def create_app(*args, **kwargs) -> flask.Flask:
"""Create a Flask app with secure default behaviours.
:return: A Flask application.
:rtype: Flask
"""
app = flask.Flask(*args, **kwargs)
configure_app(app)
# Both these extensions can be used as view decorators. Bit worried that
# this circular reference will cause memory leaks.
talisman_kwargs = get_talisman_config(app.config)
app.talisman = flask_talisman.Talisman(app, **talisman_kwargs)
app.csrf = flask_seasurf.SeaSurf(app)
return app
def configure_app(app: Flask) -> None:
"""
The configuration is read from the filename in the "FLASK_SETTINGS_FILENAME"
environment variable (if it exists) and some other important settings
Additional settings such as SECRET_KEY and other settings should be added
accordingly.
:param Flask app: The Flask app that requires configuring.
:return: None
"""
app.config.from_envvar("FLASK_SETTINGS_FILENAME", silent=True)
app.csrf = flask_seasurf.SeaSurf(app)
marshmallow = Marshmallow(app)
marshmallow.init_app(app)
from .routes import routes
routes(app)
Assembly: request
"""
import inspect
import flask_cors
import flask_seasurf
from flask import request as f_request
from .assembly import app_context
from . import utils
# CSRF
# :decorator
# - csrf.exempt
# @request.csrf_exempt
# https://flask-seasurf.readthedocs.io/en/latest/
csrf = flask_seasurf.SeaSurf()
app_context(csrf.init_app)
class RequestProxy(object):
"""
A request proxy, that attaches some special attributes to the Flask request object
"""
# CSRF
csrf = csrf
@property
def IS_GET(self):
return f_request.method == "GET"
def init_app(app):
flask_seasurf.SeaSurf(app)