-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
/
app.py
102 lines (83 loc) · 2.71 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# -*- coding: utf-8 -*-
"""This is a simple cheatsheet webapp."""
import os
from flask import Flask, abort, send_from_directory, render_template
from flask_sslify import SSLify
from flask_seasurf import SeaSurf
from flask_talisman import Talisman
from werkzeug.exceptions import NotFound
from werkzeug.utils import safe_join
DIR = os.path.dirname(os.path.realpath(__file__))
ROOT = os.path.join(DIR, "docs", "_build", "html")
def find_key(token):
"""Find the key from the environment variable."""
if token == os.environ.get("ACME_TOKEN"):
return os.environ.get("ACME_KEY")
for k, v in os.environ.items():
if v == token and k.startswith("ACME_TOKEN_"):
n = k.replace("ACME_TOKEN_", "")
return os.environ.get("ACME_KEY_{}".format(n))
csp = {
"default-src": "'none'",
"style-src": ["'self'", "'unsafe-inline'"],
"script-src": [
"'self'",
"*.cloudflare.com",
"*.googletagmanager.com",
"*.google-analytics.com",
"*.carbonads.com",
"*.carbonads.net",
"'unsafe-inline'",
"'unsafe-eval'",
],
"form-action": "'self'",
"base-uri": "'self'",
"img-src": "*",
"frame-src": "ghbtns.com",
"frame-ancestors": "'none'",
"object-src": "'none'",
}
feature_policy = {"geolocation": "'none'"}
app = Flask(__name__, template_folder=ROOT)
app.config["SECRET_KEY"] = os.urandom(16)
app.config["SESSION_COOKIE_NAME"] = "__Secure-session"
app.config["SESSION_COOKIE_SAMESITE"] = "Strict"
app.config["CSRF_COOKIE_NAME"] = "__Secure-csrf-token"
app.config["CSRF_COOKIE_HTTPONLY"] = True
app.config["CSRF_COOKIE_SECURE"] = True
csrf = SeaSurf(app)
talisman = Talisman(
app,
force_https=False,
content_security_policy=csp,
feature_policy=feature_policy,
)
if "DYNO" in os.environ:
sslify = SSLify(app, permanent=True, skips=[".well-known"])
@app.errorhandler(404)
def page_not_found(e):
"""Redirect to 404.html."""
return render_template("404.html"), 404
@app.route("/<path:path>")
def static_proxy(path):
"""Find static files safely."""
try:
return send_from_directory(ROOT, path)
except NotFound:
# Handle file not found or directory errors
return render_template("404.html"), 404
@app.route("/")
def index_redirection():
"""Redirecting index file."""
return send_from_directory(ROOT, "index.html")
@csrf.exempt
@app.route("/.well-known/acme-challenge/<token>")
def acme(token):
"""Find the acme-key from environment variable."""
key = find_key(token)
if key is None:
abort(404)
return key
if __name__ == "__main__":
# Only run the app in debug mode during development
app.run(debug=os.environ.get("FLASK_ENV") == "development")