def get_security_headers():
"""Get security headers."""
domain_white_list = []
for hook in HookUtils.instance().hooks():
domain_white_list += hook.register_secure_domains()
content_security_policy = {
'img-src': ["'self'", 'data:'],
'style-src': ["'self'", "'unsafe-inline'"],
'frame-src': ["'self'"] + domain_white_list,
'frame-ancestors': ["'self'"] + domain_white_list,
'default-src': ["'self'"],
}
headers = {
'X-Frame-Options': 'SAMEORIGIN',
'X-XSS-Protection': '1; mode=block',
'X-Content-Type-Options': 'nosniff',
'Access-Control-Allow-Methods': ', '.join(settings.SUPPORT_REQUEST_METHODS),
'Content-Security-Policy': '; '.join([
f"{k} {' '.join(v)}" for k, v in content_security_policy.items()
]),
'X-Download-Options': 'noopen',
'Cache-Control': 'no-store',
'Pragma': 'no-cache'
}
return list(headers.items())
def add_arguments(self, parser):
"""
Add arguments to parser.
Args:
parser (ArgumentParser): Specify parser to which arguments are added.
"""
parser.add_argument('--config',
type=str,
action=ConfigAction,
help="""
Specify path for user config module or file of the form python:path.to.config.module
or file:/path/to/config.py
""")
parser.add_argument('--workspace',
type=str,
action=WorkspaceAction,
help="""
Specify path for user workspace. Default is %s.
""" % settings.WORKSPACE)
parser.add_argument('--port',
type=int,
action=PortAction,
help="""
Custom port ranging from %s to %s. Default value is %s.
""" % (PortAction.MIN_PORT, PortAction.MAX_PORT, settings.PORT))
for hook in HookUtils.instance().hooks():
hook.register_startup_arguments(parser)
def run(self, args):
"""
Run to stop.
Args:
args (Namespace): Parsed arguments to hold customized parameters.
"""
port, pid = args.port, args.pid
if not pid:
msg = f'No mindinsight service started by current user found for port {port}'
self.console.error(msg)
sys.exit(1)
self.logfile.info('Stop mindinsight with port %s and pid %s.', port, pid)
process = psutil.Process(pid)
processes = process.children(recursive=True)
processes.append(process)
try:
self._send_signal(process, signal.SIGINT)
# Wait 3 seconds, if not terminate, kill the worker process.
exit_timeout_seconds = 3
_, alive = psutil.wait_procs(processes, exit_timeout_seconds)
for alive_process in alive:
self.logfile.info("Stop process %d because timeout.", alive_process.pid)
self._send_signal(alive_process, signal.SIGKILL)
except psutil.Error as ex:
self.logfile.error("Stop process %d failed. Detail: %s.", pid, str(ex))
for hook in HookUtils.instance().hooks():
hook.on_shutdown(self.logfile)
self.console.info('Stop mindinsight service successfully')
def run(self, args):
"""
Run to stop.
Args:
args (Namespace): Parsed arguments to hold customized parameters.
"""
port, pid = args.port, args.pid
if not pid:
msg = f'No mindinsight service started by current user found for port {port}'
self.console.error(msg)
sys.exit(1)
self.logfile.info('Stop mindinsight with port %s and pid %s.', port,
pid)
process = psutil.Process(pid)
processes_to_kill = [process]
# Set recursive to True to kill grand children processes.
for child in process.children(recursive=True):
processes_to_kill.append(child)
for proc in processes_to_kill:
self.logfile.info('Stopping mindinsight process %s.', proc.pid)
try:
proc.send_signal(signal.SIGKILL)
except psutil.Error as ex:
self.logfile.warning("Stop process %s failed. Detail: %s.",
proc.pid, str(ex))
for hook in HookUtils.instance().hooks():
hook.on_shutdown(self.logfile)
self.console.info('Stop mindinsight service successfully')
def add_arguments(self, parser):
"""
Add arguments to parser.
Args:
parser (ArgumentParser): Specify parser to which arguments are added.
"""
parser.add_argument('--workspace',
type=str,
action=WorkspaceAction,
help="""
Specify path for user workspace. Default is
$HOME/mindinsight.
""")
parser.add_argument('--port',
type=int,
action=PortAction,
help="""
Custom port ranging from %s to %s. Default value is %s.
