forget-cancellare-vecchi-toot/app.py

from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from sqlalchemy import MetaData
from flask_migrate import Migrate
import version
from libforget.cachebust import cachebust
import mimetypes
import libforget.brotli
import libforget.img_proxy
from werkzeug.middleware.proxy_fix import ProxyFix

app = Flask(__name__)

default_config = {
        "SQLALCHEMY_TRACK_MODIFICATIONS": False,
        "SQLALCHEMY_DATABASE_URI": "postgresql+psycopg2:///forget",
        "HTTPS": True,
        "SENTRY_CONFIG": {},
        "REPO_URL": "https://github.com/codl/forget",
        "CHANGELOG_URL": "https://github.com/codl/forget/blob/{hash}/CHANGELOG.markdown",
        "REDIS_URI": "redis://",
}

app.config.update(default_config)

app.config.from_pyfile('config.py', True)

metadata = MetaData(naming_convention={
    "ix": 'ix_%(column_0_label)s',
    "uq": "uq_%(table_name)s_%(column_0_name)s",
    "ck": "ck_%(table_name)s_%(constraint_name)s",
    "fk": "fk_%(table_name)s_%(column_0_name)s_%(referred_table_name)s",
    "pk": "pk_%(table_name)s"
})

db = SQLAlchemy(app, metadata=metadata)
migrate = Migrate(app, db)

if 'CELERY_BROKER' not in app.config:
    uri = app.config['REDIS_URI']
    if uri.startswith('unix://'):
        uri = uri.replace('unix', 'redis+socket', 1)
    app.config['CELERY_BROKER'] = uri

sentry = None
if 'SENTRY_DSN' in app.config:
    from raven.contrib.flask import Sentry
    app.config['SENTRY_CONFIG']['release'] = version.get_versions()['version']
    sentry = Sentry(app, dsn=app.config['SENTRY_DSN'])

url_for = cachebust(app)


@app.context_processor
def inject_static():
    def static(filename, **kwargs):
        return url_for('static', filename=filename, **kwargs)
    return {'st': static}


@app.after_request
def install_security_headers(resp):
    csp = ("default-src 'none';"
           "img-src 'self';"
           "style-src 'self' 'unsafe-inline';"
           "frame-ancestors 'none';"
           )
    if 'SENTRY_DSN' in app.config:
        csp += "script-src 'self' https://cdn.ravenjs.com/;"
        csp += "connect-src 'self' https://sentry.io/;"
    else:
        csp += "script-src 'self' 'unsafe-eval';"
        csp += "connect-src 'self';"

    if 'CSP_REPORT_URI' in app.config:
        csp += "report-uri " + app.config.get('CSP_REPORT_URI')

    if app.config.get('HTTPS'):
        resp.headers.set('strict-transport-security',
                         'max-age={}'.format(60*60*24*365))
        csp += "; upgrade-insecure-requests"

    resp.headers.set('Content-Security-Policy', csp)
    resp.headers.set('referrer-policy', 'no-referrer')
    resp.headers.set('x-content-type-options', 'nosniff')
    resp.headers.set('x-frame-options', 'DENY')
    resp.headers.set('x-xss-protection', '1')

    return resp


mimetypes.add_type('image/webp', '.webp')

libforget.brotli.brotli(app)

imgproxy = (
    libforget.img_proxy.ImgProxyCache(redis_uri=app.config.get('REDIS_URI')))

app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)
remove flask-limiter, make sure redis isnt initialised early 2017-09-24 16:37:38 +02:00			`from flask import Flask`
init 2017-07-25 09:52:24 +02:00			`from flask_sqlalchemy import SQLAlchemy`
remove flask-limiter, make sure redis isnt initialised early 2017-09-24 16:37:38 +02:00			`from sqlalchemy import MetaData`
init 2017-07-25 09:52:24 +02:00			`from flask_migrate import Migrate`
add version number 2017-08-07 14:51:33 +02:00			`import version`
rename lib to libforget 2017-09-20 23:02:36 +02:00			`from libforget.cachebust import cachebust`
ensure proper mimetype when serving webp images 2017-08-29 01:29:55 +02:00			`import mimetypes`
rename lib to libforget 2017-09-20 23:02:36 +02:00			`import libforget.brotli`
			`import libforget.img_proxy`
add proxyfix 2020-11-18 01:23:58 +01:00			`from werkzeug.middleware.proxy_fix import ProxyFix`
init 2017-07-25 09:52:24 +02:00
			`app = Flask(__name__)`

