def create_app(test_config=None): """Create and configure an instance of the Flask application.""" app = Flask(__name__) aconf = CRACK_CONF['app'] #CORS(app, resources={r'/*': {'origins': 'http://localhost:8081', # 'supports_credentials': True}, # }) app.config['SESSION_TYPE'] = aconf['SESSION_TYPE'] app.config['SQLALCHEMY_DATABASE_URI'] = aconf['SQLALCHEMY_DATABASE_URI'] app.config['SESSION_COOKIE_HTTPONLY'] = aconf['SESSION_COOKIE_HTTPONLY'] app.config['SESSION_COOKIE_SECURE'] = aconf['SESSION_COOKIE_SECURE'] app.config['PERMANENT_SESSION_LIFETIME'] = int( aconf['PERMANENT_SESSION_LIFETIME']) app.config['SESSION_PERMANENT'] = True app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False #Talisman(app, strict_transport_security=False) csrf = SeaSurf() app.config['CSRF_COOKIE_NAME'] = 'csrftoken' csrf.init_app(app) db.init_app(app) with app.app_context(): db.create_all() api = Api(app) api.add_resource(cq_api.Login, '/api/login') api.add_resource(cq_api.Sso, '/api/sso') api.add_resource(cq_api.Logout, '/api/logout') api.add_resource(cq_api.Options, '/api/options') api.add_resource(cq_api.Queuing, '/api/queuing/<job_id>') api.add_resource(cq_api.Adder, '/api/add') api.add_resource(cq_api.Reports, '/api/reports') #login_manager = LoginManager() #login_manager.session_protection = "strong" login_manager.init_app(app) session = Session(app) session.init_app(app) session.app.session_interface.db.create_all() return app
def create_app(): """Create and configure an instance of the Flask application.""" app = Flask(__name__) aconf = CRACK_CONF['app'] #CORS(app, resources={r'/*': {'origins': 'http://localhost:8081', # 'supports_credentials': True}, # }) app.config['DEBUG'] = False app.config['JSON_SORT_KEYS'] = False app.config['SESSION_TYPE'] = aconf['SESSION_TYPE'] app.config['SQLALCHEMY_DATABASE_URI'] = aconf['SQLALCHEMY_DATABASE_URI'] app.config['SESSION_COOKIE_HTTPONLY'] = aconf['SESSION_COOKIE_HTTPONLY'] app.config['SESSION_COOKIE_SECURE'] = aconf['SESSION_COOKIE_SECURE'] app.config['PERMANENT_SESSION_LIFETIME'] = int( aconf['PERMANENT_SESSION_LIFETIME']) app.config['SESSION_PERMANENT'] = True app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False csrf = SeaSurf() app.config['CSRF_COOKIE_NAME'] = 'csrftoken' csrf.init_app(app) db.init_app(app) with app.app_context(): db.create_all() admin_view = cq_api.Admin.as_view('admin') profile_view = cq_api.Profile.as_view('profile') bench_view = cq_api.Benchmark.as_view('benchmark') login_view = cq_api.Login.as_view('login') logout_view = cq_api.Logout.as_view('logout') sso_view = cq_api.Sso.as_view('sso') options_view = cq_api.Options.as_view('options') queuing_view = cq_api.Queuing.as_view('queuing') add_view = cq_api.Adder.as_view('adder') report_view = cq_api.Reports.as_view('reports') tasks_view = cq_api.TasksView.as_view('tasks') templates_view = cq_api.TemplatesView.as_view('templates') app.add_url_rule('/api/admin/', defaults={'user_id': None}, view_func=admin_view, methods=['POST', 'GET']) app.add_url_rule('/api/admin/<uuid:user_id>', view_func=admin_view, methods=['GET', 'DELETE', 'PUT', 'PATCH']) app.add_url_rule('/api/admin/', view_func=admin_view, methods=['POST']) app.add_url_rule('/api/profile/', view_func=profile_view, methods=['GET', 'POST']) app.add_url_rule('/api/benchmark/', view_func=bench_view, methods=['GET', 'POST']) app.add_url_rule('/api/login', view_func=login_view, methods=['GET', 'POST']) app.add_url_rule('/api/sso', view_func=sso_view, methods=['GET', 'POST']) app.add_url_rule('/api/logout', view_func=logout_view, methods=['GET']) app.add_url_rule('/api/options', view_func=options_view, methods=['GET']) app.add_url_rule('/api/queuing/<string:job_id>', view_func=queuing_view, methods=['GET', 'DELETE', 'PUT', 'PATCH']) app.add_url_rule('/api/add', view_func=add_view, methods=['POST']) app.add_url_rule('/api/reports', view_func=report_view, methods=['GET', 'POST']) app.add_url_rule('/api/tasks/templates', defaults={'temp_id': None}, view_func=templates_view, methods=['GET', 'PUT', 'DELETE']) app.add_url_rule('/api/tasks/templates/<uuid:temp_id>', view_func=templates_view, methods=['DELETE']) app.add_url_rule('/api/tasks', view_func=tasks_view, methods=['GET', 'POST']) app.add_url_rule('/api/tasks/<uuid:task_id>', view_func=tasks_view, methods=['DELETE']) login_manager.init_app(app) session = Session(app) session.init_app(app) migrate = Migrate() migrate.init_app(app, db, compare_type=True, render_as_batch=True) session.app.session_interface.db.create_all() return app
#app.config['USE_X_SENDFILE'] = True app.config['SERVER_NAME'] = "cwby.biz" # session management with Redis app.session_interface = sesh.RedisSessionInterface() # CSRF prevention with SeaSurf app.config['CSRF_COOKIE_NAME'] = "_csrf_token" app.config['CSRF_COOKIE_TIMEOUT'] = 2678400 # 31 days in seconds app.config['CSRF_COOKIE_SECURE'] = FORCE_HTTPS # app.config['CSRF_COOKIE_PATH'] app.config['CSRF_COOKIE_DOMAIN'] = "cwby.biz" app.config['CSRF_COOKIE_SAMESITE'] = "Lax" #app.config['CSRF_DISABLE'] = True csrf = SeaSurf(app) csrf.init_app(app) # Configure mail app.config['MAIL_SERVER'] = 'smtp.gmail.com' app.config['MAIL_PORT'] = 465 app.config['MAIL_USE_SSL'] = True app.config.from_object('settings.cfg') # instantiate mail with app config mail = Mail(app) mail.init_app(app) # Enforce CSP Talisman(app, force_https=FORCE_HTTPS, content_security_policy=CSP, content_security_policy_nonce_in=CSP_nonce_in)