|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
# Copyright 2010 - 2017 RhodeCode GmbH and the AppEnlight project authors
|
|
|
#
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
# You may obtain a copy of the License at
|
|
|
#
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
#
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
# See the License for the specific language governing permissions and
|
|
|
# limitations under the License.
|
|
|
|
|
|
import hashlib
|
|
|
import os
|
|
|
|
|
|
from pyramid.i18n import TranslationStringFactory
|
|
|
from pyramid import threadlocal
|
|
|
|
|
|
_ = TranslationStringFactory('pyramid')
|
|
|
|
|
|
from appenlight import security
|
|
|
from appenlight.lib import helpers, generate_random_string
|
|
|
from appenlight.models.services.config import ConfigService
|
|
|
|
|
|
|
|
|
def gen_urls(request):
|
|
|
urls = {
|
|
|
'baseUrl': request.route_url('/'),
|
|
|
'applicationsNoId': request.route_url('applications_no_id'),
|
|
|
'applications': request.route_url('applications', resource_id='REPLACE_ID').replace('REPLACE_ID',':resourceId'),
|
|
|
'applicationsProperty': request.route_url('applications_property',key='REPLACE_KEY', resource_id='REPLACE_ID').replace('REPLACE_ID',':resourceId').replace('REPLACE_KEY',':key'),
|
|
|
'configsNoId': request.route_url('admin_configs'),
|
|
|
'configs': request.route_url('admin_config', key='REPLACE_KEY', section='REPLACE_SECTION').replace('REPLACE_SECTION',':section').replace('REPLACE_KEY',':key'),
|
|
|
'docs': 'http://getappenlight.com/page/api/main.html',
|
|
|
'eventsNoId': request.route_url('events_no_id'),
|
|
|
'events': request.route_url('events', event_id='REPLACE_ID').replace('REPLACE_ID',':eventId'),
|
|
|
'eventsProperty': request.route_url('events_property',key='REPLACE_KEY', event_id='REPLACE_ID').replace('REPLACE_ID',':eventId').replace('REPLACE_KEY',':key'),
|
|
|
'groupsNoId': request.route_url('groups_no_id'),
|
|
|
'groups': request.route_url('groups', group_id='REPLACE_ID').replace('REPLACE_ID',':groupId'),
|
|
|
'groupsProperty': request.route_url('groups_property',key='REPLACE_KEY', group_id='REPLACE_ID').replace('REPLACE_ID',':groupId').replace('REPLACE_KEY',':key'),
|
|
|
'logsNoId': request.route_url('logs_no_id'),
|
|
|
'integrationAction': request.route_url('integrations_id',action='REPLACE_ACT', resource_id='REPLACE_RID', integration='REPLACE_IID').replace('REPLACE_RID',':resourceId').replace('REPLACE_ACT',':action').replace('REPLACE_IID',':integration'),
|
|
|
'usersNoId': request.route_url('users_no_id'),
|
|
|
'users': request.route_url('users', user_id='REPLACE_ID').replace('REPLACE_ID',':userId'),
|
|
|
'usersProperty': request.route_url('users_property',key='REPLACE_KEY', user_id='REPLACE_ID').replace('REPLACE_ID',':userId').replace('REPLACE_KEY',':key'),
|
|
|
'userSelf': request.route_url('users_self'),
|
|
|
'userSelfProperty': request.route_url('users_self_property',key='REPLACE_KEY').replace('REPLACE_KEY',':key'),
|
|
|
'reports': request.route_url('reports'),
|
|
|
'reportGroup': request.route_url('report_groups', group_id='REPLACE_RID').replace('REPLACE_RID',':groupId'),
|
|
|
'reportGroupProperty': request.route_url('report_groups_property', key='REPLACE_KEY', group_id='REPLACE_GID').replace('REPLACE_KEY',':key').replace('REPLACE_GID',':groupId'),
|
|
|
'pluginConfigsNoId': request.route_url('plugin_configs', plugin_name='REPLACE_TYPE').replace('REPLACE_TYPE',':plugin_name'),
|
|
|
'pluginConfigs': request.route_url('plugin_config', id='REPLACE_ID', plugin_name='REPLACE_TYPE').replace('REPLACE_ID',':id').replace('REPLACE_TYPE',':plugin_name'),
|
|
|
'resourceProperty': request.route_url('resources_property',key='REPLACE_KEY', resource_id='REPLACE_ID').replace('REPLACE_ID',':resourceId').replace('REPLACE_KEY',':key'),
|
|
|
'slowReports': request.route_url('slow_reports'),
|
|
|
'sectionView': request.route_url('section_view', section='REPLACE_S', view='REPLACE_V').replace('REPLACE_S',':section').replace('REPLACE_V',':view'),
|
|
|
'otherRoutes': {
|
|
|
'register': request.route_url('register'),
|
|
|
'lostPassword': request.route_url('lost_password'),
|
|
|
'lostPasswordGenerate': request.route_url('lost_password_generate'),
|
|
|
'signOut': request.route_url('ziggurat.routes.sign_out')
|
|
|
},
|
|
|
'social_auth': {
|
|
|
'google': request.route_url('social_auth', provider='google'),
|
|
|
'twitter': request.route_url('social_auth', provider='twitter'),
|
|
|
'bitbucket': request.route_url('social_auth', provider='bitbucket'),
|
|
|
'github': request.route_url('social_auth', provider='github'),
|
|
|
},
|
|
|
"plugins": {},
|
|
|
"adminAction": request.route_url('admin', action="REPLACE_ACT").replace('REPLACE_ACT',':action')
|
|
|
}
|
|
|
return urls
|
|
|
|
|
|
def new_request(event):
|
|
|
environ = event.request.environ
|
|
|
event.request.response.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
|
|
event.request.response.headers['X-XSS-Protection'] = '1; mode=block'
