import json from flask import request from flask_login import login_required from redash import models from redash.handlers import routes from redash.handlers.base import json_response, org_scoped_rule from redash.permissions import require_admin @routes.route(org_scoped_rule('/api/organization/status'), methods=['GET']) @login_required def organization_status(org_slug=None): counters = { 'users': models.User.query.count(), 'alerts': models.Alert.query.count(), 'data_sources': models.DataSource.query.count(), 'queries': models.Query.query.filter(models.Query.is_archived == False).count(), 'dashboards': models.Dashboard.query.filter( models.Dashboard.is_archived == False).count(), } return json_response(dict(object_counters=counters))
import logging from flask import redirect, url_for, Blueprint, request from redash.authentication import create_and_login_user, logout_and_redirect_to_index, get_next_path from redash.authentication.org_resolving import current_org from redash.handlers.base import org_scoped_rule from redash import settings logger = logging.getLogger('remote_user_auth') blueprint = Blueprint('remote_user_auth', __name__) @blueprint.route(org_scoped_rule("/remote_user/login")) def login(org_slug=None): unsafe_next_path = request.args.get('next') next_path = get_next_path(unsafe_next_path) if not settings.REMOTE_USER_LOGIN_ENABLED: logger.error("Cannot use remote user for login without being enabled in settings") return redirect(url_for('redash.index', next=next_path, org_slug=org_slug)) email = request.headers.get(settings.REMOTE_USER_HEADER) # Some Apache auth configurations will, stupidly, set (null) instead of a # falsey value. Special case that here so it Just Works for more installs. # '(null)' should never really be a value that anyone wants to legitimately # use as a redash user email. if email == '(null)': email = None if not email: logger.error("Cannot use remote user for login when it's not provided in the request (looked in headers['" + settings.REMOTE_USER_HEADER + "'])")
def register_static_routes(rules): # Make sure that / is the first route considered as index. routes.add_url_rule(org_scoped_rule("/"), "index", index) for rule in rules: routes.add_url_rule(org_scoped_rule(rule), None, index)
"schedule": "interval", "-schedule": "-interval", "runtime": "query_results-runtime", "-runtime": "-query_results-runtime", "executed_at": "query_results-retrieved_at", "-executed_at": "-query_results-retrieved_at", "created_by": "users-name", "-created_by": "-users-name", } order_results = partial( _order_results, default_order="-created_at", allowed_orders=order_map ) @routes.route(org_scoped_rule("/api/queries/format"), methods=["POST"]) @login_required def format_sql_query(org_slug=None): """ Formats an SQL query using the Python ``sqlparse`` formatter. :<json string query: The SQL text to format :>json string query: Formatted SQL text """ arguments = request.get_json(force=True) query = arguments.get("query", "") return jsonify( {"query": sqlparse.format(query, **settings.SQLPARSE_FORMAT_OPTIONS)} )
from flask_restful import abort from flask_login import login_required import sqlparse from funcy import distinct, take from itertools import chain from redash.handlers.base import routes, org_scoped_rule from redash.handlers.query_results import run_query from redash import models from redash.permissions import require_permission, require_access, require_admin_or_owner, not_view_only, view_only from redash.handlers.base import BaseResource, get_object_or_404 from redash.utils import collect_parameters_from_request @routes.route(org_scoped_rule('/api/queries/format'), methods=['POST']) @login_required def format_sql_query(org_slug=None): arguments = request.get_json(force=True) query = arguments.get("query", "") return sqlparse.format(query, reindent=True, keyword_case='upper') class QuerySearchResource(BaseResource): @require_permission('view_query') def get(self): term = request.args.get('q', '') return [q.to_dict() for q in models.Query.search(term, self.current_user.groups)]
