def register_extensions(app, test_config=None):
"""Register Flask extensions."""
# We use flask_wtf and WTForm with bootstrap for quick form rendering.
# Note: no JS/CSS or other resources are used from this package though.
Bootstrap(app)
public_paths = ["/favicon.ico", "/static/"]
# Setup CSRF protection.
csrf = CSRFProtect()
csrf.init_app(app)
# Setup OAuth.
oauth.init_app(app)
if not cfg.IS_PROD and not test_config:
# Activate a port of the django-debug-toolbar for Flask applications.
# Shows executed queries + their execution time, allows profiling and
# more.
# See: https://flask-debugtoolbar.readthedocs.io/en/latest/
DebugToolbarExtension(app)
csrf.exempt(debug_toolbar_bp)
public_paths.append("/_debug_toolbar/")
def always_authorize():
for path in public_paths:
if request.path.startswith(path):
logging.warning(
"Bypassing ACL check for %s (matches %s)", request.path, path
)
request._authorized = True # pylint: disable=protected-access
return
# Setup Acls
app.before_request(always_authorize)
bouncer.init_app(app)
def check_or_404(response: Response):
if response.status_code // 100 != 2:
return response
try:
return bouncer.check_authorization(response)
except Forbidden:
logging.warning(
"Automatically denied access to response %d of %s",
response.status_code,
request.path,
)
raise
app.after_request(check_or_404)
def register_extensions(app, test_config=None):
"""Register Flask extensions."""
# We use flask_wtf and WTForm with bootstrap for quick form rendering.
# Note: no JS/CSS or other resources are used from this package though.
Bootstrap(app)
# Setup CSRF protection.
csrf = CSRFProtect()
csrf.init_app(app)
# Setup OAuth.
oauth.init_app(app)
if not cfg.IS_PROD and not test_config:
# Activate a port of the django-debug-toolbar for Flask applications.
# Shows executed queries + their execution time, allows profiling and
# more.
# See: https://flask-debugtoolbar.readthedocs.io/en/latest/
DebugToolbarExtension(app)
