2015-11-24 09:40:14 +00:00
|
|
|
import os
|
2015-12-10 16:26:53 +00:00
|
|
|
import re
|
2016-01-29 14:41:07 +00:00
|
|
|
import ast
|
2015-11-25 15:29:12 +00:00
|
|
|
|
2016-01-21 12:28:05 +00:00
|
|
|
import dateutil
|
2016-01-13 16:27:54 +00:00
|
|
|
from flask import Flask, session, Markup, escape, render_template
|
2015-11-24 09:40:14 +00:00
|
|
|
from flask._compat import string_types
|
2015-11-25 15:29:12 +00:00
|
|
|
from flask.ext.sqlalchemy import SQLAlchemy
|
2015-11-27 16:25:56 +00:00
|
|
|
from flask_login import LoginManager
|
|
|
|
|
from flask_wtf import CsrfProtect
|
2015-11-30 11:21:51 +00:00
|
|
|
from werkzeug.exceptions import abort
|
2016-01-15 15:15:35 +00:00
|
|
|
from app.notify_client.api_client import NotificationsAdminAPIClient
|
2016-01-20 17:32:55 +00:00
|
|
|
from app.notify_client.api_key_api_client import ApiKeyApiClient
|
2016-01-19 22:47:42 +00:00
|
|
|
from app.notify_client.user_api_client import UserApiClient
|
2016-01-29 10:27:23 +00:00
|
|
|
from app.notify_client.job_api_client import JobApiClient
|
2016-01-29 14:41:07 +00:00
|
|
|
from app.notify_client.status_api_client import StatusApiClient
|
2015-11-30 12:38:02 +00:00
|
|
|
from app.its_dangerous_session import ItsdangerousSessionInterface
|
2015-11-30 14:32:58 +00:00
|
|
|
import app.proxy_fix
|
2015-11-25 15:29:12 +00:00
|
|
|
from config import configs
|
2016-01-07 15:39:36 +00:00
|
|
|
from utils import logging
|
2015-11-30 14:32:58 +00:00
|
|
|
|
2015-11-27 16:25:56 +00:00
|
|
|
login_manager = LoginManager()
|
|
|
|
|
csrf = CsrfProtect()
|
2015-11-20 16:22:44 +00:00
|
|
|
|
2016-01-15 15:15:35 +00:00
|
|
|
notifications_api_client = NotificationsAdminAPIClient()
|
2016-01-19 22:47:42 +00:00
|
|
|
user_api_client = UserApiClient()
|
2016-01-20 17:32:55 +00:00
|
|
|
api_key_api_client = ApiKeyApiClient()
|
2016-01-29 10:27:23 +00:00
|
|
|
job_api_client = JobApiClient()
|
2016-01-29 14:41:07 +00:00
|
|
|
status_api_client = StatusApiClient()
|
2016-01-15 15:15:35 +00:00
|
|
|
|
2015-11-20 16:22:44 +00:00
|
|
|
|
2016-01-11 09:59:31 +00:00
|
|
|
def create_app(config_name, config_overrides=None):
|
2015-11-20 16:22:44 +00:00
|
|
|
application = Flask(__name__)
|
|
|
|
|
|
2016-01-07 16:24:10 +00:00
|
|
|
application.config['NOTIFY_ADMIN_ENVIRONMENT'] = config_name
|
2015-11-24 09:40:14 +00:00
|
|
|
application.config.from_object(configs[config_name])
|
2016-01-11 09:59:31 +00:00
|
|
|
init_app(application, config_overrides)
|
2016-01-07 15:39:36 +00:00
|
|
|
logging.init_app(application)
|
2016-01-19 15:44:12 +00:00
|
|
|
init_csrf(application)
|
2015-11-30 11:21:51 +00:00
|
|
|
|
2016-01-15 15:15:35 +00:00
|
|
|
notifications_api_client.init_app(application)
|
2016-01-19 22:47:42 +00:00
|
|
|
user_api_client.init_app(application)
|
2016-01-20 17:32:55 +00:00
|
|
|
api_key_api_client.init_app(application)
|
2016-01-29 10:27:23 +00:00
|
|
|
job_api_client.init_app(application)
|
2016-01-29 14:41:07 +00:00
|
|
|
status_api_client.init_app(application)
|
2016-01-15 15:15:35 +00:00
|
|
|
|
2015-11-27 16:25:56 +00:00
|
|
|
login_manager.init_app(application)
|
2016-01-06 17:17:02 +00:00
|
|
|
login_manager.login_view = 'main.sign_in'
|
2015-11-24 09:40:14 +00:00
|
|
|
|
2015-11-20 16:33:11 +00:00
|
|
|
from app.main import main as main_blueprint
|
2015-11-20 16:22:44 +00:00
|
|
|
application.register_blueprint(main_blueprint)
|
|
|
|
|
|
2016-01-11 14:54:23 +00:00
|
|
|
from .status import status as status_blueprint
|
|
|
|
|
application.register_blueprint(status_blueprint)
|
|
|
|
|
|
2015-11-30 14:32:58 +00:00
|
|
|
proxy_fix.init_app(application)
|
|
|
|
|
|
2015-11-30 12:38:02 +00:00
|
|
|
application.session_interface = ItsdangerousSessionInterface()
|
2015-11-30 14:32:58 +00:00
|
|
|
|
2015-12-10 16:26:53 +00:00
|
|
|
application.add_template_filter(placeholders)
|
2015-12-11 12:02:21 +00:00
|
|
|
application.add_template_filter(replace_placeholders)
|
2016-01-13 16:27:54 +00:00
|
|
|
application.add_template_filter(nl2br)
|
2016-01-21 12:28:05 +00:00
|
|
|
application.add_template_filter(format_datetime)
|
2015-12-10 16:26:53 +00:00
|
|
|
|
2016-01-07 13:58:38 +00:00
|
|
|
