Exemple #1
0
#! /usr/bin/env python
# -*- coding: utf-8 -*-
from werkzeug.middleware.proxy_fix import ProxyFix
from jarr.api import create_app

application = ProxyFix(create_app(), x_for=1, x_proto=1, x_host=1, x_port=1)
Exemple #2
0
def create_app(config_class=Config):
    app = Flask(__name__)
    app.config.from_object(config_class)
    app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1)

    db.init_app(app)
    migrate.init_app(app, db)
    login.init_app(app)
    mail.init_app(app)
    bootstrap.init_app(app)
    moment.init_app(app)

    app.elasticsearch = Elasticsearch([app.config['ELASTICSEARCH_URL']]) \
        if app.config['ELASTICSEARCH_URL'] else None

    from app.errors import bp as errors_bp
    app.register_blueprint(errors_bp)

    from app.auth import bp as auth_bp
    app.register_blueprint(auth_bp, url_prefix='/auth')

    from app.main import bp as main_bp
    app.register_blueprint(main_bp)

    from app.util import filters
    filters.register(app)

    app.redis = Redis.from_url(app.config['REDIS_URL'])
    app.task_queue = rq.Queue('microblog-tasks', connection=app.redis)

    from app.api import bp as api_bp
    app.register_blueprint(api_bp, url_prefix='/api')

    if not app.debug and not app.testing:
        if app.config['MAIL_SERVER']:
            auth = None
            if app.config['MAIL_USERNAME'] or app.config['MAIL_PASSWORD']:
                auth = (app.config['MAIL_USERNAME'],
                        app.config['MAIL_PASSWORD'])
            secure = None
            if app.config['MAIL_USE_TLS']:
                secure = ()
            mail_handler = SMTPHandler(
                mailhost=(app.config['MAIL_SERVER'], app.config['MAIL_PORT']),
                fromaddr='no-reply@' + app.config['MAIL_SERVER'],
                toaddrs=app.config['ADMINS'],
                subject='Microblog Failure',
                credentials=auth,
                secure=secure)
            mail_handler.setLevel(logging.ERROR)
            app.logger.addHandler(mail_handler)

        if app.config['LOG_TO_STDOUT']:
            stream_handler = logging.StreamHandler()
            stream_handler.setLevel(logging.INFO)
            app.logger.addHandler(stream_handler)
        else:
            if not os.path.exists('logs'):
                os.mkdir('logs')
            file_handler = RotatingFileHandler('logs/microblog.log',
                                               maxBytes=10240,
                                               backupCount=10)
            file_handler.setFormatter(
                logging.Formatter('%(asctime)s %(levelname)s: %(message)s '
                                  '[in %(pathname)s:%(lineno)d]'))
            file_handler.setLevel(logging.INFO)
            app.logger.addHandler(file_handler)

        app.logger.setLevel(logging.INFO)
        app.logger.info('Microblog startup')

        # if not os.path.exists('logs'):
        #     os.mkdir('logs')
        # file_handler = RotatingFileHandler('logs/microblog.log', maxBytes=10240,
        #                                    backupCount=10)
        # file_handler.setFormatter(logging.Formatter(
        #     '%(asctime)s %(levelname)s: %(message)s [in %(pathname)s:%(lineno)d]'))
        # file_handler.setLevel(logging.INFO)
        # app.logger.addHandler(file_handler)

    # create static directories
    try:
        os.makedirs('static/profile_photos')
    except FileExistsError:
        pass

    return app
Exemple #3
0
        "formatters": {"default": {"format": "[%(asctime)s] %(levelname)s in %(module)s: %(message)s"}},
        "handlers": {
            "console": {"class": "logging.StreamHandler", "formatter": "default", "level": "DEBUG"},
            "wsgi": {
                "class": "logging.StreamHandler",
                "stream": "ext://flask.logging.wsgi_errors_stream",
                "formatter": "default",
                "level": "DEBUG",
            },
        },
        "root": {"level": "DEBUG" if os.environ.get("FLASK_ENV") == "development" else "INFO", "handlers": ["wsgi"]},
    }
)

app = Flask(__name__)
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_port=1)
app.config.from_object("config")

session_obj = Session()
session_obj.init_app(app)


class Context:
    req = None
    auth = None


class SAMLView(views.MethodView):
    def __init__(self, saml_path):
        self.saml_path = saml_path
Exemple #4
0
from flask import Flask, json, render_template
import json, pytz, dateutil.parser, time, logging
from werkzeug.middleware.proxy_fix import ProxyFix
from cron import data_up, data_last, data_now, data_up, live_status
import cron

hanayori = Flask(__name__, static_url_path='/static')
hanayori.wsgi_app = ProxyFix(hanayori.wsgi_app)


@hanayori.route('/')
def main():
    return render_template('index.html')


@hanayori.route('/Upcome')
def up():
    return render_template('upcome.html',
                           title='Upcoming',
                           data=cron.data_up,
                           status=cron.live_status)


@hanayori.route('/Live')
def live():
    return render_template('live.html',
                           title='Live',
                           data=cron.data_now,
                           status=cron.live_status)

Exemple #5
0
dropzone = Dropzone(application)

# application.config['DROPZONE_UPLOAD_MULTIPLE'] = True
# application.config['DROPZONE_PARALLEL_UPLOADS'] = 3

DEVELOPMENT = os.environ.get('environment',
                             'production').lower() == 'development'

if not DEVELOPMENT and os.path.exists("/version"):
    PIPELINE_POSTFIX = "." + open("/version").read().strip()
else:
    PIPELINE_POSTFIX = ""

if not DEVELOPMENT:
    # In some setups this proved to be necessary for url_for() to pick up HTTPS
    application.wsgi_app = ProxyFix(application.wsgi_app, x_proto=1)

CORS(application)
application.config['SWAGGER'] = {
    'title':
    os.environ.get('APP_NAME', 'ifc-pipeline request API'),
    'openapi':
    '3.0.2',
    "specs": [
        {
            "version": "0.1",
            "title": os.environ.get('APP_NAME', 'ifc-pipeline request API'),
            "description": os.environ.get('APP_NAME',
                                          'ifc-pipeline request API'),
            "endpoint": "spec",
            "route": "/apispec",
Exemple #6
0
def create_app(config="CTFd.config.Config"):
    app = CTFdFlask(__name__)
    with app.app_context():
        app.config.from_object(config)

        app.theme_loader = ThemeLoader(os.path.join(app.root_path, "themes"),
                                       followlinks=True)
        # Weird nested solution for accessing plugin templates
        app.plugin_loader = jinja2.PrefixLoader({
            "plugins":
            jinja2.FileSystemLoader(searchpath=os.path.join(
                app.root_path, "plugins"),
                                    followlinks=True)
        })
        # Load from themes first but fallback to loading from the plugin folder
        app.jinja_loader = jinja2.ChoiceLoader(
            [app.theme_loader, app.plugin_loader])

        from CTFd.models import (  # noqa: F401
            db, Teams, Solves, Challenges, Fails, Flags, Tags, Files, Tracking,
        )

        url = create_database()

        # This allows any changes to the SQLALCHEMY_DATABASE_URI to get pushed back in
        # This is mostly so we can force MySQL's charset
        app.config["SQLALCHEMY_DATABASE_URI"] = str(url)

        # Register database
        db.init_app(app)

        # Register Flask-Migrate
        migrations.init_app(app, db)

        # Alembic sqlite support is lacking so we should just create_all anyway
        if url.drivername.startswith("sqlite"):
            # Enable foreign keys for SQLite. This must be before the
            # db.create_all call because tests use the in-memory SQLite
            # database (each connection, including db creation, is a new db).
            # https://docs.sqlalchemy.org/en/13/dialects/sqlite.html#foreign-key-support
            from sqlalchemy.engine import Engine
            from sqlalchemy import event

            @event.listens_for(Engine, "connect")
            def set_sqlite_pragma(dbapi_connection, connection_record):
                cursor = dbapi_connection.cursor()
                cursor.execute("PRAGMA foreign_keys=ON")
                cursor.close()

            db.create_all()
            stamp_latest_revision()
        else:
            # This creates tables instead of db.create_all()
            # Allows migrations to happen properly
            upgrade()

        from CTFd.models import ma

        ma.init_app(app)

        app.db = db
        app.VERSION = __version__
        app.CHANNEL = __channel__

        from CTFd.cache import cache

        cache.init_app(app)
        app.cache = cache

        reverse_proxy = app.config.get("REVERSE_PROXY")
        if reverse_proxy:
            if type(reverse_proxy) is str and "," in reverse_proxy:
                proxyfix_args = [int(i) for i in reverse_proxy.split(",")]
                app.wsgi_app = ProxyFix(app.wsgi_app, *proxyfix_args)
            else:
                app.wsgi_app = ProxyFix(app.wsgi_app,
                                        x_for=1,
                                        x_proto=1,
                                        x_host=1,
                                        x_port=1,
                                        x_prefix=1)

        version = utils.get_config("ctf_version")