import os from flask import current_app, render_template, safe_join, send_file from werkzeug.exceptions import NotFound from flask_login import login_required from redash import settings from redash.handlers import routes from redash.handlers.authentication import base_href from redash.handlers.base import org_scoped_rule def render_index(): if settings.MULTI_ORG: response = render_template("multi_org.html", base_href=base_href()) else: full_path = safe_join(settings.STATIC_ASSETS_PATH, 'index.html') response = send_file(full_path, **dict(cache_timeout=0, conditional=True)) return response @routes.route(org_scoped_rule('/<path:path>')) @routes.route(org_scoped_rule('/')) @login_required def index(**kwargs): return render_index()
def render_index(access_token=None): access_token = "undefined" if access_token is None else access_token if settings.MULTI_ORG: response = render_template("multi_org.html", base_href=base_href(), access_token=access_token) else: ## TODO: maybe do it gracefully template_path = safe_join(settings.STATIC_ASSETS_PATH, "index.html") full_path = safe_join(settings.STATIC_ASSETS_PATH, "index_embed.html") with open(template_path, "r") as f1, open(full_path, "w") as f2: content = f1.read() template = content.replace("{{access_token}}", access_token) f2.write(template) response = send_file(full_path, **dict(cache_timeout=0, conditional=True)) return response @routes.route(org_scoped_rule("/dashboard/<slug>"), methods=["GET"]) @login_required @csp_allows_embeding def dashboard(slug, org_slug=None): return render_index() @routes.route(org_scoped_rule("/<path:path>")) @routes.route(org_scoped_rule("/")) @login_required def index(**kwargs): return render_index()
from ldap3 import Server, Connection except ImportError: if settings.LDAP_LOGIN_ENABLED: sys.exit("The ldap3 library was not found. This is required to use LDAP authentication (see requirements.txt).") from redash.authentication import create_and_login_user, logout_and_redirect_to_index, get_next_path from redash.authentication.org_resolving import current_org from redash.handlers.base import org_scoped_rule logger = logging.getLogger('ldap_auth') blueprint = Blueprint('ldap_auth', __name__) @blueprint.route(org_scoped_rule("/ldap/login"), methods=['GET', 'POST']) def login(org_slug=None): index_url = url_for("redash.index", org_slug=org_slug) unsafe_next_path = request.args.get('next', index_url) next_path = get_next_path(unsafe_next_path) if not settings.LDAP_LOGIN_ENABLED: logger.error("Cannot use LDAP for login without being enabled in settings") return redirect(url_for('redash.index', next=next_path)) if current_user.is_authenticated: return redirect(next_path) if request.method == 'POST': ldap_user = auth_ldap_user(request.form['email'], request.form['password'])
import json from flask import request from flask_login import current_user, login_required from redash import models from redash.handlers import routes from redash.handlers.base import json_response, org_scoped_rule from redash.authentication import current_org from redash.permissions import require_admin @routes.route(org_scoped_rule('/api/organization/status'), methods=['GET']) @login_required def organization_status(org_slug=None): counters = { 'users': models.User.all_not_disabled(current_org).count(), 'alerts': models.Alert.all(group_ids=current_user.group_ids).count(), 'data_sources': models.DataSource.all(current_org, group_ids=current_user.group_ids).count(), 'queries': models.Query.all_queries(current_user.group_ids, current_user.id, drafts=True).count(), 'dashboards': models.Dashboard.query.filter(models.Dashboard.org==current_org, models.Dashboard.is_archived==False).count(), } return json_response(dict(object_counters=counters))
