsgi_app, None, *proxyfix_args)
else:
app.wsgi_app = ProxyFix(
app.wsgi_app,
num_proxies=None,
x_for=1,
x_proto=1,
x_host=1,
x_port=1,
x_prefix=1,
)
version = utils.get_config("ctf_version")
# Upgrading from an older version of CTFd
if version and (StrictVersion(version) < StrictVersion(__version__)):
if confirm_upgrade():
run_upgrade()
else:
exit()
if not version:
utils.set_config("ctf_version", __version__)
if not utils.get_config("ctf_theme"):
utils.set_config("ctf_theme", "core")
update_check(force=True)
init_request_processors(app)
init_template_filters(app)
init_template_globals(app)
# Importing here allows tests to use sensible names (e.g. api instead of api_bp)
from CTFd.views import views
from CTFd.teams import teams
from CTFd.users import users
from CTFd.challenges import challenges
from CTFd.scoreboard import scoreboard
from CTFd.auth import auth
from CTFd.admin import admin
from CTFd.api import api
from CTFd.events import events
from CTFd.errors import page_not_found, forbidden, general_error, gateway_error
app.register_blueprint(views)
app.register_blueprint(teams)
app.register_blueprint(users)
app.register_blueprint(challenges)
app.register_blueprint(scoreboard)
app.register_blueprint(auth)
app.register_blueprint(api)
app.register_blueprint(events)
app.register_blueprint(admin)
app.register_error_handler(404, page_not_found)
app.register_error_handler(403, forbidden)
app.register_error_handler(500, general_error)
app.register_error_handler(502, gateway_error)
init_logs(app)
init_events(app)
init_plugins(app)
return app
def create_app() -> Flask:
app = Flask(__name__)
# SimpleLogin is deployed behind NGINX
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_host=1)
limiter.init_app(app)
app.url_map.strict_slashes = False
app.config["SQLALCHEMY_DATABASE_URI"] = DB_URI
app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
# enable to print all queries generated by sqlalchemy
# app.config["SQLALCHEMY_ECHO"] = True
app.secret_key = FLASK_SECRET
app.config["TEMPLATES_AUTO_RELOAD"] = True
# to avoid conflict with other cookie
app.config["SESSION_COOKIE_NAME"] = SESSION_COOKIE_NAME
if URL.startswith("https"):
app.config["SESSION_COOKIE_SECURE"] = True
app.config["SESSION_COOKIE_SAMESITE"] = "Lax"
setup_error_page(app)
init_extensions(app)
register_blueprints(app)
set_index_page(app)
jinja2_filter(app)
setup_favicon_route(app)
setup_openid_metadata(app)
init_admin(app)
setup_paddle_callback(app)
setup_do_not_track(app)
if FLASK_PROFILER_PATH:
LOG.d("Enable flask-profiler")
app.config["flask_profiler"] = {
"enabled": True,
"storage": {
"engine": "sqlite",
"FILE": FLASK_PROFILER_PATH
},
"basicAuth": {
"enabled": True,
"username": "******",
"password": FLASK_PROFILER_PASSWORD,
},
"ignore": ["^/static/.*", "/git", "/exception"],
}
flask_profiler.init_app(app)
# enable CORS on /api endpoints
CORS(app, resources={r"/api/*": {"origins": "*"}})
# set session to permanent so user stays signed in after quitting the browser
# the cookie is valid for 7 days
@app.before_request
def make_session_permanent():
session.permanent = True
app.permanent_session_lifetime = timedelta(days=7)
return app
#! /usr/bin/python3 -B
import sys
sys.path.append("..")
