def create_access_codes(self): token = SeaSurf()._generate_token() new_access_codes = { 'access_granted': token, 'expiration': (datetime.datetime.now() + datetime.timedelta( seconds=self.config['permissions_cache_expiry'])) } self._access_codes = new_access_codes return self._access_codes
def create_app(): app = Flask(__name__) app.url_map.strict_slashes = False app.config.from_pyfile("config.cfg") app.wsgi_app = SassMiddleware( app.wsgi_app, {f"{__name__}": ("static/sass", "static/css", "/static/css")}) from routes.auth import auth app.register_blueprint(auth) from routes.main import main app.register_blueprint(main) @app.errorhandler(403) def does_not_exist(err): return render_template( "errors/client.html", code="403", title="403 Forbidden", message="You do not have access to this page."), 403 @app.errorhandler(404) def does_not_exist(err): return render_template("errors/client.html", code="404", title="404 Not Found", message="Page not found."), 404 @app.errorhandler(500) def does_not_exist(err): return render_template("errors/error.html", title="500 Server Error"), 500 login_manager = LoginManager() login_manager.session_protection = "strong" login_manager.login_view = "auth.login" login_manager.init_app(app) @login_manager.user_loader def load_user(username: str): return User(username, True) limiter = Limiter(app, key_func=get_remote_address, default_limits=["1 per second"]) @limiter.request_filter def ip_whitelist(): return request.remote_addr == "127.0.0.1" SeaSurf(app) return app
def setUp(self): app = Flask(__name__) app.debug = True self.app = app csrf = SeaSurf(app) csrf._csrf_disable = False self.csrf = csrf @csrf.exempt @app.route('/foo', methods=['POST']) def foo(): return 'bar' @app.route('/bar', methods=['POST']) def bar(): return 'foo'
def setUp(self): app = Flask(__name__) app.debug = True app.config['SEASURF_INCLUDE_OR_EXEMPT_VIEWS'] = 'exempt' self.app = app csrf = SeaSurf(app) csrf._csrf_disable = False self.csrf = csrf @csrf.exempt @app.route('/foo', methods=['POST']) def foo(): return 'bar' @app.route('/bar', methods=['POST']) def bar(): return 'foo'
def create_app(test_config=None): """Create and configure an instance of the Flask application.""" app = Flask(__name__) aconf = CRACK_CONF['app'] #CORS(app, resources={r'/*': {'origins': 'http://localhost:8081', # 'supports_credentials': True}, # }) app.config['SESSION_TYPE'] = aconf['SESSION_TYPE'] app.config['SQLALCHEMY_DATABASE_URI'] = aconf['SQLALCHEMY_DATABASE_URI'] app.config['SESSION_COOKIE_HTTPONLY'] = aconf['SESSION_COOKIE_HTTPONLY'] app.config['SESSION_COOKIE_SECURE'] = aconf['SESSION_COOKIE_SECURE'] app.config['PERMANENT_SESSION_LIFETIME'] = int( aconf['PERMANENT_SESSION_LIFETIME']) app.config['SESSION_PERMANENT'] = True app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False #Talisman(app, strict_transport_security=False) csrf = SeaSurf() app.config['CSRF_COOKIE_NAME'] = 'csrftoken' csrf.init_app(app) db.init_app(app) with app.app_context(): db.create_all() api = Api(app) api.add_resource(cq_api.Login, '/api/login') api.add_resource(cq_api.Sso, '/api/sso') api.add_resource(cq_api.Logout, '/api/logout') api.add_resource(cq_api.Options, '/api/options') api.add_resource(cq_api.Queuing, '/api/queuing/<job_id>') api.add_resource(cq_api.Adder, '/api/add') api.add_resource(cq_api.Reports, '/api/reports') #login_manager = LoginManager() #login_manager.session_protection = "strong" login_manager.init_app(app) session = Session(app) session.init_app(app) session.app.session_interface.db.create_all() return app
def __init__(self, *args, **kwargs): Flask.__init__(self, *args, **kwargs) self.unauthenticated_routes = {'static': True} self.csrf = SeaSurf(self) if not config.ok: log.error("Configuration is not correctly set. Please correct it") self.secret_key = "NOT THE REAL SECRET KEY" return self.config.update( SECRET_KEY=config.application.session_key, SESSION_COOKIE_SECURE=config.application.session_cookie_secure, SESSION_COOKIE_HTTPONLY=config.application.session_cookie_httponly ) # PREFERRED_URL_SCHEME only valid in flask 0.9+ if Version(flask.__version__) >= Version('0.9'): self.config.update( PREFERRED_URL_SCHEME=config.application.preferred_url_scheme ) self.secret_key = config.application.session_key # Do we need this? # MAH has it's own logging mechanism, and this should be used for flask # extensions (such as seasurf) for handler in log.handlers: self.logger.addHandler(handler) # pylint: disable=E1101
