subscribers.py
236 lines
| 9.4 KiB
| text/x-python
|
PythonLexer
r0 | # -*- coding: utf-8 -*- | |||
r112 | # Copyright 2010 - 2017 RhodeCode GmbH and the AppEnlight project authors | |||
r0 | # | |||
r112 | # Licensed under the Apache License, Version 2.0 (the "License"); | |||
# you may not use this file except in compliance with the License. | ||||
# You may obtain a copy of the License at | ||||
r0 | # | |||
r112 | # http://www.apache.org/licenses/LICENSE-2.0 | |||
r0 | # | |||
r112 | # Unless required by applicable law or agreed to in writing, software | |||
# distributed under the License is distributed on an "AS IS" BASIS, | ||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
# See the License for the specific language governing permissions and | ||||
# limitations under the License. | ||||
r0 | ||||
import hashlib | ||||
import os | ||||
from pyramid.i18n import TranslationStringFactory | ||||
from pyramid import threadlocal | ||||
r153 | _ = TranslationStringFactory("pyramid") | |||
r0 | ||||
from appenlight import security | ||||
from appenlight.lib import helpers, generate_random_string | ||||
from appenlight.models.services.config import ConfigService | ||||
def gen_urls(request): | ||||
urls = { | ||||
r153 | "baseUrl": request.route_url("/"), | |||
"applicationsNoId": request.route_url("applications_no_id"), | ||||
"applications": request.route_url( | ||||
"applications", resource_id="REPLACE_ID" | ||||
).replace("REPLACE_ID", ":resourceId"), | ||||
"applicationsProperty": request.route_url( | ||||
"applications_property", key="REPLACE_KEY", resource_id="REPLACE_ID" | ||||
) | ||||
.replace("REPLACE_ID", ":resourceId") | ||||
.replace("REPLACE_KEY", ":key"), | ||||
"configsNoId": request.route_url("admin_configs"), | ||||
"configs": request.route_url( | ||||
"admin_config", key="REPLACE_KEY", section="REPLACE_SECTION" | ||||
) | ||||
.replace("REPLACE_SECTION", ":section") | ||||
.replace("REPLACE_KEY", ":key"), | ||||
"docs": "http://getappenlight.com/page/api/main.html", | ||||
"eventsNoId": request.route_url("events_no_id"), | ||||
"events": request.route_url("events", event_id="REPLACE_ID").replace( | ||||
"REPLACE_ID", ":eventId" | ||||
), | ||||
"eventsProperty": request.route_url( | ||||
"events_property", key="REPLACE_KEY", event_id="REPLACE_ID" | ||||
) | ||||
.replace("REPLACE_ID", ":eventId") | ||||
.replace("REPLACE_KEY", ":key"), | ||||
"groupsNoId": request.route_url("groups_no_id"), | ||||
"groups": request.route_url("groups", group_id="REPLACE_ID").replace( | ||||
"REPLACE_ID", ":groupId" | ||||
), | ||||
"groupsProperty": request.route_url( | ||||
"groups_property", key="REPLACE_KEY", group_id="REPLACE_ID" | ||||
) | ||||
.replace("REPLACE_ID", ":groupId") | ||||
.replace("REPLACE_KEY", ":key"), | ||||
"logsNoId": request.route_url("logs_no_id"), | ||||
"integrationAction": request.route_url( | ||||
"integrations_id", | ||||
action="REPLACE_ACT", | ||||
resource_id="REPLACE_RID", | ||||
integration="REPLACE_IID", | ||||
) | ||||
.replace("REPLACE_RID", ":resourceId") | ||||
.replace("REPLACE_ACT", ":action") | ||||
.replace("REPLACE_IID", ":integration"), | ||||
"usersNoId": request.route_url("users_no_id"), | ||||
"users": request.route_url("users", user_id="REPLACE_ID").replace( | ||||
"REPLACE_ID", ":userId" | ||||
), | ||||
"usersProperty": request.route_url( | ||||
"users_property", key="REPLACE_KEY", user_id="REPLACE_ID" | ||||
) | ||||
.replace("REPLACE_ID", ":userId") | ||||
.replace("REPLACE_KEY", ":key"), | ||||
"userSelf": request.route_url("users_self"), | ||||
"userSelfProperty": request.route_url( | ||||
"users_self_property", key="REPLACE_KEY" | ||||
).replace("REPLACE_KEY", ":key"), | ||||
"reports": request.route_url("reports"), | ||||
"reportGroup": request.route_url( | ||||
"report_groups", group_id="REPLACE_RID" | ||||
).replace("REPLACE_RID", ":groupId"), | ||||
"reportGroupProperty": request.route_url( | ||||
"report_groups_property", key="REPLACE_KEY", group_id="REPLACE_GID" | ||||
) | ||||
.replace("REPLACE_KEY", ":key") | ||||
.replace("REPLACE_GID", ":groupId"), | ||||
"pluginConfigsNoId": request.route_url( | ||||
"plugin_configs", plugin_name="REPLACE_TYPE" | ||||
).replace("REPLACE_TYPE", ":plugin_name"), | ||||
"pluginConfigs": request.route_url( | ||||
"plugin_config", id="REPLACE_ID", plugin_name="REPLACE_TYPE" | ||||
) | ||||
.replace("REPLACE_ID", ":id") | ||||
.replace("REPLACE_TYPE", ":plugin_name"), | ||||
"resourceProperty": request.route_url( | ||||
"resources_property", key="REPLACE_KEY", resource_id="REPLACE_ID" | ||||
) | ||||
.replace("REPLACE_ID", ":resourceId") | ||||
.replace("REPLACE_KEY", ":key"), | ||||
"slowReports": request.route_url("slow_reports"), | ||||
"sectionView": request.route_url( | ||||
"section_view", section="REPLACE_S", view="REPLACE_V" | ||||
) | ||||