        # Upgrading from an older version of CTFd
        if version and (StrictVersion(version) < StrictVersion(__version__)):
            if confirm_upgrade():
                run_upgrade()
            else:
                exit()

        if not version:
            utils.set_config("ctf_version", __version__)

        if not utils.get_config("ctf_theme"):
            utils.set_config("ctf_theme", "core")

        update_check(force=True)

        init_request_processors(app)
        init_template_filters(app)
        init_template_globals(app)

        # Importing here allows tests to use sensible names (e.g. api instead of api_bp)
        from CTFd.views import views
        from CTFd.teams import teams
        from CTFd.users import users
        from CTFd.challenges import challenges
        from CTFd.scoreboard import scoreboard
        from CTFd.auth import auth
        from CTFd.admin import admin
        from CTFd.api import api
        from CTFd.events import events
        from CTFd.errors import page_not_found, forbidden, general_error, gateway_error

        app.register_blueprint(views)
        app.register_blueprint(teams)
        app.register_blueprint(users)
        app.register_blueprint(challenges)
        app.register_blueprint(scoreboard)
        app.register_blueprint(auth)
        app.register_blueprint(api)
        app.register_blueprint(events)

        app.register_blueprint(admin)

        app.register_error_handler(404, page_not_found)
        app.register_error_handler(403, forbidden)
        app.register_error_handler(500, general_error)
        app.register_error_handler(502, gateway_error)

        init_logs(app)
        init_events(app)
        init_plugins(app)

        return app
Exemple #7
0
from app import app

from werkzeug.middleware.proxy_fix import ProxyFix
app = ProxyFix(app, x_for=1, x_host=1)

if __name__ == "__main__":
    app.run()
Exemple #8
0
 def __init__(self, config_dir=os.environ.get('HATTA_CONFIG_DIR')):
     ProxyFix.__init__(self, self.host_dispatcher_app, x_prefix=1)
     self.apps = {}
     self.load_config_files(config_dir)
Exemple #9
0
def create_app(config=None, session=None, testing=False, app_name="Airflow"):
    global app, appbuilder
    app = Flask(__name__)
    if conf.getboolean('webserver', 'ENABLE_PROXY_FIX'):
        app.wsgi_app = ProxyFix(
            app.wsgi_app,
            num_proxies=None,
            x_for=1,
            x_proto=1,
            x_host=1,
            x_port=1,
            x_prefix=1
        )
    app.secret_key = conf.get('webserver', 'SECRET_KEY')

    app.config.from_pyfile(settings.WEBSERVER_CONFIG, silent=True)
    app.config['APP_NAME'] = app_name
    app.config['TESTING'] = testing
    app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

    app.config['SESSION_COOKIE_HTTPONLY'] = True
    app.config['SESSION_COOKIE_SECURE'] = conf.getboolean('webserver', 'COOKIE_SECURE')
    app.config['SESSION_COOKIE_SAMESITE'] = conf.get('webserver', 'COOKIE_SAMESITE')

    if config:
        app.config.from_mapping(config)

    # Configure the JSON encoder used by `|tojson` filter from Flask
    app.json_encoder = AirflowJsonEncoder

    csrf.init_app(app)

    db = SQLA(app)

    from airflow import api
    api.load_auth()
    api.API_AUTH.api_auth.init_app(app)

    # flake8: noqa: F841
    cache = Cache(app=app, config={'CACHE_TYPE': 'filesystem', 'CACHE_DIR': '/tmp'})

    from airflow.www.blueprints import routes
    app.register_blueprint(routes)

    configure_logging()
    configure_manifest_files(app)

    with app.app_context():

        from airflow.www.security import AirflowSecurityManager
        security_manager_class = app.config.get('SECURITY_MANAGER_CLASS') or \
            AirflowSecurityManager

        if not issubclass(security_manager_class, AirflowSecurityManager):
            raise Exception(
                """Your CUSTOM_SECURITY_MANAGER must now extend AirflowSecurityManager,
                 not FAB's security manager.""")

        appbuilder = AppBuilder(
            app,
            db.session if not session else session,
            security_manager_class=security_manager_class,
            base_template='appbuilder/baselayout.html')

        def init_views(appbuilder):
            from airflow.www import views
            appbuilder.add_view_no_menu(views.Airflow())
            appbuilder.add_view_no_menu(views.DagModelView())
            appbuilder.add_view_no_menu(views.ConfigurationView())
            appbuilder.add_view_no_menu(views.VersionView())
            appbuilder.add_view(views.DagRunModelView,
                                "DAG Runs",
                                category="Browse",
                                category_icon="fa-globe")
            appbuilder.add_view(views.JobModelView,
                                "Jobs",
                                category="Browse")
            appbuilder.add_view(views.LogModelView,
                                "Logs",
                                category="Browse")
            appbuilder.add_view(views.SlaMissModelView,
                                "SLA Misses",
                                category="Browse")
            appbuilder.add_view(views.TaskInstanceModelView,
                                "Task Instances",
                                category="Browse")
            appbuilder.add_link("Configurations",
                                href='/configuration',
                                category="Admin",
                                category_icon="fa-user")
            appbuilder.add_view(views.ConnectionModelView,
                                "Connections",
                                category="Admin")
            appbuilder.add_view(views.PoolModelView,
                                "Pools",
                                category="Admin")
            appbuilder.add_view(views.VariableModelView,
                                "Variables",
                                category="Admin")
            appbuilder.add_view(views.XComModelView,
                                "XComs",
                                category="Admin")
            appbuilder.add_link("Documentation",
                                href='https://airflow.apache.org/',
                                category="Docs",
                                category_icon="fa-cube")
            appbuilder.add_link("GitHub",
                                href='https://github.com/apache/airflow',
                                category="Docs")
            appbuilder.add_link('Version',
                                href='/version',
                                category='About',
                                category_icon='fa-th')

            def integrate_plugins():
                """Integrate plugins to the context"""
                from airflow.plugins_manager import (
                    flask_appbuilder_views, flask_appbuilder_menu_links
                )

                for v in flask_appbuilder_views:
                    log.debug("Adding view %s", v["name"])
                    appbuilder.add_view(v["view"],
                                        v["name"],
                                        category=v["category"])
                for ml in sorted(flask_appbuilder_menu_links, key=lambda x: x["name"]):
                    log.debug("Adding menu link %s", ml["name"])
                    appbuilder.add_link(ml["name"],
                                        href=ml["href"],
                                        category=ml["category"],
                                        category_icon=ml["category_icon"])

            integrate_plugins()
            # Garbage collect old permissions/views after they have been modified.
            # Otherwise, when the name of a view or menu is changed, the framework
            # will add the new Views and Menus names to the backend, but will not
            # delete the old ones.

        def init_plugin_blueprints(app):
            from airflow.plugins_manager import flask_blueprints

            for bp in flask_blueprints:
                log.debug("Adding blueprint %s:%s", bp["name"], bp["blueprint"].import_name)
                app.register_blueprint(bp["blueprint"])

        init_views(appbuilder)
        init_plugin_blueprints(app)

        security_manager = appbuilder.sm
        security_manager.sync_roles()

        from airflow.www.api.experimental import endpoints as e
        # required for testing purposes otherwise the module retains
        # a link to the default_auth
        if app.config['TESTING']:
            import importlib
            importlib.reload(e)

        app.register_blueprint(e.api_experimental, url_prefix='/api/experimental')

        @app.context_processor
        def jinja_globals():
            return {
                'hostname': socket.getfqdn(),
                'navbar_color': conf.get('webserver', 'NAVBAR_COLOR'),
            }

        @app.teardown_appcontext
        def shutdown_session(exception=None):
            settings.Session.remove()

    return app, appbuilder
Exemple #10
0
def create_app(config=None, testing=False):
    app = Flask(__name__)
    if conf.getboolean('webserver', 'ENABLE_PROXY_FIX'):
        app.wsgi_app = ProxyFix(app.wsgi_app,
                                num_proxies=conf.get("webserver",
                                                     "PROXY_FIX_NUM_PROXIES",
                                                     fallback=None),
                                x_for=conf.get("webserver",
                                               "PROXY_FIX_X_FOR",
                                               fallback=1),
                                x_proto=conf.get("webserver",
                                                 "PROXY_FIX_X_PROTO",
                                                 fallback=1),
                                x_host=conf.get("webserver",
                                                "PROXY_FIX_X_HOST",
                                                fallback=1),
                                x_port=conf.get("webserver",
                                                "PROXY_FIX_X_PORT",
                                                fallback=1),
                                x_prefix=conf.get("webserver",
                                                  "PROXY_FIX_X_PREFIX",
                                                  fallback=1))
    app.secret_key = conf.get('webserver', 'SECRET_KEY')
    app.config['LOGIN_DISABLED'] = not conf.getboolean('webserver',
                                                       'AUTHENTICATE')

    app.config['SESSION_COOKIE_HTTPONLY'] = True
    app.config['SESSION_COOKIE_SECURE'] = conf.getboolean(
        'webserver', 'COOKIE_SECURE')
    app.config['SESSION_COOKIE_SAMESITE'] = conf.get('webserver',
                                                     'COOKIE_SAMESITE')

    if config:
        app.config.from_mapping(config)

    csrf.init_app(app)

    app.config['TESTING'] = testing

    airflow.load_login()
    airflow.login.LOGIN_MANAGER.init_app(app)

    from airflow import api
    api.load_auth()
    api.API_AUTH.api_auth.init_app(app)

