app/asset_fingerprinter.py

import hashlib


class AssetFingerprinter(object):
    """
    Get a unique hash for an asset file, so that it doesn't stay cached
    when it changes

    Usage:

        in the application
        template_data.asset_fingerprinter = AssetFingerprinter()

        where template data is how you pass variables to every template.

        in template.html:
        {{ asset_fingerprinter.get_url('stylesheets/application.css') }}

    * 'app/static' is assumed to be the root for all asset files
    """

    def __init__(self, asset_root="/static/", filesystem_path="app/static/"):
        self._cache = {}
        self._asset_root = asset_root
        self._filesystem_path = filesystem_path

    def get_url(self, asset_path, with_querystring_hash=True):
        if not with_querystring_hash:
            return self._asset_root + asset_path
        if asset_path not in self._cache:
            self._cache[asset_path] = (
                self._asset_root
                + asset_path
                + "?"
                + self.get_asset_fingerprint(self._filesystem_path + asset_path)
            )
        return self._cache[asset_path]

    def get_asset_fingerprint(self, asset_file_path):
        return hashlib.md5(  # nosec B324 - hash value is not verified, so md5 is fine
            self.get_asset_file_contents(asset_file_path)
        ).hexdigest()

    def get_asset_file_contents(self, asset_file_path):
        with open(asset_file_path, "rb") as asset_file:
            contents = asset_file.read()
        return contents


asset_fingerprinter = AssetFingerprinter()
Enforce order and style of imports Done using isort[1], with the following command: ``` isort -rc ./app ./tests ``` Adds linting to the `run_tests.sh` script to stop badly-sorted imports getting re-introduced. Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because I think it gives the cleanest diffs, eg: ``` from third_party import ( lib1, lib2, lib3, lib4, ) ``` 1. https://pypi.python.org/pypi/isort 2018-02-20 11:22:17 +00:00			`import hashlib`
Make URLs for assets cache-proof https://www.pivotaltracker.com/story/show/113448149 This commit adds a query string to assets URLs which is generated from a hash of the file contents. When asset files are changed they will now be served from a different URL, which means they wont be loaded from browser cache. This is similar to how GOV.UK template adds its version number as a querystring parameter for its assets. This is mostly copied from Digital Marketplace utils: https://github.com/alphagov/digitalmarketplace-utils/pull/102 They have it in a shared codebase, we only have one frontend app so don’t need to do that. Usage in a template: ``` jinja {{ asset_fingerprinter.get_url('stylesheets/application.css') }} ``` Output: ``` static/stylesheets/application.css?418e6f4a6cdf1142e45c072ed3e1c90a ``` 2016-02-10 15:47:00 +00:00

