Пример #1
0
"""
# 项目主文件,启动入口

# 前台  front    管理前端界面的逻辑
# 后台  cms      管理后端的操作
# 公有的文件 common

from flask import Flask
import config  # 配置文件库
from exts import db, mail  # 第三方库导入db,mail
from apps.cms.views import cms_bp  # 导入后端蓝图文件
from apps.front.views import front_bp  # 导入前端蓝图文件
from apps.common.views import common_bp  # 导入公有蓝图文件
from flask_wtf import CSRFProtect  # CSRF表单保护验证

app = Flask(__name__)

CSRFProtect(app)  # CSRF保护app

app.config.from_object(config)  # 添加配置

db.init_app(app)  # 绑定app
mail.init_app(app)  # mail绑定app

app.register_blueprint(cms_bp)  # 后端蓝图文件注册
app.register_blueprint(front_bp)  # 前端蓝图文件注册
app.register_blueprint(common_bp)  # 公有蓝图文件注册

if __name__ == '__main__':
    app.run(debug=True, port=9999)
Пример #2
0
    static_folder = os.path.join(path, 'static')
    template_folder = os.path.join(path, 'templates')

    app = Flask(__name__,
                template_folder=template_folder,
                static_folder=static_folder)
else:
    app = Flask(__name__)

app.config['SECRET_KEY'] = get_random_bytes(0x20)
app.permanent_session_lifetime = timedelta(
    minutes=SessionConst.SESSION_TTL.value)

# Protection against CSRF attack
CSRFProtect(app)

# databases
account_db = Account()
profile_db = Profile()


# core functions
def login_required(func):
    def wrapper(*args, **kwargs):
        if not 'logged_in' in session:
            return redirect(url_for('index'))
        elif not session['logged_in']:
            return redirect(url_for('index'))
        else:
            return func(*args, **kwargs)
Пример #3
0
from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from flask_wtf import CSRFProtect

import pymysql
pymysql.install_as_MySQLdb()

#惰性加载
csrf = CSRFProtect()
models = SQLAlchemy()


def create_app(config_name):
    #创建app实例
    app = Flask(__name__)
    app.config.from_object("settings.DebugConfig")
    #app.run(threaded=True)

    #app惰性加载插件
    csrf.init_app(app)  #惰性加载
    models.init_app(app)

    #注册蓝图
    from .main import main as main_blueprint
    from .ApiResource import api_main
    app.register_blueprint(main_blueprint)
    app.register_blueprint(api_main, url_prefic="/api")

    return app
Пример #4
0
from flask import Flask,redirect, request, session, json, render_template, jsonify, Response, url_for
import pymysql
import sys
import time
import hashlib
import os
from datetime import datetime
from flask_wtf import CSRFProtect

app = Flask(__name__)
csrf_protect = CSRFProtect(app)

'''
top page

'''
@app.route("/", methods=["POST", "GET"])
def index():
    if not session.get('is_logged_in') or session['is_logged_in'] == False:
        return render_template('index.html', )

    return redirect(url_for('mypage'))

'''
user page

'''
@app.route("/mypage")
def mypage():
    if not session.get('is_logged_in'):
        return index()
Пример #5
0
#这个文件存放着app的创建与管理,蓝图的创建
from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from flask_wtf import CSRFProtect
import pymysql
pymysql.install_as_MySQLdb()
csrfya = CSRFProtect()
models = SQLAlchemy()
def Create_app():
    app = Flask(__name__)
    app.config.from_object('DB_settings.DebugConfig')
    csrfya.init_app(app)
    models.init_app(app)

    from .main import main as main_blueprint
    app.register_blueprint(main_blueprint)

    return app
Пример #6
0
def create_app(config_name):
    app = Flask(__name__)
    # 加载配置
    app.config.from_object(config[config_name])
    # 初始化mysql数据库对象
    db.init_app(app)
    # 初始化Redis数据库对象
    global redis_store
    redis_store = StrictRedis(host=config[config_name].REDIS_HOST,
                              port=config[config_name].REDIS_PORT,
                              db=0,
                              decode_responses=True)
    # 开启CSRF保护
    CSRFProtect(app)

    @app.after_request
    def after_request(response):
        """
        CSRFProtect只验证request中的csrf_token和cookie中的csrf_token是否一致,
        cookie中的csrf_token和表单/request中的csrf_token需要我们自己实现
        """
        # 生成一个csrf_token
        csrf_token = generate_csrf()
        # 将csrf_token存入cookie
        response.set_cookie('csrf_token', csrf_token)
        return response

    # 设置session保存指定的位置
    Session(app)

    # 配置项目日志
    setup_log(config_name)

    from info.utils.common import user_login_data

    @app.errorhandler(404)
    @user_login_data
    def page_not_found(e):
        user = g.user
        data = {"user": user.to_dict() if user else None}
        return render_template('news/404.html', data=data)

    # 将蓝图注册到app中
    from info.modules.index import index_blue
    app.register_blueprint(index_blue)

    from info.modules.passport import passport_blue
    app.register_blueprint(passport_blue)

    from info.modules.news import news_blue
    app.register_blueprint(news_blue)

    from info.modules.center import center_blue
    app.register_blueprint(center_blue)

    from info.modules.admin import admin_blue
    app.register_blueprint(admin_blue)

    # 注册自定义过滤器
    from info.utils.common import index_to_class
    app.add_template_filter(index_to_class, 'index_to_class')

    return app
Пример #7
0
def create_app(config_name):

    app = Flask(__name__)

    # 根据传入的配置名称,获取对应的配置类
    config = config_dict.get(config_name)

    # 记录日志信息的方法
    log_file(config.LEVEL)

    # 加载配置类信息
    app.config.from_object(config)

    # 创建SQLALCHEMY对象,管理app
    # db = SQLAlchemy(app)
    db.init_app(app)

    # 创建redis对象
    global redis_store
    redis_store = redis.StrictRedis(host=config.REDIS_HOST,
                                    port=config.REDIS_PORT,
                                    decode_responses=True)

    # 初始化Session,读取app身上session的配置信息
    Session(app)

    # 保护app,使用CSRFProtect
    CSRFProtect(app)

    #注册首页蓝图index_blue,到app中
    from info.modules.index import index_blue
    app.register_blueprint(index_blue)