proper config management 2017-07-26 11:11:54 +02:00			`default_config = {`
			`"SQLALCHEMY_TRACK_MODIFICATIONS": False,`
			`"SQLALCHEMY_DATABASE_URI": "postgresql+psycopg2:///forget",`
computer 2017-08-07 15:06:29 +02:00			`"HTTPS": True,`
also change the default to be redis regardless 2017-08-10 17:22:32 +02:00			`"SENTRY_CONFIG": {},`
shorten footer and link directly to the running commit 2017-08-20 18:48:43 +02:00			`"REPO_URL": "https://github.com/codl/forget",`
make version link in footer link to changelog, not commit log 2019-07-23 02:17:01 +02:00			`"CHANGELOG_URL": "https://github.com/codl/forget/blob/{hash}/CHANGELOG.markdown",`
unify redis config (closes #8) also, not sure why brotli was being initialised in routes not in app 2017-09-07 01:10:02 +02:00			`"REDIS_URI": "redis://",`
proper config management 2017-07-26 11:11:54 +02:00			`}`

			`app.config.update(default_config)`

			`app.config.from_pyfile('config.py', True)`
stuff. if you see this then i forgot to squash before publishing 2017-07-25 23:05:46 +02:00
flakes8 2017-08-29 14:46:32 +02:00			`metadata = MetaData(naming_convention={`
init 2017-07-25 09:52:24 +02:00			`"ix": 'ix_%(column_0_label)s',`
			`"uq": "uq_%(table_name)s_%(column_0_name)s",`
			`"ck": "ck_%(table_name)s_%(constraint_name)s",`
			`"fk": "fk_%(table_name)s_%(column_0_name)s_%(referred_table_name)s",`
			`"pk": "pk_%(table_name)s"`
			`})`

			`db = SQLAlchemy(app, metadata=metadata)`
			`migrate = Migrate(app, db)`
add sentry support 2017-08-07 13:29:31 +02:00
remove flask-limiter, make sure redis isnt initialised early 2017-09-24 16:37:38 +02:00			`if 'CELERY_BROKER' not in app.config:`
unify redis config (closes #8) also, not sure why brotli was being initialised in routes not in app 2017-09-07 01:10:02 +02:00			`uri = app.config['REDIS_URI']`
			`if uri.startswith('unix://'):`
fix real old typo 2017-11-19 01:00:30 +01:00			`uri = uri.replace('unix', 'redis+socket', 1)`
unify redis config (closes #8) also, not sure why brotli was being initialised in routes not in app 2017-09-07 01:10:02 +02:00			`app.config['CELERY_BROKER'] = uri`

add sentry support 2017-08-07 13:29:31 +02:00			`sentry = None`
			`if 'SENTRY_DSN' in app.config:`
			`from raven.contrib.flask import Sentry`
replace messy version stuff with versioneer 2018-01-31 23:11:12 +01:00			`app.config['SENTRY_CONFIG']['release'] = version.get_versions()['version']`
augh 2017-08-07 14:59:38 +02:00			`sentry = Sentry(app, dsn=app.config['SENTRY_DSN'])`
simplify header 2017-08-07 21:35:46 +02:00
add cachebusting for static files 2017-08-07 21:50:31 +02:00			`url_for = cachebust(app)`