application.after_request(useful_headers_after_request)
|
2016-01-07 15:48:29 +00:00
|
|
|
register_errorhandlers(application)
|
2016-01-07 13:58:38 +00:00
|
|
|
|
2015-11-20 16:22:44 +00:00
|
|
|
return application
|
2015-11-24 09:40:14 +00:00
|
|
|
|
|
|
|
|
|
2015-11-30 11:21:51 +00:00
|
|
|
def init_csrf(application):
|
|
|
|
|
csrf.init_app(application)
|
|
|
|
|
|
|
|
|
|
@csrf.error_handler
|
|
|
|
|
def csrf_handler(reason):
|
|
|
|
|
if 'user_id' not in session:
|
|
|
|
|
application.logger.info(
|
|
|
|
|
u'csrf.session_expired: Redirecting user to log in page'
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
return application.login_manager.unauthorized()
|
|
|
|
|
|
|
|
|
|
application.logger.info(
|
|
|
|
|
u'csrf.invalid_token: Aborting request, user_id: {user_id}',
|
|
|
|
|
extra={'user_id': session['user_id']})
|
|
|
|
|
|
|
|
|
|
abort(400, reason)
|
|
|
|
|
|
|
|
|
|
|
2016-01-11 09:59:31 +00:00
|
|
|
def init_app(app, config_overrides):
|
2015-11-24 09:40:14 +00:00
|
|
|
|
2016-01-11 09:59:31 +00:00
|
|
|
if config_overrides:
|
2016-01-11 09:32:49 +00:00
|
|
|
for key in app.config.keys():
|
2016-01-11 09:59:31 +00:00
|
|
|
if key in config_overrides:
|
|
|
|
|
app.config[key] = config_overrides[key]
|
2016-01-11 09:32:49 +00:00
|
|
|
|
2016-01-19 15:01:45 +00:00
|
|
|
for key, value in app.config.items():
|
|
|
|
|
if key in os.environ:
|
|
|
|
|
app.config[key] = convert_to_boolean(os.environ[key])
|
|
|
|
|
|
Use a Node-based tools for handling assets
…or how to move a bunch of things from a bunch of different places into
`app/static`.
There are three main reasons not to use Flask Assets:
- It had some strange behaviour like only
- It was based on Ruby SASS, which is slower to get new features than libsass,
and meant depending on Ruby, and having the SASS Gem globally installed—so
you’re already out of being a ‘pure’ Python app
- Martyn and I have experience of doing it this way on Marketplace, and we’ve
ironed out the initial rough patches
The specific technologies this introduces, all of which are Node-based:
- Gulp – like a Makefile written in Javascript
- NPM – package management, used for managing Gulp and its related dependencies
- Bower – also package management, and the only way I can think to have
GOV.UK template as a proper dependency
…speaking of which, GOV.UK template is now a dependency. This means it can’t be
modified at all (eg to add a global `#content` wrapper), so every page now
inherits from a template that has this wrapper. But it also means that we have a
clean upgrade path when the template is modified.
Everything else (toolkit, elements) I’ve kept as submodules but moved them to a
more logical place (`app/assets` not `app/assets/stylesheets`, because they
contain more than just SASS/CSS).
2015-12-15 08:20:25 +00:00
|
|
|
@app.context_processor
|
|
|
|
|
def inject_global_template_variables():
|
2016-02-01 14:46:12 +00:00
|
|
|
return {
|
|
|
|
|
'asset_path': '/static/',
|
|
|
|
|
'header_colour': app.config['HEADER_COLOUR']
|
|
|
|
|
}
|
Use a Node-based tools for handling assets
…or how to move a bunch of things from a bunch of different places into
`app/static`.
There are three main reasons not to use Flask Assets:
- It had some strange behaviour like only
- It was based on Ruby SASS, which is slower to get new features than libsass,
and meant depending on Ruby, and having the SASS Gem globally installed—so
you’re already out of being a ‘pure’ Python app
- Martyn and I have experience of doing it this way on Marketplace, and we’ve
ironed out the initial rough patches
The specific technologies this introduces, all of which are Node-based:
- Gulp – like a Makefile written in Javascript
- NPM – package management, used for managing Gulp and its related dependencies
- Bower – also package management, and the only way I can think to have
GOV.UK template as a proper dependency
…speaking of which, GOV.UK template is now a dependency. This means it can’t be
modified at all (eg to add a global `#content` wrapper), so every page now
inherits from a template that has this wrapper. But it also means that we have a
clean upgrade path when the template is modified.
