kinto 23.2.1__py3-none-any.whl

kinto/config/kinto.tpl

@@ -0,0 +1,270 @@
+# Created at {config_file_timestamp}
+# Using Kinto version {kinto_version}
+# Full options list for .ini file
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html
+
+
+[server:main]
+use = egg:waitress#main
+host = {host}
+port = %(http_port)s
+
+
+[app:main]
+use = egg:kinto
+
+# Feature settings
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#feature-settings
+#
+# kinto.readonly = false
+# kinto.batch_max_requests = 25
+# kinto.paginate_by =
+# Experimental JSON-schema on collection
+# kinto.experimental_collection_schema_validation = false
+#
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#activating-the-permissions-endpoint
+# kinto.experimental_permissions_endpoint = false
+#
+# kinto.trailing_slash_redirect_enabled = true
+# kinto.trailing_slash_redirect_ttl_seconds = 3600
+# kinto.heartbeat_timeout_seconds = 10
+
+# Plugins
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#plugins
+# https://github.com/uralbash/awesome-pyramid
+kinto.includes = kinto.plugins.default_bucket
+                 kinto.plugins.admin
+                 kinto.plugins.accounts
+#                kinto.plugins.history
+
+# Backends
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#storage
+#
+kinto.storage_backend = {storage_backend}
+kinto.storage_url = {storage_url}
+# kinto.storage_max_fetch_size = 10000
+# kinto.storage_pool_size = 25
+# kinto.storage_max_overflow = 5
+# kinto.storage_pool_recycle = -1
+# kinto.storage_pool_timeout = 30
+# kinto.storage_max_backlog = -1
+
+# Cache
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#cache
+#
+kinto.cache_backend = {cache_backend}
+kinto.cache_url = {cache_url}
+# kinto.cache_prefix =
+# kinto.cache_max_size_bytes = 524288
+# kinto.cache_pool_size = 25
+# kinto.cache_max_overflow = 5
+# kinto.cache_pool_recycle = -1
+# kinto.cache_pool_timeout = 30
+# kinto.cache_max_backlog = -1
+
+# kinto.cache_backend = kinto.core.cache.memcached
+# kinto.cache_hosts = 127.0.0.1:11211
+
+# Permissions.
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#permissions
+#
+kinto.permission_backend = {permission_backend}
+kinto.permission_url = {permission_url}
+# kinto.permission_pool_size = 25
+# kinto.permission_max_overflow = 5
+# kinto.permission_pool_recycle = 1
+# kinto.permission_pool_timeout = 30
+# kinto.permission_max_backlog - 1
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#bypass-permissions-with-configuration
+# kinto.bucket_create_principals = system.Authenticated
+
+# Authentication
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#authentication
+#
+kinto.userid_hmac_secret = {secret}
+multiauth.policies = account
+
+# Bucket ID salt
+kinto.default_bucket_hmac_secret = {bucket_id_salt}
+
+# Any pyramid multiauth setting can be specified for custom authentication
+# https://github.com/uralbash/awesome-pyramid#authentication
+#
+# Accounts API configuration
+#
+# Enable built-in plugin.
+# Set `kinto.includes` to `kinto.plugins.accounts`
+# Enable authenticated policy.
+# Set `multiauth.policies` to `account`
+multiauth.policy.account.use = kinto.plugins.accounts.AccountsPolicy
+# Allow anyone to create accounts.
+kinto.account_create_principals = system.Everyone
+# Set user 'account:admin' as the administrator.
