mail = Mail(app)
db = SQLAlchemy(app)
scheduler = APScheduler()
scheduler.init_app(app)
login_manager = LoginManager(app)
login_manager.session_protection = 'strong'
login_manager.login_view = 'login'
from watchlist.schedulers import task_daily
scheduler.add_job(func=task_daily,
id='cron_task',
trigger='cron',
hour='1',
replace_existing=True)
scheduler.start()
mc = memcache.Client(["127.0.0.1:11211"])
CSRFProtect(app)
@login_manager.user_loader
def load_user(user_email):
from watchlist.models import User
user = User.query.get(user_email)
return user
from watchlist import views, commands
import subprocess
import os
import json
from subprocess import Popen, PIPE, check_output
from flask import Flask, redirect, url_for, render_template, request, session
from flask_wtf.csrf import CSRFProtect
from flask_talisman import Talisman
from passlib.hash import sha256_crypt
app = Flask(__name__)
app.config['SECRET_KEY'] = 'BdAui8H9npasU'
# used for csrf token
csrf = CSRFProtect(app)
# talisman use for security
Talisman(app,
force_https=False,
strict_transport_security=False,
session_cookie_secure=False)
#Users file
Users = {}
@app.route('/')
def index():
return render_template("index.html")
'''
Main entry point homeportal application
'''
from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from flask_wtf.csrf import CSRFProtect
from config import config
from .extensions import db_kookboek
csrf = CSRFProtect()
def create_app(config_name):
'''
application factory
'''
app = Flask(__name__, instance_relative_config=True)
app.config.from_object(config[config_name])
csrf.init_app(app)
db_kookboek.init_app(app)
with app.app_context():
from .home import home
from .kookboek.routes import kookboek_bp
# Database
db_kookboek.create_all() # Create all tables
# Register Blueprints
from flask_bcrypt import Bcrypt from flask_login import LoginManager from flask_migrate import Migrate from flask_moment import Moment from flask_sqlalchemy import SQLAlchemy from flask_wtf.csrf import CSRFProtect bcrypt = Bcrypt() csrf_protect = CSRFProtect() login = LoginManager() login.login_view = 'account.login' login.login_message = 'Please log in to access this page.' db = SQLAlchemy() migrate = Migrate() moment = Moment()
import json
import psycopg2.extras
from flask import Flask, g, request
from flask_wtf.csrf import CSRFProtect
from flask_login import current_user
app = Flask(__name__, instance_relative_config=True)
csrf = CSRFProtect(app) # Make sure all forms are CSRF protected
csrf.init_app(app)
app.config.from_object('config.default') # Load config/INSTANCE_NAME.py
app.config.from_pyfile('production.py') # Load instance/INSTANCE_NAME.py
thunderforest_API_key = app.config["THUNDERFOREST_API_KEY"]
openatlas_url = app.config["OPENATLAS_URL"]
domaintypes = app.config["DOMAIN_TYPES"]
periodtypes = app.config["PERIOD_TYPES"]
countrytypes = app.config["COUNTRY_TYPES"]
api_url = app.config["API_URL"]
loc_image = app.config["API_FILE_DISPLAY"]
use_api = app.config["USE_API"]
use_jpgs = app.config["USE_JPGS"]
geonames_user = app.config["GEONAMES_USERNAME"]
leafletVersion = ""
if not use_api:
if use_jpgs:
loc_image = app.config["JPG_FOLDER_PATH"] + '/'
else:
loc_image = app.config["WEB_FOLDER_PATH"] + '/'
def create_app(config_name):
"""工厂方法"""
# 1.创建app对象
app = Flask(__name__)
# development -- DevelopmentConfig 根据传入的参数不同获取不同的配置信息
config_class = config_dict[config_name]
# 设置日志
set_log(config_class)
# 将对于的配置类关联到app身上
# DevelopmentConfig:对应的就是开发模式的app
# ProductionConfig: 对应的就是线上模式的app
app.config.from_object(config_class)
# 2.创建数据库对象
# 使用延迟,懒加载的模式:真实的db数据库对象的初始化操作
db.init_app(app)
# 3.创建redis对象 -- 延迟加载的思想
# decode_responses=True 获取的数据转换成字符串
global redis_store
redis_store = StrictRedis(host=config_class.REDIS_HOST,
port=config_class.REDIS_PORT,
db=config_class.REDIS_NUM,
decode_responses=True
)
# 4.给项目添加csrf防护机制
# 提取cookie中的csrf_token
# 如果有表单提取form表单中的csrf_token,如果前端发送的ajax请求从请求头的X-CSRFToken字段中提取csrf_token
# 进行值的比对
CSRFProtect(app)
# 借助钩子函数请求完毕页面显示的时候就在cookie中设置csrf_token
@app.after_request