from werkzeug.serving import run_simple
from werkzeug.middleware.proxy_fix import ProxyFix
from wsgi_door.providers import init_providers
from wsgi_door.middleware import WsgiDoorAuth
from app import app
auth_providers = init_providers(app.config.AUTH_CLIENT_KEYS)
app.wsgi_app = WsgiDoorAuth(app.wsgi_app, auth_providers,
app.config.SECRET_KEY)
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_for=1)
run_simple('0.0.0.0', 5000, app)
from cellxgene_gateway.prune_process_cache import PruneProcessCache
from cellxgene_gateway.util import current_time_stamp
app = Flask(__name__)
def _force_https(app):
def wrapper(environ, start_response):
environ["wsgi.url_scheme"] = env.external_protocol
return app(environ, start_response)
return wrapper
app.wsgi_app = _force_https(app.wsgi_app)
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1, x_prefix=1)
cache = BackendCache()
@app.errorhandler(CellxgeneException)
def handle_invalid_usage(error):
message = f"{error.http_status} Error : {error.message}"
return (
render_template(
"cellxgene_error.html",
extra_scripts=get_extra_scripts(),
message=message,
),
from werkzeug.middleware.proxy_fix import ProxyFix
import ob2.config as config
import ob2.mailer as mailer
from ob2.util.authentication import user_id
from ob2.util.security import generate_secure_random_string, get_request_validity
from ob2.util.github_login import is_ta
from ob2.util.templating import JINJA_EXPORTS
app = Flask("ob2.web", static_url_path=("%s/static" % config.web_public_root))
if config.web_behind_proxy:
count_proxies_forwards_host = 1 if config.web_proxy_forwards_host else 0
count_proxies_forwards_for = 1 if config.web_proxy_forwards_for else 0
count_proxies_forwards_proto = 1 if config.web_proxy_forwards_proto else 0
app.wsgi_app = ProxyFix(app.wsgi_app,
x_host=count_proxies_forwards_host,
x_for=count_proxies_forwards_for,
x_proto=count_proxies_forwards_proto)
app.logger.addHandler(StreamHandler(sys.stdout))
app.debug = config.debug_mode
app.config["SESSION_COOKIE_PATH"] = config.web_public_root + "/"
app.config["SESSION_COOKIE_SECURE"] = config.web_https
app.config["SERVER_NAME"] = config.web_public_host
app.jinja_env.globals.update(JINJA_EXPORTS)
# We need to tell our mailer daemon about the web application, so that we can use url_for() to
# generate URL's in our email templates. We can't just import "app" from this module, because that
# would create a cyclic import dependency.
mailer.register_app(app)
cache_buster_hash = generate_secure_random_string(8)
def create_app():
server = Flask(__name__, template_folder='../client/public')
server.wsgi_app = ProxyFix(server.wsgi_app, x_for=1)
server.config.from_object("server." + os.environ["APP_SETTINGS"])
from .db import db
from .limiter import limiter
csrf = CSRFProtect()
db.init_app(server)
csrf.init_app(server)
limiter.init_app(server)
Talisman(server,
content_security_policy={
'font-src':
["'self'", 'themes.googleusercontent.com', '*.gstatic.com'],
'script-src': ["'self'", 'ajax.googleapis.com'],
'style-src': [
"'self'",
'fonts.googleapis.com',
'*.gstatic.com',
'ajax.googleapis.com',
"'unsafe-inline'",
],
'default-src': ["'self'", '*.gstatic.com']
},
force_https=False)
from server.models.Client_Resources import Client_Resources
from server.models.Gallery_Info import Gallery_Info
from server.models.Image import Image
from server.models.Paragraph import Paragraph
from server.models.Galleries import Galleries
from server.models.Header import Header
# Order of imports matter here
# If placed at the top, these blueprints get no db :(
from server.blueprints.content import content
from server.blueprints.auth import auth
from server.blueprints.images import images
from server.blueprints.blacklist import blacklist
from server.blueprints.settings import settings
from server.blueprints.email_service import email_service
from server.blueprints.gallery import galleries
from server.blueprints.users import users
server.register_blueprint(auth, url_prefix="/admin")
server.register_blueprint(images, url_prefix='/admin/assets')
server.register_blueprint(content, url_prefix='/content')
server.register_blueprint(galleries, url_prefix='/galleries')
server.register_blueprint(blacklist, url_prefix='/admin/blacklist')
server.register_blueprint(settings)
server.register_blueprint(email_service)
server.register_blueprint(users)
# Set custom CSP settings for admin portal, no easier way to do this unfortunately
# https://github.com/GoogleCloudPlatform/flask-talisman/issues/45
with server.app_context():
setattr(
current_app.view_functions.get("auth.home"),
"talisman_view_options",
{"content_security_policy": {
"default-src": "* 'unsafe-inline'"
}})
setattr(
current_app.view_functions.get("auth.login"),
"talisman_view_options",
{"content_security_policy": {
"default-src": "* 'unsafe-inline'"
}})
setattr(
current_app.view_functions.get("images.handle_images"),
"talisman_view_options",
{"content_security_policy": {
"default-src": "* 'unsafe-inline'"
}})
setattr(
current_app.view_functions.get("content.render"),
"talisman_view_options",
{"content_security_policy": {
"default-src": "* 'unsafe-inline'"
}})
setattr(
current_app.view_functions.get("galleries.handle_images"),
"talisman_view_options",
{"content_security_policy": {
"default-src": "* 'unsafe-inline'"
}})
setattr(
current_app.view_functions.get("settings.show_page"),
"talisman_view_options",
{"content_security_policy": {
"default-src": "* 'unsafe-inline'"
}})
setattr(
current_app.view_functions.get("users.handle_recovery"),
"talisman_view_options",
{"content_security_policy": {
"default-src": "* 'unsafe-inline'"
}})
@server.errorhandler(429)
def handle_excess_req(e):
message = "You've requested our site quite rapidly recently. Please try again later."