# >> from flask import Flask, render_template # # >>app = Flask(__name__, template_folder='./') # # # >>@app.route('/foo') # >>@app.route('/') # >>def foo(): # >> response = render_template("test.py") # >> return response # # # >>>if __name__ == '__main__': # app.run(debug=True) ## /foo 和 / 都返回foo的响应 ####一个资源多个路由路径没问题! @routes.route(org_scoped_rule('/<path:path>')) # /<path:path> # /<org_slug:org_slug>/<path:path> @routes.route(org_scoped_rule('/')) # / # /<org_slug:org_slug> @login_required def index(**kwargs): return render_index()
import json from flask import request from flask_login import current_user, login_required from redash import models, settings from redash.handlers import routes, restful from redash.handlers.base import json_response, org_scoped_rule from redash.authentication import current_org from redash.permissions import require_admin # @routes.route(settings.ROOT_API_URL + org_scoped_rule('/organization/status'), methods=['GET']) @restful.route(org_scoped_rule('/organization/status'), methods=['GET']) @login_required def organization_status(org_slug=None): counters = { 'users': models.User.all_not_disabled(current_org).count(), 'alerts': models.Alert.all(group_ids=current_user.group_ids).count(), 'data_sources': models.DataSource.all(current_org, group_ids=current_user.group_ids).count(), 'queries': models.Query.all_queries(current_user.group_ids, current_user.id, drafts=True).count(), 'dashboards': models.Dashboard.query.filter( models.Dashboard.org == current_org, models.Dashboard.is_archived == False).count(),
from flask_login import current_user, login_required from redash import models from redash.handlers import routes from redash.handlers.base import json_response, org_scoped_rule from redash.authentication import current_org @routes.route(org_scoped_rule("/api/organization/status"), methods=["GET"]) #@login_required #ZZW def organization_status(org_slug=None): counters = { "users": models.User.all(current_org).count(), "alerts": models.Alert.all(group_ids=current_user.group_ids).count(), "data_sources": models.DataSource.all(current_org, group_ids=current_user.group_ids).count(), "queries": models.Query.all_queries(current_user.group_ids, current_user.id, include_drafts=True).count(), "dashboards": models.Dashboard.query.filter( models.Dashboard.org == current_org, models.Dashboard.is_archived == False).count(), } return json_response(dict(object_counters=counters))
status_code = 400 else: # TODO: set active flag user.hash_password(request.form['password']) models.db.session.add(user) login_user(user) models.db.session.commit() return redirect(url_for('redash.index', org_slug=org_slug)) if settings.GOOGLE_OAUTH_ENABLED: google_auth_url = get_google_auth_url(url_for('redash.index', org_slug=org_slug)) else: google_auth_url = '' return render_template(template, google_auth_url=google_auth_url, user=user), status_code @routes.route(org_scoped_rule('/invite/<token>'), methods=['GET', 'POST']) def invite(token, org_slug=None): return render_token_login_page("invite.html", org_slug, token) @routes.route(org_scoped_rule('/reset/<token>'), methods=['GET', 'POST']) def reset(token, org_slug=None): return render_token_login_page("reset.html", org_slug, token) @routes.route(org_scoped_rule('/forgot'), methods=['GET', 'POST']) def forgot_password(org_slug=None): if not settings.PASSWORD_LOGIN_ENABLED: abort(404) submitted = False
def add_org_resource(self, resource, *urls, **kwargs): urls = [org_scoped_rule(url) for url in urls] return self.add_resource(resource, *urls, **kwargs)
from sqlalchemy.orm.exc import StaleDataError from redash import models, settings from redash.remote_resource import remote_resource_restriction from redash.handlers.base import (BaseResource, get_object_or_404, org_scoped_rule, paginate, routes, restful) from redash.handlers.query_results import run_query from redash.permissions import (can_modify, not_view_only, require_access, require_admin_or_owner, require_object_modify_permission, require_permission, view_only) from redash.utils import collect_parameters_from_request # @routes.route(settings.ROOT_API_URL + org_scoped_rule('/queries/format'), methods=['POST']) @restful.route(org_scoped_rule('/queries/format'), methods=['POST']) @login_required def format_sql_query(org_slug=None): """ Formats an SQL query using the Python ``sqlparse`` formatter. :<json string query: The SQL text to format :>json string query: Formatted SQL text """ arguments = request.get_json(force=True) query = arguments.get("query", "") return jsonify({'query': sqlparse.format(query, reindent=True, keyword_case='upper')}) class QuerySearchResource(BaseResource):
