def main(global_config, **settings):
settings.setdefault('tm.manager_hook', 'pyramid_tm.explicit_manager')
config = Configurator(
settings=settings,
authentication_policy=SessionAuthenticationPolicy(),
authorization_policy=ACLAuthorizationPolicy(),
)
config.set_csrf_storage_policy(SessionCSRFStoragePolicy())
config.include("pyramid_tm")
config.include("pyramid_retry")
config.include("pyramid_jinja2")
config.include("redis_sessions")
config.include(".views")
# Configure Jinja2
config.add_jinja2_search_path("{{ cookiecutter.repo_name }}:templates")
# Set up the database
engine = engine_from_config(settings, 'sqlalchemy.')
session_factory = sessionmaker(bind=engine)
config.registry['db_factory'] = session_factory
config.add_request_method(db, 'db', reify=True)
config.add_request_method(user, 'user', reify=True)
return config.make_wsgi_app()
def includeme(config):
settings = config.registry.settings
# By default, derive_key generates a 64-byte (512 bit) secret, which is the
# correct length for SHA512-based HMAC as specified by the `hashalg`.
factory = SignedCookieSessionFactory(
secret=derive_key(settings["secret_key"], settings["secret_salt"],
b"h.session.cookie_secret"),
hashalg="sha512",
httponly=True,
timeout=3600,
)
config.set_session_factory(factory)
config.set_csrf_storage_policy(SessionCSRFStoragePolicy())
def includeme(config: Configurator):
from pyramid.csrf import SessionCSRFStoragePolicy
session_dbname = os.path.normpath(
config.registry.settings.get('db.sessions', 'sessions.db'))
session_secret = os.environ.get('UNSAFE_SESSION_SECRET', 'secret')
session_factory = MySessionFactory(
database=session_dbname,
secret=session_secret,
# secret=None, # No cookie signing!
httponly=True,
# samesite='Strict',
samesite=None,
# secure=True,
# query_param='session',
accept_client_session_id=False)
config.set_session_factory(session_factory)
config.set_csrf_storage_policy(SessionCSRFStoragePolicy())
def _makeOne(self, **kw):
from pyramid.csrf import SessionCSRFStoragePolicy
return SessionCSRFStoragePolicy(**kw)
def make_config(settings): # pragma: no cover
"""Returns a Pyramid configurator."""
config = Configurator(settings=settings)
config.add_settings({
"mako.directories":
"fanboi2:templates",
"dogpile.backend":
"dogpile.cache.redis",
"dogpile.arguments.url":
config.registry.settings["redis.url"],
"dogpile.redis_expiration_time":
60 * 60 * 1, # 1 hour
"dogpile.arguments.distributed_lock":
True,
"tm.activate_hook":
tm_maybe_activate,
})
if config.registry.settings["server.development"]:
config.add_settings({
"pyramid.reload_templates": True,
"pyramid.debug_authorization": True,
"pyramid.debug_notfound": True,
"pyramid.default_locale_name": "en",
"debugtoolbar.hosts": "0.0.0.0/0",
})
config.include("pyramid_debugtoolbar")
config.include("pyramid_mako")
config.include("pyramid_services")
session_secret_hex = config.registry.settings["session.secret"].strip()
session_secret = binascii.unhexlify(session_secret_hex)
session_factory = EncryptedCookieSessionFactory(session_secret,
cookie_name="_session",
timeout=3600,
httponly=True)
config.set_session_factory(session_factory)
config.set_csrf_storage_policy(SessionCSRFStoragePolicy(key="_csrf"))
config.set_request_property(route_name)
config.add_request_method(tagged_static_path)
config.add_route("robots", "/robots.txt")
config.include("fanboi2.auth")
config.include("fanboi2.cache")
config.include("fanboi2.filters")
config.include("fanboi2.geoip")
config.include("fanboi2.models")
config.include("fanboi2.redis")
config.include("fanboi2.serializers")
config.include("fanboi2.services")
config.include("fanboi2.tasks")
config.include("fanboi2.views.admin", route_prefix="/admin")
config.include("fanboi2.views.api", route_prefix="/api")
config.include("fanboi2.views.pages", route_prefix="/pages")
config.include("fanboi2.views.boards", route_prefix="/")
config.add_static_view("static", "static", cache_max_age=3600)
return config