def __init__(self, import_name): super().__init__(import_name, static_url_path='', static_folder=os.path.join(os.getcwd(), 'web', 'static'), template_folder=os.path.join(os.getcwd(), 'web', 'templates', 'public')) self.wsgi_app = ProxyFix(self.wsgi_app) self.data_store_client = datastore.Client() self.client_secret = CLIENT_SECRET self.firebase_admin_secret = FIREBASE_ADMIN_SECRET self.firebase_admin_credentials = FIREBASE_ADMIN_CREDENTIALS firebase_admin.initialize_app(self.firebase_admin_credentials) # database self.config["SQLALCHEMY_DATABASE_URI"] = SQLALCHEMY_DATABASE_URI # self.config["SQLALCHEMY_ECHO"] = SQLALCHEMY_ECHO self.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = SQLALCHEMY_TRACK_MODIFICATIONS self.config["SQLALCHEMY_POOL_TIMEOUT"] = SQLALCHEMY_POOL_TIMEOUT self.config["SQLALCHEMY_MAX_OVERFLOW"] = SQLALCHEMY_MAX_OVERFLOW self.config['SWAGGER_UI_DOC_EXPANSION'] = SWAGGER_UI_DOC_EXPANSION self.config['RESTPLUS_VALIDATE'] = RESTPLUS_VALIDATE self.config['RESTPLUS_MASK_SWAGGER'] = RESTPLUS_MASK_SWAGGER self.config['ERROR_404_HELP'] = ERROR_404_HELP self.db = db self.db.init_app(self) self.app_context().push() with self.app_context(): self.db.create_all() # Create database tables for our data models self.flow = None self.session = dict() self.cache = Cache(app=self, config={'CACHE_TYPE': 'simple'}) self.config['SITEMAP_INCLUDE_RULES_WITHOUT_PARAMS'] = False # true for listing every route available self.flask_sitemap = Sitemap(app=self) # keep a sitemap only for the pages that does not require authentication (may add special cases later) self.flask_sitemap.register_generator(self.root_sitemap) self.add_url_rule('/', view_func=self.landing, methods=['GET']) self.add_url_rule('/profile', view_func=self.profile, methods=['GET']) self.add_url_rule('/dashboard', view_func=self.dashboard, methods=['GET']) self.add_url_rule('/categories', view_func=self.categories, methods=['GET', 'POST']) self.add_url_rule('/add_category', view_func=self.add_category, methods=['GET', 'POST']) self.add_url_rule('/delete_category/<int:category_id>', view_func=self.delete_category, methods=['GET']) self.add_url_rule('/my_projects', view_func=self.my_projects, methods=['GET']) self.add_url_rule('/add_project', view_func=self.add_project, methods=['GET', 'POST']) self.add_url_rule('/see_project/<int:project_id>', view_func=self.see_project, methods=['GET']) self.add_url_rule('/delete_project/<int:project_id>', view_func=self.delete_project, methods=['GET']) self.add_url_rule('/my_jobs', view_func=self.my_jobs, methods=['GET']) self.add_url_rule('/see_job/<int:job_id>', view_func=self.see_job, methods=['GET']) self.add_url_rule('/delete_job/<int:job_id>', view_func=self.delete_job, methods=['GET']) self.add_url_rule('/add_job', view_func=self.add_job, methods=['GET', 'POST']) self.add_url_rule('/marketplace', view_func=self.marketplace, methods=['GET']) self.add_url_rule('/product/<int:product_id>', view_func=self.product, methods=['GET']) self.add_url_rule('/logout', view_func=self.logout, methods=['GET']) self.add_url_rule('/login', view_func=self.login, methods=['GET']) # APIs endpoints blueprint = Blueprint('api', __name__, url_prefix='/api') api.init_app(blueprint) api.add_namespace(categories_namespace) api.add_namespace(jobs_namespace) api.add_namespace(attachments_namespace) api.add_namespace(biddings_namespace) api.add_namespace(projects_namespace) api.add_namespace(projects_assets_namespace) api.add_namespace(marketplace_namespace) api.add_namespace(assets_namespace) self.register_blueprint(blueprint) self.register_error_handler(500, self.server_error) self.register_error_handler(404, self.not_found)
import os from flask import Flask, request, make_response from flask_auth0 import AuthorizationCodeFlow from werkzeug.middleware.proxy_fix import ProxyFix from cachelib import FileSystemCache app = Flask(__name__, template_folder='templates') app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_port=1, x_prefix=1) app.secret_key = os.getenv('SECRET_KEY') # You can add the config to the app or to the ext app.config['AUTH0_CLIENT_ID'] = os.getenv('AUTH0_CLIENT_ID') app.config['AUTH0_CLIENT_SECRET'] = os.getenv('AUTH0_CLIENT_SECRET') # Initialize the extension auth = AuthorizationCodeFlow( app=app, # or use auth.init_app() later scope='profile', base_url=os.getenv('AUTH0_BASE_URL'), # The base url of your SSO # All your instances need to be able to access this path, # or use another backend like Redis cache=FileSystemCache('/tmp/flask_auth0_cache'))
csp += "connect-src 'self' https://sentry.io/;" else: csp += "script-src 'self' 'unsafe-eval';" csp += "connect-src 'self';" if 'CSP_REPORT_URI' in app.config: csp += "report-uri " + app.config.get('CSP_REPORT_URI') if app.config.get('HTTPS'): resp.headers.set('strict-transport-security', 'max-age={}'.format(60 * 60 * 24 * 365)) csp += "; upgrade-insecure-requests" resp.headers.set('Content-Security-Policy', csp) resp.headers.set('referrer-policy', 'no-referrer') resp.headers.set('x-content-type-options', 'nosniff') resp.headers.set('x-frame-options', 'DENY') resp.headers.set('x-xss-protection', '1') return resp mimetypes.add_type('image/webp', '.webp') libforget.brotli.brotli(app) imgproxy = (libforget.img_proxy.ImgProxyCache( redis_uri=app.config.get('REDIS_URI'))) app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)
else: out = '''An unhandled error occurred linking your accounts. Please contact a staff member so we can resolve the issue''' session.clear() return out def async_update(data): webhook = DiscordWebhook( url=webhookurl, content= f"a~update <@{data['response']['body']['user_metadata']['discord_id']}>" ) response = webhook.execute() while not response.ok: if response.status_code == 429: sleep(1) response = webhook.execute() else: print(response) @app.route('/update_hook', methods=['POST']) def update_hook(): data = request.json Thread(target=async_update, args=tuple([data])).start() return make_response("OK", 200) app = ProxyFix(app, x_for=1, x_host=1)
def create_app(test_config=None): app = Flask(__name__) app.config.from_mapping( SECRET_KEY='c5282ad3ea38420ab8ac0326a48d3a8c', SQLALCHEMY_DATABASE_URI=DATA_SOURCE, SQLALCHEMY_TRACK_MODIFICATIONS=False, SECURITY_TRACKABLE=True, SECURITY_PASSWORD_SALT='bf9797d59d094abb92fdca167494a7ee', SECURITY_UNAUTHORIZED_VIEW='/login', SECURITY_REGISTERABLE=False) CORS(app) ma.init_app(app) migrate = Migrate(app, Base) app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_host=1) from api.users.models import User, Role user_datastore = SQLAlchemySessionUserDatastore(db_session, User, Role) security.init_app(app, datastore=user_datastore, register_blueprint=False) # @app.before_request # def before_request_func(): # if not current_user.is_authenticated: # return 'not loged in' def register_api(view, endpoint, url, pk='id', pk_type='int'): view_func = view.as_view(endpoint) app.add_url_rule(url, defaults={pk: None}, view_func=view_func, methods=[ 'GET', ]) app.add_url_rule(url, view_func=view_func, methods=[ 'POST', ]) app.add_url_rule('%s<%s:%s>' % (url, pk_type, pk), view_func=view_func, methods=['GET', 'PUT', 'DELETE']) from api.items import ItemsAPI from api.distributors import DistributorsAPI from api.clients import ClientsAPI from api.payments import PaymentsAPI from api.bill import BillsAPI register_api(ItemsAPI, 'items_api', '/items/', pk='item_code') register_api(DistributorsAPI, 'distributor_api', '/distributors/', pk='id') register_api(ClientsAPI, 'clients_api', '/clients/', pk='id') register_api(PaymentsAPI, 'payments_api', '/payments/', pk='id') register_api(BillsAPI, 'bills_api', '/bills/', pk='id') from api.users import users_bp app.register_blueprint(users_bp, url_prefix='/users') @app.teardown_appcontext def shutdown_session(exception=None): from api.database import db_session db_session.remove() return app
