def create_app():
static_folder = settings.STATIC_FOLDER
app = Flask(__name__, static_folder=static_folder)
app.config.from_object(settings)
app.config.update(settings.encrypted_settings.get_all_secrets())
app.debug = settings.DEBUG
if settings.SSLIFY:
SSLify(app, skips=['healthcheck'])
app.wsgi_app = guard.ContentSecurityPolicy(app.wsgi_app, CSP_POLICY)
if settings.REDIS_URL:
import redis
from flask_session import Session
app.config['SESSION_REDIS'] = redis.Redis.from_url(settings.REDIS_URL)
Session(app)
app.secret_key = settings.SESSION_SECRET
app.register_blueprint(blind_credentials.blueprint)
app.register_blueprint(credentials.blueprint)
app.register_blueprint(certificates.blueprint)
app.register_blueprint(identity.blueprint)
app.register_blueprint(saml.blueprint)
app.register_blueprint(services.blueprint)
app.register_blueprint(static_files.blueprint)
return app
import guard
from osscla.app import app
from osscla import routes # noqa
CSP_POLICY = {
'default-src': ["'self'"],
'connect-src': ["'self'", "https://github.com"],
'style-src': [
"'self'",
"'unsafe-inline'" # for xeditable
]
}
app.wsgi_app = guard.ContentSecurityPolicy(app.wsgi_app, CSP_POLICY)
def __init__(self, config, engine=None, redis=None):
self.config = convert_to_attr_dict(config)
# Connect to the database
if engine is None and self.config.get("database", {}).get("url"):
engine = sqlalchemy.create_engine(self.config.database.url)
self.engine = engine
# Create our redis connection
if redis is None and self.config.get("redis", {}).get("url"):
redis = redispy.StrictRedis.from_url(self.config.redis.url)
self.redis = redis
# Create our Store instance and associate our store modules with it
self.models = AttributeDict()
for name, mod_path in self.model_names.items():
mod_name, klass = mod_path.rsplit(":", 1)
mod = importlib.import_module(mod_name)
self.models[name] = getattr(mod, klass)(
self,
self.metadata,
self.engine,
self.redis,
)
# Create our Search Index instance and associate our mappings with it
self.search = Index(self.models, self.config.search)
self.search.register(ProjectMapping)
# Set up our URL routing
self.urls = urls.urls
# Initialize our Translations engine
self.trans = babel.support.NullTranslations()
# Setup our Jinja2 Environment
self.templates = jinja2.Environment(
autoescape=True,
auto_reload=self.config.debug,
extensions=[
"jinja2.ext.i18n",
],
loader=jinja2.PackageLoader("warehouse"),
)
# Install Babel
self.templates.filters.update({
"package_type_display": packaging_helpers.package_type_display,
"format_number": babel.numbers.format_number,
"format_decimal": babel.numbers.format_decimal,
"format_percent": babel.numbers.format_percent,
"format_date": babel.dates.format_date,
"format_datetime": babel.dates.format_datetime,
"format_time": babel.dates.format_time,
})
# Install our translations
self.templates.install_gettext_translations(self.trans, newstyle=True)
# Add our Powered By Middleware
self.wsgi_app = PoweredBy(self.wsgi_app, "Warehouse {} ({})".format(
warehouse.__version__,
warehouse.__build__,
))
# Add our Content Security Policy Middleware
if not self.config.theme_debug:
self.wsgi_app = guard.ContentSecurityPolicy(
self.wsgi_app,
self.config.security.csp,
)
if "sentry" in self.config:
self.wsgi_app = Sentry(self.wsgi_app, Client(**self.config.sentry))
# Serve the static files that are packaged as part of Warehouse
self.wsgi_app = SharedDataMiddleware(
self.wsgi_app,
{
"/static/": os.path.abspath(
os.path.join(
os.path.dirname(warehouse.__file__),
"static",
),
),
},
)
# configure logging
logging.config.dictConfig(self.config.logging)