def set_csrf_token(response):
# 请求结束后来调用
# 1. 生成csrf_token随机值
csrf_token = generate_csrf()
# 2. 借助response响应对象值设置到cookie中
response.set_cookie("csrf_token", csrf_token)
# 3. 返回响应对象
return response
# 5.将session存储的数据从`内存`转移到`redis`中存储的
Session(app)
# 添加最定义过滤器
app.add_template_filter(set_rank_class, "set_rank_class")
@app.errorhandler(404)
@user_login_data
def handler_404(e):
"""处理404页面"""
# 获取当前登录用户数据
user = g.user
data = {
"user_info": user.to_dict() if user else None
}
return render_template("news/404.html", data=data)
# 6.注册index首页的蓝图对象
# 延迟导入解决循环导入问题
from info.module.index import index_bp
app.register_blueprint(index_bp)
# 登录注册模块蓝图注册
from info.module.passport import passport_bp
app.register_blueprint(passport_bp)
# 新闻详情模块蓝图注册
from info.module.news import newsdetail_bp
app.register_blueprint(newsdetail_bp)
# 用户中心模块蓝图注册
from info.module.profile import profile_bp
app.register_blueprint(profile_bp)
# 后台管理模块蓝图注册
from info.module.admin import admin_bp
app.register_blueprint(admin_bp)
return app
def login():
form = LoginForm()
if form.validate_on_submit():
session['userid'] = form.data.get('userid')
return redirect('/')
return render_template('login.html', form=form)
@app.route('/logout', methods=['GET'])
def logout():
session.pop('userid', None)
return redirect('/')
# app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://root:[email protected]:3306/testdb2'
app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://root:0000@localhost/testdb'
app.config['SQLALCHEMY_COMMIT_ON_TEARDOWN'] = True
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
app.config['SECRET_KEY'] = 'adqdasdqddasdqw'
csrf = CSRFProtect() # 사이트위조공격 방지
csrf.init_app(app)
db.init_app(app)
db.app = app
db.create_all()
if __name__ == "__main__":
#app.run(host='127.0.0.1', port=5000, debug=True)
app.run(host='0.0.0.0', port=5000)
#!/usr/bin/env python3
from flask_wtf.csrf import CSRFProtect
from www import APP
from www.models import DB
from www.views import *
from config import CURRENT_CONFIG
csrf = CSRFProtect(APP)
if __name__ == '__main__':
# DB.create_all()
# DB.session.commit()
APP.run(use_reloader=False, debug=CURRENT_CONFIG.DEBUG)
csrf.init_app(APP)
from functools import wraps
from sqlalchemy import create_engine
from flask_wtf.csrf import CSRFProtect
import json
import function_database
import function_call
import function_company
import secret
from models import *
from forms import *
# Default Settings
application = Flask(__name__)
csrf = CSRFProtect(application)
csrf.init_app(application)
db.init_app(application) # models.py에 있는 클래스 이용하기 위해 필요
application.config['SQLALCHEMY_DATABASE_URI'] = \
'mysql+pymysql://{user}:{password}@{host}/{db}' \
.format(user=secret.user, password=secret.password, host=secret.host, db=secret.db)
application.secret_key = "123"
page_list = {'call': None, 'company': None, 'employee': None, 'manage': None}
login_error_message = "ID: admin, PW: bestgood"
application.permanent_session_lifetime = timedelta(hours=24)
Session = sessionmaker()
engine = create_engine('sqlite:///:memory:', echo=True)
Session.configure(bind=engine)
def select_page(page):
def create_app():
app = Flask(__name__)
# sessionを使う際にSECRET_KEYを設定
app.config['SECRET_KEY'] = b'R\x1c`\x8d\xed_\xe5\xd6\x8d\xef\xc6\x19g- J'
# ここから /// 画像アップロードの設定
# 画像のアップロード先のディレクトリ
app.config["IMAGE_UPLOADS"] = 'flmapp/static/user_image'
app.config["ORIGINAL_IMAGE_UPLOADS"] = 'flmapp/static/original_user_image'
app.config["ITEM_IMAGE_UPLOADS"] = 'flmapp/static/item_image'
app.config["ITEM_TEMP_IMAGE_UPLOADS"] = 'flmapp/static/item_temp_image'
app.config[
"ORIGINAL_ITEM_IMAGE_UPLOADS"] = 'flmapp/static/original_item_image'
# アップロードされる拡張子の制限
app.config["ALLOWED_IMAGE_EXTENSIONS"] = ["JPEG", "JPG", "PNG", "GIF"]
# 画像サイズの制限
app.config["MAX_IMAGE_FILESIZE"] = 0.5 * 1024 * 1024
# ここまで /// 画像アップロードの設定
# ここから /// データベースの設定
# DBはSQLiteを使う
#! パスを変えてください
app.config['SQLALCHEMY_DATABASE_URI'] = \
'sqlite:///' + "/Users/shimomuramei/Desktop/set_prefs/data.sqlite"
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