Everything else (toolkit, elements) I’ve kept as submodules but moved them to a
more logical place (`app/assets` not `app/assets/stylesheets`, because they
contain more than just SASS/CSS).
2015-12-15 08:20:25 +00:00
|
|
|
|
2015-11-25 15:29:12 +00:00
|
|
|
|
2015-11-24 09:40:14 +00:00
|
|
|
def convert_to_boolean(value):
|
|
|
|
|
if isinstance(value, string_types):
|
|
|
|
|
if value.lower() in ['t', 'true', 'on', 'yes', '1']:
|
|
|
|
|
return True
|
|
|
|
|
elif value.lower() in ['f', 'false', 'off', 'no', '0']:
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
return value
|
2015-12-10 16:26:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def placeholders(value):
|
|
|
|
|
if not value:
|
|
|
|
|
return value
|
|
|
|
|
return Markup(re.sub(
|
|
|
|
|
r"\(\(([^\)]+)\)\)", # anything that looks like ((registration number))
|
|
|
|
|
lambda match: "<span class='placeholder'>{}</span>".format(match.group(1)),
|
|
|
|
|
value
|
|
|
|
|
))
|
2015-12-11 12:02:21 +00:00
|
|
|
|
|
|
|
|
|
2016-01-13 16:27:54 +00:00
|
|
|
def nl2br(value):
|
|
|
|
|
_paragraph_re = re.compile(r'(?:\r\n|\r|\n){2,}')
|
|
|
|
|
|
|
|
|
|
result = u'\n\n'.join(u'<p>%s</p>' % p.replace('\n', Markup('<br>\n'))
|
|
|
|
|
for p in _paragraph_re.split(escape(value)))
|
|
|
|
|
return Markup(result)
|
|
|
|
|
|
|
|
|
|
|
2015-12-11 12:02:21 +00:00
|
|
|
def replace_placeholders(template, values):
|
|
|
|
|
if not template:
|
|
|
|
|
return template
|
|
|
|
|
return Markup(re.sub(
|
|
|
|
|
r"\(\(([^\)]+)\)\)", # anything that looks like ((registration number))
|
|
|
|
|
lambda match: values.get(match.group(1), ''),
|
|
|
|
|
template
|
|
|
|
|
))
|
2016-01-07 13:58:38 +00:00
|
|
|
|
|
|
|
|
|
2016-01-21 12:28:05 +00:00
|
|
|
def format_datetime(date):
|
|
|
|
|
date = dateutil.parser.parse(date)
|
|
|
|
|
native = date.replace(tzinfo=None)
|
|
|
|
|
return native.strftime('%A %d %B %Y at %H:%M')
|
|
|
|
|
|
|
|
|
|
|
2016-01-07 13:58:38 +00:00
|
|
|
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
|
|
|
|
|
def useful_headers_after_request(response):
|
|
|
|
|
response.headers.add('X-Frame-Options', 'deny')
|
|
|
|
|
response.headers.add('X-Content-Type-Options', 'nosniff')
|
|
|
|
|
response.headers.add('X-XSS-Protection', '1; mode=block')
|
2016-01-12 11:08:10 +00:00
|
|
|
response.headers.add('Content-Security-Policy',
|
2016-01-13 10:37:34 +00:00
|
|
|
"default-src 'self' 'unsafe-inline'; font-src 'self' data:;") # noqa
|
2016-01-07 13:58:38 +00:00
|
|
|
return response
|
2016-01-07 15:48:29 +00:00
|
|
|
|
2016-01-07 15:55:55 +00:00
|
|
|
|
|
|
|
|
def register_errorhandlers(application):
|
2016-01-07 15:48:29 +00:00
|
|
|
def render_error(error):
|
|
|
|
|
# If a HTTPException, pull the `code` attribute; default to 500
|
|
|
|
|
error_code = getattr(error, 'code', 500)
|
|
|
|
|
return render_template("error/{0}.html".format(error_code)), error_code
|
|
|
|
|
for errcode in [401, 404, 500]:
|
2016-01-07 15:55:55 +00:00
|
|
|
application.errorhandler(errcode)(render_error)
|
2016-01-29 14:41:07 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_app_version():
|
|
|
|
|
_version_re = re.compile(r'__version__\s+=\s+(.*)')
|
|
|
|
|
version = 'n/a'
|
|
|
|
|
dir_path = os.path.dirname(os.path.abspath(__file__))
|
|
|
|
|
with open(os.path.join(dir_path, 'version.py'), 'rb') as f:
|
|
|
|
|
version = str(ast.literal_eval(_version_re.search(
|
|
|
|
|
f.read().decode('utf-8')).group(1)))
|
|
|
|
|
return version
|