def __init__(self, config, engine=None, redis_class=redis.StrictRedis):
self.config = AttributeDict(config)
self.metadata = db.metadata
# configure logging
logging.config.dictConfig(self.config.logging)
# Connect to the database
if engine is None and self.config.get("database", {}).get("url"):
engine = sqlalchemy.create_engine(self.config.database.url)
self.engine = engine
# Create our redis connections
self.redises = {
key: redis_class.from_url(url)
for key, url in self.config.redis.items()
}
# Create our Store instance and associate our store modules with it
self.db = AttributeDict()
for name, klass in self.db_classes.items():
self.db[name] = klass(
self,
self.metadata,
self.engine,
self.redises["downloads"],
)
# Create our Search Index instance and associate our mappings with it
self.search = Index(self.db, self.config.search)
self.search.register(ProjectMapping)
# Set up our URL routing
self.urls = urls.urls
# Initialize our Translations engine
self.translations = babel.support.NullTranslations()
# Setup our Jinja2 Environment
self.templates = jinja2.Environment(
autoescape=True,
auto_reload=self.config.debug,
extensions=[
"jinja2.ext.i18n",
],
loader=jinja2.PackageLoader("warehouse"),
)
# Install Babel
self.templates.filters.update({
"package_type_display":
packaging_helpers.package_type_display,
"format_number":
babel.numbers.format_number,
"format_decimal":
babel.numbers.format_decimal,
"format_percent":
babel.numbers.format_percent,
"format_date":
babel.dates.format_date,
"format_datetime":
babel.dates.format_datetime,
"format_time":
babel.dates.format_time,
})
# Install our translations
self.templates.install_gettext_translations(
self.translations,
newstyle=True,
)
# Setup our password hasher
self.passlib = passlib.context.CryptContext(
schemes=[
"bcrypt_sha256",
"bcrypt",
"django_bcrypt",
"unix_disabled",
],
default="bcrypt_sha256",
deprecated=["auto"],
)
# Setup our session storage
self.session_store = RedisSessionStore(
self.redises["sessions"],
session_class=Session,
)
# Add our Content Security Policy Middleware
img_src = ["'self'"]
if self.config.camo:
camo_parsed = urllib.parse.urlparse(self.config.camo.url)
img_src += [
"{}://{}".format(camo_parsed.scheme, camo_parsed.netloc),
"https://secure.gravatar.com",
]
else:
img_src += ["*"]
self.wsgi_app = guard.ContentSecurityPolicy(
self.wsgi_app,
{
"default-src": ["'self'"],
"font-src": ["'self'", "data:"],
"img-src": img_src,
"style-src": ["'self'", "cloud.typography.com"],
},
)
if "sentry" in self.config:
self.wsgi_app = Sentry(self.wsgi_app, Client(**self.config.sentry))
# Serve the static files that are packaged as part of Warehouse
self.wsgi_app = WhiteNoise(
self.wsgi_app,
root=self.static_dir,
prefix=self.static_path,
max_age=31557600,
)
# Add our Powered By Middleware
self.wsgi_app = HeaderRewriterFix(
self.wsgi_app,
add_headers=[
(
"X-Powered-By",
"Warehouse {__version__} ({__build__})".format(
__version__=warehouse.__version__,
__build__=warehouse.__build__,
),
),
],
)
# Previously PyPI used a hand written disaptch method which depended
# on things like the request's content type or url parameters. In order
# to sanely support that in Warehouse we use this middleware to rewrite
# those to "internal" URLs which we can then dispatch based on.
self.wsgi_app = LegacyRewriteMiddleware(self.wsgi_app)
# This is last because we want it processed first in the stack of
# middlewares. This will ensure that we strip X-Forwarded-* headers
# if the request doesn't come from Fastly
self.wsgi_app = XForwardedTokenMiddleware(
self.wsgi_app,
self.config.site.access_token,
)