app.config['SQLALCHEMY_ECHO'] = False
# ここまで /// データベースの設定
# ここから /// メール送信の設定
app.config['DEBUG'] = True # デバッグのサポート
app.config['TESTING'] = False
app.config['MAIL_SERVER'] = 'smtp.gmail.com'
app.config['MAIL_PORT'] = 587
app.config['MAIL_USE_TLS'] = True
app.config['MAIL_USE_SSL'] = False
app.config['MAIL_USERNAME'] = '******'
app.config['MAIL_PASSWORD'] = '******'
app.config['MAIL_DEFAULT_SENDER'] = '*****@*****.**'
app.config['MAIL_MAX_EMAILS'] = 5 #送信するメールの最大数
app.config['MAIL_SUPPRESS_SEND'] = False
app.config['MAIL_ASCII_ATTACHHMENTS'] = False
# ここまで /// メール送信の設定
# ここから /// キャプチャの設定
app.config['CAPTCHA_ENABLE'] = True
app.config['CAPTCHA_LENGTH'] = 5
app.config['CAPTCHA_WIDTH'] = 160
app.config['CAPTCHA_HEIGHT'] = 100
app.config['SESSION_TYPE'] = 'sqlalchemy'
# ここまで /// キャプチャの設定
db.init_app(app)
migrate.init_app(app, db)
login_manager.init_app(app)
mail.init_app(app)
Session(app)
captcha = FlaskSessionCaptcha(app)
CSRFProtect(app)
# カスタムテンプレートフィルターの登録
app.add_template_filter(replace_newline)
# 分割したblueprintを登録する
from flmapp.views import (auth, mypage, route, sell, item, buy,
transaction, ajax, user, history, search,
todolist)
app.register_blueprint(auth.bp)
app.register_blueprint(mypage.bp)
app.register_blueprint(route.bp)
app.register_blueprint(sell.bp)
app.register_blueprint(item.bp)
app.register_blueprint(buy.bp)
app.register_blueprint(transaction.bp)
app.register_blueprint(ajax.bp)
app.register_blueprint(user.bp)
app.register_blueprint(history.bp)
app.register_blueprint(search.bp)
app.register_blueprint(todolist.bp)
return app
def create_app():
# Helper function to access secrets
def get_secret(secret_name):
try:
with open('/run/secrets/{0}'.format(secret_name), 'r') as secret_file:
return secret_file.read()
except IOError:
return None
# Application setup
app = Flask(__name__)
app.config.update(
SECRET_KEY = get_secret("secret_key").strip(),
SESSION_COOKIE_HTTPONLY = True,
SESSION_COOKIE_SAMESITE = 'Strict',
PERMANENT_SESSION_LIFETIME = 600,
SQLALCHEMY_DATABASE_URI = 'sqlite:///spellchecker.db',
SQLALCHEMY_TRACK_MODIFICATIONS = True
)
csrf = CSRFProtect(app)
# Database setup
db = SQLAlchemy(app)
class User(db.Model):
__tablename__ = 'user'
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(100), nullable=False)
password = db.Column(db.String(100), nullable=False)
twofa = db.Column(db.String(100), nullable=True)
class Query(db.Model):
__tablename__ = 'query'
id = db.Column(db.Integer, primary_key=True)
uid = db.Column(db.Integer, db.ForeignKey('user.id'))
user = db.relationship(User)
textout = db.Column(db.Text, nullable=False)
misspelled = db.Column(db.Text, nullable=True)
class Log(db.Model):
__tablename__ = 'log'
id = db.Column(db.Integer, primary_key=True)
uid = db.Column(db.Integer, db.ForeignKey('user.id'))
user = db.relationship(User)
login = db.Column(db.DateTime, nullable=False, default=datetime.utcnow())
logout = db.Column(db.DateTime, nullable=True, default=None)
db.create_all()
# Database functions
def register_with_user_info(uname, pword, twofa):
user = db.session.query(User).filter(User.username == uname).first()
if not user:
hashed_pword = bcrypt.hashpw(pword.encode('utf8'), bcrypt.gensalt())
hashed_twofa = bcrypt.hashpw(twofa.encode('utf8'), bcrypt.gensalt())
new_user = User(username=uname, password=hashed_pword, twofa=hashed_twofa)
db.session.add(new_user)
db.session.commit()
return 0
else:
return 1
def login_with_user_info(uname, pword, twofa):
user = db.session.query(User).filter(User.username == uname).first()
if not user:
return 2
if bcrypt.checkpw(pword.encode('utf8'), user.password) == False:
return 2
if bcrypt.checkpw(twofa.encode('utf8'), user.twofa) == False:
return 1
new_log = Log(uid=user.id)
db.session.add(new_log)
db.session.commit()
return 0
def add_spellcheck(uname, textout, misspelled):
user = db.session.query(User).filter(User.username == uname).first()
if user:
new_query = Query(uid=user.id, textout=textout, misspelled=misspelled)
db.session.add(new_query)
db.session.commit()
def create_admin():
