|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
# Copyright 2010 - 2017 RhodeCode GmbH and the AppEnlight project authors
|
|
|
#
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
# You may obtain a copy of the License at
|
|
|
#
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
#
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
# See the License for the specific language governing permissions and
|
|
|
# limitations under the License.
|
|
|
|
|
|
import datetime
|
|
|
import logging
|
|
|
from elasticsearch import Elasticsearch
|
|
|
import redis
|
|
|
import os
|
|
|
import pkg_resources
|
|
|
from pkg_resources import iter_entry_points
|
|
|
|
|
|
import appenlight.lib.jinja2_filters as jinja2_filters
|
|
|
import appenlight.lib.encryption as encryption
|
|
|
|
|
|
from pyramid.config import PHASE3_CONFIG
|
|
|
from pyramid.authentication import AuthTktAuthenticationPolicy
|
|
|
from pyramid.authorization import ACLAuthorizationPolicy
|
|
|
from pyramid_mailer.interfaces import IMailer
|
|
|
from pyramid.renderers import JSON
|
|
|
from pyramid_redis_sessions import session_factory_from_settings
|
|
|
from pyramid.settings import asbool, aslist
|
|
|
from pyramid.security import AllPermissionsList
|
|
|
from pyramid_authstack import AuthenticationStackPolicy
|
|
|
from redlock import Redlock
|
|
|
from sqlalchemy import engine_from_config
|
|
|
|
|
|
from appenlight.celery import configure_celery
|
|
|
from appenlight.lib.configurator import (
|
|
|
CythonCompatConfigurator,
|
|
|
register_appenlight_plugin,
|
|
|
)
|
|
|
from appenlight.lib import cache_regions
|
|
|
from appenlight.lib.ext_json import json
|
|
|
from appenlight.security import groupfinder, AuthTokenAuthenticationPolicy
|
|
|
|
|
|
__license__ = "Apache 2.0"
|
|
|
__author__ = "RhodeCode GmbH"
|
|
|
__url__ = "http://rhodecode.com"
|
|
|
__version__ = pkg_resources.get_distribution("appenlight").parsed_version
|
|
|
|
|
|
json_renderer = JSON(serializer=json.dumps, indent=4)
|
|
|
|
|
|
log = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
def datetime_adapter(obj, request):
|
|
|
return obj.isoformat()
|
|
|
|
|
|
|
|
|
def all_permissions_adapter(obj, request):
|
|
|
return "__all_permissions__"
|
|
|
|
|
|
|
|
|
json_renderer.add_adapter(datetime.datetime, datetime_adapter)
|
|
|
json_renderer.add_adapter(AllPermissionsList, all_permissions_adapter)
|
|
|
|
|
|
|
|
|
def main(global_config, **settings):
|
|
|
""" This function returns a Pyramid WSGI application.
|
|
|
"""
|
|
|
auth_tkt_policy = AuthTktAuthenticationPolicy(
|
|
|
settings["authtkt.secret"],
|
|
|
hashalg="sha512",
|
|
|
callback=groupfinder,
|
|
|
max_age=2592000,
|
|
|
secure=asbool(settings.get("authtkt.secure", "false")),
|
|
|
)
|
|
|
auth_token_policy = AuthTokenAuthenticationPolicy(callback=groupfinder)
|
|
|
authorization_policy = ACLAuthorizationPolicy()
|
|
|
authentication_policy = AuthenticationStackPolicy()
|
|
|
authentication_policy.add_policy("auth_tkt", auth_tkt_policy)
|
|
|
authentication_policy.add_policy("auth_token", auth_token_policy)
|
|
|
# set crypto key
|
|
|
encryption.ENCRYPTION_SECRET = settings.get("encryption_secret")
|
|
|
# import this later so encyption key can be monkeypatched
|
|
|
from appenlight.models import DBSession, register_datastores
|
|
|
|
|
|
# registration
|
|
|
settings["appenlight.disable_registration"] = asbool(
|
|
|
settings.get("appenlight.disable_registration")
|
|
|
)