    # 注册认证蓝图passport_blue到app中
    from info.modules.passport import passport_blue
    app.register_blueprint(passport_blue)

    # 注册新闻蓝图new_blue到app中
    from info.modules.news import news_blue
    app.register_blueprint(news_blue)

    # 注册个人中心蓝图user_blue到app中
    from info.modules.user import user_blue
    app.register_blueprint(user_blue)

    # 注册管理员蓝图admin_blue到app中
    from info.modules.admin import admin_blue
    app.register_blueprint(admin_blue)

    # 将过滤器添加到过滤器模板列表中
    app.add_template_filter(index_class, "index_class")

    # 捕捉404页面的异常
    @app.errorhandler(404)
    @user_login_data
    def item_notfound(e):
        data = {"user_info": g.user.to_dict() if g.user else ""}
        return render_template("news/404.html", data=data)

    # 使用请求钩子after_request,对所有的响应进行拦截,做统一的csrf_token的设置
    @app.after_request
    def after_request(resp):
        value = generate_csrf()
        resp.set_cookie("csrf_token", value)
        return resp

    print(app.url_map)
    return app
Пример #8
0
def main(args):
    server = Flask(__name__)
    server.config.from_object(DevelopmentConfig)
    csrf = CSRFProtect()

    @server.route("/404")
    @server.errorhandler(404)
    def error404(error=""):
        if ("username" in session):
            return render_template("404.html",
                                   username=session["username"]), 404
        else:
            return render_template("404.html"), 404

    @server.before_request
    def beforeRequest():
        if ("id" in session and request.endpoint in ["login", "signup"]):
            return redirect(url_for("index"))

    @server.route('/')
    def index():
        if ("username" in session):
            return render_template("stopwatch.html",
                                   userrname=session["username"])
        else:
            return render_template("stopwatch.html")

    @server.route('/login', methods=["GET", "POST"])
    def login():
        login_form = forms.LoginForm(request.form)
        if request.method == "POST" and login_form.validate():
            username = login_form.username.data
            password = login_form.password.data

            user = User.query.filter_by(username=username).first()
            if user is not None and user.verifyPassword(password):
                session["id"] = user.id
                session["username"] = user.username
                return redirect(url_for("index"))
            else:
                flash(u"Usuario o contraseña invalida")
        return render_template('login.html', form=login_form)

    @server.route('/signup', methods=["GET", "POST"])
    def signup():
        signup_form = forms.SignupForm(request.form)
        if (request.method == "POST" and signup_form.validate()):
            wcaId = None
            if (signup_form.wcaId.data != ""):
                wcaId = signup_form.wcaId.data[1:]
            user = User(
                signup_form.username.data,
                wcaId,
                signup_form.email.data,
                signup_form.password.data,
            )
            db.session.add(user)
            db.session.commit()
            flash("Usuario registrado exitosamente")
            return redirect(url_for("login"))
        return render_template('signup.html', form=signup_form)

    @server.route('/logout')
    def logout():
        if ("id" in session):
            session.pop("id")
            session.pop("username")
        return redirect(url_for("index"))

    @server.route('/users/<user>')
    def users(user):
        username = None
        if ("username" in session):
            username = session["username"]
        user = User.query.filter_by(username=user).first()
        if (user == None):
            return redirect(url_for("error404"))
        time2 = Time.query.filter_by(user=user.id, cube="2x2x2").all()
        time3 = Time.query.filter_by(user=user.id, cube="3x3x3").all()
        time4 = Time.query.filter_by(user=user.id, cube="4x4x4").all()
        time5 = Time.query.filter_by(user=user.id, cube="5x5x5").all()
        time6 = Time.query.filter_by(user=user.id, cube="6x6x6").all()
        time7 = Time.query.filter_by(user=user.id, cube="7x7x7").all()
        timesqr = Time.query.filter_by(user=user.id, cube="squareone").all()
        timeskw = Time.query.filter_by(user=user.id, cube="skewb").all()
        timemega = Time.query.filter_by(user=user.id, cube="megaminx").all()
        time3pira = Time.query.filter_by(user=user.id, cube="piraminx").all()
        return render_template("users.html",
                               user=user.username,
                               username=username,
                               t2=time2,
                               t3=time3,
                               t4=time4,
                               t5=time5,
                               t6=time6,
                               t7=time7,
                               tsqr=timesqr,
                               tskw=timeskw,
                               tmega=timemega,
                               tpira=time3pira)

    @server.route("/records")
    def records():
        if ("username" in session):
            return render_template("records.html",
                                   username=session["username"])
        else:
            return render_template("records.html")

    @server.route("/galeria")
    def galeria():
        if ("username" in session):
            return render_template("galeria.html",
                                   username=session["username"])
        else:
            return render_template("galeria.html")

    @server.route("/setTime")
    def setTime():
        if ("username" in session):
            cube = request.args.get("cube")
            time = request.args.get("time")
            displayTime = request.args.get("displayTime")
            scramble = request.args.get("scramble")
            newTime = Time(session["id"], cube, time, displayTime, scramble)
            db.session.add(newTime)
            db.session.commit()
            return "Tiempo grabado con exito"
        else:
            return "Primero inicia sesion y luego vemos"

    @server.route('/generateScramble/<cube>', methods=["GET", "POST"])
    def generateScramble(cube):
        if (cube == "2x2x2"):
            return scrambler222.get_WCA_scramble()
        elif (cube == "3x3x3"):
            return scrambler333.get_WCA_scramble()
        elif (cube == "4x4x4"):
            return scrambler444.get_WCA_scramble()
        elif (cube == "5x5x5"):
            return scrambler555.get_WCA_scramble()
        elif (cube == "6x6x6"):
            return scrambler555.get_WCA_scramble()
        elif (cube == "7x7x7"):
            return scrambler555.get_WCA_scramble()
        elif (cube == "piraminx"):
            return pyraminxScrambler.get_WCA_scramble()
        elif (cube == "clock"):
            return clockScrambler.get_WCA_scramble()
        elif (cube == "megaminx"):
            return megaminxScrambler.get_WCA_scramble()
        elif (cube == "squareone"):
            return squareOneScrambler.get_WCA_scramble()
        elif (cube == "skewb"):
            return skewbScrambler.get_WCA_scramble()

    csrf.init_app(server)
    db.init_app(server)

    with server.app_context():
        db.create_all()

    server.run()
Пример #9
0
def create_app(config=None, *, keep_default=True, **kwargs):
    locale.setlocale(locale.LC_ALL, "cs_CZ.utf8")
    app = Flask(__name__)