def main(): app.wsgi_app = ProxyFix(app.wsgi_app) app.run()
# -*- coding: utf-8 -*- import cv2 import numpy as np from flask import Flask, render_template, request, redirect, url_for, send_file from werkzeug.utils import secure_filename import hashlib import uuid import threading import time from queue import Queue, Empty from werkzeug.middleware.proxy_fix import ProxyFix app = Flask(__name__) # App is behind one proxy that sets the -For and -Host headers. app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_host=1) requests_queue = Queue() BATCH_SIZE = 1 CHECK_INTERVAL = 0.1 net = cv2.dnn.readNet("yolov3.weights", "yolov3.cfg") classes = [] with open("coco.names", "r") as f: classes = [line.strip() for line in f.readlines()] layer_names = net.getLayerNames() output_layers = [layer_names[i[0] - 1] for i in net.getUnconnectedOutLayers()] # request handling def handle_requests_by_batch(): try: while True: requests_batch = []
def create_app(config='CTFd.config.Config'): app = CTFdFlask(__name__) with app.app_context(): app.config.from_object(config) theme_loader = ThemeLoader(os.path.join(app.root_path, 'themes'), followlinks=True) app.jinja_loader = theme_loader from CTFd.models import db, Teams, Solves, Challenges, Fails, Flags, Tags, Files, Tracking # noqa: F401 url = create_database() # This allows any changes to the SQLALCHEMY_DATABASE_URI to get pushed back in # This is mostly so we can force MySQL's charset app.config['SQLALCHEMY_DATABASE_URI'] = str(url) # Register database db.init_app(app) # Register Flask-Migrate migrations.init_app(app, db) # Alembic sqlite support is lacking so we should just create_all anyway if url.drivername.startswith('sqlite'): db.create_all() stamp() else: # This creates tables instead of db.create_all() # Allows migrations to happen properly upgrade() from CTFd.models import ma ma.init_app(app) app.db = db app.VERSION = __version__ from CTFd.cache import cache cache.init_app(app) app.cache = cache reverse_proxy = app.config.get('REVERSE_PROXY') if reverse_proxy: if ',' in reverse_proxy: proxyfix_args = [int(i) for i in reverse_proxy.split(',')] app.wsgi_app = ProxyFix(app.wsgi_app, None, *proxyfix_args) else: app.wsgi_app = ProxyFix(app.wsgi_app, num_proxies=None, x_for=1, x_proto=1, x_host=1, x_port=1, x_prefix=1) version = utils.get_config('ctf_version') # Upgrading from an older version of CTFd if version and (StrictVersion(version) < StrictVersion(__version__)): if confirm_upgrade(): run_upgrade() else: exit() if not version: utils.set_config('ctf_version', __version__) if not utils.get_config('ctf_theme'): utils.set_config('ctf_theme', 'core') update_check(force=True) init_request_processors(app) init_template_filters(app) init_template_globals(app) # Importing here allows tests to use sensible names (e.g. api instead of api_bp) from CTFd.views import views from CTFd.teams import teams from CTFd.users import users from CTFd.challenges import challenges from CTFd.scoreboard import scoreboard from CTFd.auth import auth from CTFd.admin import admin from CTFd.api import api from CTFd.events import events from CTFd.errors import page_not_found, forbidden, general_error, gateway_error app.register_blueprint(views) app.register_blueprint(teams) app.register_blueprint(users) app.register_blueprint(challenges) app.register_blueprint(scoreboard) app.register_blueprint(auth) app.register_blueprint(api) app.register_blueprint(events) app.register_blueprint(admin) app.register_error_handler(404, page_not_found) app.register_error_handler(403, forbidden) app.register_error_handler(500, general_error) app.register_error_handler(502, gateway_error) init_logs(app) init_events(app) init_plugins(app) return app
if ('secret_key' not in config['openakun'] or len(config['openakun']['secret_key']) == 0): # noqa: E129 raise ConfigError("Secret key not provided") app.config['SECRET_KEY'] = config['openakun']['secret_key'] login_mgr.init_app(app) login_mgr.login_view = 'login' socketio = SocketIO(app, logger=app.config['DEBUG'], engineio_logger=app.config['DEBUG']) # to make the proxy_fix apply to the socketio as well, this has to be done # after the socketio is constructed if config.getboolean('openakun', 'proxy_fix', fallback=False): print("adding ProxyFix") app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1) app.jinja_env.add_extension('jinja2.ext.do') # Import needs to be here, since it imports variables from pages.py itself. # Importing alone has all the side effects needed. from . import realtime # noqa def jinja_global(f): app.jinja_env.globals[f.__name__] = f return f app.jinja_env.globals['models'] = models
from app import application from werkzeug.middleware.proxy_fix import ProxyFix import google.cloud.logging application.wsgi_app = ProxyFix(application.wsgi_app, x_proto=1) client = google.cloud.logging.Client() client.setup_logging() if __name__ == "__main__": application.run()
def __init__( self, name, service, favicon_url=None, template_404=None, template_500=None, *args, **kwargs ): super().__init__(name, *args, **kwargs) self.service = service self.config["SECRET_KEY"] = os.getenv("SECRET_KEY", "base_secret") self.url_map.strict_slashes = False self.url_map.converters["regex"] = RegexConverter if self.debug: self.wsgi_app = DebuggedApplication(self.wsgi_app) self.wsgi_app = ProxyFix(self.wsgi_app) self.before_request(clear_trailing_slash) self.before_request( prepare_redirects( path=os.path.join(self.root_path, "..", "redirects.yaml") ) ) self.before_request( prepare_redirects( path=os.path.join( self.root_path, "..", "permanent-redirects.yaml" ), permanent=True, ) ) self.before_request( prepare_deleted( path=os.path.join(self.root_path, "..", "deleted.yaml") ) ) self.context_processor(base_context) talisker.flask.register(self) talisker.logs.set_global_extra({"service": self.service}) # Default error handlers if template_404: @self.errorhandler(404) def not_found_error(error): return flask.render_template(template_404), 404 if template_500: @self.errorhandler(500) def internal_error(error): return flask.render_template(template_500), 500 # Default routes if favicon_url: @self.route("/favicon.ico") def favicon(): return flask.redirect(favicon_url) robots_path = os.path.join(self.root_path, "..", "robots.txt") humans_path = os.path.join(self.root_path, "..", "humans.txt") if os.path.isfile(robots_path): @self.route("/robots.txt") def robots(): return flask.send_file(robots_path) if os.path.isfile(humans_path): @self.route("/humans.txt") def humans(): return flask.send_file(humans_path)