error = "Too Many Requests"
return render_template('error.html', message=message, error=error)
@server.route('/', methods=["GET"])
@limiter.limit('50/minute')
def home():
return render_template('index.html', test=request.headers)
# return send_from_directory('../client/public', 'index.html')
@server.route("/<path:path>")
@limiter.exempt
def send_assets(path):
return send_from_directory('../client/public', path)
@server.route('/resources', methods=['GET'])
def get_resources():
"""
### Deliver only the content and galleries that are in use on the client website
```sql
SELECT clients.resource_id, headers.header_text, clients.content_id, paragraphs.paragraph_text, images.image_name, images.image_link, clients.gallery_id, gallery_info.gallery_name, gallery_info.description, galleries.index_id FROM client_resources as clients
LEFT OUTER JOIN headers ON headers.header_id = clients.content_id
LEFT OUTER JOIN galleries ON galleries.info_id = clients.gallery_id
LEFT OUTER JOIN paragraphs ON paragraphs.paragraph_id = headers.paragraph_id
LEFT OUTER JOIN images ON images.image_id = headers.image_id OR images.image_id = galleries.image_id
LEFT OUTER JOIN gallery_info ON galleries.info_id = gallery_info.gallery_id
ORDER BY clients.content_id, clients.gallery_id, galleries.index_id, clients.resource_id;
```
"""
resources = Client_Resources.query.with_entities(
Client_Resources.resource_id, Client_Resources.content_id,
Header.header_text, Paragraph.paragraph_text, Image.image_name,
Image.image_link, Client_Resources.gallery_id,
Gallery_Info.gallery_name, Gallery_Info.description,
Galleries.index_id).outerjoin(
Header,
Header.header_id == Client_Resources.content_id).outerjoin(
Galleries, Galleries.info_id == Client_Resources.gallery_id
).outerjoin(
Paragraph,
Paragraph.paragraph_id == Header.paragraph_id).outerjoin(
Image,
((Image.image_id == Header.image_id) |
(Image.image_id == Galleries.image_id))).outerjoin(
Gallery_Info, Gallery_Info.gallery_id ==
Galleries.info_id).order_by(
Client_Resources.content_id,
Client_Resources.gallery_id,
Galleries.index_id,
Client_Resources.resource_id)
all_galleries = []
all_content = []
marker = None
gallery_json = None
for row in resources:
if row.content_id is not None:
image_name = row.image_name if hasattr(
row, "image_name") else 'Placeholder'
image_link = row.image_link if hasattr(
row, "image_link") else url_for(
'static',
filename='assets/icons/image-icon.inkscape.png')
item = {
"header_text": row.header_text,
"paragraph_text": row.paragraph_text,
"image_name": image_name,
"image_link": image_link
}
all_content.append(item)
if row.gallery_id is not None:
if marker is None and gallery_json is None:
marker = row.gallery_id
gallery_json = {
"gallery_name": row.gallery_name,
"description": row.description,
"images": []
}
# Change in row.info_id means the current row is part of next gallery
# Append prev gallery and set up next one, change pointer to new current gallery
if row.gallery_id != marker:
all_galleries.append(gallery_json)
gallery_json = {
"gallery_name": row.gallery_name,
"description": row.description,
"images": []
}
marker = row.gallery_id
image_link = row.image_link
image_name = row.image_name
gallery_json['images'].append({
"alt": image_name,
"src": image_link
})
# Append the last gallery after adding the last image to it
if row == resources[-1]:
all_galleries.append(gallery_json)
all_stuff = {"content": all_content, "galleries": all_galleries}
return jsonify(all_stuff)
return server
def init(app,
db,
config,
base_prefix='/auth',
root_uri='/',
providers=['google', 'facebook', 'github'],
smtp=None,
fix_ssl=True):
"""
Initalize framework
Args:
app: Flask app
db: pyaltt2.db.Database object
config: configuration dict
base_prefix: base prefix for auth urls
root_uri: default next uri