+kinto.account_write_principals = account:admin
+# Allow administrators to create buckets
+kinto.bucket_create_principals = account:admin
+
+# Notifications
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#notifications
+#
+# Configuration example:
+# kinto.event_listeners = redis
+# kinto.event_listeners.redis.use = kinto_redis.listeners
+# kinto.event_listeners.redis.url = redis://localhost:6379/0
+# kinto.event_listeners.redis.pool_size = 5
+# kinto.event_listeners.redis.listname = queue
+# kinto.event_listeners.redis.actions = create
+# kinto.event_listeners.redis.resources = bucket collection
+
+# Production settings
+#
+# https://kinto.readthedocs.io/en/latest/configuration/production.html
+
+# kinto.http_scheme = https
+# kinto.http_host = kinto.services.mozilla.com
+
+# Cross Origin Requests
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#cross-origin-requests-cors
+#
+# kinto.cors_origins = *
+
+# Backoff indicators/end of service
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#backoff-indicators
+# https://kinto.readthedocs.io/en/latest/api/1.x/backoff.html#id1
+#
+# kinto.backoff =
+# kinto.backoff_percentage =
+# kinto.retry_after_seconds = 3
+# kinto.eos =
+# kinto.eos_message =
+# kinto.eos_url =
+
+# Project information
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#project-information
+#
+# kinto.version_json_path = ./version.json
+# kinto.error_info_link = https://github.com/kinto/kinto/issues/
+# kinto.project_docs = https://kinto.readthedocs.io
+# kinto.project_name = kinto
+# kinto.project_version =
+# kinto.version_prefix_redirect_enabled = true
+
+# Application profilling
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#application-profiling
+# kinto.profiler_enabled = true
+# kinto.profiler_dir = /tmp/profiling
+
+# Client cache headers
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#client-caching
+#
+# Root URL
+# kinto.root_cache_expires_seconds = 86400
+#
+# Every bucket objects objects and list
+# kinto.bucket_cache_expires_seconds = 3600
+#
+# Every collection objects and list of every buckets
+# kinto.collection_cache_expires_seconds = 3600
+#
+# Every group objects and list of every buckets
+# kinto.group_cache_expires_seconds = 3600
+#
+# Every records objects and list of every collections
+# kinto.record_cache_expires_seconds = 3600
+#
+# Records in a specific bucket
+# kinto.blog_record_cache_expires_seconds = 3600
+#
+# Records in a specific collection in a specific bucket
+# kinto.blog_article_record_cache_expires_seconds = 3600
+
+# Custom ID generator for POST Requests
+# https://kinto.readthedocs.io/en/latest/tutorials/custom-id-generator.html#tutorial-id-generator
+#
+# Default generator
+# kinto.bucket_id_generator=kinto.views.NameGenerator
+# Custom example
+# kinto.collection_id_generator = name_generator.CollectionGenerator
+# kinto.group_id_generator = name_generator.GroupGenerator
+# kinto.record_id_generator = name_generator.RecordGenerator
+
+# Kinto admin
+# Absolute path to UI assets
+# kinto.admin_assets_path = /app/kinto/plugins/admin/build/
+
+# Enabling or disabling endpoints
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#enabling-or-disabling-endpoints
+#
+# kinto.endpoint_type_resource_name_method_enabled = false
+# Where:
+# endpoint_type: is either ``plural`` (e.g. ``/buckets``) or ``object`` (e.g. ``/buckets/abc``);
+# resource_name: is the name of the resource (e.g. ``bucket``, ``group``, ``collection``, ``record``);
+# method: is the http method (in lower case) (e.g. ``get``, ``post``, ``put``, ``patch``, ``delete``).