def create_app(with_external_mods=True): app = Flask(__name__.split('.')[0], static_folder="../static") app.config.update(config) api_uri = urlsplit(app.config['API_ENDPOINT']) app.config['APPLICATION_ROOT'] = api_uri.path app.config['PREFERRED_URL_SCHEME'] = api_uri.scheme if 'SCRIPT_NAME' not in os.environ: os.environ['SCRIPT_NAME'] = app.config['APPLICATION_ROOT'].rstrip('/') app.config['TEMPLATES_AUTO_RELOAD'] = True # disable cache for downloaded files (PDF file stat for ex) app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 0 if len(app.config['SECRET_KEY']) < 20: raise Exception("The SECRET_KEY config option must have a length " "greater or equals to 20 characters.") # set from headers HTTP_HOST, SERVER_NAME, and SERVER_PORT app.wsgi_app = ProxyFix(app.wsgi_app, x_host=1) app.json_encoder = MyJSONEncoder # set logging config config_loggers(app.config) db.init_app(app) migrate.init_app(app, DB, directory=BACKEND_DIR / 'geonature' / 'migrations') MA.init_app(app) CORS(app, supports_credentials=True) # Emails configuration if app.config["MAIL_CONFIG"]: conf = app.config.copy() conf.update(app.config["MAIL_CONFIG"]) app.config = conf MAIL.init_app(app) # Pass parameters to the usershub authenfication sub-module, DONT CHANGE THIS app.config["DB"] = DB # Pass parameters to the submodules app.config["MA"] = MA # For deleting files on "delete" media @before_models_committed.connect_via(app) def on_before_models_committed(sender, changes): for obj, change in changes: if change == "delete" and hasattr(obj, "__before_commit_delete__"): obj.__before_commit_delete__() # setting g.current_user on each request @app.before_request def load_current_user(): try: g.current_user = user_from_token(request.cookies['token']).role except (KeyError, UnreadableAccessRightsError, AccessRightsExpiredError): g.current_user = None admin.init_app(app) # Pass the ID_APP to the submodule to avoid token conflict between app on the same server with app.app_context(): try: gn_app = Application.query.filter_by( code_application=config['CODE_APPLICATION']).one() except (ProgrammingError, NoResultFound): logging.warning( "Warning: unable to find GeoNature application, database not yet initialized?" ) else: app.config["ID_APP"] = app.config[ "ID_APPLICATION_GEONATURE"] = gn_app.id_application for blueprint_path, url_prefix in [ ('pypnusershub.routes:routes', '/auth'), ('pypn_habref_api.routes:routes', '/habref'), ('pypnusershub.routes_register:bp', '/pypn/register'), ('pypnnomenclature.routes:routes', '/nomenclatures'), ('geonature.core.gn_commons.routes:routes', '/gn_commons'), ('geonature.core.gn_permissions.routes:routes', '/permissions'), ('geonature.core.gn_permissions.backoffice.views:routes', '/permissions_backoffice'), ('geonature.core.routes:routes', '/'), ('geonature.core.users.routes:routes', '/users'), ('geonature.core.gn_synthese.routes:routes', '/synthese'), ('geonature.core.gn_meta.routes:routes', '/meta'), ('geonature.core.ref_geo.routes:routes', '/geo'), ('geonature.core.auth.routes:routes', '/gn_auth'), ('geonature.core.gn_monitoring.routes:routes', '/gn_monitoring'), ('geonature.core.gn_profiles.routes:routes', '/gn_profiles'), ]: module_name, blueprint_name = blueprint_path.split(':') blueprint = getattr(import_module(module_name), blueprint_name) app.register_blueprint(blueprint, url_prefix=url_prefix) with app.app_context(): # register errors handlers import geonature.core.errors # Loading third-party modules if with_external_mods: try: for module_object, module_config, module_blueprint in import_backend_enabled_modules( ): app.config[module_config['MODULE_CODE']] = module_config app.register_blueprint( module_blueprint, url_prefix=module_config['MODULE_URL']) except ProgrammingError as sqla_error: if isinstance(sqla_error.orig, UndefinedTable): logging.warning( "Warning: database not yet initialized, skipping loading of external modules" ) else: raise return app
def create_app(config="CTFd.config.Config"): app = CTFdFlask(__name__) with app.app_context(): app.config.from_object(config) app.theme_loader = ThemeLoader( os.path.join(app.root_path, "themes"), followlinks=True ) # Weird nested solution for accessing plugin templates app.plugin_loader = jinja2.PrefixLoader( { "plugins": jinja2.FileSystemLoader( searchpath=os.path.join(app.root_path, "plugins"), followlinks=True ) } ) # Load from themes first but fallback to loading from the plugin folder app.jinja_loader = jinja2.ChoiceLoader([app.theme_loader, app.plugin_loader]) from CTFd.models import ( # noqa: F401 db, Teams, Solves, Challenges, Fails, Flags, Tags, Files, Tracking, ) url = create_database() # This allows any changes to the SQLALCHEMY_DATABASE_URI to get pushed back in # This is mostly so we can force MySQL's charset app.config["SQLALCHEMY_DATABASE_URI"] = str(url) # Register database db.init_app(app) # Register Flask-Migrate migrations.init_app(app, db) # Alembic sqlite support is lacking so we should just create_all anyway if url.drivername.startswith("sqlite"): # Enable foreign keys for SQLite. This must be before the # db.create_all call because tests use the in-memory SQLite # database (each connection, including db creation, is a new db). # https://docs.sqlalchemy.org/en/13/dialects/sqlite.html#foreign-key-support from sqlalchemy.engine import Engine from sqlalchemy import event @event.listens_for(Engine, "connect") def set_sqlite_pragma(dbapi_connection, connection_record): cursor = dbapi_connection.cursor() cursor.execute("PRAGMA foreign_keys=ON") cursor.close() db.create_all() stamp_latest_revision() else: # This creates tables instead of db.create_all() # Allows migrations to happen properly upgrade() from CTFd.models import ma ma.init_app(app) app.db = db app.VERSION = __version__ app.CHANNEL = __channel__ from CTFd.cache import cache cache.init_app(app) app.cache = cache reverse_proxy = app.config.get("REVERSE_PROXY") if reverse_proxy: if type(reverse_proxy) is str and "," in reverse_proxy: proxyfix_args = [int(i) for i in reverse_proxy.split(",")] app.wsgi_app = ProxyFix(app.wsgi_app, *proxyfix_args) else: app.wsgi_app = ProxyFix( app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_port=1, x_prefix=1 ) version = utils.get_config("ctf_version") # Upgrading from an older version of CTFd if version and (StrictVersion(version) < StrictVersion(__version__)): if confirm_upgrade(): run_upgrade() else: exit() if not version: utils.set_config("ctf_version", __version__) if not utils.get_config("ctf_theme"): utils.set_config("ctf_theme", "core") update_check(force=True) init_request_processors(app) init_template_filters(app) init_template_globals(app) # Importing here allows tests to use sensible names (e.g. api instead of api_bp) from CTFd.views import views from CTFd.teams import teams from CTFd.users import users from CTFd.challenges import challenges from CTFd.scoreboard import scoreboard from CTFd.auth import auth from CTFd.admin import admin from CTFd.api import api from CTFd.events import events from CTFd.errors import page_not_found, forbidden, general_error, gateway_error app.register_blueprint(views) app.register_blueprint(teams) app.register_blueprint(users) app.register_blueprint(challenges) app.register_blueprint(scoreboard) app.register_blueprint(auth) app.register_blueprint(api) app.register_blueprint(events) app.register_blueprint(admin) app.register_error_handler(404, page_not_found) app.register_error_handler(403, forbidden) app.register_error_handler(500, general_error) app.register_error_handler(502, gateway_error) init_logs(app) init_events(app) init_plugins(app) return app
return callback app = Flask(__name__) if os.environ.get('ENABLE_CORS', config.ENABLE_CORS): cors = CORS(app, resources={ r"*": { "origins": os.environ.get('CORS_ORIGINS', config.CORS_ORIGINS) } }) app.wsgi_app = WSGIRawBody(ProxyFix(app.wsgi_app)) app.debug = config.DEBUG app.secret_key = config.FLASK_SESSION_SECRET_KEY app.jinja_env.filters['status_class'] = status_class app.jinja_env.filters['friendly_time'] = friendly_time app.jinja_env.filters['friendly_size'] = friendly_size app.jinja_env.filters['to_qs'] = to_qs app.jinja_env.filters['approximate_time'] = approximate_time app.jinja_env.filters['exact_time'] = exact_time app.jinja_env.filters['short_date'] = short_date from .views import views from .api import api