    # flake8: noqa: F841
    cache = Cache(app=app,
                  config={
                      'CACHE_TYPE': 'filesystem',
                      'CACHE_DIR': '/tmp'
                  })

    app.register_blueprint(routes)

    configure_logging()

    with app.app_context():
        from airflow.www import views

        admin = Admin(
            app,
            name='Airflow',
            static_url_path='/admin',
            index_view=views.HomeView(endpoint='', url='/admin', name="DAGs"),
            template_mode='bootstrap3',
        )
        av = admin.add_view
        vs = views
        av(vs.Airflow(name='DAGs', category='DAGs'))

        if not conf.getboolean('core', 'secure_mode'):
            av(vs.QueryView(name='Ad Hoc Query', category="Data Profiling"))
            av(
                vs.ChartModelView(models.Chart,
                                  Session,
                                  name="Charts",
                                  category="Data Profiling"))
        av(
            vs.KnownEventView(models.KnownEvent,
                              Session,
                              name="Known Events",
                              category="Data Profiling"))
        av(
            vs.SlaMissModelView(models.SlaMiss,
                                Session,
                                name="SLA Misses",
                                category="Browse"))
        av(
            vs.TaskInstanceModelView(models.TaskInstance,
                                     Session,
                                     name="Task Instances",
                                     category="Browse"))
        av(vs.LogModelView(models.Log, Session, name="Logs",
                           category="Browse"))
        av(
            vs.JobModelView(jobs.BaseJob,
                            Session,
                            name="Jobs",
                            category="Browse"))
        av(
            vs.PoolModelView(models.Pool,
                             Session,
                             name="Pools",
                             category="Admin"))
        av(vs.ConfigurationView(name='Configuration', category="Admin"))
        av(
            vs.UserModelView(models.User,
                             Session,
                             name="Users",
                             category="Admin"))
        av(
            vs.ConnectionModelView(Connection,
                                   Session,
                                   name="Connections",
                                   category="Admin"))
        av(
            vs.VariableView(models.Variable,
                            Session,
                            name="Variables",
                            category="Admin"))
        av(vs.XComView(models.XCom, Session, name="XComs", category="Admin"))

        if "dev" in version.version:
            airflow_doc_site = "https://airflow.readthedocs.io/en/latest"
        else:
            airflow_doc_site = 'https://airflow.apache.org/docs/{}'.format(
                version.version)

        admin.add_link(
            base.MenuLink(category='Docs',
                          name='Documentation',
                          url=airflow_doc_site))
        admin.add_link(
            base.MenuLink(category='Docs',
                          name='GitHub',
                          url='https://github.com/apache/airflow'))

        av(vs.VersionView(name='Version', category="About"))

        av(
            vs.DagRunModelView(models.DagRun,
                               Session,
                               name="DAG Runs",
                               category="Browse"))
        av(vs.DagModelView(models.DagModel, Session, name=None))
        # Hack to not add this view to the menu
        admin._menu = admin._menu[:-1]

        def integrate_plugins():
            """Integrate plugins to the context"""
            log = LoggingMixin().log
            from airflow.plugins_manager import (admin_views, flask_blueprints,
                                                 menu_links)
            for v in admin_views:
                log.debug('Adding view %s', v.name)
                admin.add_view(v)
            for bp in flask_blueprints:
                log.debug("Adding blueprint %s:%s", bp["name"],
                          bp["blueprint"].import_name)
                app.register_blueprint(bp["blueprint"])
            for ml in sorted(menu_links, key=lambda x: x.name):
                log.debug('Adding menu link %s', ml.name)
                admin.add_link(ml)

        integrate_plugins()

        import airflow.www.api.experimental.endpoints as e
        # required for testing purposes otherwise the module retains
        # a link to the default_auth
        if app.config['TESTING']:
            six.moves.reload_module(e)

        app.register_blueprint(e.api_experimental,
                               url_prefix='/api/experimental')

        @app.context_processor
        def jinja_globals():
            return {
                'hostname': get_hostname(),
                'navbar_color': conf.get('webserver', 'NAVBAR_COLOR'),
            }

        @app.teardown_appcontext
        def shutdown_session(exception=None):
            settings.Session.remove()

        return app
Exemple #11
0
from database import Base, create_session
from decorators import template_renderer
from log_configuration import LogConfiguration
from mailer import Mailer
from mod_auth.controllers import mod_auth
from mod_ci.controllers import mod_ci
from mod_customized.controllers import mod_customized
from mod_deploy.controllers import mod_deploy
from mod_home.controllers import mod_home
from mod_regression.controllers import mod_regression
from mod_sample.controllers import mod_sample
from mod_test.controllers import mod_test
from mod_upload.controllers import mod_upload

app = Flask(__name__)
app.wsgi_app = ProxyFix(app.wsgi_app)  # type: ignore
# Load config
try:
    config = parse_config('config')
except ImportStringError:
    traceback.print_exc()
    raise MissingConfigError()

app.config.from_mapping(config)
try:
    app.config['DEBUG'] = os.environ['DEBUG']
except KeyError:
    app.config['DEBUG'] = False

# embed flask-migrate in the app itself
try:
Exemple #12
0
def start():
    """
    Starts up a HTTP server attached to the provider port, and optionally
    in development mode (which is ideal for local development but unideal
    for production use).
    """
    parser = argparse.ArgumentParser(
        description='Starts your application\'s HTTP server.')
    parser.add_argument('--port',
                        '-p',
                        help='The port to listen on',
                        default=8000)
    parser.add_argument(
        '--prod',
        help='If specified the server is started in production mode, where ' +
        'the server isn\'t restarted as changes to the source code occur.',
        action='store_true')
    args = parser.parse_args()

    # Locally we don't specify any handlers, which causes `basicConfig` to set
    # up one for us that writes human readable messages.
    handlers = None

    # If we're in production we setup a handler that writes JSON log messages
    # in a format that Google likes.
    if args.prod:
        json_handler = logging.StreamHandler()
        json_handler.setFormatter(StackdriverJsonFormatter())
        handlers = [json_handler]

    logging.basicConfig(level=os.environ.get('LOG_LEVEL',
                                             default=logging.INFO),
                        handlers=handlers)
    logger = logging.getLogger()
    logger.debug("AHOY! Let's get this boat out to water...")

    app = Flask("app")

    # Bind the API functionality to our application. You can add additional
    # API endpoints by editing api.py.
    logger.debug("Starting: init API...")
    app.register_blueprint(create_api(), url_prefix='/')
    logger.debug("Complete: init API...")

    # In production we use a HTTP server appropriate for production.
    if args.prod:
        logger.debug("Starting: gevent.WSGIServer...")
        # There are two proxies -- the one that's run as a sibling of this process, and
        # the Ingress controller that runs on the cluster.
        # See: https://skiff.allenai.org/templates.html
        num_proxies = 2
        proxied_app = ProxyFix(app,
                               x_for=num_proxies,
                               x_proto=num_proxies,
                               x_host=num_proxies,
                               x_port=num_proxies)
        http_server = WSGIServer(('0.0.0.0', args.port),
                                 proxied_app,
                                 log=logger,
                                 error_log=logger)
        app.logger.info(f'Server listening at http://0.0.0.0:{args.port}')
        http_server.serve_forever()
    else:
        logger.debug("Starting: Flask development server...")
        num_proxies = 1
        proxied_app = ProxyFix(app,
                               x_for=num_proxies,
                               x_proto=num_proxies,
                               x_host=num_proxies,
                               x_port=num_proxies)
        app.run(host='0.0.0.0', port=args.port)
Exemple #13
0
from werkzeug.middleware.proxy_fix import ProxyFix

from app import create_app

from dotenv import load_dotenv

load_dotenv()

sentry_sdk.init(dsn=os.environ.get('SENTRY_URL', ''),
                integrations=[
                    CeleryIntegration(),
                    FlaskIntegration(),
                    RedisIntegration(),
                    SqlalchemyIntegration()
                ],
                release="notify-api@" + os.environ.get('GIT_SHA', ''))

application = Flask('api')
application.wsgi_app = ProxyFix(application.wsgi_app)
create_app(application)

if os.environ.get('USE_LOCAL_JINJA_TEMPLATES') == 'True':
    print('')
    print('========================================================')
    print('')
    print('WARNING: USING LOCAL JINJA from /jinja_templates FOLDER!')
    print('.env USE_LOCAL_JINJA_TEMPLATES=True')
    print('')
    print('========================================================')
    print('')
Exemple #14
0
def create_app(test_config: dict = None) -> Flask:
    app = Flask(__name__)