|
|
|
# can this be enabled on non https deployments?
|
|
|
# event.request.response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubdomains;'
|
|
|
|
|
|
# do not send XSRF token with /api calls
|
|
|
if not event.request.path.startswith('/api'):
|
|
|
if environ['wsgi.url_scheme'] == 'https':
|
|
|
event.request.response.set_cookie(
|
|
|
'XSRF-TOKEN', event.request.session.get_csrf_token(),
|
|
|
secure=True)
|
|
|
else:
|
|
|
event.request.response.set_cookie(
|
|
|
'XSRF-TOKEN', event.request.session.get_csrf_token())
|
|
|
if event.request.user:
|
|
|
event.request.response.headers[
|
|
|
'x-appenlight-uid'] = '%s' % event.request.user.id
|
|
|
|
|
|
|
|
|
def add_renderer_globals(event):
|
|
|
request = event.get("request") or threadlocal.get_current_request()
|
|
|
|
|
|
renderer_globals = event
|
|
|
renderer_globals["h"] = helpers
|
|
|
renderer_globals["js_hash"] = request.registry.js_hash
|
|
|
renderer_globals["css_hash"] = request.registry.css_hash
|
|
|
renderer_globals['_'] = _
|
|
|
renderer_globals['security'] = security
|
|
|
renderer_globals['flash_msgs'] = []
|
|
|
renderer_globals['appenlight_plugins'] = []
|
|
|
|
|
|
if 'jinja' in event['renderer_info'].type:
|
|
|
renderer_globals['url_list'] = gen_urls(request)
|
|
|
# add footer html and some other global vars to renderer
|
|
|
for module, config in request.registry.appenlight_plugins.items():
|
|
|
if config['url_gen']:
|
|
|
urls = config['url_gen'](request)
|
|
|
renderer_globals['url_list']['plugins'][module] = urls
|
|
|
|
|
|
renderer_globals['appenlight_plugins'].append(
|
|
|
{'name': module,
|
|
|
'config': {
|
|
|
'javascript':config['javascript'],
|
|
|
'header_html':config['header_html']
|
|
|
}})
|
|
|
|
|
|
footer_config = ConfigService.by_key_and_section(
|
|
|
'template_footer_html', 'global', default_value='')
|
|
|
|
|
|
renderer_globals['template_footer_html'] = footer_config.value
|
|
|
try:
|
|
|
renderer_globals['root_administrator'] = request.has_permission(
|
|
|
'root_administration', security.RootFactory(request))
|
|
|
except AttributeError:
|
|
|
renderer_globals['root_administrator'] = False
|
|
|
|
|
|
renderer_globals['_mail_url'] = request.registry.settings['_mail_url']
|
|
|
|
|
|
if not request:
|
|
|
return
|
|
|
|
|
|
# do not sens flash headers with /api calls
|
|
|
if not request.path.startswith('/api'):
|
|
|
flash_msgs = helpers.get_type_formatted_flash(request)
|
|
|
renderer_globals['flash_msgs'] = flash_msgs
|
|
|
request.add_flash_to_headers()
|
|
|
|
|
|
def application_created(app):
|
|
|
webassets_dir = app.app.registry.settings.get('webassets.dir')
|
|
|
js_hash = generate_random_string()
|
|
|
css_hash = generate_random_string()
|
|
|
if webassets_dir:
|
|
|
js_hasher = hashlib.md5()
|
|
|
css_hasher = hashlib.md5()
|
|
|
for root, dirs, files in os.walk(webassets_dir):
|
|
|
for name in files:
|
|
|
filename = os.path.join(root, name)
|
|
|
if name.endswith('css'):
|
|
|
with open(filename, 'r', encoding='utf8',
|
|
|
errors='replace') as f:
|
|
|
for line in f:
|
|
|
css_hasher.update(line.encode('utf8'))
|
|
|
elif name.endswith('js'):
|
|
|
with open(filename, 'r', encoding='utf8',
|
|
|
errors='replace') as f:
|
|
|
for line in f:
|
|
|
js_hasher.update(line.encode('utf8'))
|
|
|
js_hash = js_hasher.hexdigest()
|
|
|
css_hash = css_hasher.hexdigest()
|
|
|
app.app.registry.js_hash = js_hash
|
|
|
app.app.registry.css_hash = css_hash
|
|
|
|