def create_app(config=None, session=None, testing=False, app_name="Airflow"): global app, appbuilder app = Flask(__name__) if conf.getboolean('webserver', 'ENABLE_PROXY_FIX'): app.wsgi_app = ProxyFix(app.wsgi_app, num_proxies=conf.get("webserver", "PROXY_FIX_NUM_PROXIES", fallback=None), x_for=conf.getint("webserver", "PROXY_FIX_X_FOR", fallback=1), x_proto=conf.getint("webserver", "PROXY_FIX_X_PROTO", fallback=1), x_host=conf.getint("webserver", "PROXY_FIX_X_HOST", fallback=1), x_port=conf.getint("webserver", "PROXY_FIX_X_PORT", fallback=1), x_prefix=conf.getint("webserver", "PROXY_FIX_X_PREFIX", fallback=1)) app.secret_key = conf.get('webserver', 'SECRET_KEY') session_lifetime_days = conf.getint('webserver', 'SESSION_LIFETIME_DAYS', fallback=30) app.config['PERMANENT_SESSION_LIFETIME'] = timedelta( days=session_lifetime_days) app.config.from_pyfile(settings.WEBSERVER_CONFIG, silent=True) app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False app.config['APP_NAME'] = app_name app.config['TESTING'] = testing app.config['SESSION_COOKIE_HTTPONLY'] = True app.config['SESSION_COOKIE_SECURE'] = conf.getboolean( 'webserver', 'COOKIE_SECURE') app.config['SESSION_COOKIE_SAMESITE'] = conf.get('webserver', 'COOKIE_SAMESITE') if config: app.config.from_mapping(config) csrf.init_app(app) db = SQLA(app) from airflow import api api.load_auth() api.API_AUTH.api_auth.init_app(app) # flake8: noqa: F841 cache = Cache(app=app, config={ 'CACHE_TYPE': 'filesystem', 'CACHE_DIR': '/tmp' }) from airflow.www_rbac.blueprints import routes app.register_blueprint(routes) configure_logging() configure_manifest_files(app) with app.app_context(): from airflow.www_rbac.security import AirflowSecurityManager security_manager_class = app.config.get('SECURITY_MANAGER_CLASS') or \ AirflowSecurityManager if not issubclass(security_manager_class, AirflowSecurityManager): raise Exception( """Your CUSTOM_SECURITY_MANAGER must now extend AirflowSecurityManager, not FAB's security manager.""") appbuilder = AppBuilder(app, db.session if not session else session, security_manager_class=security_manager_class, base_template='airflow/master.html', update_perms=conf.getboolean( 'webserver', 'UPDATE_FAB_PERMS')) def init_views(appbuilder): from airflow.www_rbac import views # Remove the session from scoped_session registry to avoid # reusing a session with a disconnected connection appbuilder.session.remove() appbuilder.add_view_no_menu(views.Airflow()) appbuilder.add_view_no_menu(views.DagModelView()) appbuilder.add_view(views.DagRunModelView, "DAG Runs", category="Browse", category_icon="fa-globe") appbuilder.add_view(views.JobModelView, "Jobs", category="Browse") appbuilder.add_view(views.LogModelView, "Logs", category="Browse") appbuilder.add_view(views.SlaMissModelView, "SLA Misses", category="Browse") appbuilder.add_view(views.TaskInstanceModelView, "Task Instances", category="Browse") appbuilder.add_view(views.TaskExecutionModelView, "Task Executions", category="Browse") appbuilder.add_view(views.EventModelView, "Events", category="Browse") appbuilder.add_view(views.ConfigurationView, "Configurations", category="Admin", category_icon="fa-user") appbuilder.add_view(views.ConnectionModelView, "Connections", category="Admin") appbuilder.add_view(views.PoolModelView, "Pools", category="Admin") appbuilder.add_view(views.VariableModelView, "Variables", category="Admin") appbuilder.add_view(views.XComModelView, "XComs", category="Admin") if "dev" in version.version: airflow_doc_site = "https://airflow.readthedocs.io/en/latest" else: airflow_doc_site = 'https://airflow.apache.org/docs/{}'.format( version.version) appbuilder.add_link("Documentation", href=airflow_doc_site, category="Docs", category_icon="fa-cube") appbuilder.add_link("GitHub", href='https://github.com/apache/airflow', category="Docs") appbuilder.add_view(views.VersionView, 'Version', category='About', category_icon='fa-th') def integrate_plugins(): """Integrate plugins to the context""" from airflow.plugins_manager import ( flask_appbuilder_views, flask_appbuilder_menu_links) for v in flask_appbuilder_views: log.debug("Adding view %s", v["name"]) appbuilder.add_view(v["view"], v["name"], category=v["category"]) for ml in sorted(flask_appbuilder_menu_links, key=lambda x: x["name"]): log.debug("Adding menu link %s", ml["name"]) appbuilder.add_link(ml["name"], href=ml["href"], category=ml["category"], category_icon=ml["category_icon"]) integrate_plugins() # Garbage collect old permissions/views after they have been modified. # Otherwise, when the name of a view or menu is changed, the framework # will add the new Views and Menus names to the backend, but will not # delete the old ones. def init_plugin_blueprints(app): from airflow.plugins_manager import flask_blueprints for bp in flask_blueprints: log.debug("Adding blueprint %s:%s", bp["name"], bp["blueprint"].import_name) app.register_blueprint(bp["blueprint"]) init_views(appbuilder) init_plugin_blueprints(app) if conf.getboolean('webserver', 'UPDATE_FAB_PERMS'): security_manager = appbuilder.sm security_manager.sync_roles() from airflow.www_rbac.api.experimental import endpoints as e # required for testing purposes otherwise the module retains # a link to the default_auth if app.config['TESTING']: if six.PY2: reload(e) # noqa else: import importlib importlib.reload(e) app.register_blueprint(e.api_experimental, url_prefix='/api/experimental') server_timezone = conf.get('core', 'default_timezone') if server_timezone == "system": server_timezone = pendulum.local_timezone().name elif server_timezone == "utc": server_timezone = "UTC" default_ui_timezone = conf.get('webserver', 'default_ui_timezone') if default_ui_timezone == "system": default_ui_timezone = pendulum.local_timezone().name elif default_ui_timezone == "utc": default_ui_timezone = "UTC" if not default_ui_timezone: default_ui_timezone = server_timezone @app.context_processor def jinja_globals(): # pylint: disable=unused-variable globals = { 'server_timezone': server_timezone, 'default_ui_timezone': default_ui_timezone, 'hostname': socket.getfqdn() if conf.getboolean( 'webserver', 'EXPOSE_HOSTNAME', fallback=True) else 'redact', 'navbar_color': conf.get('webserver', 'NAVBAR_COLOR'), 'log_fetch_delay_sec': conf.getint('webserver', 'log_fetch_delay_sec', fallback=2), 'log_auto_tailing_offset': conf.getint('webserver', 'log_auto_tailing_offset', fallback=30), 'log_animation_speed': conf.getint('webserver', 'log_animation_speed', fallback=1000) } if 'analytics_tool' in conf.getsection('webserver'): globals.update({ 'analytics_tool': conf.get('webserver', 'ANALYTICS_TOOL'), 'analytics_id': conf.get('webserver', 'ANALYTICS_ID') }) return globals @app.teardown_appcontext def shutdown_session(exception=None): settings.Session.remove() @app.before_request def before_request(): _force_log_out_after = conf.getint('webserver', 'FORCE_LOG_OUT_AFTER', fallback=0) if _force_log_out_after > 0: flask.session.permanent = True app.permanent_session_lifetime = datetime.timedelta( minutes=_force_log_out_after) flask.session.modified = True flask.g.user = flask_login.current_user @app.after_request def apply_caching(response): _x_frame_enabled = conf.getboolean('webserver', 'X_FRAME_ENABLED', fallback=True) if not _x_frame_enabled: response.headers["X-Frame-Options"] = "DENY" return response @app.before_request def make_session_permanent(): flask_session.permanent = True return app, appbuilder