""" % (PortAction.MIN_PORT, PortAction.MAX_PORT, settings.PORT))
parser.add_argument('--url-path-prefix',
type=str,
action=UrlPathPrefixAction,
help="""
Custom URL path prefix for web page address. URL path prefix
consists of segments separated by slashes. Each segment supports
alphabets / digits / underscores / dashes / dots, but not single
dot or double dots. Default value is ''.
""")
for hook in HookUtils.instance().hooks():
hook.register_startup_arguments(parser)
def add_arguments(self, parser):
"""
Add arguments to parser.
Args:
parser (ArgumentParser): Specify parser to which arguments are added.
"""
parser.add_argument('--config',
type=str,
action=ConfigAction,
help="""
Specify path for user config module or file of the form python:path.to.config.module
or file:/path/to/config.py
""")
parser.add_argument('--workspace',
type=str,
action=WorkspaceAction,
help="""
Specify path for user workspace. Default is %s.
""" % settings.WORKSPACE)
parser.add_argument('--port',
type=int,
action=PortAction,
help="""
Custom port ranging from %s to %s. Default value is %s.
""" % (PortAction.MIN_PORT, PortAction.MAX_PORT, settings.PORT))
parser.add_argument('--host',
type=str,
action=HostAction,
help="""
Custom host to bind process to e.g. %s - %s or specific IP. Default value is %s.
""" % (HostAction.LOCALHOST, HostAction.BIND_ALL, settings.HOST))
parser.add_argument('--url-path-prefix',
type=str,
action=UrlPathPrefixAction,
help="""
Custom URL path prefix for web page address. URL path prefix
consists of segments separated by slashes. Each segment supports
alphabets / digits / underscores / dashes / dots, but not single
dot or double dots. Default value is ''.
""")
for hook in HookUtils.instance().hooks():
hook.register_startup_arguments(parser)
def run(self, args):
"""
Run to stop.
Args:
args (Namespace): Parsed arguments to hold customized parameters.
"""
port, pid = args.port, args.pid
if not pid:
msg = f'No mindinsight service started by current user found for port {port}'
self.console.error(msg)
sys.exit(1)
self.logfile.info('Stop mindinsight with port %s and pid %s.', port,
pid)
process = psutil.Process(pid)
child_pids = [child.pid for child in process.children()]
# kill gunicorn master process
try:
os.kill(pid, signal.SIGKILL)
except PermissionError:
self.console.info('kill pid %s failed due to permission error',
pid)
sys.exit(1)
# cleanup gunicorn worker processes
for child_pid in child_pids:
try:
os.kill(child_pid, signal.SIGKILL)
except ProcessLookupError:
pass
for hook in HookUtils.instance().hooks():
hook.on_shutdown(self.logfile)
self.console.info('Stop mindinsight service successfully')
def add_arguments(self, parser):
"""
Add arguments to parser.
Args:
parser (ArgumentParser): Specify parser to which arguments are added.
"""
parser.add_argument(
'--config',
type=str,
action=ConfigAction,
help="""
Specify path for user config module or file of the form python:path.to.config.module
or file:/path/to/config.py
""")
parser.add_argument(
'--workspace',
type=str,
action=WorkspaceAction,
help="""
Specify path for user workspace. Default is %s.
""" % settings.WORKSPACE)
parser.add_argument(
'--port',
type=int,
action=PortAction,
help="""
Custom port ranging from %s to %s. Default value is %s.
""" % (PortAction.MIN_PORT, PortAction.MAX_PORT, settings.PORT))
parser.add_argument(
'--debugger_port',
type=int,
action=PortAction,
help="""
Debugger port ranging from %s to %s. Default value is %s.
""" % (PortAction.MIN_PORT, PortAction.MAX_PORT, settings.DEBUGGER_PORT))
parser.add_argument(
'--url-path-prefix',
type=str,
action=UrlPathPrefixAction,
help="""
Custom URL path prefix for web page address. URL path prefix
consists of segments separated by slashes. Each segment supports
alphabets / digits / underscores / dashes / dots, but not single
dot or double dots. Default value is ''.
""")
parser.add_argument(
'--enable_debugger',
type=str2bool,
action=EnableDebuggerAction,
default=False,
help="""
Enable debugger or not.
Default is False.""")
for hook in HookUtils.instance().hooks():
hook.register_startup_arguments(parser)