    # for usage with proxies
    app.wsgi_app = ProxyFix(app.wsgi_app)

    if test_config is not None:
        app.config.from_mapping(test_config)

    app.config.update(
        ((v[6:], os.environ[v]) for v in os.environ if v[:6] == "FLASK_"))

    print([(v[6:], os.environ[v]) for v in os.environ if v[:6] == "FLASK_"])

    from .app_view import AppRouteView, response
    from . import auth, models, content_manager
    for item in [auth, models, content_manager]:
        if getattr(item, "init_app", None) is not None:
            item.init_app(app)
        if getattr(item, "blueprint", None) is not None:
            app.register_blueprint(item.blueprint)

    if app.config["SQLALCHEMY_DATABASE_URI"][-8:] == ":memory:":
        with app.app_context():
            models.db.create_all()

    if (app.config["ENV"] == "production"
            and app.config.get("PROXY_MODE") is None):
        # require HTTPS in production, do not require in development
        @app.before_request
        def redirect_insecure():
            if not request.is_secure:
                return redirect(request.url.replace("http", "https", 1))

    @app.errorhandler(403)
    def not_authorized(e):
        return render_template("errors/_403.html"), 403

    @app.errorhandler(gs.e.FormError)
    def form_error(e):
        status_code = 400
        value = response("Error for form submission (%s)" % e,
                         payload={
                             "type": str(type(e)),
                             "msg": str(e)
                         },
                         status_code=status_code)

        # return a JSON payload for a FormError
        if request.is_json:
            return jsonify(value), status_code

        # redirect to the current page, clears the form and allows refreshing
        return redirect(request.url_rule.rule)

    class Index(AppRouteView):
        """
        mediaPanel dashboard index page.

        HTML version contains a device status (online/offline/out of date), an
        expiring/upcoming ads overview, an upcoming calendar and events
        overview, and a storage space overview.
        """

        decorators = [auth.login_redirect]
        template_name = "index.html"

        def get_device_stats(self, data):
            now = datetime.now()
            devices = []
            online = []
            offline = []
            out_of_date = []

            for device in g.user.allowed_devices:
                last_ping = device.last_ping
                storage_percentage = 1 - device.free_disk / device.total_disk
                offline_delta = now - last_ping
                offline_for = human_readable_timedelta(offline_delta)

                version_numbers = device.system_version.split(".")
                version = (version_numbers[0] +
                           version_numbers[1].rjust(2, "0") +
                           version_numbers[2].rjust(2, "0"))

                device_json = {
                    "device_id": device.device_id,
                    "nickname": device.nickname,
                    "system_version": version,
                    "offline_for": offline_for,
                    "last_ping": last_ping.timestamp(),
                    "storage_percentage": storage_percentage * 100,
                }
                devices.append(device_json)

                # Sorting online vs offline
                if offline_delta.days or offline_delta.seconds > 300:
                    offline.append(device_json)
                else:
                    online.append(device_json)

                # List of out of date devices
                if version < data["current_version"]:
                    out_of_date.append(device_json)

            return devices, online, offline, out_of_date

        def populate(self):
            now = datetime.now()
            data = {
                "current_time": int(now.timestamp()),
                "current_version": "60708",  # ::TODO:: get from VERSION.json?
            }

            # Get device information {{{
            devices, online, offline, out_of_date = self.get_device_stats(data)

            data["devices"] = devices
            data["online"] = online
            data["offline"] = offline
            data["out_of_date"] = out_of_date
            # }}}

            # Get ads information {{{
            try:
                client_id = g.client.client_id
                ads_mgr = StorageManager("media_scheduler", "index", client_id)
                ads_report = ads_mgr.load()
                expiring = ads_report["expiring"]
                upcoming = ads_report["upcoming"]
                data["ads"] = {
                    "expiring": expiring,
                    "upcoming": upcoming,
                }
            except IOError as e:
                # Any IO error from StorageManager loading the files
                logging.error("No ads report found: %r", e)
            finally:
                if "ads" not in data:
                    data["ads"] = {"expiring_ads": [], "upcoming_ads": []}
            # }}}

            # Get upcoming calendar and events {{{
            # TODO applet-ify
            upcoming_events = []
            upcoming_range = timedelta(days=30)
            for device in devices:
                try:
                    event_config = EventsConfig.from_v6_id(
                        g.client.client_id,
                        device["device_id"],
                        base_path=app.config["RESOURCES_FOLDER"])
                except FileNotFoundError:
                    # Expected if a device has no events
                    logging.debug("Could not find events for: %s",
                                  device["device_id"])
                    continue
                except IOError as e:
                    logging.error("Could not load events for %s: %r",
                                  device["device_id"], e)
                    continue
                for event_name, event in event_config.events.items():
                    for person, date in event.events:
                        event_range = date.replace(year=now.year) - now.date()
                        if timedelta(0) < event_range < upcoming_range:
                            upcoming_events.append((event_name, person.name,
                                                    date.strftime("%B %d")))
            data["events"] = {"upcoming_events": upcoming_events}
            # }}}

            return data

    app.add_url_rule("/", view_func=Index.as_view("index"))

    return app
Exemple #15
0
def create_app(config=None):
    from . import models, routes, services
    from .assets import assets
    app = Flask(__name__)

    # Read log level from environment variable
    log_level_name = os.environ.get('PDNS_ADMIN_LOG_LEVEL', 'WARNING')
    log_level = logging.getLevelName(log_level_name.upper())
    # Setting logger
    logging.basicConfig(
        level=log_level,
        format=
        "[%(asctime)s] [%(filename)s:%(lineno)d] %(levelname)s - %(message)s")

    # If we use Docker + Gunicorn, adjust the
    # log handler
    if "GUNICORN_LOGLEVEL" in os.environ:
        gunicorn_logger = logging.getLogger("gunicorn.error")
        app.logger.handlers = gunicorn_logger.handlers
        app.logger.setLevel(gunicorn_logger.level)

    # Proxy
    app.wsgi_app = ProxyFix(app.wsgi_app)

    # CSRF protection
    csrf = SeaSurf(app)
    csrf.exempt(routes.index.dyndns_checkip)
    csrf.exempt(routes.index.dyndns_update)
    csrf.exempt(routes.index.saml_authorized)
    csrf.exempt(routes.api.api_login_create_zone)
    csrf.exempt(routes.api.api_login_delete_zone)
    csrf.exempt(routes.api.api_generate_apikey)
    csrf.exempt(routes.api.api_delete_apikey)
    csrf.exempt(routes.api.api_update_apikey)
    csrf.exempt(routes.api.api_zone_subpath_forward)
    csrf.exempt(routes.api.api_zone_forward)
    csrf.exempt(routes.api.api_create_zone)

    # Load config from env variables if using docker
    if os.path.exists(os.path.join(app.root_path, 'docker_config.py')):
        app.config.from_object('powerdnsadmin.docker_config')
    else:
        # Load default configuration
        app.config.from_object('powerdnsadmin.default_config')

    # Load config file from FLASK_CONF env variable
    if 'FLASK_CONF' in os.environ:
        app.config.from_envvar('FLASK_CONF')

    # Load app sepecified configuration
    if config is not None:
        if isinstance(config, dict):
            app.config.update(config)
        elif config.endswith('.py'):
            app.config.from_pyfile(config)

    # HSTS
    if app.config.get('HSTS_ENABLED'):
        from flask_sslify import SSLify
        _sslify = SSLify(app)  # lgtm [py/unused-local-variable]

    # SMTP
    app.mail = Mail(app)

    # Load app's components
    assets.init_app(app)
    models.init_app(app)
    routes.init_app(app)
    services.init_app(app)

    # Register filters
    app.jinja_env.filters['display_record_name'] = utils.display_record_name
    app.jinja_env.filters['display_master_name'] = utils.display_master_name
    app.jinja_env.filters['display_second_to_time'] = utils.display_time
    app.jinja_env.filters[
        'email_to_gravatar_url'] = utils.email_to_gravatar_url
    app.jinja_env.filters[
        'display_setting_state'] = utils.display_setting_state

    # Register context proccessors
    from .models.setting import Setting

    @app.context_processor
    def inject_sitename():
        setting = Setting().get('site_name')
        return dict(SITE_NAME=setting)

    @app.context_processor
    def inject_setting():
        setting = Setting()
        return dict(SETTING=setting)

    @app.context_processor
    def inject_mode():
        setting = app.config.get('OFFLINE_MODE', False)
        return dict(OFFLINE_MODE=setting)

    return app
Exemple #16
0
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Script-Name /myprefix;
        }