if not tags: tags = ["default"] operation_id = inflection.underscore(operation.operation_id) return '{}.{}_controller.{}'.format("api", tags[0], operation_id) def send_static(): return flask.send_file("static{}".format(flask.request.path)) app = connexion.FlaskApp(__name__, specification_dir='../schema') app.app.json_encoder = encoder.JSONEncoder app.app.wsgi_app = ProxyFix(app.app.wsgi_app, x_proto=1) api_cors_config = { "origins": ["http://localhost:3000"], "methods": ["OPTIONS", "GET", "POST"], "allow_headers": ["Authorization", "Content-Type"] } CORS(app.app, supports_credentials=True, resources={r"/*": api_cors_config}) app.app.secret_key = 'super secret key' # Add explicit rules for each file in the static directory for f in [f for f in glob.glob("static/**/*.*", recursive=True)]: f = f[6:] app.app.add_url_rule(f, f, send_static)
from sqlalchemy import * from sqlalchemy.pool import QueuePool import threading import requests import random import redis import gevent from redis import BlockingConnectionPool from werkzeug.middleware.proxy_fix import ProxyFix _version = "2.35.59" app = Flask(__name__, template_folder='./templates', static_folder='./static') app.wsgi_app = ProxyFix(app.wsgi_app, num_proxies=3) app.url_map.strict_slashes = False app.config["SITE_NAME"] = environ.get("SITE_NAME", "ruqqus").lstrip().rstrip() app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False app.config['DATABASE_URL'] = environ.get("DATABASE_CONNECTION_POOL_URL", environ.get("DATABASE_URL")) app.config['SQLALCHEMY_READ_URIS'] = [ environ.get("DATABASE_CONNECTION_READ_01_URL"), environ.get("DATABASE_CONNECTION_READ_02_URL"), environ.get("DATABASE_CONNECTION_READ_03_URL") ] app.config['SECRET_KEY'] = environ.get('MASTER_KEY')
def create_app(config=None, session=None, testing=False, app_name="Airflow"): global app, appbuilder app = Flask(__name__) if conf.getboolean('webserver', 'ENABLE_PROXY_FIX'): app.wsgi_app = ProxyFix(app.wsgi_app, num_proxies=None, x_for=1, x_proto=1, x_host=1, x_port=1, x_prefix=1) app.secret_key = conf.get('webserver', 'SECRET_KEY') app.config.from_pyfile(settings.WEBSERVER_CONFIG, silent=True) app.config['APP_NAME'] = app_name app.config['TESTING'] = testing app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False app.config['SESSION_COOKIE_HTTPONLY'] = True app.config['SESSION_COOKIE_SECURE'] = conf.getboolean( 'webserver', 'COOKIE_SECURE') app.config['SESSION_COOKIE_SAMESITE'] = conf.get('webserver', 'COOKIE_SAMESITE') if config: app.config.from_mapping(config) # Configure the JSON encoder used by `|tojson` filter from Flask app.json_encoder = AirflowJsonEncoder csrf.init_app(app) db = SQLA(app) from airflow import api api.load_auth() api.API_AUTH.api_auth.init_app(app) Cache(app=app, config={'CACHE_TYPE': 'filesystem', 'CACHE_DIR': '/tmp'}) from airflow.www.blueprints import routes app.register_blueprint(routes) configure_logging() configure_manifest_files(app) with app.app_context(): from airflow.www.security import AirflowSecurityManager security_manager_class = app.config.get('SECURITY_MANAGER_CLASS') or \ AirflowSecurityManager if not issubclass(security_manager_class, AirflowSecurityManager): raise Exception( """Your CUSTOM_SECURITY_MANAGER must now extend AirflowSecurityManager, not FAB's security manager.""") appbuilder = AppBuilder(app, db.session if not session else session, security_manager_class=security_manager_class, base_template='appbuilder/baselayout.html', update_perms=conf.getboolean( 'webserver', 'UPDATE_FAB_PERMS')) def init_views(appbuilder): from airflow.www import views # Remove the session from scoped_session registry to avoid # reusing a session with a disconnected connection appbuilder.session.remove() appbuilder.add_view_no_menu(views.Airflow()) appbuilder.add_view_no_menu(views.DagModelView()) appbuilder.add_view_no_menu(views.ConfigurationView()) appbuilder.add_view_no_menu(views.VersionView()) appbuilder.add_view(views.DagRunModelView, "DAG Runs", category="Browse", category_icon="fa-globe") appbuilder.add_view(views.JobModelView, "Jobs", category="Browse") appbuilder.add_view(views.LogModelView, "Logs", category="Browse") appbuilder.add_view(views.SlaMissModelView, "SLA Misses", category="Browse") appbuilder.add_view(views.TaskInstanceModelView, "Task Instances", category="Browse") appbuilder.add_link("Configurations", href='/configuration', category="Admin", category_icon="fa-user") appbuilder.add_view(views.ConnectionModelView, "Connections", category="Admin") appbuilder.add_view(views.PoolModelView, "Pools", category="Admin") appbuilder.add_view(views.VariableModelView, "Variables", category="Admin") appbuilder.add_view(views.XComModelView, "XComs", category="Admin") appbuilder.add_link("Documentation", href='https://airflow.apache.org/', category="Docs", category_icon="fa-cube") appbuilder.add_link("GitHub", href='https://github.com/apache/airflow', category="Docs") appbuilder.add_link('Version', href='/version', category='About', category_icon='fa-th') def integrate_plugins(): """Integrate plugins to the context""" from airflow.plugins_manager import ( flask_appbuilder_views, flask_appbuilder_menu_links) for v in flask_appbuilder_views: log.debug("Adding view %s", v["name"]) appbuilder.add_view(v["view"], v["name"], category=v["category"]) for ml in sorted(flask_appbuilder_menu_links, key=lambda x: x["name"]): log.debug("Adding menu link %s", ml["name"]) appbuilder.add_link(ml["name"], href=ml["href"], category=ml["category"], category_icon=ml["category_icon"]) integrate_plugins() # Garbage collect old permissions/views after they have been modified. # Otherwise, when the name of a view or menu is changed, the framework # will add the new Views and Menus names to the backend, but will not # delete the old ones. def init_plugin_blueprints(app): from airflow.plugins_manager import flask_blueprints for bp in flask_blueprints: log.debug("Adding blueprint %s:%s", bp["name"], bp["blueprint"].import_name) app.register_blueprint(bp["blueprint"]) init_views(appbuilder) init_plugin_blueprints(app) if conf.getboolean('webserver', 'UPDATE_FAB_PERMS'): security_manager = appbuilder.sm security_manager.sync_roles() from airflow.www.api.experimental import endpoints as e # required for testing purposes otherwise the module retains # a link to the default_auth if app.config['TESTING']: import importlib importlib.reload(e) app.register_blueprint(e.api_experimental, url_prefix='/api/experimental') @app.context_processor def jinja_globals(): # pylint: disable=unused-variable globals = { 'hostname': socket.getfqdn(), 'navbar_color': conf.get('webserver', 'NAVBAR_COLOR'), } if 'analytics_tool' in conf.getsection('webserver'): globals.update({ 'analytics_tool': conf.get('webserver', 'ANALYTICS_TOOL'), 'analytics_id': conf.get('webserver', 'ANALYTICS_ID') }) return globals @app.teardown_appcontext def shutdown_session(exception=None): # pylint: disable=unused-variable settings.Session.remove() return app, appbuilder
def add_werkzeug_proxy_fix(app: Flask): from werkzeug.middleware.proxy_fix import ProxyFix app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1) app.logger.info("Add ProxyFix to serve swagger.json over https.")