    # --- template helpers
    from .utils import create_navbar, get_grouped_flashes, BetterJSONEncoder

    app.json_encoder = BetterJSONEncoder

    app.add_template_global(get_grouped_flashes)
    before_render_template.connect(create_navbar, app)

    # --- config
    app.config.from_mapping(SQLALCHEMY_TRACK_MODIFICATIONS=False)
    if keep_default:
        app.config.from_mapping(
            SQLALCHEMY_DATABASE_URI=os.environ["DATABASE_URL"],
            REDIS_URL=os.environ["REDIS_URL"],
            SQLALCHEMY_ECHO=False,
            SECRET_KEY=os.environ["SECRET_KEY"],
            PAUSE_REQUESTS=True,
            SERVICE_MESSAGE=os.environ.get("SERVICE_MESSAGE", None),
        )
    if config is not None:
        app.config.from_mapping(config)
    if kwargs:
        app.config.from_mapping(kwargs)

    # --- blueprints and plugins registration
    CSRFProtect(app)
    from .db import db

    db.init_app(app)

    from .auth import bp, login_manager

    app.register_blueprint(bp)
    login_manager.init_app(app)

    from .core import bp

    app.register_blueprint(bp)
    app.redis = Redis.from_url(app.config["REDIS_URL"])
    app.task_queue = rq.Queue("homework-fetcher", connection=app.redis)
    from .api import bp

    app.register_blueprint(bp)

    # --- home route
    @app.route("/")
    def home():
        return render_template("home.html")

    @app.route("/favicon.ico")
    def faviconred():
        return redirect(url_for("static", filename="favicon.ico"))

    # --- 500 error handler
    @app.errorhandler(500)
    def error500(_):
        return render_template("error500.html", active_endpoint=""), 500

    @app.errorhandler(404)
    def error404(_):
        return render_template("error404.html", active_endpoint=""), 404

    from . import sentry  # just import, it does everything by itself

    return app
Пример #10
0
def create_app(config_name):
    '''
    create flask object
    :param config_name: str,name of config(Develop or product)
    :return:
    '''
    app = Flask(__name__)
    #get config info according to name of config
    config_class = config_map.get(config_name)
    # load config
    app.config.from_object(config_class)
    #init db via app
    db.init_app(app)

    global redis_store
    redis_store = redis.StrictRedis(host=config_class.REDIS_HOST,
                                    port=config_class.REDIS_PORT)

    # store data of session to redis via flask_session
    # create session object from session class
    Session(app)

    # add CSRF protect for flask
    #to use this,the cookies and request body(post\put\delete no get) must have value
    CSRFProtect(app)

    # 配置日志信息
    # 设置日志的记录等级
    logging.basicConfig(level=logging.INFO)
    # 创建日志记录器,指明日志保存的路径、每个日志文件的最大大小、保存的日志文件个数上限
    file_log_handler = RotatingFileHandler("logs/log",
                                           maxBytes=1024 * 1024 * 100,
                                           backupCount=10)
    # 创建日志记录的格式                 日志等级    输入日志信息的文件名 行数    日志信息
    formatter = logging.Formatter(
        '%(levelname)s %(filename)s:%(lineno)d %(message)s')
    # 为刚创建的日志记录器设置日志记录格式
    file_log_handler.setFormatter(formatter)
    # 为全局的日志工具对象(flask app使用的)添加日记录器
    logging.getLogger().addHandler(file_log_handler)
    '''
    #set the level of log
    logging.basicConfig(level=logging.DEBUG)
    #create log handler(path,maxBytes for each log file,max number of files to store)
    file_log_handler=RotatingFileHandler("logs/log",maxBytes=1024*1024,backupCount=10)
    #create the format of the log
    formatter=logging.Formatter('%(levelname)$ %(filename)s:%(lineno)d %(message)s')
    file_log_handler.setFormatter(formatter)
    #add log handler to flask app
    logging.getLogger().addHandler(file_log_handler)'''

    #add self-defined convert to flask
    app.url_map.converters["re"] = ReConverter

    #register blueprint
    from lx_blog import api_v1
    app.register_blueprint(api_v1.api, url_prefix="/api_v1")

    from lx_blog import web_html
    app.register_blueprint(web_html.html)

    return app
Пример #11
0
from flask_bootstrap import Bootstrap
from flask_sqlalchemy import SQLAlchemy
from flask_mail import Mail
from flask_ckeditor import CKEditor
from flask_moment import Moment
from flask_login import LoginManager
from flask_wtf import CSRFProtect

# 实例化扩展对象
bootstrap = Bootstrap()
db = SQLAlchemy()
mail = Mail()
ckEditor = CKEditor()
moment = Moment()
login_manager = LoginManager()
csrfProtect = CSRFProtect()


# 加载用户函数
# 每当调用current_user时会调用此函数,user_id是flask-login会帮我们在cookie的session中设置的一个记录
@login_manager.user_loader
def load_user(user_id):
	from flaskblog.models import Admin
	user = Admin().query.get(int(user_id))
	return user


login_manager.login_view = "my_auth.login"
login_manager.login_message_category = "warning"
login_manager.login_message = "请先登录"
Пример #12
0
from flask_wtf import CSRFProtect, csrf
from flask_login import LoginManager
from flask_mail import Mail

#####################
#  Configuration    #
#####################

# Create the instances of the Flask extensions in the global scope,
# but without any arguments passed in. These instances are not
# attached to the Flask application at this point.

database = SQLAlchemy()
db_migration = Migrate()
bcrypt = Bcrypt()
csrf_protection = CSRFProtect()
login = LoginManager()
login.login_view = 'users.login'
mail = Mail()

########################
#   Helper Functions   #
########################


def initialize_extensions(app):
    # Since the application instance is now created, pass it to each Flask
    # extension instance to bind it to the Flask application instance (app).
    database.init_app(app)
    db_migration.init_app(app, database)
    bcrypt.init_app(app)
Пример #13
0
    def __init__(self):
        '''
        Constructor
        '''
        scriptdir = os.path.dirname(os.path.abspath(__file__))
        template_folder=scriptdir + '/templates'
   
        super().__init__(template_folder=template_folder)
        
        self.app.secret_key = 'dev'
        
        self.app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///:memory:'
        