+# For example, to disable the POST on the list of buckets and DELETE on single records
+# kinto.plural_bucket_post_enabled = false
+# kinto.object_record_delete_enabled = false
+
+# [uwsgi]
+# wsgi-file = app.wsgi
+# enable-threads = true
+# socket = /var/run/uwsgi/kinto.sock
+# chmod-socket = 666
+# processes =  3
+# master = true
+# module = kinto
+# harakiri = 120
+# uid = kinto
+# gid = kinto
+# virtualenv = .venv
+# lazy = true
+# lazy-apps = true
+# single-interpreter = true
+# buffer-size = 65535
+# post-buffering = 65535
+# plugin = python
+
+# Logging and Monitoring
+#
+# https://kinto.readthedocs.io/en/latest/configuration/settings.html#logging-and-monitoring
+# kinto.statsd_backend = kinto.core.statsd
+# kinto.statsd_prefix = kinto
+# kinto.statsd_url =
+
+# kinto.sentry_dsn =
+# kinto.sentry_env =
+
+# kinto.newrelic_config =
+# kinto.newrelic_env = dev
+
+# Logging configuration
+
+[loggers]
+keys = root, kinto
+
+[handlers]
+keys = console
+
+[formatters]
+keys = color, json
+
+[logger_root]
+level = INFO
+handlers = console
+
+[logger_kinto]
+level = DEBUG
+handlers = console
+qualname = kinto
+propagate = 0
+
+[handler_console]
+class = kinto.core.StreamHandlerWithRequestID
+args = (sys.stderr,)
+level = NOTSET
+formatter = color
+
+[formatter_color]
+class = logging_color_formatter.ColorFormatter
+
+[formatter_json]
+class = kinto.core.JsonLogFormatter

kinto/contribute.json

@@ -0,0 +1,27 @@
+{
+  "name": "Kinto",
+  "description": "Kinto is a minimalist JSON storage service with synchronisation and sharing abilities.",
+  "repository": {
+    "url": "https://github.com/Kinto/kinto",
+    "license": "Apache License (2.0)",
+    "tests": "https://github.com/Kinto/kinto/actions"
+  },
+  "participate": {
+    "home": "https://kinto.readthedocs.io/en/latest/community.html#how-to-contribute",
+    "docs": "https://kinto.readthedocs.io/",
+    "irc": "irc://irc.freenode.org/#kinto",
+    "irc-contacts": ["alexis", "leplatrem", "magopian", "natim", "NiKo`"]
+  },
+  "bugs": {
+    "list": "https://github.com/Kinto/kinto/issues",
+    "report": "https://github.com/Kinto/kinto/issues/new"
+  },
+  "keywords": [
+    "JSON",
+    "Python",
+    "Pyramid",
+    "REST",
+    "API",
+    "Database"
+  ]
+}

kinto/core/__init__.py

@@ -0,0 +1,246 @@
+"""Main entry point"""
+
+import logging
+import tempfile
+
+import pkg_resources
+from dockerflow import logging as dockerflow_logging
+from pyramid.settings import aslist
+
+from kinto.core import errors, events
+from kinto.core.cornice import Service as CorniceService
+from kinto.core.initialization import (  # NOQA
+    initialize,
+    install_middlewares,
+    load_default_settings,
+)
+from kinto.core.utils import (
+    current_resource_name,
+    current_service,
+    follow_subrequest,
+    log_context,
+    prefixed_principals,
+    prefixed_userid,
+)
+
+
+logger = logging.getLogger(__name__)
+
+__all__ = ["initialize", "load_default_settings", "Service"]
+
+# Module version, as defined in PEP-0396.
+__version__ = pkg_resources.get_distribution("kinto").version  # FIXME?
+
+DEFAULT_SETTINGS = {
+    "backoff": None,
+    "backoff_percentage": None,
+    "batch_max_requests": 25,
+    "cache_backend": "",
+    "cache_hosts": "",
+    "cache_url": "",
+    "cache_prefix": "",
+    "cache_max_size_bytes": 524288,
+    "cors_origins": "*",
+    "cors_max_age_seconds": 3600,
+    "eos": None,
+    "eos_message": None,
+    "eos_url": None,
+    "explicit_permissions": True,
+    "error_info_link": "https://github.com/Kinto/kinto/issues/",
+    "http_host": None,
+    "http_scheme": None,
+    "id_generator": "kinto.core.storage.generators.UUID4",
+    "includes": "",
+    "initialization_sequence": (
+        "kinto.core.initialization.setup_request_bound_data",
+        "kinto.core.initialization.setup_json_serializer",
+        "kinto.core.initialization.restrict_http_methods_if_readonly",
+        "kinto.core.initialization.setup_csp_headers",
+        "kinto.core.initialization.setup_logging",
+        "kinto.core.initialization.setup_storage",
+        "kinto.core.initialization.setup_permission",
+        "kinto.core.initialization.setup_cache",
+        "kinto.core.initialization.setup_requests_scheme",
+        "kinto.core.initialization.setup_version_redirection",