def create_app(config=None): from . import models, routes, services from .assets import assets app = Flask(__name__) # Read log level from environment variable log_level_name = os.environ.get('PDNS_ADMIN_LOG_LEVEL', 'WARNING') log_level = logging.getLevelName(log_level_name.upper()) # Setting logger logging.basicConfig( level=log_level, format= "[%(asctime)s] [%(filename)s:%(lineno)d] %(levelname)s - %(message)s") # If we use Docker + Gunicorn, adjust the # log handler if "GUNICORN_LOGLEVEL" in os.environ: gunicorn_logger = logging.getLogger("gunicorn.error") app.logger.handlers = gunicorn_logger.handlers app.logger.setLevel(gunicorn_logger.level) # Proxy app.wsgi_app = ProxyFix(app.wsgi_app) # CSRF protection csrf = SeaSurf(app) csrf.exempt(routes.index.dyndns_checkip) csrf.exempt(routes.index.dyndns_update) csrf.exempt(routes.index.saml_authorized) csrf.exempt(routes.api.api_login_create_zone) csrf.exempt(routes.api.api_login_delete_zone) csrf.exempt(routes.api.api_generate_apikey) csrf.exempt(routes.api.api_delete_apikey) csrf.exempt(routes.api.api_update_apikey) csrf.exempt(routes.api.api_zone_subpath_forward) csrf.exempt(routes.api.api_zone_forward) csrf.exempt(routes.api.api_create_zone) csrf.exempt(routes.api.api_create_account) csrf.exempt(routes.api.api_delete_account) csrf.exempt(routes.api.api_update_account) csrf.exempt(routes.api.api_create_user) csrf.exempt(routes.api.api_delete_user) csrf.exempt(routes.api.api_update_user) csrf.exempt(routes.api.api_list_account_users) csrf.exempt(routes.api.api_add_account_user) csrf.exempt(routes.api.api_remove_account_user) # Load config from env variables if using docker if os.path.exists(os.path.join(app.root_path, 'docker_config.py')): app.config.from_object('powerdnsadmin.docker_config') else: # Load default configuration app.config.from_object('powerdnsadmin.default_config') # Load config file from FLASK_CONF env variable if 'FLASK_CONF' in os.environ: app.config.from_envvar('FLASK_CONF') # Load app sepecified configuration if config is not None: if isinstance(config, dict): app.config.update(config) elif config.endswith('.py'): app.config.from_pyfile(config) # HSTS if app.config.get('HSTS_ENABLED'): from flask_sslify import SSLify _sslify = SSLify(app) # lgtm [py/unused-local-variable] # Load Flask-Session if app.config.get('FILESYSTEM_SESSIONS_ENABLED'): app.config['SESSION_TYPE'] = 'filesystem' sess = Session() sess.init_app(app) # SMTP app.mail = Mail(app) # Load app's components assets.init_app(app) models.init_app(app) routes.init_app(app) services.init_app(app) # Register filters app.jinja_env.filters['display_record_name'] = utils.display_record_name app.jinja_env.filters['display_master_name'] = utils.display_master_name app.jinja_env.filters['display_second_to_time'] = utils.display_time app.jinja_env.filters[ 'email_to_gravatar_url'] = utils.email_to_gravatar_url app.jinja_env.filters[ 'display_setting_state'] = utils.display_setting_state app.jinja_env.filters['pretty_domain_name'] = utils.pretty_domain_name # Register context proccessors from .models.setting import Setting @app.context_processor def inject_sitename(): setting = Setting().get('site_name') return dict(SITE_NAME=setting) @app.context_processor def inject_setting(): setting = Setting() return dict(SETTING=setting) @app.context_processor def inject_mode(): setting = app.config.get('OFFLINE_MODE', False) return dict(OFFLINE_MODE=setting) return app
import os from flask import Flask from flask_sqlalchemy import SQLAlchemy from werkzeug.middleware.proxy_fix import ProxyFix # Application app = Flask(__name__) # Database app.config["SQLALCHEMY_DATABASE_URI"] = "mysql://{}:{}@{}/{}".format( os.environ["MYSQL_USERNAME"], os.environ["MYSQL_PASSWORD"], os.environ["MYSQL_HOST"], os.environ["MYSQL_DATABASE"]) app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False db = SQLAlchemy(app) # ProxyFix app.wsgi_app = ProxyFix( app.wsgi_app, x_proto=1) # http://stackoverflow.com/a/23504684/5156190 @app.route("/") def hello(): rows = db.session.execute("SELECT 'hello, world'") return rows.first()[0]
def reg_middlewares(app): app.wsgi_app = ProxyFix(app.wsgi_app) return None
def create_app() -> Flask: app = Flask(__name__) # SimpleLogin is deployed behind NGINX app.wsgi_app = ProxyFix(app.wsgi_app, num_proxies=1) limiter.init_app(app) app.url_map.strict_slashes = False app.config["SQLALCHEMY_DATABASE_URI"] = DB_URI app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False # enable to print all queries generated by sqlalchemy # app.config["SQLALCHEMY_ECHO"] = True app.secret_key = FLASK_SECRET app.config["TEMPLATES_AUTO_RELOAD"] = True # to avoid conflict with other cookie app.config["SESSION_COOKIE_NAME"] = SESSION_COOKIE_NAME if URL.startswith("https"): app.config["SESSION_COOKIE_SECURE"] = True app.config["SESSION_COOKIE_SAMESITE"] = "Lax" setup_error_page(app) init_extensions(app) register_blueprints(app) set_index_page(app) jinja2_filter(app) setup_favicon_route(app) setup_openid_metadata(app) init_admin(app) setup_paddle_callback(app) setup_do_not_track(app) if FLASK_PROFILER_PATH: LOG.d("Enable flask-profiler") app.config["flask_profiler"] = { "enabled": True, "storage": {"engine": "sqlite", "FILE": FLASK_PROFILER_PATH}, "basicAuth": { "enabled": True, "username": "******", "password": FLASK_PROFILER_PASSWORD, }, "ignore": ["^/static/.*", "/git", "/exception"], } flask_profiler.init_app(app) # enable CORS on /api endpoints cors = CORS(app, resources={r"/api/*": {"origins": "*"}}) # set session to permanent so user stays signed in after quitting the browser # the cookie is valid for 7 days @app.before_request def make_session_permanent(): session.permanent = True app.permanent_session_lifetime = timedelta(days=7) return app
def create_app(config="CTFd.config.Config"): app = CTFdFlask(__name__) with app.app_context(): app.config.from_object(config) loaders = [] # We provide a `DictLoader` which may be used to override templates app.overridden_templates = {} loaders.append(jinja2.DictLoader(app.overridden_templates)) # A `ThemeLoader` with no `theme_name` will load from the current theme loaders.append(ThemeLoader()) # If `THEME_FALLBACK` is set and true, we add another loader which will # load from the `DEFAULT_THEME` - this mirrors the order implemented by # `config.ctf_theme_candidates()` if bool(app.config.get("THEME_FALLBACK")): loaders.append(ThemeLoader(theme_name=DEFAULT_THEME)) # All themes including admin can be accessed by prefixing their name prefix_loader_dict = {ADMIN_THEME: ThemeLoader(theme_name=ADMIN_THEME)} for theme_name in CTFd.utils.config.get_themes(): prefix_loader_dict[theme_name] = ThemeLoader(theme_name=theme_name) loaders.append(jinja2.PrefixLoader(prefix_loader_dict)) # Plugin templates are also accessed via prefix but we just point a # normal `FileSystemLoader` at the plugin tree rather than validating # each plugin here (that happens later in `init_plugins()`). We # deliberately don't add this to `prefix_loader_dict` defined above # because to do so would break template loading from a theme called # `prefix` (even though