        # set default button style and size, will be overwritten by macro parameters
        self.app.config['BOOTSTRAP_BTN_STYLE'] = 'primary'
        self.app.config['BOOTSTRAP_BTN_SIZE'] = 'sm'
        # app.config['BOOTSTRAP_BOOTSWATCH_THEME'] = 'lumen'  # uncomment this line to test bootswatch theme

        db.init_app(self.app)
        self.db=db
        self.csrf = CSRFProtect(self.app)
        self.loginBluePrint=LoginBluePrint(self.app,'login')
        self.loginBluePrint.hint="'try user: scott, password: tiger2021'"
        app=self.app
        
        #
        # setup global handlers
        #
        @app.before_first_request
        def before_first_request_func():
            self.initDB()
        
        #
        # setup the RESTFUL routes for this application
        #
        @app.route('/')
        def index():
            return self.home()
        
        @app.route('/form', methods=['GET', 'POST'])
        def test_form():
            return self.form()
        
        @app.route('/nav', methods=['GET', 'POST'])
        def test_nav():
            return self.nav()
        
        @app.route('/pagination', methods=['GET', 'POST'])
        def test_pagination():
            return self.pagination()
        
        @app.route('/static', methods=['GET', 'POST'])
        def test_static():
            return self.static()
        
        @app.route('/flash', methods=['GET', 'POST'])
        def test_flash():
            return self.flash()
        
        @app.route('/datatable')
        def test_datatable():
            return self.datatable()
        
        @app.route('/table')
        def test_table():
            return self.table()
        
        @app.route('/table/<message_id>/view')
        def view_message(message_id):
            return self.message_view(message_id)
        
        @app.route('/table/<message_id>/edit')
        def edit_message(message_id):
            return self.message_edit(message_id)
          
        @app.route('/table/<message_id>/delete', methods=['POST'])
        def delete_message(message_id):
            return self.message_delete(message_id)
        
        @app.route('/icon')
        def test_icon():
            return self.icon()
        
        @app.route('/widgets')
        def test_widgets():
            return self.widgets()
        
        @app.route('/ping',methods=['GET', 'POST'])
        def test_ping():
            return self.ping()
Пример #14
0
def create_app():
    app = Flask(__name__)

    @app.template_filter('comment_sum')
    def comments_sum(post):
        comments = post.comments
        index = 0
        for comment in comments:
            index += 1
        return index

    @app.template_filter('handle_time')
    def handle_time(time):
        """
        time距离现在的时间间隔
        1. 如果时间间隔小于1分钟以内,那么就显示“刚刚”
        2. 如果是大于1分钟小于1小时,那么就显示“xx分钟前”
        3. 如果是大于1小时小于24小时,那么就显示“xx小时前”
        4. 如果是大于24小时小于30天以内,那么就显示“xx天前”
        5. 否则就是显示具体的时间 2017/10/20 16:15
        """
        if isinstance(time, datetime):
            now = datetime.now()
            timestamp = (now - time).total_seconds()
            if timestamp < 60:
                return "刚刚"
            elif timestamp >= 60 and timestamp < 60 * 60:
                minutes = timestamp / 60
                return "%s分钟前" % int(minutes)
            elif timestamp >= 60 * 60 and timestamp < 60 * 60 * 24:
                hours = timestamp / (60 * 60)
                return '%s小时前' % int(hours)
            # elif timestamp >= 60 * 60 * 24 and timestamp < 60 * 60 * 24 * 30:
            #     days = timestamp / (60 * 60 * 24)
            #     return "%s天前" % int(days)
            else:
                # return time.strftime('%Y/%m/%d %H:%M')
                return time.strftime('%m-%d %H:%M')
        else:
            return time

    @app.template_filter('stars')
    def stars(star_author_ids):
        index = 0
        for star_author_id in star_author_ids:
            index += 1
        return index

    @app.template_filter('likes')
    def likes(post):
        sum = 0
        for star in post.stars:
            sum += 1
        return sum

    #过滤html字符以及限制长度
    @app.template_filter('simple')
    def simple(text):
        if re.search(r'<img.*?>', text):
            text = re.sub(r'<img.*?>', '[图片]', text)
        ret = re.sub(r'<.*?>', '', text)
        if len(ret) >= 50:
            ret = ret[:50] + '...'
        return ret

    app.config.from_object(config)
    app.register_blueprint(cms_bp)
    app.register_blueprint(common_bp)
    app.register_blueprint(front_bp)
    app.register_blueprint(ueditor_bp)
    db.init_app(app)
    mail.init_app(app)
    CSRFProtect(app)
    alidayu.init_app(app)
    return app
Пример #15
0
def create_app(config_name):
    # 1.创建app对象
    app = Flask(__name__)

    # 2.将配置信息添加到app上
    config_class = config_dict[config_name]  # DevelopmentConfig

    # 记录日志
    write_log(config_class)

    # DevelopmentConfig   --->赋予app属性为开发模式app
    #ProductionConfig---> 赋予app属性为:线上模式app
    app.config.from_object(config_class)

    # 3.数据对象(mysql和redis)
    # mysql 数据库对象
    # 延迟加载,懒加载,当app有值时才真正进行数据库初始化工作
    db.init_app(app)

    # redis 数据库对象
    global redis_store
    redis_store = StrictRedis(host=config_class.REDIS_HOST,
                              port=config_class.REDIS_PORT,
                              decode_responses=True)

    # 4.给项目添加csrf保护机制
    # 1.提取cookie中的csrf_tocken
    # 2.如果数据是通过表单发送:提取表单中csrf_token,如果数据是通过ajax请求发送的;提取请求头中的字段X-CSRFToken
    # 3.对比两个值是否一致
    CSRFProtect(app)

    # 利用钩子函数在每次请求之后设置csrf_token 值到cookie中
    @app.after_request
    def set_csrf_token(response):
        """补充csrf_token的逻辑"""

        # 1.生成csrf_token随机值
        csrf_token = generate_csrf()
        # 2.获取相应对象,统一设置csrf_token值到cookie中
        response.set_cookie("csrf_token", csrf_token)
        # 3.返回响应对象
        return response