    :param app: the WSGI application
    '''
    def __init__(self, app):
        self.app = app

    def __call__(self, environ, start_response):
        script_name = environ.get('HTTP_X_SCRIPT_NAME', '')
        if script_name:
            environ['SCRIPT_NAME'] = script_name
            path_info = environ['PATH_INFO']
            if path_info.startswith(script_name):
                environ['PATH_INFO'] = path_info[len(script_name):]

        scheme = environ.get('HTTP_X_SCHEME', '')
        if scheme:
            environ['wsgi.url_scheme'] = scheme
        return self.app(environ, start_response)


application = app
# patch app to handle non root url-s behind proxy & wsgi
app.wsgi_app = ReverseProxyPathFix(ProxyFix(application.wsgi_app))

if __name__ == "__main__":
    run()
Exemple #17
0
def create_app(config=None, session=None, testing=False, app_name="Airflow"):
    global app, appbuilder
    app = Flask(__name__)
    if conf.getboolean('webserver', 'ENABLE_PROXY_FIX'):
        app.wsgi_app = ProxyFix(app.wsgi_app,
                                x_for=conf.getint("webserver",
                                                  "PROXY_FIX_X_FOR",
                                                  fallback=1),
                                x_proto=conf.getint("webserver",
                                                    "PROXY_FIX_X_PROTO",
                                                    fallback=1),
                                x_host=conf.getint("webserver",
                                                   "PROXY_FIX_X_HOST",
                                                   fallback=1),
                                x_port=conf.getint("webserver",
                                                   "PROXY_FIX_X_PORT",
                                                   fallback=1),
                                x_prefix=conf.getint("webserver",
                                                     "PROXY_FIX_X_PREFIX",
                                                     fallback=1))
    app.secret_key = conf.get('webserver', 'SECRET_KEY')

    session_lifetime_days = conf.getint('webserver',
                                        'SESSION_LIFETIME_DAYS',
                                        fallback=30)
    app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(
        days=session_lifetime_days)

    app.config.from_pyfile(settings.WEBSERVER_CONFIG, silent=True)
    app.config['APP_NAME'] = app_name
    app.config['TESTING'] = testing
    app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False

    app.config['SESSION_COOKIE_HTTPONLY'] = True
    app.config['SESSION_COOKIE_SECURE'] = conf.getboolean(
        'webserver', 'COOKIE_SECURE')
    app.config['SESSION_COOKIE_SAMESITE'] = conf.get('webserver',
                                                     'COOKIE_SAMESITE')

    if config:
        app.config.from_mapping(config)

    # Configure the JSON encoder used by `|tojson` filter from Flask
    app.json_encoder = AirflowJsonEncoder

    csrf.init_app(app)

    db = SQLA(app)

    from airflow import api
    api.load_auth()
    api.API_AUTH.api_auth.init_app(app)

    Cache(app=app, config={'CACHE_TYPE': 'filesystem', 'CACHE_DIR': '/tmp'})

    from airflow.www.blueprints import routes
    app.register_blueprint(routes)

    configure_logging()
    configure_manifest_files(app)

    with app.app_context():
        from airflow.www.security import AirflowSecurityManager
        security_manager_class = app.config.get('SECURITY_MANAGER_CLASS') or \
            AirflowSecurityManager

        if not issubclass(security_manager_class, AirflowSecurityManager):
            raise Exception(
                """Your CUSTOM_SECURITY_MANAGER must now extend AirflowSecurityManager,
                 not FAB's security manager.""")

        appbuilder = AppBuilder(app,
                                db.session if not session else session,
                                security_manager_class=security_manager_class,
                                base_template='airflow/master.html',
                                update_perms=conf.getboolean(
                                    'webserver', 'UPDATE_FAB_PERMS'))

        def init_views(appbuilder):
            from airflow.www import views
            # Remove the session from scoped_session registry to avoid
            # reusing a session with a disconnected connection
            appbuilder.session.remove()
            appbuilder.add_view_no_menu(views.Airflow())
            appbuilder.add_view_no_menu(views.DagModelView())
            appbuilder.add_view(views.DagRunModelView,
                                "DAG Runs",
                                category="Browse",
                                category_icon="fa-globe")
            appbuilder.add_view(views.JobModelView, "Jobs", category="Browse")
            appbuilder.add_view(views.LogModelView, "Logs", category="Browse")
            appbuilder.add_view(views.SlaMissModelView,
                                "SLA Misses",
                                category="Browse")
            appbuilder.add_view(views.TaskInstanceModelView,
                                "Task Instances",
                                category="Browse")
            appbuilder.add_view(views.ConfigurationView,
                                "Configurations",
                                category="Admin",
                                category_icon="fa-user")
            appbuilder.add_view(views.ConnectionModelView,
                                "Connections",
                                category="Admin")
            appbuilder.add_view(views.PoolModelView, "Pools", category="Admin")
            appbuilder.add_view(views.VariableModelView,
                                "Variables",
                                category="Admin")
            appbuilder.add_view(views.XComModelView, "XComs", category="Admin")

            if "dev" in version.version:
                airflow_doc_site = "https://airflow.readthedocs.io/en/latest"
            else:
                airflow_doc_site = 'https://airflow.apache.org/docs/{}'.format(
                    version.version)

            appbuilder.add_link("Website",
                                href='https://airflow.apache.org',
                                category="Docs",
                                category_icon="fa-globe")
            appbuilder.add_link("Documentation",
                                href=airflow_doc_site,
                                category="Docs",
                                category_icon="fa-cube")
            appbuilder.add_link("GitHub",
                                href='https://github.com/apache/airflow',
                                category="Docs")
            appbuilder.add_view(views.VersionView,
                                'Version',
                                category='About',
                                category_icon='fa-th')

            def integrate_plugins():
                """Integrate plugins to the context"""
                from airflow import plugins_manager

                plugins_manager.ensure_plugins_loaded()

                for v in plugins_manager.flask_appbuilder_views:
                    log.debug("Adding view %s", v["name"])
                    appbuilder.add_view(v["view"],
                                        v["name"],
                                        category=v["category"])
                for ml in sorted(plugins_manager.flask_appbuilder_menu_links,
                                 key=lambda x: x["name"]):
                    log.debug("Adding menu link %s", ml["name"])
                    appbuilder.add_link(ml["name"],
                                        href=ml["href"],
                                        category=ml["category"],
                                        category_icon=ml["category_icon"])

            integrate_plugins()
            # Garbage collect old permissions/views after they have been modified.
            # Otherwise, when the name of a view or menu is changed, the framework
            # will add the new Views and Menus names to the backend, but will not
            # delete the old ones.

        def init_plugin_blueprints(app):
            from airflow.plugins_manager import flask_blueprints

            for bp in flask_blueprints:
                log.debug("Adding blueprint %s:%s", bp["name"],
                          bp["blueprint"].import_name)
                app.register_blueprint(bp["blueprint"])

        init_views(appbuilder)
        init_plugin_blueprints(app)

        if conf.getboolean('webserver', 'UPDATE_FAB_PERMS'):
            security_manager = appbuilder.sm
            security_manager.sync_roles()

        from airflow.www.api.experimental import endpoints as e
        # required for testing purposes otherwise the module retains
        # a link to the default_auth
        if app.config['TESTING']:
            import importlib
            importlib.reload(e)

        app.register_blueprint(e.api_experimental,
                               url_prefix='/api/experimental')

        @app.context_processor
        def jinja_globals():  # pylint: disable=unused-variable

            globals = {
                'hostname':
                socket.getfqdn() if conf.getboolean(
                    'webserver', 'EXPOSE_HOSTNAME', fallback=True) else
                'redact',
                'navbar_color':
                conf.get('webserver', 'NAVBAR_COLOR'),
                'log_fetch_delay_sec':
                conf.getint('webserver', 'log_fetch_delay_sec', fallback=2),
                'log_auto_tailing_offset':
                conf.getint('webserver',
                            'log_auto_tailing_offset',
                            fallback=30),
                'log_animation_speed':
                conf.getint('webserver', 'log_animation_speed', fallback=1000)
            }

            if 'analytics_tool' in conf.getsection('webserver'):
                globals.update({
                    'analytics_tool':
                    conf.get('webserver', 'ANALYTICS_TOOL'),
                    'analytics_id':
                    conf.get('webserver', 'ANALYTICS_ID')
                })

            return globals

        @app.before_request
        def before_request():
            _force_log_out_after = conf.getint('webserver',
                                               'FORCE_LOG_OUT_AFTER',
                                               fallback=0)
            if _force_log_out_after > 0:
                flask.session.permanent = True
                app.permanent_session_lifetime = datetime.timedelta(
                    minutes=_force_log_out_after)
                flask.session.modified = True
                flask.g.user = flask_login.current_user

        @app.after_request
        def apply_caching(response):
            _x_frame_enabled = conf.getboolean('webserver',
                                               'X_FRAME_ENABLED',
                                               fallback=True)
            if not _x_frame_enabled:
                response.headers["X-Frame-Options"] = "DENY"
            return response

        @app.teardown_appcontext
        def shutdown_session(exception=None):  # pylint: disable=unused-variable
            settings.Session.remove()

        @app.before_request
        def make_session_permanent():
            flask_session.permanent = True

    return app, appbuilder
Exemple #18
0
    def init_app(cls, app):
        Config.init_app(app)

        from werkzeug.middleware.proxy_fix import ProxyFix
        app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_port=1)
Exemple #19
0

