__init__.py
254 lines
| 8.7 KiB
| text/x-python
|
PythonLexer
r0 | # -*- coding: utf-8 -*- | |||
r112 | # Copyright 2010 - 2017 RhodeCode GmbH and the AppEnlight project authors | |||
r0 | # | |||
r112 | # Licensed under the Apache License, Version 2.0 (the "License"); | |||
# you may not use this file except in compliance with the License. | ||||
# You may obtain a copy of the License at | ||||
r0 | # | |||
r112 | # http://www.apache.org/licenses/LICENSE-2.0 | |||
r0 | # | |||
r112 | # Unless required by applicable law or agreed to in writing, software | |||
# distributed under the License is distributed on an "AS IS" BASIS, | ||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
# See the License for the specific language governing permissions and | ||||
# limitations under the License. | ||||
r0 | ||||
import datetime | ||||
import logging | ||||
r151 | from elasticsearch import Elasticsearch | |||
r0 | import redis | |||
import os | ||||
r134 | import pkg_resources | |||
r0 | from pkg_resources import iter_entry_points | |||
import appenlight.lib.jinja2_filters as jinja2_filters | ||||
import appenlight.lib.encryption as encryption | ||||
r7 | from pyramid.config import PHASE3_CONFIG | |||
r0 | from pyramid.authentication import AuthTktAuthenticationPolicy | |||
from pyramid.authorization import ACLAuthorizationPolicy | ||||
r145 | from pyramid_mailer.interfaces import IMailer | |||
r0 | from pyramid.renderers import JSON | |||
from pyramid_redis_sessions import session_factory_from_settings | ||||
from pyramid.settings import asbool, aslist | ||||
from pyramid.security import AllPermissionsList | ||||
from pyramid_authstack import AuthenticationStackPolicy | ||||
from redlock import Redlock | ||||
from sqlalchemy import engine_from_config | ||||
from appenlight.celery import configure_celery | ||||
r153 | from appenlight.lib.configurator import ( | |||
CythonCompatConfigurator, | ||||
register_appenlight_plugin, | ||||
) | ||||
r0 | from appenlight.lib import cache_regions | |||
from appenlight.lib.ext_json import json | ||||
from appenlight.security import groupfinder, AuthTokenAuthenticationPolicy | ||||
r153 | __license__ = "Apache 2.0" | |||
__author__ = "RhodeCode GmbH" | ||||
__url__ = "http://rhodecode.com" | ||||
r134 | __version__ = pkg_resources.get_distribution("appenlight").parsed_version | |||
r29 | ||||
r0 | json_renderer = JSON(serializer=json.dumps, indent=4) | |||
log = logging.getLogger(__name__) | ||||
def datetime_adapter(obj, request): | ||||
return obj.isoformat() | ||||
def all_permissions_adapter(obj, request): | ||||
r153 | return "__all_permissions__" | |||
r0 | ||||
json_renderer.add_adapter(datetime.datetime, datetime_adapter) | ||||
json_renderer.add_adapter(AllPermissionsList, all_permissions_adapter) | ||||
def main(global_config, **settings): | ||||
""" This function returns a Pyramid WSGI application. | ||||
""" | ||||
auth_tkt_policy = AuthTktAuthenticationPolicy( | ||||
r153 | settings["authtkt.secret"], | |||
hashalg="sha512", | ||||
r0 | callback=groupfinder, | |||
max_age=2592000, | ||||
r153 | secure=asbool(settings.get("authtkt.secure", "false")), | |||
r0 | ) | |||
r153 | auth_token_policy = AuthTokenAuthenticationPolicy(callback=groupfinder) | |||
r0 | authorization_policy = ACLAuthorizationPolicy() | |||
authentication_policy = AuthenticationStackPolicy() | ||||
r153 | authentication_policy.add_policy("auth_tkt", auth_tkt_policy) | |||
authentication_policy.add_policy("auth_token", auth_token_policy) | ||||
r0 | # set crypto key | |||
r153 | encryption.ENCRYPTION_SECRET = settings.get("encryption_secret") | |||
r0 | # import this later so encyption key can be monkeypatched | |||
from appenlight.models import DBSession, register_datastores | ||||
r128 | ||||
# registration | ||||
r153 | settings["appenlight.disable_registration"] = asbool( | |||
settings.get("appenlight.disable_registration") | ||||
) | ||||
r128 | ||||
r0 | # update config with cometd info | |||
r153 | settings["cometd_servers"] = { | |||
"server": settings["cometd.server"], | ||||
"secret": settings["cometd.secret"], | ||||
} | ||||
r0 | ||||
# Create the Pyramid Configurator. | ||||
r153 | settings["_mail_url"] = settings["mailing.app_url"] | |||
r7 | config = CythonCompatConfigurator( | |||
settings=settings, | ||||
authentication_policy=authentication_policy, | ||||
authorization_policy=authorization_policy, | ||||
r153 | root_factory="appenlight.security.RootFactory", | |||
default_permission="view", | ||||
) | ||||
r20 | # custom registry variables | |||
# resource type information | ||||
r153 | config.registry.resource_types = ["resource", "application"] | |||
r20 | # plugin information | |||
config.registry.appenlight_plugins = {} | ||||
r153 | config.set_default_csrf_options(require_csrf=True, header="X-XSRF-TOKEN") | |||
config.add_view_deriver("appenlight.predicates.csrf_view", name="csrf_view") | ||||
r0 | ||||
# later, when config is available | ||||
r153 | dogpile_config = { | |||
