Exemplo n.º 1
0
def register_extensions(app, test_config=None):
    """Register Flask extensions."""
    # We use flask_wtf and WTForm with bootstrap for quick form rendering.
    # Note: no JS/CSS or other resources are used from this package though.
    Bootstrap(app)

    public_paths = ["/favicon.ico", "/static/"]

    # Setup CSRF protection.
    csrf = CSRFProtect()
    csrf.init_app(app)

    # Setup OAuth.
    oauth.init_app(app)

    if not cfg.IS_PROD and not test_config:
        # Activate a port of the django-debug-toolbar for Flask applications.
        # Shows executed queries + their execution time, allows profiling and
        # more.
        # See: https://flask-debugtoolbar.readthedocs.io/en/latest/
        DebugToolbarExtension(app)
        csrf.exempt(debug_toolbar_bp)
        public_paths.append("/_debug_toolbar/")

    def always_authorize():
        for path in public_paths:
            if request.path.startswith(path):
                logging.warning(
                    "Bypassing ACL check for %s (matches %s)", request.path, path
                )
                request._authorized = True  # pylint: disable=protected-access
                return

    # Setup Acls
    app.before_request(always_authorize)
    bouncer.init_app(app)

    def check_or_404(response: Response):
        if response.status_code // 100 != 2:
            return response
        try:
            return bouncer.check_authorization(response)
        except Forbidden:
            logging.warning(
                "Automatically denied access to response %d of %s",
                response.status_code,
                request.path,
            )
            raise

    app.after_request(check_or_404)
Exemplo n.º 2
0
def register_extensions(app, test_config=None):
    """Register Flask extensions."""
    # We use flask_wtf and WTForm with bootstrap for quick form rendering.
    # Note: no JS/CSS or other resources are used from this package though.
    Bootstrap(app)

    # Setup CSRF protection.
    csrf = CSRFProtect()
    csrf.init_app(app)

    # Setup OAuth.
    oauth.init_app(app)

    if not cfg.IS_PROD and not test_config:
        # Activate a port of the django-debug-toolbar for Flask applications.
        # Shows executed queries + their execution time, allows profiling and
        # more.
        # See: https://flask-debugtoolbar.readthedocs.io/en/latest/
        DebugToolbarExtension(app)