##############
# Server
#   imports move to top of file
################
app = Flask(__name__)
app.secret_key = os.environ.get("SECRET_KEY") or os.urandom(24)

oauth = OAuth(app)
ip_ban = IpBan(ban_seconds=200)
ip_ban.init_app(app)
blockip = os.getenv("blockip")
if blockip:
    ip_ban.block(blockip)
app.wsgi_app = ProxyFix(app.wsgi_app, x_prefix=1)


###
## Auth
#########
def login_required(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        # if g.user is None:
        if (AUTH_MODE == 'service'):
            if session.get('token') is None:
                return redirect(url_for('login', next=request.url))
        else:
            session['token'] = AUTH_TOKEN
            session['user'] = AUTH_USER
Exemple #20
0
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import Session, sessionmaker, scoped_session
from sqlalchemy import *
from sqlalchemy.pool import QueuePool
import threading
import requests
import random

from redis import BlockingConnectionPool

from werkzeug.middleware.proxy_fix import ProxyFix

_version = "2.18.0"

app = Flask(__name__, template_folder='./templates', static_folder='./static')
app.wsgi_app = ProxyFix(app.wsgi_app, num_proxies=2)

app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
app.config['DATABASE_URL'] = environ.get("DATABASE_CONNECTION_POOL_URL",
                                         environ.get("DATABASE_URL"))

app.config['SQLALCHEMY_READ_URIS'] = [
    environ.get("DATABASE_CONNECTION_POOL_READ_01_URL"),
    environ.get("DATABASE_CONNECTION_POOL_READ_02_URL"),
    environ.get("DATABASE_CONNECTION_POOL_READ_03_URL")
]

app.config['SECRET_KEY'] = environ.get('MASTER_KEY')
app.config["SERVER_NAME"] = environ.get("domain",
                                        environ.get("SERVER_NAME", None))
app.config["SESSION_COOKIE_NAME"] = "session_ruqqus"
Exemple #21
0
def create_app(config="CTFd.config.Config"):
    app = CTFdFlask(__name__)
    with app.app_context():
        app.config.from_object(config)

        theme_loader = ThemeLoader(
            os.path.join(app.root_path, "themes"), followlinks=True
        )
        app.jinja_loader = theme_loader

        from CTFd.models import (  # noqa: F401
            db,
            Teams,
            Solves,
            Challenges,
            Fails,
            Flags,
            Tags,
            Files,
            Tracking,
        )

        url = create_database()

        # This allows any changes to the SQLALCHEMY_DATABASE_URI to get pushed back in
        # This is mostly so we can force MySQL's charset
        app.config["SQLALCHEMY_DATABASE_URI"] = str(url)

        # Register database
        db.init_app(app)

        # Register Flask-Migrate
        migrations.init_app(app, db)

        # Alembic sqlite support is lacking so we should just create_all anyway
        if url.drivername.startswith("sqlite"):
            db.create_all()
            stamp_latest_revision()
        else:
            # This creates tables instead of db.create_all()
            # Allows migrations to happen properly
            upgrade()

        from CTFd.models import ma

        ma.init_app(app)

        app.db = db
        app.VERSION = __version__

        from CTFd.cache import cache

        cache.init_app(app)
        app.cache = cache

        reverse_proxy = app.config.get("REVERSE_PROXY")
        if reverse_proxy:
            if "," in reverse_proxy:
                proxyfix_args = [int(i) for i in reverse_proxy.split(",")]
                app.wsgi_app = ProxyFix(app.wsgi_app, None, *proxyfix_args)
            else:
                app.wsgi_app = ProxyFix(
                    app.wsgi_app,
                    num_proxies=None,
                    x_for=1,
                    x_proto=1,
                    x_host=1,
                    x_port=1,
                    x_prefix=1,
                )

        version = utils.get_config("ctf_version")

        # Upgrading from an older version of CTFd
        if version and (StrictVersion(version) < StrictVersion(__version__)):
            if confirm_upgrade():
                run_upgrade()
            else:
                exit()

        if not version:
            utils.set_config("ctf_version", __version__)

        if not utils.get_config("ctf_theme"):
            utils.set_config("ctf_theme", "core")

        update_check(force=True)

        init_request_processors(app)
        init_template_filters(app)
        init_template_globals(app)

        # Importing here allows tests to use sensible names (e.g. api instead of api_bp)
        from CTFd.views import views
        from CTFd.teams import teams
        from CTFd.users import users
        from CTFd.challenges import challenges
        from CTFd.scoreboard import scoreboard
        from CTFd.auth import auth
        from CTFd.admin import admin
        from CTFd.api import api
        from CTFd.events import events
        from CTFd.errors import page_not_found, forbidden, general_error, gateway_error

        app.register_blueprint(views)
        app.register_blueprint(teams)
        app.register_blueprint(users)
        app.register_blueprint(challenges)
        app.register_blueprint(scoreboard)
        app.register_blueprint(auth)
        app.register_blueprint(api)
        app.register_blueprint(events)

        app.register_blueprint(admin)

        app.register_error_handler(404, page_not_found)
        app.register_error_handler(403, forbidden)
        app.register_error_handler(500, general_error)
        app.register_error_handler(502, gateway_error)

        init_logs(app)
        init_events(app)
        init_plugins(app)

        return app
Exemple #22
0
def create_app() -> Flask:
    app = Flask(__name__)
    # SimpleLogin is deployed behind NGINX
    app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_host=1)
    limiter.init_app(app)

    app.url_map.strict_slashes = False

    app.config["SQLALCHEMY_DATABASE_URI"] = DB_URI
    app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
    # enable to print all queries generated by sqlalchemy
    # app.config["SQLALCHEMY_ECHO"] = True

    app.secret_key = FLASK_SECRET

    app.config["TEMPLATES_AUTO_RELOAD"] = True

    # to avoid conflict with other cookie
    app.config["SESSION_COOKIE_NAME"] = SESSION_COOKIE_NAME
    if URL.startswith("https"):
        app.config["SESSION_COOKIE_SECURE"] = True
    app.config["SESSION_COOKIE_SAMESITE"] = "Lax"

    setup_error_page(app)

    init_extensions(app)
    register_blueprints(app)
    set_index_page(app)
    jinja2_filter(app)

    setup_favicon_route(app)
    setup_openid_metadata(app)

    init_admin(app)
    setup_paddle_callback(app)
    setup_do_not_track(app)

    if FLASK_PROFILER_PATH:
        LOG.d("Enable flask-profiler")
        app.config["flask_profiler"] = {
            "enabled": True,
            "storage": {
                "engine": "sqlite",
                "FILE": FLASK_PROFILER_PATH
            },
            "basicAuth": {
                "enabled": True,
                "username": "******",
                "password": FLASK_PROFILER_PASSWORD,
            },
            "ignore": ["^/static/.*", "/git", "/exception"],
        }
        flask_profiler.init_app(app)

    # enable CORS on /api endpoints
    CORS(app, resources={r"/api/*": {"origins": "*"}})

    # set session to permanent so user stays signed in after quitting the browser
    # the cookie is valid for 7 days
    @app.before_request
    def make_session_permanent():
        session.permanent = True
        app.permanent_session_lifetime = timedelta(days=7)

    return app
Exemple #23
0
#! /usr/bin/python3 -B
import sys
sys.path.append("..")

from werkzeug.serving import run_simple
from werkzeug.middleware.proxy_fix import ProxyFix

from wsgi_door.providers import init_providers
from wsgi_door.middleware import WsgiDoorAuth

from app import app

auth_providers = init_providers(app.config.AUTH_CLIENT_KEYS)
app.wsgi_app = WsgiDoorAuth(app.wsgi_app, auth_providers,
                            app.config.SECRET_KEY)
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_for=1)
run_simple('0.0.0.0', 5000, app)
Exemple #24
0
from cellxgene_gateway.prune_process_cache import PruneProcessCache
from cellxgene_gateway.util import current_time_stamp

app = Flask(__name__)


def _force_https(app):
    def wrapper(environ, start_response):
        environ["wsgi.url_scheme"] = env.external_protocol
        return app(environ, start_response)

    return wrapper


app.wsgi_app = _force_https(app.wsgi_app)
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1, x_prefix=1)

cache = BackendCache()