    # 通过app对象将函数添加到系统过滤器中
    app.add_template_filter(do_ranklist_class, "ranklist_class")

    # 捕获404异常,返回404统一页面
    # 注意: 需要接受err信息
    @app.errorhandler(404)
    @get_user_info
    def handler_404notfound(err):

        # 1.查询用户信息
        user = g.user
        data = {"user_info": user.to_dict() if user else None}

        # 2.返回404页面
        return render_template("news/404.html", data=data)
        # return "123"

    # 5.创建Flask_session工具类对象:将flask.session的存储从 服务器内存 调整到redis 数据库
    Session(app)

    # 注意:真正使用蓝图对象时才导入,能够解决循环导入问题
    # 在app 上注册蓝图
    # 注册首页蓝图对象
    from info.modules.index import index_bp
    app.register_blueprint(index_bp)

    # 注册新闻的蓝图对象
    # from info.modules.news import news_bp
    # app.register_blueprint(news_bp)

    # 添加注册模块蓝图
    # from info.modules.passport import passport_bp
    # app.register_blueprint(passport_bp)

    return app
Пример #16
0
from flask_cors import CORS
from flask_login import LoginManager
from flask_wtf import CSRFProtect
from flask_bcrypt import Bcrypt
from flask_openid import OpenID

csrfp = CSRFProtect()
cors = CORS()
lm = LoginManager()
bcrypt = Bcrypt()
oid = OpenID()
Пример #17
0
                            SECRET_KEY=pwgen(64),
                            BABEL_TRANSLATION_DIRECTORIES="../translations")
    print("\nWARNING: c3bottles is not configured properly and this\n"
          "instance fell back to the default configuration. This means\n"
          "that the secret key will change on every restart of the\n"
          "server and all users will be logged out forcibly!\n")

Compress(c3bottles)

db = SQLAlchemy(c3bottles, session_options={"autoflush": False})

lm = LoginManager(c3bottles)

bcrypt = Bcrypt(c3bottles)

csrf = CSRFProtect(c3bottles)

babel = Babel(c3bottles)

languages = ("en", "de")
locales = {l: Locale(l) for l in languages}
language_list = sorted([l for l in languages],
                       key=lambda k: locales[k].get_display_name())


def get_locale():
    """
    Get the locale from the session. If no locale is available, set it.
    """
    if "lang" not in session or session["lang"] not in language_list:
        set_locale()
Пример #18
0
def create_app(config_name):

    app = Flask(__name__)

    # 获取配置文件里面的key
    name =  config_map.get(config_name)
    # 加载配置文件DevelopementConfig,ProdutionConfig
    app.config.from_object(name)
    # 初始化
    db.init_app(app)
    # 创建redis对象(用来存储验证码,图片验证码和短信验证码)
    global redis_store
    redis_store =  redis.StrictRedis(host=name.REDIS_HOST,port=name.REDIS_PORT,decode_responses=True)

    # 开启CSRF保护,避免视图函数受到攻击
    CSRFProtect(app)
    # 开启session
    Session(app)

    @app.after_request
    def after_request(response):
        # 创建一个CSRF_Token
        csrf_token =  generate_csrf()
        # 往浏览器客户端写一个CSRF_token
        response.set_cookie('csrf_token',csrf_token)
        return response


    from info.utils.common import user_login_data
    @app.errorhandler(404)
    @user_login_data
    def error_404_handler(error):
        user = g.user

        data = {
            "user_info": user.to_dict() if user else None,

        }
        return render_template('news/404.html', data=data)

    # 注册自定义过滤器
    from info.utils.common import do_class_index
    # 添加一个模板过滤器
    # 第一个参数表示函数的名字
    # 第二个参数表示过滤器的名字
    app.add_template_filter(do_class_index,'indexClass')

    # 首页
    from info.index import index_blue
    app.register_blueprint(index_blue)

    # 登陆注册
    from info.passport import passport_blue
    app.register_blueprint(passport_blue)

    # 新闻详情
    from info.news import news_blue
    app.register_blueprint(news_blue)

    # 个人中心
    from info.user import profile_blue
    app.register_blueprint(profile_blue)

    # 个人中心
    from info.admin import admin_blue
    app.register_blueprint(admin_blue)

    return app
Пример #19
0
import os

from flask_sqlalchemy import SQLAlchemy
from flask_bcrypt import Bcrypt
from flask_login import LoginManager
from flask_wtf import CSRFProtect
from sqlalchemy_searchable import SearchQueryMixin
from flask_mail import Mail
from flask_session import Session
from flask_migrate import Migrate

db = SQLAlchemy()
bcrypt = Bcrypt()
csrf_protect = CSRFProtect()
login = LoginManager()
login.login_view = 'login.index'
login.login_message = ('Please log in to access this page.')
mail = Mail()
migrate = Migrate()
Пример #20
0
def create_app(config_str):
    app = Flask(__name__)
    # 从字典中获取类
    app.config.from_object(config_dict[config_str])
    # 日志初始化
    setup_log(config_str)
    # mysql初始化
    db.init_app(app)
    # 初始化redis数据库
    global redis_store
    # redis_store = StrictRedis(
    #     host="REDIS_HOST",
    #     port="REDIS_PORT",
    #     db="REDIS_DB",
    #     )
    redis_store = StrictRedis(
        host=app.config.get('REDIS_HOST'),
        port=app.config.get('REDIS_PORT'),
        db=app.config.get('REDIS_DB')
    )
    # 导入蓝图
    # 蓝图注入app 中
    from info.modules.index import index_blueprint
    app.register_blueprint(index_blueprint)

    from info.modules.passport import passport_blueprint
    app.register_blueprint(passport_blueprint)

    from info.modules.news import new_blueprint
    app.register_blueprint(new_blueprint)

    from info.modules.profile import profile_blueprint
    app.register_blueprint(profile_blueprint)

    from info.modules.admin import admin_blueprint
    app.register_blueprint(admin_blueprint)
    # csrf保护
    CSRFProtect(app)
    # session 保存在redis中
    Session(app)

    @app.after_request
    def after(response):
        # 完善CSRF验证
        from flask_wtf.csrf import generate_csrf
        # 生成csrf口令
        token = generate_csrf()
        # 输出到浏览器cookie中
        response.set_cookie('csrf_token', token)
        return response
    from info.utils.common import longin_wrappes
    @app.errorhandler(404)
    @longin_wrappes
    def header_404(e):
        data = {
            "user": g.user
        }

        return render_template("news/404.html",data = data)

    return app
Пример #21
0
def create_app(config=None):
    """Create the Flask app instance that is used throughout the application.

