def initialize(
rootName,
refferenceModel,
staticPackage = 'static',
viewsPackage = 'views'
) :
app = Flask(
rootName,
static_folder = staticPackage,
template_folder = viewsPackage
)
api = Api(app)
api.app = app
api.app.api = api
api.cors = CORS(app)
api.cors.api = api
addGlobalsTo(api)
OpenApiManager.newDocumentation(api, app)
SqlAlchemyProxy.addResource(api, app, baseModel=refferenceModel, echo=False)
SchedulerManager.addResource(api, app)
SessionManager.addResource(api, app)
ApiKeyManager.addResource(api, app)
SecurityManager.addResource(api, app)
addFlaskApiResources(*[api, app, *[getResourceList(api, resourceType) for resourceType in FlaskManager.KW_RESOURCE_LIST]])
SessionManager.onHttpRequestCompletion(api, app)
ApiKeyManager.onHttpRequestCompletion(api, app)
SecurityManager.onHttpRequestCompletion(api, app)
SchedulerManager.onHttpRequestCompletion(api, app)
SqlAlchemyProxy.onHttpRequestCompletion(api, app)
return app
def addFlaskApiResources(
apiInstance,
appInstance,
controllerList,
schedulerList,
serviceList,
clientList,
repositoryList,
validatorList,
mapperList,
helperList,
converterList
) :
addResourceAttibutes(apiInstance)
addRepositoryTo(apiInstance, repositoryList)
addSchedulerListTo(apiInstance, schedulerList)
addClientListTo(apiInstance, clientList)
addServiceListTo(apiInstance, serviceList)
addControllerListTo(apiInstance, controllerList)
addValidatorListTo(apiInstance, validatorList)
addMapperListTo(apiInstance, mapperList)
addHelperListTo(apiInstance, helperList)
addConverterListTo(apiInstance, converterList)
SqlAlchemyProxy.initialize(apiInstance, appInstance)
SchedulerManager.initialize(apiInstance, appInstance)
SecurityManager.initialize(apiInstance, appInstance)
ApiKeyManager.initialize(apiInstance, appInstance)
SessionManager.initialize(apiInstance, appInstance)
OpenApiManager.addSwagger(apiInstance, appInstance)
def get(self):
# print(SessionManager.getCurrentSession())
assert 'other headers' == SessionManager.getJwtHeaders().get(
'some'
), f"other headers == {SessionManager.getJwtHeaders().get('some')} should be equals. Headers: {SessionManager.getJwtHeaders()}"
return {
'secured': 'information',
'after': 'refresh',
'currentUser': SessionManager.getCurrentSession()
}, HttpStatus.OK
def patch(self, dto):
assert 'headers' == SessionManager.getJwtHeaders().get(
'some'
), f"headers == {SessionManager.getJwtHeaders().get('some')} should be equals. Headers: {SessionManager.getJwtHeaders()}"
headers = {'some': 'other headers'}
data = {'some': 'other data'}
return {
'accessToken':
SessionManager.patchAccessToken(
newContextList=['TEST_SESSION', 'TEST_SESSION_REFRESH'],
headers=headers,
data=data)
}, HttpStatus.OK
def sessionManager_worksProperly() :
# arrange
SECRET = 'abcd'
SESSION_DURATION = 10 + 360
ALGORITHM = 'HS256'
HEADER_NAME = 'Context'
HEADER_TYPE = 'Session '
IDENTITY = RandomHelper.string(minimum=100, maximum=150)
CONTEXT = 'ABCD'
CONTEXT_LIST = [CONTEXT]
DATA = {
'personal': 'data'
}
deltaMinutes = DateTimeHelper.timeDelta(minutes=SESSION_DURATION)
sessionManager = SessionManager.JwtManager(
SECRET,
ALGORITHM,
HEADER_NAME,
HEADER_TYPE
)
timeNow = DateTimeHelper.dateTimeNow()
payload = {
JwtConstant.KW_IAT: timeNow,
JwtConstant.KW_NFB: timeNow,
JwtConstant.KW_JTI: f"{int(f'{time.time()}'.replace('.', ''))+int(f'{time.time()}'.replace('.', ''))}",
JwtConstant.KW_EXPIRATION: timeNow + deltaMinutes,
JwtConstant.KW_IDENTITY: IDENTITY,
JwtConstant.KW_FRESH: False,