			`class AssetFingerprinter(object):`
			`"""`
notify-api-412 use black to enforce python coding style 2023-08-25 09:12:23 -07:00			`Get a unique hash for an asset file, so that it doesn't stay cached`
			`when it changes`
Make URLs for assets cache-proof https://www.pivotaltracker.com/story/show/113448149 This commit adds a query string to assets URLs which is generated from a hash of the file contents. When asset files are changed they will now be served from a different URL, which means they wont be loaded from browser cache. This is similar to how GOV.UK template adds its version number as a querystring parameter for its assets. This is mostly copied from Digital Marketplace utils: https://github.com/alphagov/digitalmarketplace-utils/pull/102 They have it in a shared codebase, we only have one frontend app so don’t need to do that. Usage in a template: ``` jinja {{ asset_fingerprinter.get_url('stylesheets/application.css') }} ``` Output: ``` static/stylesheets/application.css?418e6f4a6cdf1142e45c072ed3e1c90a ``` 2016-02-10 15:47:00 +00:00
notify-api-412 use black to enforce python coding style 2023-08-25 09:12:23 -07:00			`Usage:`
Make URLs for assets cache-proof https://www.pivotaltracker.com/story/show/113448149 This commit adds a query string to assets URLs which is generated from a hash of the file contents. When asset files are changed they will now be served from a different URL, which means they wont be loaded from browser cache. This is similar to how GOV.UK template adds its version number as a querystring parameter for its assets. This is mostly copied from Digital Marketplace utils: https://github.com/alphagov/digitalmarketplace-utils/pull/102 They have it in a shared codebase, we only have one frontend app so don’t need to do that. Usage in a template: ``` jinja {{ asset_fingerprinter.get_url('stylesheets/application.css') }} ``` Output: ``` static/stylesheets/application.css?418e6f4a6cdf1142e45c072ed3e1c90a ``` 2016-02-10 15:47:00 +00:00
notify-api-412 use black to enforce python coding style 2023-08-25 09:12:23 -07:00			`in the application`
			`template_data.asset_fingerprinter = AssetFingerprinter()`
Make URLs for assets cache-proof https://www.pivotaltracker.com/story/show/113448149 This commit adds a query string to assets URLs which is generated from a hash of the file contents. When asset files are changed they will now be served from a different URL, which means they wont be loaded from browser cache. This is similar to how GOV.UK template adds its version number as a querystring parameter for its assets. This is mostly copied from Digital Marketplace utils: https://github.com/alphagov/digitalmarketplace-utils/pull/102 They have it in a shared codebase, we only have one frontend app so don’t need to do that. Usage in a template: ``` jinja {{ asset_fingerprinter.get_url('stylesheets/application.css') }} ``` Output: ``` static/stylesheets/application.css?418e6f4a6cdf1142e45c072ed3e1c90a ``` 2016-02-10 15:47:00 +00:00
notify-api-412 use black to enforce python coding style 2023-08-25 09:12:23 -07:00			`where template data is how you pass variables to every template.`
Make URLs for assets cache-proof https://www.pivotaltracker.com/story/show/113448149 This commit adds a query string to assets URLs which is generated from a hash of the file contents. When asset files are changed they will now be served from a different URL, which means they wont be loaded from browser cache. This is similar to how GOV.UK template adds its version number as a querystring parameter for its assets. This is mostly copied from Digital Marketplace utils: https://github.com/alphagov/digitalmarketplace-utils/pull/102 They have it in a shared codebase, we only have one frontend app so don’t need to do that. Usage in a template: ``` jinja {{ asset_fingerprinter.get_url('stylesheets/application.css') }} ``` Output: ``` static/stylesheets/application.css?418e6f4a6cdf1142e45c072ed3e1c90a ``` 2016-02-10 15:47:00 +00:00
notify-api-412 use black to enforce python coding style 2023-08-25 09:12:23 -07:00			`in template.html:`
			`{{ asset_fingerprinter.get_url('stylesheets/application.css') }}`
Make URLs for assets cache-proof https://www.pivotaltracker.com/story/show/113448149 This commit adds a query string to assets URLs which is generated from a hash of the file contents. When asset files are changed they will now be served from a different URL, which means they wont be loaded from browser cache. This is similar to how GOV.UK template adds its version number as a querystring parameter for its assets. This is mostly copied from Digital Marketplace utils: https://github.com/alphagov/digitalmarketplace-utils/pull/102 They have it in a shared codebase, we only have one frontend app so don’t need to do that. Usage in a template: ``` jinja {{ asset_fingerprinter.get_url('stylesheets/application.css') }} ``` Output: ``` static/stylesheets/application.css?418e6f4a6cdf1142e45c072ed3e1c90a ``` 2016-02-10 15:47:00 +00:00
notify-api-412 use black to enforce python coding style 2023-08-25 09:12:23 -07:00			`* 'app/static' is assumed to be the root for all asset files`
Make URLs for assets cache-proof https://www.pivotaltracker.com/story/show/113448149 This commit adds a query string to assets URLs which is generated from a hash of the file contents. When asset files are changed they will now be served from a different URL, which means they wont be loaded from browser cache. This is similar to how GOV.UK template adds its version number as a querystring parameter for its assets. This is mostly copied from Digital Marketplace utils: https://github.com/alphagov/digitalmarketplace-utils/pull/102 They have it in a shared codebase, we only have one frontend app so don’t need to do that. Usage in a template: ``` jinja {{ asset_fingerprinter.get_url('stylesheets/application.css') }} ``` Output: ``` static/stylesheets/application.css?418e6f4a6cdf1142e45c072ed3e1c90a ``` 2016-02-10 15:47:00 +00:00			`"""`

notify-api-412 use black to enforce python coding style 2023-08-25 09:12:23 -07:00			`def __init__(self, asset_root="/static/", filesystem_path="app/static/"):`
Make URLs for assets cache-proof https://www.pivotaltracker.com/story/show/113448149 This commit adds a query string to assets URLs which is generated from a hash of the file contents. When asset files are changed they will now be served from a different URL, which means they wont be loaded from browser cache. This is similar to how GOV.UK template adds its version number as a querystring parameter for its assets. This is mostly copied from Digital Marketplace utils: https://github.com/alphagov/digitalmarketplace-utils/pull/102 They have it in a shared codebase, we only have one frontend app so don’t need to do that. Usage in a template: ``` jinja {{ asset_fingerprinter.get_url('stylesheets/application.css') }} ``` Output: ``` static/stylesheets/application.css?418e6f4a6cdf1142e45c072ed3e1c90a ``` 2016-02-10 15:47:00 +00:00			`self._cache = {}`
			`self._asset_root = asset_root`
			`self._filesystem_path = filesystem_path`