    Args:
        config: Path to configuration file as a string or an object with config
        directives.

    Returns:
        Application object (instance of flask.Flask).
    """
    # Setup the Flask app and load the config.
    app = Flask(__name__,
                template_folder=u'ui/templates',
                static_folder=u'ui/static')

    if not config:
        config = u'/etc/timesketch.conf'

    if isinstance(config, unicode):
        os.environ[u'TIMESKETCH_SETTINGS'] = config
        try:
            app.config.from_envvar(u'TIMESKETCH_SETTINGS')
        except IOError:
            sys.stderr.write(
                u'Config file {0} does not exist.\n'.format(config))
            sys.exit()
    else:
        app.config.from_object(config)

    # Make sure that SECRET_KEY is configured.
    if not app.config[u'SECRET_KEY']:
        sys.stderr.write(u'ERROR: Secret key not present. '
                         u'Please update your configuration.\n'
                         u'To generate a key you can use openssl:\n\n'
                         u'$ openssl rand -base64 32\n\n')
        sys.exit()

    # Plaso version that we support
    if app.config[u'UPLOAD_ENABLED']:
        try:
            from plaso import __version__ as plaso_version
        except ImportError:
            sys.stderr.write(u'Upload is enabled, but Plaso is not installed.')
            sys.exit()
        app.config[u'PLASO_VERSION'] = plaso_version

    # Setup the database.
    configure_engine(app.config[u'SQLALCHEMY_DATABASE_URI'])
    db = init_db()

    # Alembic migration support:
    # http://alembic.zzzcomputing.com/en/latest/
    migrate = Migrate()
    migrate.init_app(app, db)

    # Register blueprints. Blueprints are a way to organize your Flask
    # Flask application. See this for more information:
    # http://flask.pocoo.org/docs/latest/blueprints/
    app.register_blueprint(user_views)
    app.register_blueprint(home_views)
    app.register_blueprint(sketch_views)
    app.register_blueprint(story_views)

    # Setup URL routes for the API.
    api_v1 = Api(app, prefix=u'/api/v1')
    api_v1.add_resource(SketchListResource, u'/sketches/')
    api_v1.add_resource(SketchResource, u'/sketches/<int:sketch_id>/')
    api_v1.add_resource(AggregationResource,
                        u'/sketches/<int:sketch_id>/aggregation/')
    api_v1.add_resource(ExploreResource, u'/sketches/<int:sketch_id>/explore/')
    api_v1.add_resource(EventResource, u'/sketches/<int:sketch_id>/event/')
    api_v1.add_resource(EventAnnotationResource,
                        u'/sketches/<int:sketch_id>/event/annotate/')
    api_v1.add_resource(ViewListResource, u'/sketches/<int:sketch_id>/views/')
    api_v1.add_resource(ViewResource,
                        u'/sketches/<int:sketch_id>/views/<int:view_id>/')
    api_v1.add_resource(SearchTemplateListResource, u'/searchtemplate/')
    api_v1.add_resource(SearchTemplateResource,
                        u'/searchtemplate/<int:searchtemplate_id>/')
    api_v1.add_resource(UploadFileResource, u'/upload/')
    api_v1.add_resource(TaskResource, u'/tasks/')
    api_v1.add_resource(StoryListResource,
                        u'/sketches/<int:sketch_id>/stories/')
    api_v1.add_resource(StoryResource,
                        u'/sketches/<int:sketch_id>/stories/<int:story_id>/')
    api_v1.add_resource(QueryResource,
                        u'/sketches/<int:sketch_id>/explore/query/')
    api_v1.add_resource(CountEventsResource,
                        u'/sketches/<int:sketch_id>/count/')
    api_v1.add_resource(TimelineListResource,
                        u'/sketches/<int:sketch_id>/timelines/')
    api_v1.add_resource(
        TimelineResource,
        u'/sketches/<int:sketch_id>/timelines/<int:timeline_id>/')
    api_v1.add_resource(GraphResource,
                        u'/sketches/<int:sketch_id>/explore/graph/')

    # Register error handlers
    # pylint: disable=unused-variable
    @app.errorhandler(ApiHTTPError)
    def handle_api_http_error(error):
        """Error handler for API HTTP errors.

        Returns:
            HTTP response object (instance of flask.wrappers.Response)
        """
        return error.build_response()

    # Setup the login manager.
    login_manager = LoginManager()
    login_manager.init_app(app)
    login_manager.login_view = u'user_views.login'

    # This is used by the flask_login extension.
    # pylint: disable=unused-variable
    @login_manager.user_loader
    def load_user(user_id):
        """Based on a user_id (database primary key for a user) this function
        loads a user from the database. It is used by the Flask-Login extension
        to setup up the session for the user.

        Args:
            user_id: Integer primary key for the user.

        Returns:
            A user object (Instance of timesketch.models.user.User).
        """
        return User.query.get(user_id)

    # Setup CSRF protection for the whole application
    CSRFProtect(app)

    return app
Пример #22
0
def create_app():

    app = Flask(
        __name__
    )  # this is the name of the module/package that is calling this app
    app.debug = True
    app.secret_key = 'pineapples'
    #set the app configuration data
    #the folder to store images
    UPLOAD_FOLDER = '/static/img'
    app.config["UPLOAD_FOLDER"] = UPLOAD_FOLDER

    #Disable security due to CSRF token bug
    app.config['WTF_CSRF_ENABLED'] = False
    app.config['WTF_CSRF_SECRET_KEY'] = 'pineapples'
    csrf = CSRFProtect()
    csrf.init_app(app)

    #app.config['SQLALCHEMY_DATABASE_URI']='sqlite:///marketplace.sqlite'
    app.config.from_mapping(
        #     #Flask SQLAlchemy settings
        SQLALCHEMY_DATABASE_URI=os.environ['DATABASE_URL'], )
    #initialize db with flask app
    db.init_app(app)

    ctx = app.app_context()
    ctx.push()
    db.create_all()

    bootstrap = Bootstrap(app)

    #initialize the login manager
    login_manager = LoginManager()

    #set the name of the login function that lets user login
    # in our case it is auth.login (blueprintname.viewfunction name)
    login_manager.login_view = 'auth.authenticate'
    login_manager.init_app(app)