except ImportError: if settings.LDAP_LOGIN_ENABLED: sys.exit( "The ldap3 library was not found. This is required to use LDAP authentication (see requirements.txt)." ) from redash.authentication import create_and_login_user, logout_and_redirect_to_index, get_next_path from redash.authentication.org_resolving import current_org from redash.handlers.base import org_scoped_rule logger = logging.getLogger('ldap_auth') blueprint = Blueprint('ldap_auth', __name__) @blueprint.route(org_scoped_rule("/ldap/login"), methods=['GET', 'POST']) def login(org_slug=None): index_url = url_for("redash.index", org_slug=org_slug) unsafe_next_path = request.args.get('next', index_url) next_path = get_next_path(unsafe_next_path) if not settings.LDAP_LOGIN_ENABLED: logger.error( "Cannot use LDAP for login without being enabled in settings") return redirect(url_for('redash.index', next=next_path)) if current_user.is_authenticated: return redirect(next_path) if request.method == 'POST': ldap_user = auth_ldap_user(request.form['email'],
data, run_time, utils.utcnow()) return data except Exception, e: if max_age > 0: abort( 404, message= "Unable to get result from the database, and no cached query result found." ) else: abort(503, message="Unable to get result from the database.") return None @routes.route(org_scoped_rule( '/embed/query/<query_id>/visualization/<visualization_id>'), methods=['GET']) @login_required def embed(query_id, visualization_id, org_slug=None): query = models.Query.get_by_id_and_org(query_id, current_org) require_access(query.groups, current_user, view_only) vis = query.visualizations.where( models.Visualization.id == visualization_id).first() qr = {} parameter_values = collect_parameters_from_request(request.args) if vis is not None: vis = vis.to_dict() qr = query.latest_query_data if settings.ALLOW_PARAMETERS_IN_EMBEDS == True and len(
}, }, } if entity_id is not None and entity_id != "": saml_settings['entityid'] = entity_id sp_config = Saml2Config() sp_config.load(saml_settings) sp_config.allow_unknown_attributes = True saml_client = Saml2Client(config=sp_config) return saml_client @blueprint.route(org_scoped_rule('/saml/callback'), methods=['POST']) def idp_initiated(org_slug=None): if not current_org.get_setting("auth_saml_enabled"): logger.error("SAML Login is not enabled") return redirect(url_for('redash.index', org_slug=org_slug)) saml_client = get_saml_client(current_org) authn_response = saml_client.parse_authn_request_response( request.form['SAMLResponse'], entity.BINDING_HTTP_POST) authn_response.get_identity() user_info = authn_response.get_subject() email = user_info.text name = "%s %s" % (authn_response.ava['FirstName'][0], authn_response.ava['LastName'][0]) # This is what as known as "Just In Time (JIT) provisioning".
} }, } if entity_id is not None and entity_id != "": saml_settings["entityid"] = entity_id sp_config = Saml2Config() sp_config.load(saml_settings) sp_config.allow_unknown_attributes = True saml_client = Saml2Client(config=sp_config) return saml_client @blueprint.route(org_scoped_rule("/saml/callback"), methods=["POST"]) def idp_initiated(org_slug=None): if not current_org.get_setting("auth_saml_enabled"): logger.error("SAML Login is not enabled") return redirect(url_for("redash.index", org_slug=org_slug)) saml_client = get_saml_client(current_org) try: authn_response = saml_client.parse_authn_request_response( request.form["SAMLResponse"], entity.BINDING_HTTP_POST ) except Exception: logger.error("Failed to parse SAML response", exc_info=True) flash("SAML login failed. Please try again later.") return redirect(url_for("redash.login", org_slug=org_slug))
from redash.authentication import ( create_and_login_user, logout_and_redirect_to_index, get_next_path, ) from redash.authentication.org_resolving import current_org from redash.handlers.base import org_scoped_rule logger = logging.getLogger("ldap_auth") blueprint = Blueprint("ldap_auth", __name__) @blueprint.route(org_scoped_rule("/ldap/login"), methods=["GET", "POST"]) def login(org_slug=None): index_url = url_for("redash.index", org_slug=org_slug) unsafe_next_path = request.args.get("next", index_url) next_path = get_next_path(unsafe_next_path) if not settings.LDAP_LOGIN_ENABLED: logger.error("Cannot use LDAP for login without being enabled in settings") return redirect(url_for("redash.index", next=next_path)) if current_user.is_authenticated: return redirect(next_path) if request.method == "POST": ldap_user = auth_ldap_user(request.form["email"], request.form["password"])