"Define environment variable APP_CONFIG_FILE to point to a configuration file " "to customize configuration from the defaults.") # # verify MONGODB_URL has been set successfully in our configuration # if "MONGODB_URL" not in flask_app.config: flask_app.logger.error("Could not find required setting MONGODB_URL.") else: flask_app.logger.info("Using MongoDB at {}".format( flask_app.config["MONGODB_URL"])) if 'FLASK_ENV' in flask_app.config and flask_app.config[ 'FLASK_ENV'] != 'development': # enable csrf when not using swagger, client must present csrf token csrf = SeaSurf(flask_app) selected_csp_policy = { 'font-src': '\'self\'', 'img-src': '\'self\'', 'frame-src': '\'self\'', 'script-src': '\'self\'', 'style-src': '\'self\'', 'default-src': '\'self\'', } else: # # Swagger isn't SeaSurf aware, so do not enable it in development mode. # # Talisman will prevent the swaggerui from loading in the browser due to unsafe inlines in the swagger web content, # so modify the CSP so swagger can work when in development mode. #
def create_app(config=None): sentry_sdk.init(send_default_pii=False, integrations=[FlaskIntegration()]) app = Flask(__name__) config = config or 'sfa_dash.config.DevConfig' app.config.from_object(config) app.secret_key = app.config['SECRET_KEY'] SeaSurf(app) register_jinja_filters(app) error_handlers.register_handlers(app) if app.config['SQLALCHEMY_DATABASE_URI']: db.init_app(app) db.create_all(app=app) make_auth0_blueprint(app, base_url=app.config['AUTH0_OAUTH_BASE_URL'], storage=session_storage) def protect_endpoint(): try: authorized = oauth_request_session.authorized except ValueError: # no token set for user/no user set authorized = False # authorized == True means we have a token, not necessarily that it # hasn't expired, but refreshing is handled # by request_oauthlib and oauthlib # and the api validates expiration if not authorized: session['redirect_path'] = request.path return redirect(url_for('auth0.login')) @app.route('/') def index(): # move index to app so all blueprints are secured # should probably test if authorized and show one # page, show a different page w/ login link otherwise return render_template('index.html') @app.route('/documentation/') def documentation(): return render_template('documentation.html') @app.route('/changelog/') def changelog(): return render_template('changelog.html') @app.context_processor def inject_globals(): # Injects variables into all rendered templates global_template_args = {} global_template_args['user'] = session.get('userinfo') global_template_args.update(template_variables()) return global_template_args @app.errorhandler(500) def server_error_handler(error): return render_template("500.html", sentry_event_id=sentry_sdk.last_event_id(), dsn=os.getenv('SENTRY_DSN', '')), 500 from sfa_dash.blueprints.main import data_dash_blp from sfa_dash.blueprints.form import forms_blp from sfa_dash.blueprints.admin import admin_blp for blp in (data_dash_blp, forms_blp, admin_blp): blp.before_request(protect_endpoint) app.register_blueprint(blp) return app
filename=os.path.join(os.path.dirname(__file__), 'locator-tool.log'), format='[%(asctime)s] %(levelname)s in %(module)s: %(message)s', level=logging.DEBUG, ) app = Flask(__name__, static_url_path='', static_folder='static/') app.config.from_pyfile('config.py') # HTTP security headers Talisman(app, content_security_policy={}) # CSRF protection. settings fitting Angular $httpProvider app.config['CSRF_COOKIE_NAME'] = 'XSRF-TOKEN' app.config['CSRF_HEADER_NAME'] = 'X-XSRF-TOKEN' app.config['CSRF_COOKIE_PATH'] = '/locator-tool/' SeaSurf(app) mwoauth = MWOAuth(base_url='https://commons.wikimedia.org/w', clean_url='https://commons.wikimedia.org/wiki', consumer_key=app.config['OAUTH_CONSUMER_KEY'], consumer_secret=app.config['OAUTH_CONSUMER_SECRET']) app.register_blueprint(mwoauth.bp) @app.route('/') def index(): return app.send_static_file('index.html') @app.route('/user') def user():
