Page MenuHomec4science
Files F91632136

wrappers.py
No OneTemporary
Actions

File Metadata

Created
Tue, Nov 12, 22:28

wrappers.py
View Options

# -*- coding: utf-8 -*-
#
# This file is part of Invenio.
# Copyright (C) 2012, 2013 CERN.
#
# Invenio is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# Invenio is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Invenio; if not, write to the Free Software Foundation, Inc.,
# 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
# Copyright (c) 2012, Kenneth Reitz
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# Redistributions of source code must retain the above copyright notice, this list
# of conditions and the following disclaimer.
# Redistributions in binary form must reproduce the above copyright notice, this
# list of conditions and the following disclaimer in the documentation and/or
# other materials provided with the distribution.
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
from flask import request, redirect
from invenio.utils.url import rewrite_to_secure_url
YEAR_IN_SECS = 31536000
class SSLify(object):
"""Secures your Flask App."""
def __init__(self, app, age=YEAR_IN_SECS, subdomains=False, permanent=False,
doHSTS=True):
if app is not None:
self.app = app
self.hsts_age = age
self.hsts_include_subdomains = subdomains
self.permanent = permanent
self.criteria_callback = None
self.init_app(self.app, doHSTS)
else:
self.app = None
def init_app(self, app, doHSTS=True):
"""Configures the configured Flask app to enforce SSL."""
app.before_request(self.redirect_to_ssl)
if doHSTS:
app.after_request(self.set_hsts_header)
def criteria_handler(self, callback):
"""Sets criteria callback."""
self.criteria_callback = callback
@property
def hsts_header(self):
"""Returns the proper HSTS policy."""
hsts_policy = 'max-age={0}'.format(self.hsts_age)
if self.hsts_include_subdomains:
hsts_policy += '; includeSubDomains'
return hsts_policy
def redirect_to_ssl(self):
"""Redirect incoming requests to HTTPS."""
# Should we redirect?
criteria = [
request.is_secure,
request.headers.get('X-Forwarded-Proto', 'http') == 'https',
'no-https-redirect' in self.app.config.get('CFG_DEVEL_TOOLS', []),
]
if self.criteria_callback is not None:
criteria += [self.criteria_callback()]
if not any(criteria):
if request.url.startswith('http://'):
url = rewrite_to_secure_url(request.url)
code = 302
if self.permanent:
code = 301
r = redirect(url, code=code)
return r
def set_hsts_header(self, response):
"""Adds HSTS header to each response."""
if request.is_secure:
response.headers.setdefault('Strict-Transport-Security', self.hsts_header)
return response

Event Timeline

c4science · Help