providers: oauth2 providers list
smtp: pyaltt2.mail.SMTP object, required if email confirmations are
used
fix_ssl: force SSL everywhere (True by default)
"""
if not app.config.get('SECRET_KEY'):
app.config['SECRET_KEY'] = gen_random_str()
_d.x_prefix, _d.dot_prefix = _format_prefix(base_prefix)
_d.db = db.clone(rq_func=rq)
_d.kv = KVStorage(db=db, table_name='webauth_kv')
_d.root_uri = root_uri
_d.smtp = smtp
if fix_ssl:
from werkzeug.middleware.proxy_fix import ProxyFix
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1)
def init_db():
from sqlalchemy import (MetaData, Table, Column, BigInteger, VARCHAR,
JSON, CHAR, DateTime, ForeignKey, Index,
Boolean, Numeric)
meta = MetaData()
user = Table(
'webauth_user', meta,
Column('id', BigInteger(), primary_key=True, autoincrement=True),
Column('email', VARCHAR(255), nullable=True, unique=True),
Column('password', CHAR(64), nullable=True),
Column('api_key', CHAR(32), nullable=True, unique=True),
Index('webauth_user_api_key', 'api_key'),
Column('d_created', DateTime(timezone=True), nullable=False),
Column('d_active', DateTime(timezone=True), nullable=True),
Column('confirmed', Boolean, nullable=False, server_default='0'),
Column('otp', Numeric(1, 0), nullable=False, server_default='0'),
Column('otp_secret', CHAR(16), nullable=True))
user_auth = Table(
f'webauth_user_auth', meta,
Column('id', BigInteger(), primary_key=True, autoincrement=True),
Column('user_id',
BigInteger(),
ForeignKey('webauth_user.id', ondelete='CASCADE'),
nullable=False),
Index('webauth_user_auth_user_id', 'user_id'),
Column('provider', VARCHAR(15), nullable=False),
Column('sub', VARCHAR(255), nullable=False),
Column('name', VARCHAR(255), nullable=True),
Index('webauth_user_auth_sub_provider',
'sub',
'provider',
unique=True))
user_log = Table(
f'webauth_user_log', meta,
Column('id', BigInteger(), primary_key=True, autoincrement=True),
Column('user_id', BigInteger(), nullable=False),
Index('webauth_user_log_user_id', 'user_id'),
Column('d', DateTime(timezone=True), nullable=False),
Column('event', VARCHAR(1024), nullable=False),
Column('ip', VARCHAR(45), nullable=False))
meta.create_all(db.connect())
def handle_authorize(remote, token, user_info):
if user_info:
try:
provider = remote if isinstance(remote, str) else remote.name
user_id = _handle_user_auth(user_info, provider=provider)
touch(user_id)
session[f'{_d.x_prefix}user_id'] = user_id
session[f'{_d.x_prefix}user_picture'] = user_info.picture
session[f'{_d.x_prefix}user_name'] = _get_oauth_user_name(
user_info, provider)
session[f'{_d.x_prefix}user_confirmed'] = True
_call_handler('account.login', user_id=user_id)
_log_user_event(f'account.login:{provider}')
return redirect(_next_uri())
except ResourceAlreadyExists:
response = _call_handler('exception.provider_exists')
return response if response else Response(
'oauth provider is already ' +
'registered for another account',
status=409)
except AccessDenied:
response = _call_handler('exception.registration_denied')
return response if response else Response(
'account registration is disabled', status=403)
# session.permanent = True
else:
response = _call_handler('exception.provider_failed')
return response if response else Response('forbidden', status=403)
def google_login():
redirect_uri = url_for(f'{_d.dot_prefix}google.auth', _external=True)
return oauth.google.authorize_redirect(redirect_uri)
def google_auth():
token = oauth.google.authorize_access_token()
user_info = oauth.google.parse_id_token(token)
return handle_authorize('google', token, user_info)
for k in config:
app.config[k.upper().replace('-', '_')] = config_value(config=config,
config_path=k)
oauth = OAuth(app)
app.add_url_rule(f'{base_prefix}/logout',
f'{_d.dot_prefix}.logout',
logout,
methods=['GET'])
app.add_url_rule(f'{base_prefix}/confirm/<key>',