return ( render_template( template, show_google_openid=settings.GOOGLE_OAUTH_ENABLED, google_auth_url=google_auth_url, show_saml_login=current_org.get_setting("auth_saml_enabled"), show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED, show_ldap_login=settings.LDAP_LOGIN_ENABLED, org_slug=org_slug, user=user, ), status_code, ) @routes.route(org_scoped_rule("/invite/<token>"), methods=["GET", "POST"]) def invite(token, org_slug=None): return render_token_login_page("invite.html", org_slug, token, True) @routes.route(org_scoped_rule("/reset/<token>"), methods=["GET", "POST"]) def reset(token, org_slug=None): return render_token_login_page("reset.html", org_slug, token, False) @routes.route(org_scoped_rule("/verify/<token>"), methods=["GET"]) def verify(token, org_slug=None): try: user_id = validate_token(token) org = current_org._get_current_object() user = models.User.get_by_id_and_org(user_id, org)
import logging from flask import redirect, url_for, Blueprint, request from redash.authentication import create_and_login_user, logout_and_redirect_to_index, get_next_path from redash.authentication.org_resolving import current_org from redash.handlers.base import org_scoped_rule from redash import settings logger = logging.getLogger('remote_user_auth') blueprint = Blueprint('remote_user_auth', __name__) @blueprint.route(org_scoped_rule("/remote_user/login")) def login(org_slug=None): unsafe_next_path = request.args.get('next') next_path = get_next_path(unsafe_next_path) if not settings.REMOTE_USER_LOGIN_ENABLED: logger.error( "Cannot use remote user for login without being enabled in settings" ) return redirect( url_for('redash.index', next=next_path, org_slug=org_slug)) email = request.headers.get(settings.REMOTE_USER_HEADER) # Some Apache auth configurations will, stupidly, set (null) instead of a # falsey value. Special case that here so it Just Works for more installs. # '(null)' should never really be a value that anyone wants to legitimately # use as a redash user email. if email == '(null)':
run_time = time.time() - started_at query_result, updated_query_ids = models.QueryResult.store_result(data_source.org_id, data_source.id, query_hash, query_text, data, run_time, utils.utcnow()) models.db.session.commit() return data except Exception: if max_age > 0: abort(404, message="Unable to get result from the database, and no cached query result found.") else: abort(503, message="Unable to get result from the database.") return None @routes.route(org_scoped_rule('/embed/query/<query_id>/visualization/<visualization_id>'), methods=['GET']) @login_required def embed(query_id, visualization_id, org_slug=None): record_event(current_org, current_user._get_current_object(), { 'action': 'view', 'object_id': visualization_id, 'object_type': 'visualization', 'query_id': query_id, 'embed': True, 'referer': request.headers.get('Referer') }) return render_index() @routes.route(org_scoped_rule('/public/dashboards/<token>'), methods=['GET'])
from flask import request from flask_restful import abort from .authentication import current_org from flask_login import current_user, login_required from redash import models from redash.handlers import routes from redash.handlers.base import get_object_or_404, org_scoped_rule, record_event from redash.handlers.static import render_index from redash.security import csp_allows_embeding @routes.route( org_scoped_rule( "/embed/query/<query_id>/visualization/<visualization_id>"), methods=["GET"], ) @login_required @csp_allows_embeding def embed(query_id, visualization_id, org_slug=None): record_event( current_org, current_user._get_current_object(), { "action": "view", "object_id": visualization_id, "object_type": "visualization", "query_id": query_id, "embed": True, "referer": request.headers.get("Referer"), },