register_with_user_info("admin", get_secret("admin_pword").strip(), get_secret("admin_2fa").strip())
create_admin()
# Web application pages
@app.route("/")
def home():
return render_template("home.html")
@app.route("/register", methods = ['GET', 'POST'])
def register():
success = ""
if 'username' not in session:
if request.method == 'POST':
uname = bleach.clean(request.form['uname'])
pword = bleach.clean(request.form['pword'])
twofa = bleach.clean(request.form['2fa'])
status = register_with_user_info(uname, pword, twofa)
if status == 0:
success = "Registration Success!"
else:
success = "Registration Failure!"
return render_template("register.html", id = success)
else:
success = "Already logged in!"
return render_template("register.html", id = success)
@app.route("/login", methods = ['GET', 'POST'])
def login():
result = ""
if 'username' not in session:
if request.method == 'POST':
uname = bleach.clean(request.form['uname'])
pword = bleach.clean(request.form['pword'])
twofa = bleach.clean(request.form['2fa'])
status = login_with_user_info(uname, pword, twofa)
if status == 2:
result = "Incorrect username or password!"
elif status == 1:
result = "Two-factor failure!"
else:
result = "Success!"
session.permanent = True
session['username'] = uname
return render_template("login.html", id = result)
else:
result = "Already logged in!"
return render_template("login.html", id = result)
@app.route("/spell_check", methods = ['GET', 'POST'])
def spell_check():
if 'username' in session:
textout = ""
misspelled = ""
if request.method == 'POST':
textout = bleach.clean(request.form['inputtext'])
with open("test.txt", "w+") as fo:
fo.write(textout)
misspelled = subprocess.check_output(["./a.out", "test.txt", "wordlist.txt"])
misspelled = misspelled.decode('utf-8').strip().split('\n')
misspelled = ", ".join(misspelled)
fo.close()
os.remove("test.txt")
name = session['username']
add_spellcheck(name, textout, misspelled)
return render_template("spell_check.html", textout = textout, misspelled = misspelled)
else:
return redirect(url_for("home"))
@app.route("/logout")
def logout():
if 'username' in session:
name = session['username']
userlog = db.session.query(Log).join(User, Log.uid == User.id).filter(User.username == name).order_by(Log.id.desc()).first()
if userlog:
userlog.logout = datetime.utcnow()
db.session.commit()
session.pop('username', None)
return redirect(url_for("home"))
@app.route("/history", methods = ['GET', 'POST'])
def history():
if 'username' in session:
name = session['username']
if name == 'admin':
uname = name
if request.method == 'POST':
uname = bleach.clean(request.form['uname'])
history = db.session.query(Query).join(User, Query.uid == User.id).filter(User.username == uname).all()
return render_template("history.html", history=history, searched=uname, name=name)
else:
history = db.session.query(Query).join(User, Query.uid == User.id).filter(User.username == name).all()
return render_template("history.html", history=history, searched=name)
else:
return redirect(url_for("home"))
@app.route("/history/query<int:query_id>")
def query(query_id):
if 'username' in session:
userquery = db.session.query(Query).join(User, Query.uid == User.id).filter(Query.id == query_id).first()
if userquery:
name = session['username']
if userquery.user.username == name or name == 'admin':
return render_template("query.html", userquery=userquery)
return redirect(url_for("history"))
else:
return redirect(url_for("home"))
@app.route("/login_history", methods = ['GET', 'POST'])
def login_history():
if 'username' in session and session['username'] == "admin":
uname = ""
if request.method == 'POST':
uname = bleach.clean(request.form['uname'])
userlog = db.session.query(Log).join(User, Log.uid == User.id).filter(User.username == uname).all()
if userlog:
return render_template("login_history.html", userlog=userlog, uname=uname)
return render_template("login_history.html", uname=uname)
else:
return redirect(url_for("home"))
@app.after_request
def add_headers(response):