@app.errorhandler(CellxgeneException)
def handle_invalid_usage(error):

    message = f"{error.http_status} Error : {error.message}"

    return (
        render_template(
            "cellxgene_error.html",
            extra_scripts=get_extra_scripts(),
            message=message,
        ),
Exemple #25
0
from werkzeug.middleware.proxy_fix import ProxyFix

import ob2.config as config
import ob2.mailer as mailer
from ob2.util.authentication import user_id
from ob2.util.security import generate_secure_random_string, get_request_validity
from ob2.util.github_login import is_ta
from ob2.util.templating import JINJA_EXPORTS

app = Flask("ob2.web", static_url_path=("%s/static" % config.web_public_root))
if config.web_behind_proxy:
    count_proxies_forwards_host = 1 if config.web_proxy_forwards_host else 0
    count_proxies_forwards_for = 1 if config.web_proxy_forwards_for else 0
    count_proxies_forwards_proto = 1 if config.web_proxy_forwards_proto else 0
    app.wsgi_app = ProxyFix(app.wsgi_app,
                            x_host=count_proxies_forwards_host,
                            x_for=count_proxies_forwards_for,
                            x_proto=count_proxies_forwards_proto)
app.logger.addHandler(StreamHandler(sys.stdout))
app.debug = config.debug_mode
app.config["SESSION_COOKIE_PATH"] = config.web_public_root + "/"
app.config["SESSION_COOKIE_SECURE"] = config.web_https
app.config["SERVER_NAME"] = config.web_public_host
app.jinja_env.globals.update(JINJA_EXPORTS)

# We need to tell our mailer daemon about the web application, so that we can use url_for() to
# generate URL's in our email templates. We can't just import "app" from this module, because that
# would create a cyclic import dependency.
mailer.register_app(app)

cache_buster_hash = generate_secure_random_string(8)
Exemple #26
0
def create_app():
    server = Flask(__name__, template_folder='../client/public')

    server.wsgi_app = ProxyFix(server.wsgi_app, x_for=1)
    server.config.from_object("server." + os.environ["APP_SETTINGS"])

    from .db import db
    from .limiter import limiter
    csrf = CSRFProtect()
    db.init_app(server)
    csrf.init_app(server)
    limiter.init_app(server)
    Talisman(server,
             content_security_policy={
                 'font-src':
                 ["'self'", 'themes.googleusercontent.com', '*.gstatic.com'],
                 'script-src': ["'self'", 'ajax.googleapis.com'],
                 'style-src': [
                     "'self'",
                     'fonts.googleapis.com',
                     '*.gstatic.com',
                     'ajax.googleapis.com',
                     "'unsafe-inline'",
                 ],
                 'default-src': ["'self'", '*.gstatic.com']
             },
             force_https=False)

    from server.models.Client_Resources import Client_Resources
    from server.models.Gallery_Info import Gallery_Info
    from server.models.Image import Image
    from server.models.Paragraph import Paragraph
    from server.models.Galleries import Galleries
    from server.models.Header import Header

    # Order of imports matter here
    # If placed at the top, these blueprints get no db :(
    from server.blueprints.content import content
    from server.blueprints.auth import auth
    from server.blueprints.images import images
    from server.blueprints.blacklist import blacklist
    from server.blueprints.settings import settings
    from server.blueprints.email_service import email_service
    from server.blueprints.gallery import galleries
    from server.blueprints.users import users

    server.register_blueprint(auth, url_prefix="/admin")
    server.register_blueprint(images, url_prefix='/admin/assets')
    server.register_blueprint(content, url_prefix='/content')
    server.register_blueprint(galleries, url_prefix='/galleries')
    server.register_blueprint(blacklist, url_prefix='/admin/blacklist')
    server.register_blueprint(settings)
    server.register_blueprint(email_service)
    server.register_blueprint(users)

    # Set custom CSP settings for admin portal, no easier way to do this unfortunately
    # https://github.com/GoogleCloudPlatform/flask-talisman/issues/45
    with server.app_context():
        setattr(
            current_app.view_functions.get("auth.home"),
            "talisman_view_options",
            {"content_security_policy": {
                "default-src": "* 'unsafe-inline'"
            }})
        setattr(
            current_app.view_functions.get("auth.login"),
            "talisman_view_options",
            {"content_security_policy": {
                "default-src": "* 'unsafe-inline'"
            }})
        setattr(
            current_app.view_functions.get("images.handle_images"),
            "talisman_view_options",
            {"content_security_policy": {
                "default-src": "* 'unsafe-inline'"
            }})
        setattr(
            current_app.view_functions.get("content.render"),
            "talisman_view_options",
            {"content_security_policy": {
                "default-src": "* 'unsafe-inline'"
            }})
        setattr(
            current_app.view_functions.get("galleries.handle_images"),
            "talisman_view_options",
            {"content_security_policy": {
                "default-src": "* 'unsafe-inline'"
            }})
        setattr(
            current_app.view_functions.get("settings.show_page"),
            "talisman_view_options",
            {"content_security_policy": {
                "default-src": "* 'unsafe-inline'"
            }})
        setattr(
            current_app.view_functions.get("users.handle_recovery"),
            "talisman_view_options",
            {"content_security_policy": {
                "default-src": "* 'unsafe-inline'"
            }})

    @server.errorhandler(429)
    def handle_excess_req(e):
        message = "You've requested our site quite rapidly recently. Please try again later."
        error = "Too Many Requests"
        return render_template('error.html', message=message, error=error)

    @server.route('/', methods=["GET"])
    @limiter.limit('50/minute')
    def home():
        return render_template('index.html', test=request.headers)

        # return send_from_directory('../client/public', 'index.html')

    @server.route("/<path:path>")
    @limiter.exempt
    def send_assets(path):
        return send_from_directory('../client/public', path)

    @server.route('/resources', methods=['GET'])
    def get_resources():
        """
        ### Deliver only the content and galleries that are in use on the client website

        ```sql
        SELECT clients.resource_id, headers.header_text, clients.content_id, paragraphs.paragraph_text, images.image_name, images.image_link, clients.gallery_id, gallery_info.gallery_name, gallery_info.description, galleries.index_id FROM client_resources as clients 
        LEFT OUTER JOIN headers ON headers.header_id = clients.content_id
        LEFT OUTER JOIN galleries ON galleries.info_id = clients.gallery_id
        LEFT OUTER JOIN paragraphs ON paragraphs.paragraph_id = headers.paragraph_id
        LEFT OUTER JOIN images ON images.image_id = headers.image_id OR images.image_id = galleries.image_id
        LEFT OUTER JOIN gallery_info ON galleries.info_id = gallery_info.gallery_id
        ORDER BY clients.content_id, clients.gallery_id, galleries.index_id, clients.resource_id;
        ```
        """
        resources = Client_Resources.query.with_entities(
            Client_Resources.resource_id, Client_Resources.content_id,
            Header.header_text, Paragraph.paragraph_text, Image.image_name,
            Image.image_link, Client_Resources.gallery_id,
            Gallery_Info.gallery_name, Gallery_Info.description,
            Galleries.index_id).outerjoin(
                Header,
                Header.header_id == Client_Resources.content_id).outerjoin(
                    Galleries, Galleries.info_id == Client_Resources.gallery_id
                ).outerjoin(
                    Paragraph,
                    Paragraph.paragraph_id == Header.paragraph_id).outerjoin(
                        Image,
                        ((Image.image_id == Header.image_id) |
                         (Image.image_id == Galleries.image_id))).outerjoin(
                             Gallery_Info, Gallery_Info.gallery_id ==
                             Galleries.info_id).order_by(
                                 Client_Resources.content_id,
                                 Client_Resources.gallery_id,
                                 Galleries.index_id,
                                 Client_Resources.resource_id)

        all_galleries = []
        all_content = []

        marker = None
        gallery_json = None

        for row in resources:
            if row.content_id is not None:
                image_name = row.image_name if hasattr(
                    row, "image_name") else 'Placeholder'
                image_link = row.image_link if hasattr(
                    row, "image_link") else url_for(
                        'static',
                        filename='assets/icons/image-icon.inkscape.png')
                item = {
                    "header_text": row.header_text,
                    "paragraph_text": row.paragraph_text,
                    "image_name": image_name,
                    "image_link": image_link
                }
                all_content.append(item)

            if row.gallery_id is not None:
                if marker is None and gallery_json is None:
                    marker = row.gallery_id
                    gallery_json = {
                        "gallery_name": row.gallery_name,
                        "description": row.description,
                        "images": []
                    }
                # Change in row.info_id means the current row is part of next gallery
                # Append prev gallery and set up next one, change pointer to new current gallery
                if row.gallery_id != marker:
                    all_galleries.append(gallery_json)
                    gallery_json = {
                        "gallery_name": row.gallery_name,
                        "description": row.description,
                        "images": []
                    }
                    marker = row.gallery_id

                image_link = row.image_link
                image_name = row.image_name
                gallery_json['images'].append({
                    "alt": image_name,
                    "src": image_link
                })
                # Append the last gallery after adding the last image to it
                if row == resources[-1]:
                    all_galleries.append(gallery_json)

        all_stuff = {"content": all_content, "galleries": all_galleries}

        return jsonify(all_stuff)

    return server
Exemple #27
0
def init(app,
         db,
         config,
         base_prefix='/auth',
         root_uri='/',
         providers=['google', 'facebook', 'github'],
         smtp=None,
         fix_ssl=True):
    """
    Initalize framework