google_auth_url = get_google_auth_url( url_for('redash.index', org_slug=org_slug)) return render_template( template, show_google_openid=settings.GOOGLE_OAUTH_ENABLED, google_auth_url=google_auth_url, show_saml_login=current_org.get_setting('auth_saml_enabled'), show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED, show_ldap_login=settings.LDAP_LOGIN_ENABLED, org_slug=org_slug, user=user), status_code @routes.route(org_scoped_rule('/invite/<token>'), methods=['GET', 'POST']) def invite(token, org_slug=None): return render_token_login_page("invite.html", org_slug, token) @routes.route(org_scoped_rule('/reset/<token>'), methods=['GET', 'POST']) def reset(token, org_slug=None): return render_token_login_page("reset.html", org_slug, token) @routes.route(org_scoped_rule('/verify/<token>'), methods=['GET']) def verify(token, org_slug=None): try: user_id = validate_token(token) org = current_org._get_current_object() user = models.User.get_by_id_and_org(user_id, org)
from flask_login import login_required from redash import settings from redash.handlers import routes from redash.handlers.authentication import base_href from redash.handlers.base import org_scoped_rule def render_index(): if settings.MULTI_ORG: response = render_template("multi_org.html", base_href=base_href()) else: full_path = safe_join(settings.STATIC_ASSETS_PATH, 'index.html') response = send_file(full_path, **dict(cache_timeout=0, conditional=True)) return response @routes.route(org_scoped_rule('/static/unsupported')) def unsupported(**kwargs): full_path = safe_join(settings.STATIC_ASSETS_PATH, 'unsupported.html') response = send_file(full_path) return response @routes.route(org_scoped_rule('/<path:path>')) @routes.route(org_scoped_rule('/')) @login_required def index(**kwargs): return render_index()
from redash import models from redash.handlers import routes from redash.handlers.base import (json_response, org_scoped_rule) @routes.route(org_scoped_rule('/dashboards/<dashboard_slug>/share/token'), methods=['GET']) def dashboard_share_apiKey(dashboard_slug): """ get a dashboard's apikey. :param dashboard_slug: The slug of the dashboard to share. :>json api_key: The API key to use when accessing it. """ current_org = models.Organization.get_by_slug('default') dashboard = models.Dashboard.get_by_slug_and_org(dashboard_slug, current_org) api_key = models.ApiKey.get_by_object(dashboard) if api_key: return json_response({'api_key': api_key.api_key}) else: return json_response({'api_key': 'None'})
}, }, } if entity_id is not None and entity_id != "": saml_settings['entityid'] = entity_id sp_config = Saml2Config() sp_config.load(saml_settings) sp_config.allow_unknown_attributes = True saml_client = Saml2Client(config=sp_config) return saml_client @blueprint.route(org_scoped_rule('/saml/callback'), methods=['POST']) def idp_initiated(org_slug=None): if not current_org.get_setting("auth_saml_enabled"): logger.error("SAML Login is not enabled") return redirect(url_for('redash.index', org_slug=org_slug)) saml_client = get_saml_client(current_org) try: authn_response = saml_client.parse_authn_request_response( request.form['SAMLResponse'], entity.BINDING_HTTP_POST) except Exception: logger.error('Failed to parse SAML response', exc_info=True) flash('SAML login failed. Please try again later.') return redirect(url_for('redash.login', org_slug=org_slug)) authn_response.get_identity()
models.db.session.commit() return redirect(url_for('redash.index', org_slug=org_slug)) google_auth_url = get_google_auth_url(url_for('redash.index', org_slug=org_slug)) return render_template(template, show_google_openid=settings.GOOGLE_OAUTH_ENABLED, google_auth_url=google_auth_url, show_saml_login=current_org.get_setting('auth_saml_enabled'), show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED, show_ldap_login=settings.LDAP_LOGIN_ENABLED, org_slug=org_slug, user=user), status_code @routes.route(org_scoped_rule('/invite/<token>'), methods=['GET', 'POST']) def invite(token, org_slug=None): return render_token_login_page("invite.html", org_slug, token) @routes.route(org_scoped_rule('/reset/<token>'), methods=['GET', 'POST']) def reset(token, org_slug=None): return render_token_login_page("reset.html", org_slug, token) @routes.route(org_scoped_rule('/forgot'), methods=['GET', 'POST']) def forgot_password(org_slug=None): if not current_org.get_setting('auth_password_login_enabled'): abort(404) submitted = False