def __init__(self, name=None, server=None, static_folder=None, url_base_pathname='/', csrf_protect=True): # allow users to supply their own flask server if server is not None: self.server = server else: if name is None: name = 'dash' self.server = Flask(name, static_folder=static_folder) if self.server.secret_key is None: # If user supplied their own server, they might've supplied a # secret_key with it secret_key_name = 'dash_{}_secret_key'.format( # replace any invalid characters re.sub('[\W_]+', '_', name)) secret_key = os.environ.get(secret_key_name, SeaSurf()._generate_token()) os.environ[secret_key_name] = secret_key self.server.secret_key = secret_key self.url_base_pathname = url_base_pathname self.config = _AttributeDict({ 'suppress_callback_exceptions': False, 'routes_pathname_prefix': url_base_pathname, 'requests_pathname_prefix': url_base_pathname }) # list of dependencies self.callback_map = {} # gzip Compress(self.server) # csrf protect if csrf_protect: self._csrf = SeaSurf(self.server) # static files from the packages self.css = Css() self.scripts = Scripts() self.registered_paths = {} # urls def add_url(name, view_func, methods=['GET']): self.server.add_url_rule(name, view_func=view_func, endpoint=name, methods=methods) add_url('{}_dash-layout'.format(self.config['routes_pathname_prefix']), self.serve_layout) add_url( '{}_dash-dependencies'.format( self.config['routes_pathname_prefix']), self.dependencies) add_url( '{}_dash-update-component'.format( self.config['routes_pathname_prefix']), self.dispatch, ['POST']) add_url(('{}_dash-component-suites' '/<string:package_name>' '/<path:path_in_package_dist>').format( self.config['routes_pathname_prefix']), self.serve_component_suites) add_url('{}_dash-routes'.format(self.config['routes_pathname_prefix']), self.serve_routes) add_url(self.config['routes_pathname_prefix'], self.index) # catch-all for front-end routes add_url('{}<path:path>'.format(self.config['routes_pathname_prefix']), self.index) self.server.before_first_request(self._setup_server) self._layout = None self._cached_layout = None self.routes = []
def create_app(test_config=None): # Create app app = Flask(__name__, instance_relative_config=True) app.version = __version__ # Configure app app.config.from_object("contextualise.settings") app.config.from_envvar("CONTEXTUALISE_SETTINGS") app.config.from_mapping( DEBUG=False, DATABASE_PATH=os.path.join(app.instance_path, app.config["DATABASE_FILE"]), SECRET_KEY=os.environ.get( "SECRET_KEY", "ppBcUQ5AL7gEmvb0blMDyEOpiBEQUupGmk_a3DMaF34"), SECURITY_PASSWORD_SALT=os.environ.get( "SECURITY_PASSWORD_SALT", "139687009245803364536588051620840970665"), SECURITY_REGISTERABLE=True, SECURITY_RECOVERABLE=True, SECURITY_URL_PREFIX="/auth", SECURITY_POST_LOGIN_VIEW="/maps/", SECURITY_POST_REGISTER_VIEW="/maps/", MAIL_SERVER=app.config["EMAIL_SERVER"], MAIL_PORT=app.config["EMAIL_PORT"], MAIL_USERNAME=app.config["EMAIL_USERNAME"], MAIL_PASSWORD=app.config["EMAIL_PASSWORD"], MAIL_DEFAULT_SENDER=app.config["EMAIL_SENDER"], MAIL_USE_SSL=False, MAX_CONTENT_LENGTH=4 * 1024 * 1024, # 4 megabytes ) # Set up app mail = Mail(app) csrf = SeaSurf(app) if test_config is None: # Load the instance config, if it exists, when not testing app.config.from_pyfile("config.py", silent=True) else: # Load the test config if passed in app.config.from_mapping(test_config) # Ensure the instance folder exists try: os.makedirs(app.instance_path) except OSError: pass @app.route("/") def home(): maps = get_topic_store().get_promoted_maps() maps = [map for map in maps if map.published] # Reset breadcrumbs and (current) scope session["breadcrumbs"] = [] session["current_scope"] = UNIVERSAL_SCOPE session["scope_filter"] = 1 return render_template("index.html", maps=maps, version=app.version) @app.route("/health") def hello(): return "Healthy!" # HTTP error handlers def forbidden(e): return render_template("403.html"), 403 app.register_error_handler(403, forbidden) def page_not_found(e): return render_template("404.html"), 404 app.register_error_handler(404, page_not_found) def internal_server_error(e): return render_template("500.html"), 500 app.register_error_handler(500, internal_server_error) def request_entity_too_large(e): return render_template("413.html"), 413 app.register_error_handler(413, request_entity_too_large) # Setup Flask-Security engine = create_engine(f"sqlite:///{app.config['DATABASE_PATH']}") db_session = scoped_session( sessionmaker(autocommit=False, autoflush=False, bind=engine)) Base = declarative_base() Base.query = db_session.query_property() class RolesUsers(Base): __tablename__ = "roles_users" id = Column(Integer(), primary_key=True) user_id = Column("user_id", Integer(), ForeignKey("user.id")) role_id = Column("role_id", Integer(), ForeignKey("role.id")) class Role(Base, RoleMixin): __tablename__ = "role" id = Column(Integer(), primary_key=True) name = Column(String(80), unique=True) description = Column(String(255)) class User(Base, UserMixin): __tablename__ = "user" id = Column(Integer, primary_key=True) email = Column(String(255), unique=True) username = Column(String(255), unique=True, nullable=True) password = Column(String(255), nullable=False) last_login_at = Column(DateTime()) current_login_at = Column(DateTime()) last_login_ip = Column(String(100)) current_login_ip = Column(String(100)) login_count = Column(Integer) active = Column(Boolean()) fs_uniquifier = Column(String(255), unique=True, nullable=False) confirmed_at = Column(DateTime()) roles = relationship("Role", secondary="roles_users", backref=backref("users", lazy="dynamic")) user_datastore = SQLAlchemySessionUserDatastore(db_session, User, Role) security = Security(app, user_datastore) @user_registered.connect_via(app) def user_registered_handler(app, user, confirm_token, form_data, **extra_args): default_role = user_datastore.find_role("user") user_datastore.add_role_to_user(user, default_role) db_session.commit() @user_authenticated.connect_via(app) def user_authenticated_handler(app, user, authn_via, **extra_args): app.logger.info( f"User logged in successfully: [{user.email}], authentication method: [{authn_via}]" ) @app.before_first_request def create_user(): Base.metadata.create_all(bind=engine) # Create roles admin_role = user_datastore.find_or_create_role( name="admin", description="Administrator") user_role = user_datastore.find_or_create_role(name="user", description="End user") db_session.commit() # Create users admin_user = user_datastore.find_user(email="*****@*****.**") if not admin_user: admin_user = user_datastore.create_user( email="*****@*****.**", password=hash_password("Passw0rd1")) db_session.commit() user_user = user_datastore.find_user(email="*****@*****.**") if not user_user: user_user = user_datastore.create_user( email="*****@*****.**", password=hash_password("Passw0rd1")) db_session.commit() # Assign roles user_datastore.add_role_to_user(user_user, user_role) user_datastore.add_role_to_user(admin_user, admin_role) db_session.commit() # Create database structure get_topic_store().create_database() @app.teardown_request def checkin_db(exc): db_session.remove() # Register custom filters filters.register_filters(app) # Register Blueprints from contextualise import api app.register_blueprint(api.bp) csrf.exempt(api.create_topic) csrf.exempt(api.create_association) from contextualise import map app.register_blueprint(map.bp) from contextualise import topic app.register_blueprint(topic.bp) from contextualise import image app.register_blueprint(image.bp) from contextualise import file app.register_blueprint(file.bp) from contextualise import link app.register_blueprint(link.bp) from contextualise import video app.register_blueprint(video.bp) from contextualise import association app.register_blueprint(association.bp) from contextualise import note app.register_blueprint(note.bp) from contextualise import three_d app.register_blueprint(three_d.bp) from contextualise import attribute app.register_blueprint(attribute.bp) from contextualise import visualisation app.register_blueprint(visualisation.bp) from contextualise import tag app.register_blueprint(tag.bp) # Set up logging if not app.debug: logs_directory = os.path.join(app.instance_path, "logs") if not os.path.exists(logs_directory): os.mkdir(logs_directory) file_handler = RotatingFileHandler(os.path.join( logs_directory, "contextualise.log"), maxBytes=10240, backupCount=10) file_handler.setFormatter( logging.Formatter( "%(asctime)s %(levelname)s: %(message)s [in %(pathname)s:%(lineno)d]" )) file_handler.setLevel(logging.INFO) app.logger.addHandler(file_handler) app.logger.setLevel(logging.INFO) app.logger.info("Contextualise startup") return app