Tell browsers to preload fonts When looking at Google’s PageSpeed Insights tool as part of the compression work I noticed a suggestion that we preload our font files. The tool suggests this should save about 300ms on first page load time. *** Our font files are referenced from our CSS. This means that the browser has to download and parse the CSS before it knows where to find the font files. This means the requests happen in sequence. We can make the requests happen in parallel by using a `<link>` tag with `rel=preload`. This tells the browser to start downloading the fonts before it’s even started downloading the CSS (the CSS will be the next thing to start downloading, since it’s the next `<link>` element in the head of the HTML). Downloading fonts before things like images is important because once the font is downloaded it causes the layout to repaint, and shift everything around. So the page doesn’t feel stable until after the fonts have loaded. Google call this [cumulative layout shift](https://web.dev/cls/) which is a score for how much the page moves around. A lower score means a better experience (and, less importantly for us, means the page might rank higher in search results) We’re only preloading the WOFF2 fonts because only modern browsers support preload, and these browsers also all support WOFF2. We set an empty `crossorigin` attribute (which means anonymous-mode) because the preload request needs to match the origin’s CORS mode. See https://developer.mozilla.org/en-US/docs/Web/HTML/Preloading_content#CORS-enabled_fetches for more details. We set `as=font` because this helps the browser use the correct content security policy, and prioritise which requests to make first. 2020-12-29 13:38:27 +00:00			`def get_url(self, asset_path, with_querystring_hash=True):`
			`if not with_querystring_hash:`
			`return self._asset_root + asset_path`
Make URLs for assets cache-proof https://www.pivotaltracker.com/story/show/113448149 This commit adds a query string to assets URLs which is generated from a hash of the file contents. When asset files are changed they will now be served from a different URL, which means they wont be loaded from browser cache. This is similar to how GOV.UK template adds its version number as a querystring parameter for its assets. This is mostly copied from Digital Marketplace utils: https://github.com/alphagov/digitalmarketplace-utils/pull/102 They have it in a shared codebase, we only have one frontend app so don’t need to do that. Usage in a template: ``` jinja {{ asset_fingerprinter.get_url('stylesheets/application.css') }} ``` Output: ``` static/stylesheets/application.css?418e6f4a6cdf1142e45c072ed3e1c90a ``` 2016-02-10 15:47:00 +00:00			`if asset_path not in self._cache:`
			`self._cache[asset_path] = (`
notify-api-412 use black to enforce python coding style 2023-08-25 09:12:23 -07:00			`self._asset_root`
			`+ asset_path`
			`+ "?"`
			`+ self.get_asset_fingerprint(self._filesystem_path + asset_path)`
Make URLs for assets cache-proof https://www.pivotaltracker.com/story/show/113448149 This commit adds a query string to assets URLs which is generated from a hash of the file contents. When asset files are changed they will now be served from a different URL, which means they wont be loaded from browser cache. This is similar to how GOV.UK template adds its version number as a querystring parameter for its assets. This is mostly copied from Digital Marketplace utils: https://github.com/alphagov/digitalmarketplace-utils/pull/102 They have it in a shared codebase, we only have one frontend app so don’t need to do that. Usage in a template: ``` jinja {{ asset_fingerprinter.get_url('stylesheets/application.css') }} ``` Output: ``` static/stylesheets/application.css?418e6f4a6cdf1142e45c072ed3e1c90a ``` 2016-02-10 15:47:00 +00:00			`)`
			`return self._cache[asset_path]`

			`def get_asset_fingerprint(self, asset_file_path):`
Fix static-scan findings 2022-08-26 16:04:30 +00:00			`return hashlib.md5( # nosec B324 - hash value is not verified, so md5 is fine`
Use asset fingerprinter to serve images This means we can cache them forever, and only invalidate the cache when the image changes. 2018-11-29 14:28:29 +00:00			`self.get_asset_file_contents(asset_file_path)`
Make URLs for assets cache-proof https://www.pivotaltracker.com/story/show/113448149 This commit adds a query string to assets URLs which is generated from a hash of the file contents. When asset files are changed they will now be served from a different URL, which means they wont be loaded from browser cache. This is similar to how GOV.UK template adds its version number as a querystring parameter for its assets. This is mostly copied from Digital Marketplace utils: https://github.com/alphagov/digitalmarketplace-utils/pull/102 They have it in a shared codebase, we only have one frontend app so don’t need to do that. Usage in a template: ``` jinja {{ asset_fingerprinter.get_url('stylesheets/application.css') }} ``` Output: ``` static/stylesheets/application.css?418e6f4a6cdf1142e45c072ed3e1c90a ``` 2016-02-10 15:47:00 +00:00			`).hexdigest()`

			`def get_asset_file_contents(self, asset_file_path):`
notify-api-412 use black to enforce python coding style 2023-08-25 09:12:23 -07:00			`with open(asset_file_path, "rb") as asset_file:`
Make URLs for assets cache-proof https://www.pivotaltracker.com/story/show/113448149 This commit adds a query string to assets URLs which is generated from a hash of the file contents. When asset files are changed they will now be served from a different URL, which means they wont be loaded from browser cache. This is similar to how GOV.UK template adds its version number as a querystring parameter for its assets. This is mostly copied from Digital Marketplace utils: https://github.com/alphagov/digitalmarketplace-utils/pull/102 They have it in a shared codebase, we only have one frontend app so don’t need to do that. Usage in a template: ``` jinja {{ asset_fingerprinter.get_url('stylesheets/application.css') }} ``` Output: ``` static/stylesheets/application.css?418e6f4a6cdf1142e45c072ed3e1c90a ``` 2016-02-10 15:47:00 +00:00			`contents = asset_file.read()`
			`return contents`
Initialise clients outside the app This avoids the annoying problem where you can’t import a client unless the app has already been initialised. 2018-10-26 15:39:32 +01:00

			`asset_fingerprinter = AssetFingerprinter()`