.replace("REPLACE_S", ":section") | ||||
.replace("REPLACE_V", ":view"), | ||||
"otherRoutes": { | ||||
"register": request.route_url("register"), | ||||
"lostPassword": request.route_url("lost_password"), | ||||
"lostPasswordGenerate": request.route_url("lost_password_generate"), | ||||
"signOut": request.route_url("ziggurat.routes.sign_out"), | ||||
r0 | }, | |||
r153 | "social_auth": { | |||
"google": request.route_url("social_auth", provider="google"), | ||||
"twitter": request.route_url("social_auth", provider="twitter"), | ||||
"bitbucket": request.route_url("social_auth", provider="bitbucket"), | ||||
"github": request.route_url("social_auth", provider="github"), | ||||
r0 | }, | |||
r91 | "plugins": {}, | |||
r153 | "adminAction": request.route_url("admin", action="REPLACE_ACT").replace( | |||
"REPLACE_ACT", ":action" | ||||
), | ||||
r0 | } | |||
return urls | ||||
r153 | ||||
r0 | def new_request(event): | |||
environ = event.request.environ | ||||
r153 | event.request.response.headers["X-Frame-Options"] = "SAMEORIGIN" | |||
event.request.response.headers["X-XSS-Protection"] = "1; mode=block" | ||||
r0 | # can this be enabled on non https deployments? | |||
# event.request.response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubdomains;' | ||||
# do not send XSRF token with /api calls | ||||
r153 | if not event.request.path.startswith("/api"): | |||
if environ["wsgi.url_scheme"] == "https": | ||||
r0 | event.request.response.set_cookie( | |||
r153 | "XSRF-TOKEN", event.request.session.get_csrf_token(), secure=True | |||
) | ||||
r0 | else: | |||
event.request.response.set_cookie( | ||||
r153 | "XSRF-TOKEN", event.request.session.get_csrf_token() | |||
) | ||||
r0 | if event.request.user: | |||
r153 | event.request.response.headers["x-appenlight-uid"] = ( | |||
"%s" % event.request.user.id | ||||
) | ||||
r0 | ||||
def add_renderer_globals(event): | ||||
request = event.get("request") or threadlocal.get_current_request() | ||||
renderer_globals = event | ||||
renderer_globals["h"] = helpers | ||||
renderer_globals["js_hash"] = request.registry.js_hash | ||||
renderer_globals["css_hash"] = request.registry.css_hash | ||||
r153 | renderer_globals["_"] = _ | |||
renderer_globals["security"] = security | ||||
renderer_globals["flash_msgs"] = [] | ||||
renderer_globals["appenlight_plugins"] = [] | ||||
r0 | ||||
r153 | if "jinja" in event["renderer_info"].type: | |||
renderer_globals["url_list"] = gen_urls(request) | ||||
r0 | # add footer html and some other global vars to renderer | |||
for module, config in request.registry.appenlight_plugins.items(): | ||||
r153 | if config["url_gen"]: | |||
urls = config["url_gen"](request) | ||||
renderer_globals["url_list"]["plugins"][module] = urls | ||||
renderer_globals["appenlight_plugins"].append( | ||||
{ | ||||
"name": module, | ||||
"config": { | ||||
"javascript": config["javascript"], | ||||
"header_html": config["header_html"], | ||||
}, | ||||
} | ||||
) | ||||
r0 | ||||
footer_config = ConfigService.by_key_and_section( | ||||
r153 | "template_footer_html", "global", default_value="" | |||
) | ||||
r0 | ||||
r153 | renderer_globals["template_footer_html"] = footer_config.value | |||
r0 | try: | |||
r153 | renderer_globals["root_administrator"] = request.has_permission( | |||
"root_administration", security.RootFactory(request) | ||||
) | ||||
r0 | except AttributeError: | |||
r153 | renderer_globals["root_administrator"] = False | |||
r0 | ||||
r153 | renderer_globals["_mail_url"] = request.registry.settings["_mail_url"] | |||
r0 | ||||
if not request: | ||||
return | ||||
# do not sens flash headers with /api calls | ||||
r153 | if not request.path.startswith("/api"): | |||
r0 | flash_msgs = helpers.get_type_formatted_flash(request) | |||
r153 | renderer_globals["flash_msgs"] = flash_msgs | |||
r0 | request.add_flash_to_headers() | |||
r153 | ||||
r0 | def application_created(app): | |||
r153 | webassets_dir = app.app.registry.settings.get("webassets.dir") | |||
r0 | js_hash = generate_random_string() | |||
css_hash = generate_random_string() | ||||
if webassets_dir: | ||||
js_hasher = hashlib.md5() | ||||
css_hasher = hashlib.md5() | ||||
for root, dirs, files in os.walk(webassets_dir): | ||||
for name in files: | ||||
filename = os.path.join(root, name) | ||||
r153 | if name.endswith("css"): | |||
with open(filename, "r", encoding="utf8", errors="replace") as f: | ||||
r0 | for line in f: | |||
r153 | css_hasher.update(line.encode("utf8")) | |||
elif name.endswith("js"): | ||||
with open(filename, "r", encoding="utf8", errors="replace") as f: | ||||
r0 | for line in f: | |||
r153 | js_hasher.update(line.encode("utf8")) | |||
r0 | js_hash = js_hasher.hexdigest() | |||
css_hash = css_hasher.hexdigest() | ||||
app.app.registry.js_hash = js_hash | ||||
app.app.registry.css_hash = css_hash | ||||