|
|
|
|
|
|
# update config with cometd info
|
|
|
settings["cometd_servers"] = {
|
|
|
"server": settings["cometd.server"],
|
|
|
"secret": settings["cometd.secret"],
|
|
|
}
|
|
|
|
|
|
# Create the Pyramid Configurator.
|
|
|
settings["_mail_url"] = settings["mailing.app_url"]
|
|
|
config = CythonCompatConfigurator(
|
|
|
settings=settings,
|
|
|
authentication_policy=authentication_policy,
|
|
|
authorization_policy=authorization_policy,
|
|
|
root_factory="appenlight.security.RootFactory",
|
|
|
default_permission="view",
|
|
|
)
|
|
|
# custom registry variables
|
|
|
|
|
|
# resource type information
|
|
|
config.registry.resource_types = ["resource", "application"]
|
|
|
# plugin information
|
|
|
config.registry.appenlight_plugins = {}
|
|
|
|
|
|
config.set_default_csrf_options(require_csrf=True, header="X-XSRF-TOKEN")
|
|
|
config.add_view_deriver("appenlight.predicates.csrf_view", name="csrf_view")
|
|
|
|
|
|
# later, when config is available
|
|
|
dogpile_config = {
|
|
|
"url": settings["redis.url"],
|
|
|
"redis_expiration_time": 86400,
|
|
|
"redis_distributed_lock": True,
|
|
|
}
|
|
|
cache_regions.regions = cache_regions.CacheRegions(dogpile_config)
|
|
|
config.registry.cache_regions = cache_regions.regions
|
|
|
engine = engine_from_config(settings, "sqlalchemy.", json_serializer=json.dumps)
|
|
|
DBSession.configure(bind=engine)
|
|
|
|
|
|
# json rederer that serializes datetime
|
|
|
config.add_renderer("json", json_renderer)
|
|
|
config.add_request_method(
|
|
|
"appenlight.lib.request.es_conn", "es_conn", property=True
|
|
|
)
|
|
|
config.add_request_method(
|
|
|
"appenlight.lib.request.get_user", "user", reify=True, property=True
|
|
|
)
|
|
|
config.add_request_method(
|
|
|
"appenlight.lib.request.get_csrf_token", "csrf_token", reify=True, property=True
|
|
|
)
|
|
|
config.add_request_method(
|
|
|
"appenlight.lib.request.safe_json_body",
|
|
|
"safe_json_body",
|
|
|
reify=True,
|
|
|
property=True,
|
|
|
)
|
|
|
config.add_request_method(
|
|
|
"appenlight.lib.request.unsafe_json_body",
|
|
|
"unsafe_json_body",
|
|
|
reify=True,
|
|
|
property=True,
|
|
|
)
|
|
|
config.add_request_method(
|
|
|
"appenlight.lib.request.add_flash_to_headers", "add_flash_to_headers"
|
|
|
)
|
|
|
config.add_request_method(
|
|
|
"appenlight.lib.request.get_authomatic", "authomatic", reify=True
|
|
|
)
|
|
|
|
|
|
config.include("pyramid_redis_sessions")
|
|
|
config.include("pyramid_tm")
|
|
|
config.include("pyramid_jinja2")
|
|
|
config.include("pyramid_mailer")
|
|
|
config.include("appenlight_client.ext.pyramid_tween")
|
|
|
config.include("ziggurat_foundations.ext.pyramid.sign_in")
|
|
|
es_server_list = aslist(settings["elasticsearch.nodes"])
|
|
|
redis_url = settings["redis.url"]
|
|
|
log.warning("Elasticsearch server list: {}".format(es_server_list))
|
|
|
log.warning("Redis server: {}".format(redis_url))
|
|
|
config.registry.es_conn = Elasticsearch(es_server_list)