"url": settings["redis.url"], | ||||
"redis_expiration_time": 86400, | ||||
"redis_distributed_lock": True, | ||||
} | ||||
r0 | cache_regions.regions = cache_regions.CacheRegions(dogpile_config) | |||
config.registry.cache_regions = cache_regions.regions | ||||
r153 | engine = engine_from_config(settings, "sqlalchemy.", json_serializer=json.dumps) | |||
r0 | DBSession.configure(bind=engine) | |||
# json rederer that serializes datetime | ||||
r153 | config.add_renderer("json", json_renderer) | |||
config.add_request_method( | ||||
"appenlight.lib.request.es_conn", "es_conn", property=True | ||||
) | ||||
config.add_request_method( | ||||
"appenlight.lib.request.get_user", "user", reify=True, property=True | ||||
) | ||||
config.add_request_method( | ||||
"appenlight.lib.request.get_csrf_token", "csrf_token", reify=True, property=True | ||||
) | ||||
config.add_request_method( | ||||
"appenlight.lib.request.safe_json_body", | ||||
"safe_json_body", | ||||
reify=True, | ||||
property=True, | ||||
) | ||||
config.add_request_method( | ||||
"appenlight.lib.request.unsafe_json_body", | ||||
"unsafe_json_body", | ||||
reify=True, | ||||
property=True, | ||||
) | ||||
config.add_request_method( | ||||
"appenlight.lib.request.add_flash_to_headers", "add_flash_to_headers" | ||||
) | ||||
config.add_request_method( | ||||
"appenlight.lib.request.get_authomatic", "authomatic", reify=True | ||||
) | ||||
config.include("pyramid_redis_sessions") | ||||
config.include("pyramid_tm") | ||||
config.include("pyramid_jinja2") | ||||
config.include("pyramid_mailer") | ||||
config.include("appenlight_client.ext.pyramid_tween") | ||||
config.include("ziggurat_foundations.ext.pyramid.sign_in") | ||||
es_server_list = aslist(settings["elasticsearch.nodes"]) | ||||
redis_url = settings["redis.url"] | ||||
log.warning("Elasticsearch server list: {}".format(es_server_list)) | ||||
log.warning("Redis server: {}".format(redis_url)) | ||||
r151 | config.registry.es_conn = Elasticsearch(es_server_list) | |||
r6 | config.registry.redis_conn = redis.StrictRedis.from_url(redis_url) | |||
r0 | ||||
r153 | config.registry.redis_lockmgr = Redlock( | |||
[settings["redis.redlock.url"]], retry_count=0, retry_delay=0 | ||||
) | ||||
r145 | # mailer bw compat | |||
config.registry.mailer = config.registry.getUtility(IMailer) | ||||
r0 | ||||
# Configure sessions | ||||
session_factory = session_factory_from_settings(settings) | ||||
config.set_session_factory(session_factory) | ||||
# Configure renderers and event subscribers | ||||
r153 | config.add_jinja2_extension("jinja2.ext.loopcontrols") | |||
config.add_jinja2_search_path("appenlight:templates") | ||||
r0 | # event subscribers | |||
r153 | config.add_subscriber( | |||
"appenlight.subscribers.application_created", | ||||
"pyramid.events.ApplicationCreated", | ||||
) | ||||
config.add_subscriber( | ||||
"appenlight.subscribers.add_renderer_globals", "pyramid.events.BeforeRender" | ||||
) | ||||
config.add_subscriber( | ||||
"appenlight.subscribers.new_request", "pyramid.events.NewRequest" | ||||
) | ||||
config.add_view_predicate( | ||||
"context_type_class", "appenlight.predicates.contextTypeClass" | ||||
) | ||||
register_datastores( | ||||
es_conn=config.registry.es_conn, | ||||
redis_conn=config.registry.redis_conn, | ||||
redis_lockmgr=config.registry.redis_lockmgr, | ||||
) | ||||
r0 | ||||
# base stuff and scan | ||||
# need to ensure webassets exists otherwise config.override_asset() | ||||
# throws exception | ||||
r153 | if not os.path.exists(settings["webassets.dir"]): | |||
os.mkdir(settings["webassets.dir"]) | ||||
config.add_static_view( | ||||
path="appenlight:webassets", name="static", cache_max_age=3600 | ||||
) | ||||
config.override_asset( | ||||
to_override="appenlight:webassets/", override_with=settings["webassets.dir"] | ||||
) | ||||
config.include("appenlight.views") | ||||
config.include("appenlight.views.admin") | ||||
config.scan( | ||||
ignore=["appenlight.migrations", "appenlight.scripts", "appenlight.tests"] | ||||
) | ||||
config.add_directive("register_appenlight_plugin", register_appenlight_plugin) | ||||
for entry_point in iter_entry_points(group="appenlight.plugins"): | ||||
r0 | plugin = entry_point.load() | |||
plugin.includeme(config) | ||||
# include other appenlight plugins explictly if needed | ||||
r153 | includes = aslist(settings.get("appenlight.includes", [])) | |||
r0 | for inc in includes: | |||
config.include(inc) | ||||
# run this after everything registers in configurator | ||||
def pre_commit(): | ||||
jinja_env = config.get_jinja2_environment() | ||||
r153 | jinja_env.filters["tojson"] = json.dumps | |||
jinja_env.filters["toJSONUnsafe"] = jinja2_filters.toJSONUnsafe | ||||
r0 | ||||
config.action(None, pre_commit, order=PHASE3_CONFIG + 999) | ||||
def wrap_config_celery(): | ||||
configure_celery(config.registry) | ||||
config.action(None, wrap_config_celery, order=PHASE3_CONFIG + 999) | ||||
app = config.make_wsgi_app() | ||||
return app | ||||