    Args:
        app: Flask app
        db: pyaltt2.db.Database object
        config: configuration dict
        base_prefix: base prefix for auth urls
        root_uri: default next uri
        providers: oauth2 providers list
        smtp: pyaltt2.mail.SMTP object, required if email confirmations are
        used
        fix_ssl: force SSL everywhere (True by default)
    """

    if not app.config.get('SECRET_KEY'):
        app.config['SECRET_KEY'] = gen_random_str()

    _d.x_prefix, _d.dot_prefix = _format_prefix(base_prefix)
    _d.db = db.clone(rq_func=rq)
    _d.kv = KVStorage(db=db, table_name='webauth_kv')
    _d.root_uri = root_uri
    _d.smtp = smtp

    if fix_ssl:
        from werkzeug.middleware.proxy_fix import ProxyFix
        app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1)

    def init_db():
        from sqlalchemy import (MetaData, Table, Column, BigInteger, VARCHAR,
                                JSON, CHAR, DateTime, ForeignKey, Index,
                                Boolean, Numeric)
        meta = MetaData()
        user = Table(
            'webauth_user', meta,
            Column('id', BigInteger(), primary_key=True, autoincrement=True),
            Column('email', VARCHAR(255), nullable=True, unique=True),
            Column('password', CHAR(64), nullable=True),
            Column('api_key', CHAR(32), nullable=True, unique=True),
            Index('webauth_user_api_key', 'api_key'),
            Column('d_created', DateTime(timezone=True), nullable=False),
            Column('d_active', DateTime(timezone=True), nullable=True),
            Column('confirmed', Boolean, nullable=False, server_default='0'),
            Column('otp', Numeric(1, 0), nullable=False, server_default='0'),
            Column('otp_secret', CHAR(16), nullable=True))
        user_auth = Table(
            f'webauth_user_auth', meta,
            Column('id', BigInteger(), primary_key=True, autoincrement=True),
            Column('user_id',
                   BigInteger(),
                   ForeignKey('webauth_user.id', ondelete='CASCADE'),
                   nullable=False),
            Index('webauth_user_auth_user_id', 'user_id'),
            Column('provider', VARCHAR(15), nullable=False),
            Column('sub', VARCHAR(255), nullable=False),
            Column('name', VARCHAR(255), nullable=True),
            Index('webauth_user_auth_sub_provider',
                  'sub',
                  'provider',
                  unique=True))
        user_log = Table(
            f'webauth_user_log', meta,
            Column('id', BigInteger(), primary_key=True, autoincrement=True),
            Column('user_id', BigInteger(), nullable=False),
            Index('webauth_user_log_user_id', 'user_id'),
            Column('d', DateTime(timezone=True), nullable=False),
            Column('event', VARCHAR(1024), nullable=False),
            Column('ip', VARCHAR(45), nullable=False))
        meta.create_all(db.connect())

    def handle_authorize(remote, token, user_info):
        if user_info:
            try:
                provider = remote if isinstance(remote, str) else remote.name
                user_id = _handle_user_auth(user_info, provider=provider)
                touch(user_id)
                session[f'{_d.x_prefix}user_id'] = user_id
                session[f'{_d.x_prefix}user_picture'] = user_info.picture
                session[f'{_d.x_prefix}user_name'] = _get_oauth_user_name(
                    user_info, provider)
                session[f'{_d.x_prefix}user_confirmed'] = True
                _call_handler('account.login', user_id=user_id)
                _log_user_event(f'account.login:{provider}')
                return redirect(_next_uri())
            except ResourceAlreadyExists:
                response = _call_handler('exception.provider_exists')
                return response if response else Response(
                    'oauth provider is already ' +
                    'registered for another account',
                    status=409)
            except AccessDenied:
                response = _call_handler('exception.registration_denied')
                return response if response else Response(
                    'account registration is disabled', status=403)
            # session.permanent = True
        else:
            response = _call_handler('exception.provider_failed')
            return response if response else Response('forbidden', status=403)

    def google_login():
        redirect_uri = url_for(f'{_d.dot_prefix}google.auth', _external=True)
        return oauth.google.authorize_redirect(redirect_uri)

    def google_auth():
        token = oauth.google.authorize_access_token()
        user_info = oauth.google.parse_id_token(token)
        return handle_authorize('google', token, user_info)

    for k in config:
        app.config[k.upper().replace('-', '_')] = config_value(config=config,
                                                               config_path=k)
    oauth = OAuth(app)
    app.add_url_rule(f'{base_prefix}/logout',
                     f'{_d.dot_prefix}.logout',
                     logout,
                     methods=['GET'])
    app.add_url_rule(f'{base_prefix}/confirm/<key>',
                     f'{_d.dot_prefix}confirm',
                     handle_confirm,
                     methods=['GET'])
    for p in providers:
        if p == 'google':
            oauth.register(
                'google',
                server_metadata_url=
                'https://accounts.google.com/.well-known/openid-configuration',
                client_kwargs={'scope': 'openid profile'},
            )
            app.add_url_rule(f'{base_prefix}/google/login',
                             f'{_d.dot_prefix}google.login',
                             google_login,
                             methods=['GET'])
            app.add_url_rule(f'{base_prefix}/google/auth',
                             f'{_d.dot_prefix}google.auth',
                             google_auth,
                             methods=['GET'])
        else:
            blueprint = loginpass.create_flask_blueprint(
                _provider_mod[p], oauth, handle_authorize)
            app.register_blueprint(blueprint, url_prefix=f'{base_prefix}/{p}')
    init_db()
    return
Exemple #28
0
        return callback


app = Flask(__name__)

if os.environ.get('ENABLE_CORS', config.ENABLE_CORS):
    cors = CORS(app,
                resources={
                    r"*": {
                        "origins":
                        os.environ.get('CORS_ORIGINS', config.CORS_ORIGINS)
                    }
                })

from werkzeug.middleware.proxy_fix import ProxyFix
app.wsgi_app = WSGIRawBody(ProxyFix(app.wsgi_app))

app.debug = config.DEBUG
app.secret_key = config.FLASK_SESSION_SECRET_KEY
app.root_path = os.path.abspath(os.path.dirname(__file__))

if config.BUGSNAG_KEY:
    import bugsnag
    from bugsnag.flask import handle_exceptions
    bugsnag.configure(
        api_key=config.BUGSNAG_KEY,
        project_root=app.root_path,
        # 'production' is a magic string for bugsnag, rest are arbitrary
        release_stage=config.REALM.replace("prod", "production"),
        notify_release_stages=["production", "test"],
        use_ssl=True)
from flask import Flask
from werkzeug.middleware.proxy_fix import ProxyFix

from zoo import api

app = Flask(__name__)
app.wsgi_app = ProxyFix(app.wsgi_app)

api.init_app(app)

app.run(debug=True)
Exemple #30
0
def create_app(environment):
    # Init flask
    app = Flask(__name__, static_folder='./static',
                template_folder='./templates')

    # Init flask configurations.
    app.config.from_object(config[environment])
    app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)

    # Enabling the cross origin using the cors.
    CORS(app)

    # Attach celery
    # celery.config_from_object(config[environment])

    # Init flask Alembic
    alembic.init_app(app)

    # Init mailRedis
    mail.init_app(app)

    # Init SQLAlchemy.
    with app.app_context():
        db.init_app(app)

    # Init Marshmallow.
    with app.app_context():
        ma.init_app(app)

    # Init flask compress
    with app.app_context():
        compress.init_app(app)

    # Init application migrations (Flask-Migrate and Flask-Script)
    with app.app_context():
        migrate.init_app(app, db)
    with app.app_context():
        manager.__init__(app)
        manager.add_command('database', MigrateCommand)
#    # Init Elasticsearch
#    # with app.app_context():
#    #     es.init_app(app)
#
    # Init Flask Cache
    with app.app_context():
        cache.init_app(app)

    # Init Flask Redis
    with app.app_context():
        # redis.init_app(app)
        cache.init_app(app)

    # Init Flask apm for logging error on elasticsearch
    # try:
    #     with app.app_context():
    #         apm.init_app(app)
    # except Exception as e:
    #     print(str(e))

    # Init Flask-Language
    with app.app_context():
        language.init_app(app)

    @language.allowed_languages
    def get_allowed_languages():
        return ['en', 'fr']

    @language.default_language
    def get_default_language():
        return 'en'

    @app.route('/api/language')
    def get_language():
        return jsonify({
           'language':str(current_language)
        })

    @app.route('/api/language', methods=['POST'])
    def set_language():
        req = request.get_json()
        lang = req.get('language', None)
        language.change_language(lang)
        return jsonify({
            'language': str(current_language)
        })

    # Importing and registering blueprints.
    from .v1 import (v1)
    app.register_blueprint(v1)
    # Sample HTTP error handling

    # Registering blueprints.
    from .public import public_blueprint
    app.register_blueprint(public_blueprint)

    # Init server name to blueprint
    # with app.app_context():
    #    assert url_for('api_v1.doc')

    # Sample HTTP error handling
    @app.errorhandler(404)
    def not_found(error):
        return render_template('v1/404.html'), 404

    return app