response.headers['Strict-Transport-Security'] = "max-age=31536000 ; includeSubDomains"
response.headers['Content-Security-Policy'] = "default-src 'self' ; style-src 'self' 'unsafe-inline'"
response.headers['Set-Cookie'] = "HTTPOnly ; Secure"
response.headers['X-FrameOptions'] = "DENY"
response.headers['X-XSS-Protection'] = "1 ; mode=block"
response.headers['X-Content-Type-Options'] = "nosniff"
return response
return app
from flask import Flask, request
from flask_restful import Resource, Api
from flaskext.mysql import MySQL
from pymysql.cursors import DictCursor
from flask_wtf.csrf import CSRFProtect
from flask_cors import CORS
app = Flask(__name__)
cors = CORS(app, resources={r"/*": {"origins": "*"}})
api = Api(app)
csrf_protect = CSRFProtect(app)
api = Api(app, decorators=[csrf_protect.exempt])
mysql = MySQL(cursorclass=DictCursor)
app.config['MYSQL_DATABASE_USER'] = '******'
app.config['MYSQL_DATABASE_PASSWORD'] = '******'
app.config['MYSQL_DATABASE_DB'] = 'gafur1'
app.config['MYSQL_DATABASE_HOST'] = 'localhost'
mysql.init_app(app)
class Word(Resource):
def get(self, word_id):
with mysql.connect() as cursor:
sql = "SELECT * FROM words WHERE id=" + word_id
cursor.execute(sql)
return cursor.fetchall()[0]
'''Main package configuration'''
import os
from flask import Flask
from flask_bcrypt import Bcrypt
from flask_login import LoginManager
from flask_mail import Mail
from flask_sqlalchemy import SQLAlchemy
from flask_wtf.csrf import CSRFProtect
from flaskblog.config import Config
#database
db = SQLAlchemy()
#csfr
csfr = CSRFProtect()
#Bcrypt
bcrypt = Bcrypt()
#Login manager
login_manager = LoginManager()
login_manager.login_view = 'user.login'
login_manager.login_message_category = 'info'
#Mail
mail = Mail()
def create_app(config_class=Config):
'''Create the app with the given configuration.'''
#app
def build_app() -> Flask:
app = Flask(__name__, instance_relative_config=True)
# Configs
# Load the default configuration
app.config.from_object("config.default")
# Load the configuration from the instance folder
app.config.from_pyfile('config.py', silent=True)
# Load config according to run environment
# Variables defined here will override those in the default configuration
if app.debug:
app.config.from_object("config.debug")
else:
app.config.from_object("config.production")
# Save whitespace in templates
app.jinja_env.lstrip_blocks = True
app.jinja_env.trim_blocks = True
celery.init_celery(app)
db.init_app(app)
# Bootstrap
Bootstrap(app)
init_translations(app)
# CSRF protection
csrf = CSRFProtect()
csrf.init_app(app)
@app.route("/")
def index():
return render_template("index.html")
@app.route('/favicon.ico')
def favicon():
return send_from_directory(os.path.join(app.root_path, 'static'),
'favicon.ico', mimetype='image/vnd.microsoft.icon')
# Redirection
app.add_url_rule("/", endpoint="index")
# apply the blueprints to the app
from psan import auth
app.register_blueprint(auth.bp)
from psan import account
app.register_blueprint(account.bp)
from psan import submission
app.register_blueprint(submission.bp)
from psan import annotate
app.register_blueprint(annotate.bp)
from psan import rule
app.register_blueprint(rule.bp)
from psan import label
app.register_blueprint(label.bp)
from psan import generate
app.register_blueprint(generate.bp)
# Create register token
if os.environ.get("ALLOW_TOKEN_REGISTRATION", default="0") == "1":
if app.config.get("SERVER_NAME"):
with app.app_context():
path = url_for('auth.register', token=generate_auth_token(REGISTER_TOKEN_NAME), _external=True)
else:
with app.test_request_context("localhost"): # workaround for missing SERVER_NAME
path = "http://localhost:5000" + \
url_for('auth.register', token=generate_auth_token(REGISTER_TOKEN_NAME))
app.logger.info(
f"You can register new user at {path}")
return app
def create_app(config):
app = Flask(__name__,
template_folder=config.SOURCE_TEMPLATES_DIR,
static_folder=path.join(config.SECUREDROP_ROOT, 'static'))
app.request_class = RequestThatSecuresFileUploads
app.config.from_object(config.SourceInterfaceFlaskConfig)
