Page MenuHomec4science
Files F102514719

flask_sslify.py
No OneTemporary
Actions

File Metadata

Created
Fri, Feb 21, 12:58

flask_sslify.py
View Options

# -*- coding: utf-8 -*-
##
## This file is part of Invenio.
## Copyright (C) 2012 CERN.
##
## Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
## Copyright (c) 2012, Kenneth Reitz
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without modification,
## are permitted provided that the following conditions are met:
##
## Redistributions of source code must retain the above copyright notice, this list
## of conditions and the following disclaimer.
## Redistributions in binary form must reproduce the above copyright notice, this
## list of conditions and the following disclaimer in the documentation and/or
## other materials provided with the distribution.
## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
## ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
## WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
## DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
## ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
## (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
## ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
## (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
## SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
from flask import request, redirect
from invenio import config
from invenio.urlutils import rewrite_to_secure_url
YEAR_IN_SECS = 31536000
class SSLify(object):
"""Secures your Flask App."""
def __init__(self, app, age=YEAR_IN_SECS, subdomains=False, permanent=False,
doHSTS=True):
if app is not None:
self.app = app
self.hsts_age = age
self.hsts_include_subdomains = subdomains
self.permanent = permanent
self.criteria_callback = None
self.init_app(self.app, doHSTS)
else:
self.app = None
def init_app(self, app, doHSTS=True):
"""Configures the configured Flask app to enforce SSL."""
app.before_request(self.redirect_to_ssl)
if doHSTS:
app.after_request(self.set_hsts_header)
def criteria_handler(self, callback):
"""Sets criteria callback."""
self.criteria_callback = callback
@property
def hsts_header(self):
"""Returns the proper HSTS policy."""
hsts_policy = 'max-age={0}'.format(self.hsts_age)
if self.hsts_include_subdomains:
hsts_policy += '; includeSubDomains'
return hsts_policy
def redirect_to_ssl(self):
"""Redirect incoming requests to HTTPS."""
# Should we redirect?
criteria = [
request.is_secure,
request.headers.get('X-Forwarded-Proto', 'http') == 'https',
'no-https-redirect' in getattr(config, 'CFG_DEVEL_TOOLS', []),
]
if self.criteria_callback is not None:
criteria += [self.criteria_callback()]
if not any(criteria):
if request.url.startswith('http://'):
url = rewrite_to_secure_url(request.url)
code = 302
if self.permanent:
code = 301
r = redirect(url, code=code)
return r
def set_hsts_header(self, response):
"""Adds HSTS header to each response."""
if request.is_secure:
response.headers.setdefault('Strict-Transport-Security', self.hsts_header)
return response

Event Timeline

c4science · Help