user.hash_password(request.form['password']) user.save() login_user(user) return redirect(url_for('redash.index', org_slug=org_slug)) if settings.GOOGLE_OAUTH_ENABLED: google_auth_url = get_google_auth_url( url_for('redash.index', org_slug=org_slug)) else: google_auth_url = '' return render_template(template, google_auth_url=google_auth_url, user=user), status_code @routes.route(org_scoped_rule('/invite/<token>'), methods=['GET', 'POST']) def invite(token, org_slug=None): return render_token_login_page("invite.html", org_slug, token) @routes.route(org_scoped_rule('/reset/<token>'), methods=['GET', 'POST']) def reset(token, org_slug=None): return render_token_login_page("reset.html", org_slug, token) @routes.route(org_scoped_rule('/forgot'), methods=['GET', 'POST']) def forgot_password(org_slug=None): submitted = False if request.method == 'POST' and request.form['email']: submitted = True email = request.form['email']
raise Exception('Missing parameter value for: {}'.format(", ".join(missing_params))) if query_parameters: query_text = pystache.render(query_text, parameter_values) try: data, error = data_source.query_runner.run_query(query_text) if error: return None return data except Exception, e: abort(503, message="Unable to get result from the database.") return None @routes.route(org_scoped_rule('/embedjon/query/<query_id>'), methods=['GET']) @login_required def embedjon(query_id, org_slug=None): visualizations=1 query = models.Query.get_by_id_and_org(query_id, current_org) require_access(query.groups, current_user, view_only) qr = {} parameter_values = collect_parameters_from_request(request.args) qr = query.latest_query_data if settings.ALLOW_PARAMETERS_IN_EMBEDS == True and len(parameter_values) > 0: # run parameterized query # # WARNING: Note that the external query parameters # are a potential risk of SQL injections. # results = run_query_sync(query.data_source, parameter_values, query.query)
def order_results(results, default_order='-created_at'): """ Orders the given results with the sort order as requested in the "order" request query parameter or the given default order. """ # See if a particular order has been requested order = request.args.get('order', '').strip() or default_order # and if it matches a long-form for related fields, falling # back to the default order selected_order = order_map.get(order, default_order) # The query may already have an ORDER BY statement attached # so we clear it here and apply the selected order return sort_query(results.order_by(None), selected_order) @routes.route(org_scoped_rule('/api/queries/format'), methods=['POST']) @login_required def format_sql_query(org_slug=None): """ Formats an SQL query using the Python ``sqlparse`` formatter. :<json string query: The SQL text to format :>json string query: Formatted SQL text """ arguments = request.get_json(force=True) query = arguments.get("query", "") return jsonify( {'query': sqlparse.format(query, reindent=True, keyword_case='upper')})
from redash import settings from redash.handlers import routes from redash.handlers.authentication import base_href from redash.handlers.base import org_scoped_rule from redash.security import csp_allows_embeding def render_index(): if settings.MULTI_ORG: response = render_template("multi_org.html", base_href=base_href()) else: full_path = safe_join(settings.STATIC_ASSETS_PATH, 'index.html') response = send_file(full_path, **dict(cache_timeout=0, conditional=True)) return response @routes.route(org_scoped_rule('/dashboard/<slug>'), methods=['GET']) @login_required @csp_allows_embeding def dashboard(slug, org_slug=None): return render_index() @routes.route(org_scoped_rule('/<path:path>')) @routes.route(org_scoped_rule('/')) @login_required def index(**kwargs): return render_index()