apache-airflow-providers-fab 1.5.3__py3-none-any.whl → 2.0.0__py3-none-any.whl

airflow/providers/fab/www/extensions/init_manifest_files.py

@@ -0,0 +1,61 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+import json
+import os
+
+from flask import url_for
+
+
+def configure_manifest_files(app):
+    """
+    Load the manifest file and register the `url_for_asset_` template tag.
+
+    :param app:
+    """
+    manifest = {}
+
+    def parse_manifest_json():
+        try:
+            manifest_file = os.path.join(os.path.dirname(__file__), os.pardir, "static/dist/manifest.json")
+            with open(manifest_file) as file:
+                manifest.update(json.load(file))
+
+                for source, target in manifest.copy().items():
+                    manifest[source] = os.path.join("dist", target)
+        except Exception:
+            print("Please make sure to build the frontend in static/ directory and restart the server")
+
+    def get_asset_url(filename):
+        if app.debug:
+            parse_manifest_json()
+        return url_for("static", filename=manifest.get(filename, filename))
+
+    parse_manifest_json()
+
+    @app.context_processor
+    def get_url_for_asset():
+        """
+        Template tag to return the asset URL.
+
+        WebPack renders the assets after minification and modification under the
+        static/dist folder. This template tag reads the asset name in
+        ``manifest.json`` and returns the appropriate file.
+        """
+        return {"url_for_asset": get_asset_url}

airflow/providers/fab/www/extensions/init_security.py

@@ -0,0 +1,61 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+import logging
+from importlib import import_module
+
+from airflow.configuration import conf
+from airflow.exceptions import AirflowException
+
+log = logging.getLogger(__name__)
+
+
+def init_xframe_protection(app):
+    """
+    Add X-Frame-Options header.
+
+    Use it to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.
+
+    See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+    """
+    x_frame_enabled = conf.getboolean("webserver", "X_FRAME_ENABLED", fallback=True)
+    if x_frame_enabled:
+        return
+
+    def apply_caching(response):
+        response.headers["X-Frame-Options"] = "DENY"
+        return response
+
+    app.after_request(apply_caching)
+
+
+def init_api_auth(app):
+    """Load authentication backends."""
+    auth_backends = conf.get(
+        "fab", "auth_backends", fallback="airflow.providers.fab.auth_manager.api.auth.backend.session"
+    )
+
+    app.api_auth = []
+    try:
+        for backend in auth_backends.split(","):
+            auth = import_module(backend.strip())
+            auth.init_app(app)
+            app.api_auth.append(auth)
+    except ImportError as err:
+        log.critical("Cannot import %s for API authentication due to: %s", backend, err)
+        raise AirflowException(err)

airflow/providers/fab/www/extensions/init_session.py

@@ -0,0 +1,64 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+from flask import session as builtin_flask_session
+
+from airflow.configuration import conf
+from airflow.exceptions import AirflowConfigException
+from airflow.providers.fab.www.session import (
+    AirflowDatabaseSessionInterface,
+    AirflowSecureCookieSessionInterface,
+)
+
+
+def init_airflow_session_interface(app):
+    """Set airflow session interface."""
+    config = app.config.copy()
+    selected_backend = conf.get("fab", "SESSION_BACKEND")
+    # A bit of a misnomer - normally cookies expire whenever the browser is closed
+    # or when they hit their expiry datetime, whichever comes first. "Permanent"
+    # cookies only expire when they hit their expiry datetime, and can outlive
+    # the browser being closed.
+    permanent_cookie = config.get("SESSION_PERMANENT", True)
+
+    if selected_backend == "securecookie":
+        app.session_interface = AirflowSecureCookieSessionInterface()
+        if permanent_cookie:
+
+            def make_session_permanent():
+                builtin_flask_session.permanent = True
+
+            app.before_request(make_session_permanent)
+    elif selected_backend == "database":
+        app.session_interface = AirflowDatabaseSessionInterface(
+            app=app,
+            db=None,
+            permanent=permanent_cookie,
+            # Typically these would be configurable with Flask-Session,
+            # but we will set them explicitly instead as they don't make
+            # sense to have configurable in Airflow's use case
+            table="session",
+            key_prefix="",
+            use_signer=True,
+        )
+    else:
+        raise AirflowConfigException(
+            "Unrecognized session backend specified in "
+            f"[fab] session_backend: '{selected_backend}'. Please set "
+            "this to either 'database' or 'securecookie'."
+        )