    #create a user loader function takes userid and returns User
    #from .models import User  # importing here to avoid circular references
    @login_manager.user_loader
    def load_user(user_id):
        return User.query.get(int(user_id))

    @login_manager.unauthorized_handler
    def unauthorized():
        return redirect(url_for('auth.authenticate'))

    login_manager.session_protection = 'basic'

    #importing views module here to avoid circular references
    # a commonly used practice.
    from . import views
    app.register_blueprint(views.bp)

    from . import products
    app.register_blueprint(products.bp)

    from . import auth
    app.register_blueprint(auth.bp)

    #Define global variables for access inside jinja templates
    app.jinja_env.globals.update(ProductType=ProductType)
    app.jinja_env.globals.update(SubTypes=SubTypes)

    #Error handling returns set pages
    @app.errorhandler(404)
    def not_found_error(error):
        return render_template('404.html'), 404

    @app.errorhandler(400)
    def bad_request_error(error):
        return render_template('400.html'), 400

    @app.errorhandler(500)
    def internal_error(error):
        return render_template('500.html'), 500

    return app
Пример #23
0
def create_app(config=None):
    """Create the Flask app instance that is used throughout the application.

    Args:
        config: Path to configuration file as a string or an object with config
        directives.

    Returns:
        Application object (instance of flask.Flask).
    """
    # Setup the Flask app and load the config.
    template_folder = 'templates'
    static_folder = 'static'

    if USE_NEW_FRONTEND:
        template_folder = 'frontend/dist'
        static_folder = 'frontend/dist'

    app = Flask(
        __name__,
        template_folder=template_folder,
        static_folder=static_folder
    )

    if not config:
        # Where to find the config file
        default_path = '/etc/timesketch/timesketch.conf'
        # Fall back to legacy location of the config file
        legacy_path = '/etc/timesketch.conf'
        if os.path.isfile(default_path):
            config = default_path
        else:
            config = legacy_path

    if isinstance(config, six.text_type):
        os.environ['TIMESKETCH_SETTINGS'] = config
        try:
            app.config.from_envvar('TIMESKETCH_SETTINGS')
        except IOError:
            sys.stderr.write(
                'Config file {0} does not exist.\n'.format(config))
            sys.exit()
    else:
        app.config.from_object(config)

    # Make sure that SECRET_KEY is configured.
    if not app.config['SECRET_KEY']:
        sys.stderr.write('ERROR: Secret key not present. '
                         'Please update your configuration.\n'
                         'To generate a key you can use openssl:\n\n'
                         '$ openssl rand -base64 32\n\n')
        sys.exit()

    # Plaso version that we support
    if app.config['UPLOAD_ENABLED']:
        try:
            from plaso import __version__ as plaso_version
            app.config['PLASO_VERSION'] = plaso_version
        except ImportError:
            sys.stderr.write('Upload is enabled, but Plaso is not installed.')

    # Setup the database.
    configure_engine(app.config['SQLALCHEMY_DATABASE_URI'])
    db = init_db()

    # Alembic migration support:
    # http://alembic.zzzcomputing.com/en/latest/
    migrate = Migrate()
    migrate.init_app(app, db)

    # Register blueprints. Blueprints are a way to organize your Flask
    # Flask application. See this for more information:
    # http://flask.pocoo.org/docs/latest/blueprints/
    if USE_NEW_FRONTEND:
        app.register_blueprint(spa_views)
        app.register_blueprint(auth_views)
    else:
        app.register_blueprint(auth_views)
        app.register_blueprint(home_views)
        app.register_blueprint(sketch_views)

    # Setup URL routes for the API.
    api_v1 = Api(app, prefix='/api/v1')
    for route in V1_API_ROUTES:
        api_v1.add_resource(*route)

    # Register error handlers
    # pylint: disable=unused-variable
    @app.errorhandler(ApiHTTPError)
    def handle_api_http_error(error):
        """Error handler for API HTTP errors.

        Returns:
            HTTP response object (instance of flask.wrappers.Response)
        """
        return error.build_response()

    # Setup the login manager.
    login_manager = LoginManager()
    login_manager.init_app(app)
    login_manager.login_view = 'user_views.login'

    # This is used by the flask_login extension.
    # pylint: disable=unused-variable
    @login_manager.user_loader
    def load_user(user_id):
        """Based on a user_id (database primary key for a user) this function
        loads a user from the database. It is used by the Flask-Login extension
        to setup up the session for the user.

        Args:
            user_id: Integer primary key for the user.

        Returns:
            A user object (Instance of timesketch.models.user.User).
        """
        return User.query.get(user_id)

    # Setup CSRF protection for the whole application
    CSRFProtect(app)

    return app
Пример #24
0
def create_app(config_name):
    """返回app"""

    # 1.设置日志
    setup_log(config_name)
    # 2.创建app
    app = Flask(__name__)
    # 3.加载配置
    config_object = config[config_name]
    app.config.from_object(config_object)

    # 4.加载各种扩展
    # 4.1初始化数据库
    db.init_app(app)

    # 4.2开启CSRF项目保护,只做服务器的验证
    from flask_wtf import CSRFProtect
    CSRFProtect(app)

    @app.after_request
    def after_request(response):
        from flask_wtf.csrf import generate_csrf
        csrf_token = generate_csrf()
        response.set_cookie('csrf_token', csrf_token)
        return response

    # 4.3 统一对网站的404错误做处理
    from info.utils.common import user_login_data

    @app.errorhandler(404)
    @user_login_data
    def page_not_found(e):
        user = g.user
        return render_template('news/404.html',
                               data={'user': user.to_dict() if user else None})

    # 4.4设置session保存到指定位置
    from flask_session import Session
    Session(app)

    # 5初始化全局变量
    # 5.1初始化redis存储对象
    global redis_store
    from redis import StrictRedis
    redis_store = StrictRedis(host=config_object.REDIS_HOST,
                              port=config_object.REDIS_PORT,
                              decode_responses=True)

    # 注册过滤器
    # 主页排行过滤器
    from info.utils.common import do_index_class, do_index_active
    app.add_template_filter(do_index_class, 'index_class')
    app.add_template_filter(do_index_active, 'index_active')