flakes8 2017-08-29 14:46:32 +02:00
simplify header 2017-08-07 21:35:46 +02:00			`@app.context_processor`
			`def inject_static():`
			`def static(filename, **kwargs):`
			`return url_for('static', filename=filename, **kwargs)`
			`return {'st': static}`
add rate limits 2017-08-10 17:07:39 +02:00
flakes8 2017-08-29 14:46:32 +02:00
add security headers 2017-08-28 01:47:01 +02:00			`@app.after_request`
			`def install_security_headers(resp):`
flakes8 2017-08-29 14:46:32 +02:00			`csp = ("default-src 'none';"`
proxy avatars this fixes some potential issues when connecting to a non-https mastodon server you shouldn't connect to a non-https mastodon server in general but you know, whatever 2017-09-16 13:58:02 +02:00			`"img-src 'self';"`
flakes8 2017-08-29 14:46:32 +02:00			`"style-src 'self' 'unsafe-inline';"`
			`"frame-ancestors 'none';"`
			`)`
Revert "you know what, screw sentry. bye" This reverts commit 175e313e0311832a29541ad65a95fc51f9d18143. 2017-08-31 19:58:48 +02:00			`if 'SENTRY_DSN' in app.config:`
			`csp += "script-src 'self' https://cdn.ravenjs.com/;"`
add sentry js back in 2017-08-31 20:46:38 +02:00			`csp += "connect-src 'self' https://sentry.io/;"`
Revert "you know what, screw sentry. bye" This reverts commit 175e313e0311832a29541ad65a95fc51f9d18143. 2017-08-31 19:58:48 +02:00			`else:`
script to show known instances from cookie, mmoving it to localstorage 2019-03-15 19:46:18 +01:00			`csp += "script-src 'self' 'unsafe-eval';"`
add sentry js back in 2017-08-31 20:46:38 +02:00			`csp += "connect-src 'self';"`
Revert "you know what, screw sentry. bye" This reverts commit 175e313e0311832a29541ad65a95fc51f9d18143. 2017-08-31 19:58:48 +02:00
add security headers 2017-08-28 01:47:01 +02:00			`if 'CSP_REPORT_URI' in app.config:`
Revert "you know what, screw sentry. bye" This reverts commit 175e313e0311832a29541ad65a95fc51f9d18143. 2017-08-31 19:58:48 +02:00			`csp += "report-uri " + app.config.get('CSP_REPORT_URI')`
add security headers 2017-08-28 01:47:01 +02:00
			`if app.config.get('HTTPS'):`
flakes8 2017-08-29 14:46:32 +02:00			`resp.headers.set('strict-transport-security',`
			`'max-age={}'.format(606024*365))`
csp: only set upgrade-insecure-requests when over https 2017-08-28 09:12:32 +02:00			`csp += "; upgrade-insecure-requests"`
add security headers 2017-08-28 01:47:01 +02:00
csp: only set upgrade-insecure-requests when over https 2017-08-28 09:12:32 +02:00			`resp.headers.set('Content-Security-Policy', csp)`
add security headers 2017-08-28 01:47:01 +02:00			`resp.headers.set('referrer-policy', 'no-referrer')`
			`resp.headers.set('x-content-type-options', 'nosniff')`
			`resp.headers.set('x-frame-options', 'DENY')`
mozilla observatory retire bitch 2017-08-28 01:58:00 +02:00			`resp.headers.set('x-xss-protection', '1')`
add security headers 2017-08-28 01:47:01 +02:00
			`return resp`
ensure proper mimetype when serving webp images 2017-08-29 01:29:55 +02:00
flakes8 2017-08-29 14:46:32 +02:00
ensure proper mimetype when serving webp images 2017-08-29 01:29:55 +02:00			`mimetypes.add_type('image/webp', '.webp')`
unify redis config (closes #8) also, not sure why brotli was being initialised in routes not in app 2017-09-07 01:10:02 +02:00
rename lib to libforget 2017-09-20 23:02:36 +02:00			`libforget.brotli.brotli(app)`
proxy avatars this fixes some potential issues when connecting to a non-https mastodon server you shouldn't connect to a non-https mastodon server in general but you know, whatever 2017-09-16 13:58:02 +02:00
rename lib to libforget 2017-09-20 23:02:36 +02:00			`imgproxy = (`
			`libforget.img_proxy.ImgProxyCache(redis_uri=app.config.get('REDIS_URI')))`
add proxyfix 2020-11-18 01:23:58 +01:00
			`app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)`