+        "kinto.core.initialization.setup_deprecation",
+        "kinto.core.initialization.setup_authentication",
+        "kinto.core.initialization.setup_backoff",
+        "kinto.core.initialization.setup_sentry",
+        "kinto.core.initialization.setup_listeners",
+        "kinto.core.initialization.setup_metrics",
+        "kinto.core.events.setup_transaction_hook",
+    ),
+    "event_listeners": "",
+    "json_renderer": "ultrajson",
+    "heartbeat_timeout_seconds": 10,
+    "newrelic_config": None,
+    "newrelic_env": "dev",
+    "paginate_by": None,
+    "pagination_token_validity_seconds": 10 * 60,
+    "permission_backend": "",
+    "permission_url": "",
+    "profiler_dir": tempfile.gettempdir(),
+    "profiler_enabled": False,
+    "project_docs": "",
+    "project_name": "",
+    "project_version": "",
+    "readonly": False,
+    "root_cache_expires_seconds": 86400,
+    "retry_after_seconds": 30,
+    "version_prefix_redirect_ttl_seconds": -1,
+    "settings_prefix": "",
+    "sentry_dsn": None,
+    "sentry_env": None,
+    "sentry_breadcrumbs_min_level": logging.DEBUG,
+    "sentry_events_min_level": logging.WARNING,
+    "statsd_backend": "kinto.core.statsd",
+    "statsd_prefix": "kinto.core",
+    "statsd_url": None,
+    "metrics_matchdict_fields": [],
+    "storage_backend": "",
+    "storage_url": "",
+    "storage_max_fetch_size": 10000,
+    "tm.annotate_user": False,  # Do annotate transactions with the user-id.
+    "transaction_per_request": True,
+    "userid_hmac_secret": "",
+    "default_bucket_hmac_secret": "",
+    "version_json_path": "version.json",
+    "version_prefix_redirect_enabled": True,
+    "trailing_slash_redirect_enabled": True,
+    "trailing_slash_redirect_ttl_seconds": 3600,
+    "multiauth.groupfinder": "kinto.core.authorization.groupfinder",
+    "multiauth.policies": "",
+    "multiauth.policy.basicauth.use": "kinto.core.authentication.BasicAuthAuthenticationPolicy",
+    "multiauth.authorization_policy": "kinto.core.authorization.AuthorizationPolicy",
+}
+
+
+class Service(CorniceService):
+    """Subclass of the default cornice service.
+
+    This is useful in order to attach specific behaviours without monkey
+    patching the default cornice service (which would impact other uses of it)
+    """
+
+    default_cors_headers = ("Backoff", "Retry-After", "Alert", "Content-Length", "Content-Type")
+
+    def error_handler(self, request):
+        return errors.json_error_handler(request)
+
+    @classmethod
+    def init_from_settings(cls, settings):
+        cls.renderer = settings["json_renderer"]
+        cls.cors_origins = tuple(aslist(settings["cors_origins"]))
+        cors_max_age = settings["cors_max_age_seconds"]
+        cls.cors_max_age = int(cors_max_age) if cors_max_age else None
+
+
+class JsonLogFormatter(dockerflow_logging.JsonLogFormatter):
+    logger_name = "kinto"
+
+    @classmethod
+    def init_from_settings(cls, settings):
+        cls.logger_name = settings["project_name"]
+
+    def __init__(self, fmt=None, datefmt=None, style="%"):
+        # Do not let mozilla-cloud-services-logger constructor to improperly
+        # use style as the logger_name.
+        # See https://github.com/mozilla/mozilla-cloud-services-logger/issues/3
+        logger_name = self.logger_name
+        super().__init__(fmt, datefmt, style)
+        self.logger_name = logger_name
+
+
+class StreamHandlerWithRequestID(logging.StreamHandler):
+    """
+    A custom StreamHandler that adds the Dockerflow's `RequestIdLogFilter`.
+
+    Defining a custom handler seems to be the only way to bypass the fact that
+    ``logging.config.fileConfig()`` does not load filters from ``.ini`` files.
+    """
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        filter_ = dockerflow_logging.RequestIdLogFilter()
+        self.addFilter(filter_)
+
+
+def get_user_info(request):
+    # Default user info (shown in hello view for example).
+    user_info = {"id": request.prefixed_userid, "principals": request.prefixed_principals}
+    if hasattr(request, "get_user_profile"):
+        user_info["profile"] = request.get_user_profile()
+    return user_info
+
+
+def includeme(config):
+    settings = config.get_settings()
+
+    # Heartbeat registry.