f'{_d.dot_prefix}confirm',
handle_confirm,
methods=['GET'])
for p in providers:
if p == 'google':
oauth.register(
'google',
server_metadata_url=
'https://accounts.google.com/.well-known/openid-configuration',
client_kwargs={'scope': 'openid profile'},
)
app.add_url_rule(f'{base_prefix}/google/login',
f'{_d.dot_prefix}google.login',
google_login,
methods=['GET'])
app.add_url_rule(f'{base_prefix}/google/auth',
f'{_d.dot_prefix}google.auth',
google_auth,
methods=['GET'])
else:
blueprint = loginpass.create_flask_blueprint(
_provider_mod[p], oauth, handle_authorize)
app.register_blueprint(blueprint, url_prefix=f'{base_prefix}/{p}')
init_db()
return
return callback
app = Flask(__name__)
if os.environ.get('ENABLE_CORS', config.ENABLE_CORS):
cors = CORS(app,
resources={
r"*": {
"origins":
os.environ.get('CORS_ORIGINS', config.CORS_ORIGINS)
}
})
from werkzeug.middleware.proxy_fix import ProxyFix
app.wsgi_app = WSGIRawBody(ProxyFix(app.wsgi_app))
app.debug = config.DEBUG
app.secret_key = config.FLASK_SESSION_SECRET_KEY
app.root_path = os.path.abspath(os.path.dirname(__file__))
if config.BUGSNAG_KEY:
import bugsnag
from bugsnag.flask import handle_exceptions
bugsnag.configure(
api_key=config.BUGSNAG_KEY,
project_root=app.root_path,
# 'production' is a magic string for bugsnag, rest are arbitrary
release_stage=config.REALM.replace("prod", "production"),
notify_release_stages=["production", "test"],
use_ssl=True)
from flask import Flask from werkzeug.middleware.proxy_fix import ProxyFix from zoo import api app = Flask(__name__) app.wsgi_app = ProxyFix(app.wsgi_app) api.init_app(app) app.run(debug=True)
def create_app(environment):
# Init flask
app = Flask(__name__, static_folder='./static',
template_folder='./templates')
# Init flask configurations.
app.config.from_object(config[environment])
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)
# Enabling the cross origin using the cors.
CORS(app)
# Attach celery
# celery.config_from_object(config[environment])
# Init flask Alembic
alembic.init_app(app)
# Init mailRedis
mail.init_app(app)
# Init SQLAlchemy.
with app.app_context():
db.init_app(app)
# Init Marshmallow.
with app.app_context():
ma.init_app(app)
# Init flask compress
with app.app_context():
compress.init_app(app)
# Init application migrations (Flask-Migrate and Flask-Script)
with app.app_context():
migrate.init_app(app, db)
with app.app_context():
manager.__init__(app)
manager.add_command('database', MigrateCommand)
# # Init Elasticsearch
# # with app.app_context():
# # es.init_app(app)
#
# Init Flask Cache
with app.app_context():
cache.init_app(app)
# Init Flask Redis
with app.app_context():
# redis.init_app(app)
cache.init_app(app)
# Init Flask apm for logging error on elasticsearch
# try:
# with app.app_context():
# apm.init_app(app)
# except Exception as e:
# print(str(e))
# Init Flask-Language
with app.app_context():
language.init_app(app)
@language.allowed_languages
def get_allowed_languages():
return ['en', 'fr']
@language.default_language
def get_default_language():
return 'en'
@app.route('/api/language')
def get_language():
return jsonify({
'language':str(current_language)
})
@app.route('/api/language', methods=['POST'])
def set_language():
req = request.get_json()
lang = req.get('language', None)
language.change_language(lang)
return jsonify({
'language': str(current_language)
})
# Importing and registering blueprints.
from .v1 import (v1)
app.register_blueprint(v1)
# Sample HTTP error handling
# Registering blueprints.
from .public import public_blueprint
app.register_blueprint(public_blueprint)
# Init server name to blueprint
# with app.app_context():
# assert url_for('api_v1.doc')
# Sample HTTP error handling
@app.errorhandler(404)
def not_found(error):
return render_template('v1/404.html'), 404
return app