def _init_middleware(): """Initialize WSGI middleware. :returns: None """ # Ensure original root app is restored and wrap it with ProxyFix, # respecting only the last entry in each header if it contains a list of # values. The following headers are respected: X-Forwarded-For, # X-Forwarded-Proto, X-Forwarded-Host, X-Forwarded-Port, # X-Forwarded-Prefix (the last one sets SCRIPT_NAME environment variable # that is used to construct links). _app.wsgi_app = proxy_fix.ProxyFix(_wsgi_app, x_for=1, x_proto=1, x_host=1, x_port=1, x_prefix=1) if CONF.auth_strategy == 'keystone': utils.add_auth_middleware(_app) elif CONF.auth_strategy == 'http_basic': utils.add_basic_auth_middleware(_app) else: LOG.warning('Starting unauthenticated, please check' ' configuration') utils.add_cors_middleware(_app)
def setup_app_middleware(app): # NOTE(morgan): Load the middleware, in reverse order, we wrap the app # explicitly; reverse order to ensure the first element in _APP_MIDDLEWARE # processes the request first. MW = _APP_MIDDLEWARE IMW = _KEYSTONE_MIDDLEWARE # Add in optional (config-based) middleware # NOTE(morgan): Each of these may need to be in a specific location # within the pipeline therefore cannot be magically appended/prepended if CONF.wsgi.debug_middleware: # Add in the Debug Middleware MW = (_Middleware(namespace='keystone.server_middleware', ep='debug', conf={}), ) + _APP_MIDDLEWARE # Apply internal-only Middleware (e.g. AuthContextMiddleware). These # are below all externally loaded middleware in request processing. for mw in reversed(IMW): app.wsgi_app = mw(app.wsgi_app) # Apply the middleware to the application. for mw in reversed(MW): # TODO(morgan): Explore moving this to ExtensionManager, but we # want to be super careful about what middleware we load and in # what order. DriverManager gives us that capability and only loads # the entry points we care about rather than all of them. # Load via Stevedore, initialize the class via the factory so we can # initialize the "loaded" entrypoint with the currently bound # object pointed at "application". We may need to eventually move away # from the "factory" mechanism. loaded = stevedore.DriverManager(mw.namespace, mw.ep, invoke_on_load=False) # NOTE(morgan): global_conf (args[0]) to the factory is always empty # and local_conf (args[1]) will be the mw.conf dict. This allows for # configuration to be passed for middleware such as oslo CORS which # expects oslo_config_project or "allowed_origin" to be in the # local_conf, this is all a hold-over from paste-ini and pending # reworking/removal(s) factory_func = loaded.driver.factory({}, **mw.conf) app.wsgi_app = factory_func(app.wsgi_app) # Apply werkzeug specific middleware app.wsgi_app = proxy_fix.ProxyFix(app.wsgi_app) return app
from flask import Flask, render_template, request, redirect, send_from_directory from flask_csp.csp import csp_header from werkzeug.middleware import proxy_fix import requests app = Flask(__name__) app.wsgi_app = proxy_fix.ProxyFix(app.wsgi_app) # csp one (data uri) use cookie e397d059d7148ad6ecacdf4af7a1deda @app.route('/') @app.route('/csp-one') @csp_header({'connect-src': "*", 'script-src': "'self' data:"}) def cspOne(): return render_template('csp-one.html') @app.route('/csp-one-result', methods=['POST', 'GET']) @csp_header({'connect-src': "*", 'script-src': "'self' data:"}) def cspOneResult(): payload = "None" if request.method == 'POST': payload = request.form['payload'] r = requests.post('http://127.0.0.1:3000/submit', data={ 'url': request.base_url, "payload": payload }) if request.method == 'GET' and 'admin' in request.cookies and request.cookies.get( "admin") == u"e397d059d7148ad6ecacdf4af7a1deda": payload = request.args.get('payload')
"""Flask server to verify and relay client requests to Mailjet API.""" import os import re from typing import Any, Dict, Optional import flask import requests from werkzeug.middleware import proxy_fix app = flask.Flask(__name__) # Get original host and scheme used before proxies (load balancer, nginx, etc). app.wsgi_app = proxy_fix.ProxyFix(app.wsgi_app) # type: ignore # TODO(pascal): Do a health check of those env vars, either at startup, or in the health check. _ADMIN_EMAIL = os.getenv('ADMIN_EMAIL') _MAILJET_APIKEY_PUBLIC = os.getenv('MAILJET_APIKEY_PUBLIC') # See https://app.mailjet.com/account/api_keys _MAILJET_SECRET = os.getenv('MAILJET_SECRET') _MAILJET_SMS_TOKEN = os.getenv('MAILJET_SMS_TOKEN') _MAIL_SENDER_EMAIL = os.getenv('MAIL_SENDER_EMAIL') _MAIL_SENDER_NAME = os.getenv('MAIL_SENDER_NAME') _SMS_SENDER = os.getenv('SMS_SENDER') _TEMPLATE_WHITELISTS = frozenset( template_id.strip() for template_id in os.getenv('TEMPLATE_WHITELISTS', '').split(',') if template_id.strip()) _NUM_RECIPIENTS = int(os.getenv('NUM_RECIPIENTS', '1')) _VAR_MAX_SIZE = int(os.getenv('VAR_MAX_SIZE', '0'))