    # 6.注册蓝图
    # 6.1主页蓝图
    from info.modules.index import index_blu
    app.register_blueprint(index_blu)

    # 6.2 登录与注册蓝图
    from info.modules.passport import passport_blu
    app.register_blueprint(passport_blu)

    # 6.3 新闻蓝图
    from info.modules.news import news_blu
    app.register_blueprint(news_blu)

    # 6.3 用户信息管理蓝图
    from info.modules.profile import profile_blu
    app.register_blueprint(profile_blu)

    # 6.4 管理员信息管理蓝图
    from info.modules.admin import admin_blu
    app.register_blueprint(admin_blu)

    # 7.返回app对象
    return app
Пример #25
0
def csrfProtectCanBeImportedFromFlaskWtfDirectly():
  from flask import Flask
  from flask_wtf import CSRFProtect
  app = Flask(__name__) # Compliant
  CSRFProtect(app)
Пример #26
0
def create_app(config_name):
    app = Flask(__name__)
    #设置日志
    setup_log(config_name)

    app.config.from_object(config[config_name])
    #初始化db
    db.init_app(app)

    global redis_store
    #初始化redis,存储表单
    redis_store = StrictRedis(host=config[config_name].REDIS_HOST,port =config[config_name].REDIS_PORT,decode_responses=True)

    #开启当前项目CSRF保护,制作服务器验证功能,cookie中的csrf_token和表单csrf_token需要我们自己实现..
    #
    CSRFProtect(app)

    #设置session保存位置
    Session(app)

    from info.utils.common import do_index_class
    from info.utils.common import  user_login_data
    #添加过滤器
    app.add_template_filter(do_index_class,"indexclass")



    @app.after_request
    def after_request(response):
        #生成随机的csrftoken
        csrf_token=generate_csrf()
        #设置一个csrf
        response.set_cookie("csrf_token",csrf_token)
        return response
    @app.errorhandler(404)
    @user_login_data
    def page_not_fount(*args,**kwargs):
        user =g.user

        data = {'user':user.to_dict() if user else None}
        return render_template('news/404.html',data=data)

    #注册蓝图
    from info.modules.index import index_blu
    app.register_blueprint(index_blu)

    from info.modules.passport import passport_blu
    app.register_blueprint(passport_blu)

    from info.modules.news import news_blu
    app.register_blueprint(news_blu)

    from info.modules.profile import profile_blu
    app.register_blueprint(profile_blu)

    from info.modules.admin import admin_blu
    app.register_blueprint(admin_blu)





    return app
Пример #27
0
 def configure_wtf(self):
     if self.config["WTF_CSRF_ENABLED"]:
         csrf = CSRFProtect(self.flask_app)
         csrf_exempt_list = self.config["WTF_CSRF_EXEMPT_LIST"]
         for ex in csrf_exempt_list:
             csrf.exempt(ex)
Пример #28
0
from flask import Flask, request, jsonify, Response, redirect, render_template, flash, url_for, session
from flask_pymongo import PyMongo
from werkzeug.security import generate_password_hash, check_password_hash  # biblioteca para criptografar senhas
from bson import json_util
from bson.objectid import ObjectId
from forms import *
from flask_wtf import CSRFProtect
from functools import wraps

app = Flask(__name__)
app.config['MONGO_URI'] = 'mongodb://localhost/bdpmi'  # Base de dados
mongo = PyMongo(app)
app.secret_key = 'chavesecreta'
csrf = CSRFProtect(app)  # Função do Flask para proteger Form


# Controle de sessão do usuario
def login_required(run):
    @wraps(run)
    def wrap(*args, **kwargs):
        if 'usuario' in session:
            return run(*args, **kwargs)
        else:
            flash('Por favor! Efetue o login primeiro!')
            return redirect(url_for('login'))

    return wrap


##################################################################################
# ROTA HOME /
Пример #29
0
from flask import Flask
from flask_login import LoginManager
from flask_migrate import Migrate
from flask_wtf import CSRFProtect

from admin import admin
from config import Config
from models import db

app = Flask(__name__)
csrf = CSRFProtect(app)
app.config.from_object(Config)
db.init_app(app)
migrate = Migrate(app, db)
manager = LoginManager(app)
admin.init_app(app)

from templatefilter import *
from context_processor import *
from views import *

if __name__ == '__main__':
    app.run(debug=True)
Пример #30
0
def create_app(config_name):
    # 配置日志,并且传入配置名字,以便能获取到指定配置所对应的日志等级
    setup_log(config_name)
    # 创建Flask对象
    app = Flask(__name__)
    # 加载配置
    app.config.from_object(config[config_name])
    # 通过app初始化
    db.init_app(app)
    # 初始化 redis 存储对象
    global redis_store
    redis_store = StrictRedis(host=config[config_name].REDIS_HOST,
                              port=config[config_name].REDIS_PORT,
                              decode_responses=True)
    # 开启当前项目 CSRF 保护,只做服务器验证功能
    # 帮我们做了:从cookie中取出随机值,从表单中取出随机,然后进行校验,并且响应校验结果
    # 我们需要做:1. 在返回响应的时候,往cookie中添加一个csrf_token,2. 并且在表单中添加一个隐藏的csrf_token
    # 而我们现在登录或者注册不是使用的表单,而是使用 ajax 请求,所以我们需要在 ajax 请求的时候带上 csrf_token 这个随机值就可以了
    CSRFProtect(app)
    # 设置session保存指定位置
    Session(app)

    # 初始化数据库
    #  在Flask很多扩展里面都可以先初始化扩展的对象,然后再去调用 init_app 方法去初始化
    from info.utils.common import do_index_class
    # 添加自定义过滤器
    app.add_template_filter(do_index_class, "index_class")

    from info.utils.common import user_login_data

    @app.errorhandler(404)
    @user_login_data
    def page_not_fount(e):
        user = g.user
        data = {"user": user.to_dict() if user else None}
        return render_template('news/404.html', data=data)

    @app.after_request
    def after_request(response):
        # 生成随机的csrf_token的值
        csrf_token = generate_csrf()
        # 设置一个cookie
        response.set_cookie("csrf_token", csrf_token)
        return response

    # 注册蓝图
    from info.modules.index import index_blu
    app.register_blueprint(index_blu)

    from info.modules.passport import passport_blu
    app.register_blueprint(passport_blu)

    from info.modules.news import news_blu
    app.register_blueprint(news_blu)

    from info.modules.profile import profile_blu
    app.register_blueprint(profile_blu)

    from info.modules.admin import admin_blu
    app.register_blueprint(admin_blu, url_prefix="/admin")

    return app