# The default CSRF token expiration is 1 hour. Since large uploads can
# take longer than an hour over Tor, we increase the valid window to 24h.
app.config['WTF_CSRF_TIME_LIMIT'] = 60 * 60 * 24
CSRFProtect(app)
@app.errorhandler(CSRFError)
def handle_csrf_error(e):
msg = render_template('session_timeout.html')
session.clear()
flash(Markup(msg), "important")
return redirect(url_for('main.index'))
assets = Environment(app)
app.config['assets'] = assets
i18n.setup_app(app)
app.jinja_env.trim_blocks = True
app.jinja_env.lstrip_blocks = True
app.jinja_env.globals['version'] = version.__version__
if getattr(config, 'CUSTOM_HEADER_IMAGE', None):
app.jinja_env.globals['header_image'] = config.CUSTOM_HEADER_IMAGE
app.jinja_env.globals['use_custom_header_image'] = True
else:
app.jinja_env.globals['header_image'] = 'logo.png'
app.jinja_env.globals['use_custom_header_image'] = False
app.jinja_env.filters['rel_datetime_format'] = \
template_filters.rel_datetime_format
app.jinja_env.filters['nl2br'] = evalcontextfilter(template_filters.nl2br)
app.jinja_env.filters['filesizeformat'] = template_filters.filesizeformat
for module in [main, info, api]:
app.register_blueprint(module.make_blueprint(config))
@app.before_request
@ignore_static
def check_tor2web():
# ignore_static here so we only flash a single message warning
# about Tor2Web, corresponding to the initial page load.
if 'X-tor2web' in request.headers:
flash(
Markup(
gettext(
'<strong>WARNING:</strong> You appear to be using Tor2Web. '
'This <strong>does not</strong> provide anonymity. '
'<a href="{url}">Why is this dangerous?</a>').format(
url=url_for('info.tor2web_warning'))),
"banner-warning")
@app.before_request
@ignore_static
def setup_g():
"""Store commonly used values in Flask's special g object"""
g.locale = i18n.get_locale()
g.text_direction = i18n.get_text_direction(g.locale)
g.html_lang = i18n.locale_to_rfc_5646(g.locale)
g.locales = i18n.get_locale2name()
if 'expires' in session and datetime.utcnow() >= session['expires']:
msg = render_template('session_timeout.html')
# clear the session after we render the message so it's localized
session.clear()
flash(Markup(msg), "important")
session['expires'] = datetime.utcnow() + \
timedelta(minutes=getattr(config,
'SESSION_EXPIRATION_MINUTES',
120))
# ignore_static here because `crypto_util.hash_codename` is scrypt
# (very time consuming), and we don't need to waste time running if
# we're just serving a static resource that won't need to access
# these common values.
if logged_in():
g.codename = session['codename']
g.filesystem_id = crypto_util.hash_codename(g.codename)
try:
g.source = Source.query \
.filter(Source.filesystem_id == g.filesystem_id) \
.one()
except NoResultFound as e:
app.logger.error("Found no Sources when one was expected: %s" %
(e, ))
del session['logged_in']
del session['codename']
return redirect(url_for('main.index'))
g.loc = store.path(g.filesystem_id)
@app.teardown_appcontext
def shutdown_session(exception=None):
"""Automatically remove database sessions at the end of the request, or
when the application shuts down"""
db_session.remove()
@app.errorhandler(404)
def page_not_found(error):
return render_template('notfound.html'), 404
@app.errorhandler(500)
def internal_error(error):
return render_template('error.html'), 500
return app