that'd be weird). plugin_loader = jinja2.FileSystemLoader(searchpath=os.path.join( app.root_path, "plugins"), followlinks=True) loaders.append(jinja2.PrefixLoader({"plugins": plugin_loader})) # Use a choice loader to find the first match from our list of loaders app.jinja_loader = jinja2.ChoiceLoader(loaders) from CTFd.models import ( # noqa: F401 db, Teams, Solves, Challenges, Fails, Flags, Tags, Files, Tracking, ) url = create_database() # This allows any changes to the SQLALCHEMY_DATABASE_URI to get pushed back in # This is mostly so we can force MySQL's charset app.config["SQLALCHEMY_DATABASE_URI"] = str(url) # Register database db.init_app(app) # Register Flask-Migrate migrations.init_app(app, db) # Alembic sqlite support is lacking so we should just create_all anyway if url.drivername.startswith("sqlite"): # Enable foreign keys for SQLite. This must be before the # db.create_all call because tests use the in-memory SQLite # database (each connection, including db creation, is a new db). # https://docs.sqlalchemy.org/en/13/dialects/sqlite.html#foreign-key-support from sqlalchemy.engine import Engine from sqlalchemy import event @event.listens_for(Engine, "connect") def set_sqlite_pragma(dbapi_connection, connection_record): cursor = dbapi_connection.cursor() cursor.execute("PRAGMA foreign_keys=ON") cursor.close() db.create_all() stamp_latest_revision() else: # This creates tables instead of db.create_all() # Allows migrations to happen properly upgrade() from CTFd.models import ma ma.init_app(app) app.db = db app.VERSION = __version__ app.CHANNEL = __channel__ from CTFd.cache import cache cache.init_app(app) app.cache = cache reverse_proxy = app.config.get("REVERSE_PROXY") if reverse_proxy: if type(reverse_proxy) is str and "," in reverse_proxy: proxyfix_args = [int(i) for i in reverse_proxy.split(",")] app.wsgi_app = ProxyFix(app.wsgi_app, *proxyfix_args) else: app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_port=1, x_prefix=1) version = utils.get_config("ctf_version") # Upgrading from an older version of CTFd if version and (StrictVersion(version) < StrictVersion(__version__)): if confirm_upgrade(): run_upgrade() else: exit() if not version: utils.set_config("ctf_version", __version__) if not utils.get_config("ctf_theme"): utils.set_config("ctf_theme", DEFAULT_THEME) update_check(force=True) init_request_processors(app) init_template_filters(app) init_template_globals(app) # Importing here allows tests to use sensible names (e.g. api instead of api_bp) from CTFd.views import views from CTFd.teams import teams from CTFd.users import users from CTFd.challenges import challenges from CTFd.scoreboard import scoreboard from CTFd.auth import auth from CTFd.admin import admin from CTFd.api import api from CTFd.events import events from CTFd.errors import render_error app.register_blueprint(views) app.register_blueprint(teams) app.register_blueprint(users) app.register_blueprint(challenges) app.register_blueprint(scoreboard) app.register_blueprint(auth) app.register_blueprint(api) app.register_blueprint(events) app.register_blueprint(admin) for code in {403, 404, 500, 502}: app.register_error_handler(code, render_error) init_logs(app) init_events(app) init_plugins(app) return app
def __flask_setup(): global app, cache app = Flask(__name__, static_folder=None) app.wsgi_app = ProxyFix(app.wsgi_app) cache_config = { 'CACHE_TYPE': 'filesystem', 'CACHE_THRESHOLD': 10000, 'CACHE_DEFAULT_TIMEOUT': 86400, 'CACHE_DIR': os.path.join(tempfile.gettempdir(), 'i-p') } cache = Cache(with_jinja2_ext=False, config=cache_config) cache.init_app(app) @app.route('/i-p-s') def index(): return 'HELLO' @app.route('/i-p/<code>') @app.route('/i-p/<code>/<size>') def serve(code, size=None): cache_key = code if size is not None: try: width, height = [int(x) for x in size.split('x')] assert 20 <= width <= 1000 assert 20 <= height <= 1000 cache_key = '{}/{}/{}'.format(cache_key, width, height) except BaseException: abort(406) rv = cache.get(cache_key) try: url = base64.b64decode(code).decode('utf-8') except BaseException: abort(404) return if rv is None: try: resp = requests.get(url) except BaseException: abort(404) return if resp.status_code != 200: abort(404) return rv = resp.content if size: im_io = BytesIO() im = Image.open(BytesIO(rv)) im.thumbnail((width, height)) im.save(im_io, im.format, quality=96) im_io.seek(0) rv = im_io.read() cache.set(cache_key, rv) response = make_response(rv) response.set_etag(code) mime_type = magic.from_buffer(rv, mime=True) response.headers.set('Content-Type', mime_type) response.headers.add('Last-Modified', 'Fri, 10 Jan 2020 00:00:10 GMT') response.headers.add('Expires', 'Fri, 10 Jan 2030 00:00:10 GMT') return response
# init os.environ from file if not initialized if os.getenv('DB_HOST') is None: import common.setenv import json import awsgi from flask import Flask from flask_cors import (CORS) from werkzeug.middleware.proxy_fix import (ProxyFix) from api.api_main import api_main from api.api_admin import api_admin # init flask app app = Flask(__name__) CORS(app, resources={r'/*': {'origins': '*'}}) ProxyFix(app.wsgi_app, 1) app.register_blueprint(api_main) app.register_blueprint(api_admin) def lambda_handler(evt, ctx): """AWS Lambda entrypoint""" try: return awsgi.response(app, evt, ctx) except Exception as err: print(f'{err}') return { 'statusCode': 500, 'body': json.dumps({
# remove trailing slash to avoid infinite redirect on the index # see https://github.com/searx/searx/issues/2729 self.script_name = self.script_name[:-1] self.scheme = base_url.scheme self.server = base_url.netloc def __call__(self, environ, start_response): script_name = self.script_name or environ.get('HTTP_X_SCRIPT_NAME', '') if script_name: environ['SCRIPT_NAME'] = script_name path_info = environ['PATH_INFO'] if path_info.startswith(script_name): environ['PATH_INFO'] = path_info[len(script_name):] scheme = self.scheme or environ.get('HTTP_X_SCHEME', '') if scheme: environ['wsgi.url_scheme'] = scheme server = self.server or environ.get('HTTP_X_FORWARDED_HOST', '') if server: environ['HTTP_HOST'] = server return self.app(environ, start_response) application = app # patch app to handle non root url-s behind proxy & wsgi app.wsgi_app = ReverseProxyPathFix(ProxyFix(application.wsgi_app)) if __name__ == "__main__": run()
def create_app(configuration=None, instance_path="/etc/ihatemoney", instance_relative_config=True): app = Flask( __name__, instance_path=instance_path, instance_relative_config=instance_relative_config, ) # If a configuration object is passed, use it. Otherwise try to find one. load_configuration(app, configuration) app.wsgi_app = PrefixedWSGI(app) # Get client's real IP # Note(0livd): When running in a non-proxy setup, is vulnerable to requests # with a forged X-FORWARDED-FOR header app.wsgi_app = ProxyFix(app.wsgi_app) validate_configuration(app) app.register_blueprint(web_interface) app.register_blueprint(apiv1) app.register_error_handler(404, page_not_found) # Configure the a, root="main"pplication setup_database(app) # Setup Currency Cache CurrencyConverter() mail = Mail() mail.init_app(app) app.mail = mail # Jinja filters app.jinja_env.globals["static_include"] = static_include app.jinja_env.globals["locale_from_iso"] = locale_from_iso app.jinja_env.filters["minimal_round"] = minimal_round # Translations and time zone (used to display dates). The timezone is # taken from the BABEL_DEFAULT_TIMEZONE settings, and falls back to # the local timezone of the server OS by using LOCALTZ. babel = Babel(app, default_timezone=str(LOCALTZ)) # Undocumented currencyformat filter from flask_babel is forwarding to Babel format_currency # We overwrite it to remove the currency sign ¤ when there is no currency @contextfilter def currency(context, number, currency=None, *args, **kwargs): if currency is None: currency = context.get("g").project.default_currency """ Same as flask_babel.Babel.currencyformat, but without the "no currency ¤" sign when there is no currency. """ return format_currency( number, currency if currency != CurrencyConverter.no_currency else "", *args, **kwargs).strip() app.jinja_env.filters["currency"] = currency @babel.localeselector def get_locale(): # get the lang from the session if defined, fallback on the browser "accept # languages" header. lang = session.get( "lang", request.accept_languages.best_match( app.config["SUPPORTED_LANGUAGES"]), ) setattr(g, "lang", lang) return lang return app
from mongoengine import connect from werkzeug.middleware.proxy_fix import ProxyFix from flask_jwt_extended import JWTManager from config import get_config from controller.user_controller import ns as ns_user from controller.session_controller import ns as ns_session from controller.devis_controller import ns as ns_devis app = Flask(__name__) CORS(app, origins=["https://devis.uni-roulotte.fr"], supports_credentials=True, allow_headers=["Access-Control-Allow-Credentials", "Content-Type"]) app.config.from_object(get_config()) app.wsgi_app = ProxyFix(app.wsgi_app) app.url_map.strict_slashes = False app.config['JWT_TOKEN_LOCATION'] = ['cookies'] app.config['JWT_COOKIE_SECURE'] = False app.config['JWT_COOKIE_CSRF_PROTECT'] = False jwt = JWTManager(app) api = Api(app, version='3.0', title='Simulateur de devis') api.add_namespace(ns_user, path='/api/user') api.add_namespace(ns_session, path='/api/session') api.add_namespace(ns_devis, path='/api/devis') if __name__ == "__main__":
def init(app, db, config, base_prefix='/auth', root_uri='/', providers=['google', 'facebook', 'github'], smtp=None, fix_ssl=True): """ Initalize framework Args: app: Flask app db: pyaltt2.db.Database object config: configuration dict base_prefix: base prefix for auth urls root_uri: default next uri providers: oauth2 providers list smtp: pyaltt2.mail.SMTP object, required if email confirmations are used fix_ssl: force SSL everywhere (True by default) """ if not app.config.get('SECRET_KEY'): app.config['SECRET_KEY'] = gen_random_str() _d.x_prefix, _d.dot_prefix = _format_prefix(base_prefix) _d.db = db.clone(rq_func=rq) _d.kv = KVStorage(db=db, table_name='webauth_kv') _d.root_uri = root_uri _d.smtp = smtp if fix_ssl: from werkzeug.middleware.proxy_fix import ProxyFix app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1) def init_db(): from sqlalchemy import (MetaData, Table, Column, BigInteger, VARCHAR, JSON, CHAR, DateTime, ForeignKey, Index, Boolean, Numeric) meta = MetaData() user = Table( 'webauth_user', meta, Column('id', BigInteger(), primary_key=True, autoincrement=True), Column('email', VARCHAR(255), nullable=True, unique=True), Column('password', CHAR(64), nullable=True), Column('api_key', CHAR(32), nullable=True, unique=True), Index('webauth_user_api_key', 'api_key'), Column('d_created', DateTime(timezone=True), nullable=False), Column('d_active', DateTime(timezone=True), nullable=True), Column('confirmed', Boolean, nullable=False, server_default='0'), Column('otp', Numeric(1, 0), nullable=False, server_default='0'), Column('otp_secret', CHAR(16), nullable=True)) user_auth = Table( f'webauth_user_auth', meta, Column('id', BigInteger(), primary_key=True, autoincrement=True), Column('user_id', BigInteger(), ForeignKey('webauth_user.id', ondelete='CASCADE'), nullable=False), Index('webauth_user_auth_user_id', 'user_id'), Column('provider', VARCHAR(15), nullable=False), Column('sub', VARCHAR(255), nullable=False), Column('name', VARCHAR(255), nullable=True), Index('webauth_user_auth_sub_provider', 'sub', 'provider', unique=True)) user_log = Table( f'webauth_user_log', meta, Column('id', BigInteger(), primary_key=True, autoincrement=True), Column('user_id', BigInteger(), nullable=False), Index('webauth_user_log_user_id', 'user_id'), Column('d', DateTime(timezone=True), nullable=False), Column('event', VARCHAR(1024), nullable=False), Column('ip', VARCHAR(45), nullable=False)) meta.create_all(db.connect()) def handle_authorize(remote, token, user_info): if user_info: try: provider = remote if isinstance(remote, str) else remote.name user_id = _handle_user_auth(user_info, provider=provider) touch(user_id) session[f'{_d.x_prefix}user_id'] = user_id session[f'{_d.x_prefix}user_picture'] = user_info.picture session[f'{_d.x_prefix}user_name'] = _get_oauth_user_name( user_info, provider) session[f'{_d.x_prefix}user_confirmed'] = True _call_handler('account.login', user_id=user_id) _log_user_event(f'account.login:{provider}') return redirect(_next_uri()) except ResourceAlreadyExists: response = _call_handler('exception.provider_exists') return response if response else Response( 'oauth provider is already ' + 'registered for another account', status=409) except AccessDenied: response = _call_handler('exception.registration_denied') return response if response else Response( 'account registration is disabled', status=403) # session.permanent = True else: response = _call_handler('exception.provider_failed') return response if response else Response('forbidden', status=403) def google_login(): redirect_uri = url_for(f'{_d.dot_prefix}google.auth', _external=True) return oauth.google.authorize_redirect(redirect_uri) def google_auth(): token = oauth.google.authorize_access_token() user_info = oauth.google.parse_id_token(token) return handle_authorize('google', token, user_info) for k in config: app.config[k.upper().replace('-', '_')] = config_value(config=config, config_path=k) oauth = OAuth(app) app.add_url_rule(f'{base_prefix}/logout', f'{_d.dot_prefix}.logout', logout, methods=['GET']) app.add_url_rule(f'{base_prefix}/confirm/<key>', f'{_d.dot_prefix}confirm', handle_confirm, methods=['GET']) for p in providers: if p == 'google': oauth.register( 'google', server_metadata_url= 'https://accounts.google.com/.well-known/openid-configuration', client_kwargs={'scope': 'openid profile'}, ) app.add_url_rule(f'{base_prefix}/google/login', f'{_d.dot_prefix}google.login', google_login, methods=['GET']) app.add_url_rule(f'{base_prefix}/google/auth', f'{_d.dot_prefix}google.auth', google_auth, methods=['GET']) else: blueprint = loginpass.create_flask_blueprint( _provider_mod[p], oauth, handle_authorize) app.register_blueprint(blueprint, url_prefix=f'{base_prefix}/{p}') init_db() return