pyfedi/pyfedi.py

83 lines
3.8 KiB
Python
Raw Normal View History

2023-08-22 21:24:11 +12:00
# This file is part of pyfedi, which is licensed under the GNU General Public License (GPL) version 3.0.
# You should have received a copy of the GPL along with this program. If not, see <http://www.gnu.org/licenses/>.
2024-02-21 20:00:22 +13:00
from datetime import datetime
from flask_babel import get_locale
2024-02-21 20:00:22 +13:00
from flask_login import current_user
2023-08-22 21:24:11 +12:00
2023-07-28 16:22:12 +12:00
from app import create_app, db, cli
import os, click
2024-02-23 16:52:17 +13:00
from flask import session, g, json, request, current_app
from app.constants import POST_TYPE_LINK, POST_TYPE_IMAGE, POST_TYPE_ARTICLE, POST_TYPE_VIDEO, POST_TYPE_POLL, \
2024-07-17 22:11:31 +08:00
SUBSCRIPTION_MODERATOR, SUBSCRIPTION_MEMBER, SUBSCRIPTION_OWNER, SUBSCRIPTION_PENDING
from app.models import Site
from app.utils import getmtime, gibberish, shorten_string, shorten_url, digits, user_access, community_membership, \
can_create_post, can_upvote, can_downvote, shorten_number, ap_datetime, current_theme, community_link_to_href, \
in_sorted_list, role_access
2023-07-28 16:22:12 +12:00
app = create_app()
cli.register(app)
@app.context_processor
def app_context_processor():
2023-07-28 16:22:12 +12:00
def getmtime(filename):
return os.path.getmtime('app/static/' + filename)
return dict(getmtime=getmtime, instance_domain=current_app.config['SERVER_NAME'],
POST_TYPE_LINK=POST_TYPE_LINK, POST_TYPE_IMAGE=POST_TYPE_IMAGE,
POST_TYPE_ARTICLE=POST_TYPE_ARTICLE, POST_TYPE_VIDEO=POST_TYPE_VIDEO, POST_TYPE_POLL=POST_TYPE_POLL,
2024-07-17 22:11:31 +08:00
SUBSCRIPTION_MODERATOR=SUBSCRIPTION_MODERATOR, SUBSCRIPTION_MEMBER=SUBSCRIPTION_MEMBER,
SUBSCRIPTION_OWNER=SUBSCRIPTION_OWNER, SUBSCRIPTION_PENDING=SUBSCRIPTION_PENDING)
2023-07-28 16:22:12 +12:00
@app.shell_context_processor
def make_shell_context():
2023-09-17 21:19:51 +12:00
return {'db': db, 'app': app}
with app.app_context():
app.jinja_env.globals['len'] = len
2023-10-10 22:25:37 +13:00
app.jinja_env.globals['digits'] = digits
app.jinja_env.globals['str'] = str
2024-01-10 09:44:59 +13:00
app.jinja_env.globals['shorten_number'] = shorten_number
app.jinja_env.globals['community_membership'] = community_membership
2023-11-24 22:28:31 +13:00
app.jinja_env.globals['json_loads'] = json.loads
2023-10-21 15:49:01 +13:00
app.jinja_env.globals['user_access'] = user_access
app.jinja_env.globals['role_access'] = role_access
2024-01-24 17:02:48 +13:00
app.jinja_env.globals['ap_datetime'] = ap_datetime
app.jinja_env.globals['can_create'] = can_create_post
app.jinja_env.globals['can_upvote'] = can_upvote
app.jinja_env.globals['can_downvote'] = can_downvote
app.jinja_env.globals['in_sorted_list'] = in_sorted_list
app.jinja_env.globals['theme'] = current_theme
app.jinja_env.globals['file_exists'] = os.path.exists
2024-03-29 15:58:25 +13:00
app.jinja_env.filters['community_links'] = community_link_to_href
app.jinja_env.filters['shorten'] = shorten_string
app.jinja_env.filters['shorten_url'] = shorten_url
@app.before_request
def before_request():
session['nonce'] = gibberish()
g.locale = str(get_locale())
if request.path != '/inbox' and not request.path.startswith('/static/'): # do not load g.site on shared inbox, to increase chance of duplicate detection working properly
g.site = Site.query.get(1)
2024-02-21 20:00:22 +13:00
if current_user.is_authenticated:
current_user.last_seen = datetime.utcnow()
2024-02-23 16:52:17 +13:00
current_user.email_unread_sent = False
else:
if session.get('Referer') is None and \
request.headers.get('Referer') is not None and \
current_app.config['SERVER_NAME'] not in request.headers.get('Referer'):
session['Referer'] = request.headers.get('Referer')
@app.after_request
def after_request(response):
if 'auth/register' not in request.path:
response.headers['Content-Security-Policy'] = f"script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'nonce-{session['nonce']}'"
response.headers['Strict-Transport-Security'] = 'max-age=63072000; includeSubDomains; preload'
response.headers['X-Content-Type-Options'] = 'nosniff'
response.headers['X-Frame-Options'] = 'DENY'
return response