|
|
|
config.registry.redis_conn = redis.StrictRedis.from_url(redis_url)
|
|
|
|
|
|
config.registry.redis_lockmgr = Redlock(
|
|
|
[settings["redis.redlock.url"]], retry_count=0, retry_delay=0
|
|
|
)
|
|
|
# mailer bw compat
|
|
|
config.registry.mailer = config.registry.getUtility(IMailer)
|
|
|
|
|
|
# Configure sessions
|
|
|
session_factory = session_factory_from_settings(settings)
|
|
|
config.set_session_factory(session_factory)
|
|
|
|
|
|
# Configure renderers and event subscribers
|
|
|
config.add_jinja2_extension("jinja2.ext.loopcontrols")
|
|
|
config.add_jinja2_search_path("appenlight:templates")
|
|
|
# event subscribers
|
|
|
config.add_subscriber(
|
|
|
"appenlight.subscribers.application_created",
|
|
|
"pyramid.events.ApplicationCreated",
|
|
|
)
|
|
|
config.add_subscriber(
|
|
|
"appenlight.subscribers.add_renderer_globals", "pyramid.events.BeforeRender"
|
|
|
)
|
|
|
config.add_subscriber(
|
|
|
"appenlight.subscribers.new_request", "pyramid.events.NewRequest"
|
|
|
)
|
|
|
config.add_view_predicate(
|
|
|
"context_type_class", "appenlight.predicates.contextTypeClass"
|
|
|
)
|
|
|
|
|
|
register_datastores(
|
|
|
es_conn=config.registry.es_conn,
|
|
|
redis_conn=config.registry.redis_conn,
|
|
|
redis_lockmgr=config.registry.redis_lockmgr,
|
|
|
)
|
|
|
|
|
|
# base stuff and scan
|
|
|
|
|
|
# need to ensure webassets exists otherwise config.override_asset()
|
|
|
# throws exception
|
|
|
if not os.path.exists(settings["webassets.dir"]):
|
|
|
os.mkdir(settings["webassets.dir"])
|
|
|
config.add_static_view(
|
|
|
path="appenlight:webassets", name="static", cache_max_age=3600
|
|
|
)
|
|
|
config.override_asset(
|
|
|
to_override="appenlight:webassets/", override_with=settings["webassets.dir"]
|
|
|
)
|
|
|
|
|
|
config.include("appenlight.views")
|
|
|
config.include("appenlight.views.admin")
|
|
|
config.scan(
|
|
|
ignore=["appenlight.migrations", "appenlight.scripts", "appenlight.tests"]
|
|
|
)
|
|
|
|
|
|
config.add_directive("register_appenlight_plugin", register_appenlight_plugin)
|
|
|
|
|
|
for entry_point in iter_entry_points(group="appenlight.plugins"):
|
|
|
plugin = entry_point.load()
|
|
|
plugin.includeme(config)
|
|
|
|
|
|
# include other appenlight plugins explictly if needed
|
|
|
includes = aslist(settings.get("appenlight.includes", []))
|
|
|
for inc in includes:
|
|
|
config.include(inc)
|
|
|
|
|
|
# run this after everything registers in configurator
|
|
|
|
|
|
def pre_commit():
|
|
|
jinja_env = config.get_jinja2_environment()
|
|
|
jinja_env.filters["tojson"] = json.dumps
|
|
|
jinja_env.filters["toJSONUnsafe"] = jinja2_filters.toJSONUnsafe
|
|
|
|
|
|
config.action(None, pre_commit, order=PHASE3_CONFIG + 999)
|
|
|
|
|
|
def wrap_config_celery():
|
|
|
configure_celery(config.registry)
|
|
|
|
|
|
config.action(None, wrap_config_celery, order=PHASE3_CONFIG + 999)
|
|
|
|
|
|
app = config.make_wsgi_app()
|
|
|
return app
|
|
|
|