airflow/providers/fab/www/extensions/init_views.py

@@ -0,0 +1,177 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from __future__ import annotations
+
+import logging
+from functools import cached_property
+from typing import TYPE_CHECKING
+
+from connexion import Resolver
+from connexion.decorators.validation import RequestBodyValidator
+from connexion.exceptions import BadRequestProblem, ProblemException
+from flask import request
+
+from airflow.api_fastapi.app import get_auth_manager
+from airflow.providers.fab.www.api_connexion.exceptions import common_error_handler
+
+if TYPE_CHECKING:
+    from flask import Flask
+
+log = logging.getLogger(__name__)
+
+
+def init_appbuilder_views(app):
+    """Initialize Web UI views."""
+    from airflow.models import import_all_models
+    from airflow.providers.fab.www import views
+
+    import_all_models()
+
+    appbuilder = app.appbuilder
+
+    # Remove the session from scoped_session registry to avoid
+    # reusing a session with a disconnected connection
+    appbuilder.session.remove()
+    appbuilder.add_view_no_menu(views.FabIndexView())
+
+
+class _LazyResolution:
+    """
+    OpenAPI endpoint that lazily resolves the function on first use.
+
+    This is a stand-in replacement for ``connexion.Resolution`` that implements
+    its public attributes ``function`` and ``operation_id``, but the function
+    is only resolved when it is first accessed.
+    """
+
+    def __init__(self, resolve_func, operation_id):
+        self._resolve_func = resolve_func
+        self.operation_id = operation_id
+
+    @cached_property
+    def function(self):
+        return self._resolve_func(self.operation_id)
+
+
+class _LazyResolver(Resolver):
+    """
+    OpenAPI endpoint resolver that loads lazily on first use.
+
+    This re-implements ``connexion.Resolver.resolve()`` to not eagerly resolve
+    the endpoint function (and thus avoid importing it in the process), but only
+    return a placeholder that will be actually resolved when the contained
+    function is accessed.
+    """
+
+    def resolve(self, operation):
+        operation_id = self.resolve_operation_id(operation)
+        return _LazyResolution(self.resolve_function_from_operation_id, operation_id)
+
+
+class _CustomErrorRequestBodyValidator(RequestBodyValidator):
+    """
+    Custom request body validator that overrides error messages.
+
+    By default, Connextion emits a very generic *None is not of type 'object'*
+    error when receiving an empty request body (with the view specifying the
+    body as non-nullable). We overrides it to provide a more useful message.
+    """
+
+    def validate_schema(self, data, url):
+        if not self.is_null_value_valid and data is None:
+            raise BadRequestProblem(detail="Request body must not be empty")
+        return super().validate_schema(data, url)
+
+
+def init_plugins(app):
+    """Integrate Flask and FAB with plugins."""
+    from airflow import plugins_manager
+
+    plugins_manager.initialize_flask_plugins()
+
+    appbuilder = app.appbuilder
+
+    for view in plugins_manager.flask_appbuilder_views:
+        name = view.get("name")
+        if name:
+            filtered_view_kwargs = {k: v for k, v in view.items() if k not in ["view"]}
+            log.debug("Adding view %s with menu", name)
+            baseview = view.get("view")
+            if baseview:
+                appbuilder.add_view(baseview, **filtered_view_kwargs)
+            else:
+                log.error("'view' key is missing for the named view: %s", name)
+        else:
+            # if 'name' key is missing, intent is to add view without menu
+            log.debug("Adding view %s without menu", str(type(view["view"])))
+            appbuilder.add_view_no_menu(view["view"])
+
+    for menu_link in sorted(
+        plugins_manager.flask_appbuilder_menu_links, key=lambda x: (x.get("category", ""), x["name"])
+    ):
+        log.debug("Adding menu link %s to %s", menu_link["name"], menu_link["href"])
+        appbuilder.add_link(**menu_link)
+
+    for blue_print in plugins_manager.flask_blueprints:
+        log.debug("Adding blueprint %s:%s", blue_print["name"], blue_print["blueprint"].import_name)
+        app.register_blueprint(blue_print["blueprint"])
+
+
+base_paths: list[str] = []  # contains the list of base paths that have api endpoints
+
+
+def init_api_error_handlers(app: Flask) -> None:
+    """Add error handlers for 404 and 405 errors for existing API paths."""
+    from airflow.providers.fab.www import views
+
+    @app.errorhandler(404)
+    def _handle_api_not_found(ex):
+        if any([request.path.startswith(p) for p in base_paths]):
+            # 404 errors are never handled on the blueprint level
+            # unless raised from a view func so actual 404 errors,
+            # i.e. "no route for it" defined, need to be handled
+            # here on the application level
+            return common_error_handler(ex)
+        else:
+            return views.not_found(ex)
+
+    @app.errorhandler(405)
+    def _handle_method_not_allowed(ex):
+        if any([request.path.startswith(p) for p in base_paths]):
+            return common_error_handler(ex)
+        else:
+            return views.method_not_allowed(ex)
+
+    app.register_error_handler(ProblemException, common_error_handler)
+
+
+def init_error_handlers(app: Flask):
+    """Add custom errors handlers."""
+    from airflow.providers.fab.www import views
+
+    app.register_error_handler(500, views.show_traceback)
+    app.register_error_handler(404, views.not_found)
+
+
+def init_api_auth_provider(app):
+    """Initialize the API offered by the auth manager."""
+    auth_mgr = get_auth_manager()
+    blueprint = auth_mgr.get_api_endpoints()
+    if blueprint:
+        base_paths.append(blueprint.url_prefix)
+        app.register_blueprint(blueprint)
+        app.extensions["csrf"].exempt(blueprint)