+    config.registry.heartbeats = {}
+
+    # Public settings registry.
+    config.registry.public_settings = {"batch_max_requests", "readonly", "explicit_permissions"}
+
+    # Directive to declare arbitrary API capabilities.
+    def add_api_capability(config, identifier, description="", url="", **kw):
+        existing = config.registry.api_capabilities.get(identifier)
+        if existing:
+            error_msg = "The '{}' API capability was already registered ({})."
+            raise ValueError(error_msg.format(identifier, existing))
+
+        capability = dict(description=description, url=url, **kw)
+        config.registry.api_capabilities[identifier] = capability
+
+    config.add_directive("add_api_capability", add_api_capability)
+    config.registry.api_capabilities = {}
+
+    # Resource events helpers.
+    config.add_request_method(events.get_resource_events, name="get_resource_events")
+    config.add_request_method(events.notify_resource_event, name="notify_resource_event")
+
+    # Setup cornice.
+    config.include("kinto.core.cornice")
+
+    # Setup cornice api documentation
+    config.include("kinto.core.cornice_swagger")
+
+    # Per-request transaction.
+    config.include("pyramid_tm")
+
+    # Add CORS settings to the base kinto.core Service class.
+    Service.init_from_settings(settings)
+
+    # Use the project name as the main logger name (Logger field in MozLog).
+    JsonLogFormatter.init_from_settings(settings)
+
+    # Setup components.
+    for step in aslist(settings["initialization_sequence"]):
+        step_func = config.maybe_dotted(step)
+        step_func(config)
+
+    # Custom helpers.
+    config.add_request_method(log_context)
+    config.add_request_method(follow_subrequest)
+    config.add_request_method(prefixed_userid, property=True)
+    config.add_request_method(prefixed_principals, reify=True)
+    config.add_request_method(get_user_info, name="get_user_info")
+    config.add_request_method(current_resource_name, reify=True)
+    config.add_request_method(current_service, reify=True)
+    config.commit()
+
+    # Include plugins after init, unlike pyramid includes.
+    includes = aslist(settings["includes"])
+    for app in includes:
+        config.include(app)
+
+    # # Show settings to output.
+    # for key, value in settings.items():
+    #     logger.info('Using {} = {}'.format(key, value))
+
+    # Scan views.
+    config.scan("kinto.core.views")
+
+    # Give sign of life.
+    msg = "Running {project_name} {project_version}."
+    logger.info(msg.format_map(settings))

kinto/core/authentication.py

@@ -0,0 +1,48 @@
+from pyramid import authentication as base_auth
+
+from kinto.core import utils
+from kinto.core.openapi import OpenAPI
+
+
+class BasicAuthAuthenticationPolicy(base_auth.BasicAuthAuthenticationPolicy):
+    """Basic auth implementation.
+
+    Allow any user with any credentials (e.g. there is no need to create an
+    account).
+
+    """
+
+    def __init__(self, *args, **kwargs):
+        def noop_check(*a):
+            return []
+
+        super().__init__(noop_check, *args, **kwargs)
+
+    def effective_principals(self, request):
+        # Bypass default Pyramid construction of principals because
+        # Pyramid multiauth already adds userid, Authenticated and Everyone
+        # principals.
+        return []
+
+    def unauthenticated_userid(self, request):
+        settings = request.registry.settings
+
+        credentials = base_auth.extract_http_basic_credentials(request)
+        if credentials:
+            username, password = credentials
+            if not username:
+                return
+
+            hmac_secret = settings["userid_hmac_secret"]
+            credentials = f"{credentials[0]}:{credentials[1]}"
+            userid = utils.hmac_digest(hmac_secret, credentials)
+            return userid
+
+
+def includeme(config):
+    config.add_api_capability(
+        "basicauth",
+        description="Very basic authentication sessions. Not for production use.",
+        url="http://kinto.readthedocs.io/en/stable/api/1.x/authentication.html",
+    )
+    OpenAPI.expose_authentication_method("basicauth", {"type": "basic"})