JwtConstant.KW_TYPE: JwtConstant.ACCESS_VALUE_TYPE,
JwtConstant.KW_CLAIMS: {
JwtConstant.KW_CONTEXT: CONTEXT_LIST,
JwtConstant.KW_DATA: DATA
}
}
# act
totalRuns = 10000
lines = 3
initTime = time.time()
for i in range(totalRuns):
encodedPayload = sessionManager.encode(payload)
decodedPayload = sessionManager.decode(encodedPayload)
accessException = TestHelper.getRaisedException(sessionManager.validateAccessSession, rawJwt=decodedPayload)
refreshException = TestHelper.getRaisedException(sessionManager.validateRefreshSession, rawJwt=decodedPayload)
endTime = time.time() - initTime
# assert
assert lines * .0001 > endTime/totalRuns, (lines * .0001, endTime/totalRuns)
assert ObjectHelper.equals(payload, decodedPayload), (payload, decodedPayload)
assert ObjectHelper.isNone(accessException), accessException
assert ObjectHelper.isNotNone(refreshException), refreshException
assert ObjectHelper.equals(GlobalException.__name__, type(refreshException).__name__), (GlobalException.__name__, type(refreshException).__name__, refreshException)
assert ObjectHelper.equals(401, refreshException.status)
assert ObjectHelper.equals('Invalid session', refreshException.message)
assert ObjectHelper.equals('Refresh session should have type refresh, but it is access', refreshException.logMessage)
def post(self, dto):
headers = {'some': 'headers'}
data = {'some': 'data'}
return {
'accessToken':
SessionManager.createAccessToken(
dto['id'], ['TEST_SESSION'],
deltaMinutes=VALID_TOKEN_MINUTES_DURATION,
headers=headers,
data=data)
}, HttpStatus.OK
def runApi(*args, api=None, **kwargs):
if ObjectHelper.isNone(api):
api = FlaskUtil.getApi()
muteLogs(api)
if 'host' not in kwargs and api.host:
kwargs['host'] = api.host if not 'localhost' == api.host else '0.0.0.0'
if 'port' not in kwargs and api.port:
kwargs['port'] = api.port
apiUrl = getApiUrl(api)
documentationUrl = OpenApiManager.getDocumentationUrl(api)
healthCheckUrl = f'{documentationUrl[:-len(OpenApiManager.DOCUMENTATION_ENDPOINT)]}{HealthCheckConstant.URI}'
log.success(runApi, f'Api will run at {apiUrl}')
log.success(runApi, f'Health check will be available at {healthCheckUrl}')
log.success(runApi,
f'Documentation will be available at {documentationUrl}')
api.app.run(*args, **kwargs)
SessionManager.onShutdown(api, api.app)
ApiKeyManager.onShutdown(api, api.app)
SecurityManager.onShutdown(api, api.app)
SchedulerManager.onShutdown(api, api.app)
SqlAlchemyProxy.onShutdown(api, api.app)
log.success(runApi, f'{api.globals.apiName} successfully shutdown')
def handleSessionedControllerMethod(args, kwargs, contentType,
resourceInstance, resourceInstanceMethod,
contextRequired, requestHeaderClass,
requestParamClass, requestClass,
logRequest,
muteStacktraceOnBusinessRuleException):
contextList = SessionManager.getContext()
if not any(context in set(contextList) for context in contextRequired):
raise GlobalException(
message='Session not allowed',
logMessage=
f'''Sessions {contextList} trying to access denied resourse. Allowed contexts: {contextRequired}''',
status=HttpStatus.FORBIDDEN)
else:
return handleControllerMethod(args, kwargs, contentType,
resourceInstance, resourceInstanceMethod,
requestHeaderClass, requestParamClass,
requestClass, logRequest,
muteStacktraceOnBusinessRuleException)
def put(self, dto):
SessionManager.addAccessTokenToBlackList()
return {'message': 'Session closed'}, HttpStatus.ACCEPTED
def get(self):
return {
'secured': 'information',
'currentUser': SessionManager.getCurrentSession()
}, HttpStatus.OK