1
0

helpers.py 42 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155
  1. # -*- coding: utf-8 -*-
  2. """
  3. flask.helpers
  4. ~~~~~~~~~~~~~
  5. Implements various helpers.
  6. :copyright: 2010 Pallets
  7. :license: BSD-3-Clause
  8. """
  9. import io
  10. import mimetypes
  11. import os
  12. import pkgutil
  13. import posixpath
  14. import socket
  15. import sys
  16. import unicodedata
  17. from functools import update_wrapper
  18. from threading import RLock
  19. from time import time
  20. from zlib import adler32
  21. from jinja2 import FileSystemLoader
  22. from werkzeug.datastructures import Headers
  23. from werkzeug.exceptions import BadRequest
  24. from werkzeug.exceptions import NotFound
  25. from werkzeug.exceptions import RequestedRangeNotSatisfiable
  26. from werkzeug.routing import BuildError
  27. from werkzeug.urls import url_quote
  28. from werkzeug.wsgi import wrap_file
  29. from ._compat import fspath
  30. from ._compat import PY2
  31. from ._compat import string_types
  32. from ._compat import text_type
  33. from .globals import _app_ctx_stack
  34. from .globals import _request_ctx_stack
  35. from .globals import current_app
  36. from .globals import request
  37. from .globals import session
  38. from .signals import message_flashed
  39. # sentinel
  40. _missing = object()
  41. # what separators does this operating system provide that are not a slash?
  42. # this is used by the send_from_directory function to ensure that nobody is
  43. # able to access files from outside the filesystem.
  44. _os_alt_seps = list(
  45. sep for sep in [os.path.sep, os.path.altsep] if sep not in (None, "/")
  46. )
  47. def get_env():
  48. """Get the environment the app is running in, indicated by the
  49. :envvar:`FLASK_ENV` environment variable. The default is
  50. ``'production'``.
  51. """
  52. return os.environ.get("FLASK_ENV") or "production"
  53. def get_debug_flag():
  54. """Get whether debug mode should be enabled for the app, indicated
  55. by the :envvar:`FLASK_DEBUG` environment variable. The default is
  56. ``True`` if :func:`.get_env` returns ``'development'``, or ``False``
  57. otherwise.
  58. """
  59. val = os.environ.get("FLASK_DEBUG")
  60. if not val:
  61. return get_env() == "development"
  62. return val.lower() not in ("0", "false", "no")
  63. def get_load_dotenv(default=True):
  64. """Get whether the user has disabled loading dotenv files by setting
  65. :envvar:`FLASK_SKIP_DOTENV`. The default is ``True``, load the
  66. files.
  67. :param default: What to return if the env var isn't set.
  68. """
  69. val = os.environ.get("FLASK_SKIP_DOTENV")
  70. if not val:
  71. return default
  72. return val.lower() in ("0", "false", "no")
  73. def _endpoint_from_view_func(view_func):
  74. """Internal helper that returns the default endpoint for a given
  75. function. This always is the function name.
  76. """
  77. assert view_func is not None, "expected view func if endpoint is not provided."
  78. return view_func.__name__
  79. def stream_with_context(generator_or_function):
  80. """Request contexts disappear when the response is started on the server.
  81. This is done for efficiency reasons and to make it less likely to encounter
  82. memory leaks with badly written WSGI middlewares. The downside is that if
  83. you are using streamed responses, the generator cannot access request bound
  84. information any more.
  85. This function however can help you keep the context around for longer::
  86. from flask import stream_with_context, request, Response
  87. @app.route('/stream')
  88. def streamed_response():
  89. @stream_with_context
  90. def generate():
  91. yield 'Hello '
  92. yield request.args['name']
  93. yield '!'
  94. return Response(generate())
  95. Alternatively it can also be used around a specific generator::
  96. from flask import stream_with_context, request, Response
  97. @app.route('/stream')
  98. def streamed_response():
  99. def generate():
  100. yield 'Hello '
  101. yield request.args['name']
  102. yield '!'
  103. return Response(stream_with_context(generate()))
  104. .. versionadded:: 0.9
  105. """
  106. try:
  107. gen = iter(generator_or_function)
  108. except TypeError:
  109. def decorator(*args, **kwargs):
  110. gen = generator_or_function(*args, **kwargs)
  111. return stream_with_context(gen)
  112. return update_wrapper(decorator, generator_or_function)
  113. def generator():
  114. ctx = _request_ctx_stack.top
  115. if ctx is None:
  116. raise RuntimeError(
  117. "Attempted to stream with context but "
  118. "there was no context in the first place to keep around."
  119. )
  120. with ctx:
  121. # Dummy sentinel. Has to be inside the context block or we're
  122. # not actually keeping the context around.
  123. yield None
  124. # The try/finally is here so that if someone passes a WSGI level
  125. # iterator in we're still running the cleanup logic. Generators
  126. # don't need that because they are closed on their destruction
  127. # automatically.
  128. try:
  129. for item in gen:
  130. yield item
  131. finally:
  132. if hasattr(gen, "close"):
  133. gen.close()
  134. # The trick is to start the generator. Then the code execution runs until
  135. # the first dummy None is yielded at which point the context was already
  136. # pushed. This item is discarded. Then when the iteration continues the
  137. # real generator is executed.
  138. wrapped_g = generator()
  139. next(wrapped_g)
  140. return wrapped_g
  141. def make_response(*args):
  142. """Sometimes it is necessary to set additional headers in a view. Because
  143. views do not have to return response objects but can return a value that
  144. is converted into a response object by Flask itself, it becomes tricky to
  145. add headers to it. This function can be called instead of using a return
  146. and you will get a response object which you can use to attach headers.
  147. If view looked like this and you want to add a new header::
  148. def index():
  149. return render_template('index.html', foo=42)
  150. You can now do something like this::
  151. def index():
  152. response = make_response(render_template('index.html', foo=42))
  153. response.headers['X-Parachutes'] = 'parachutes are cool'
  154. return response
  155. This function accepts the very same arguments you can return from a
  156. view function. This for example creates a response with a 404 error
  157. code::
  158. response = make_response(render_template('not_found.html'), 404)
  159. The other use case of this function is to force the return value of a
  160. view function into a response which is helpful with view
  161. decorators::
  162. response = make_response(view_function())
  163. response.headers['X-Parachutes'] = 'parachutes are cool'
  164. Internally this function does the following things:
  165. - if no arguments are passed, it creates a new response argument
  166. - if one argument is passed, :meth:`flask.Flask.make_response`
  167. is invoked with it.
  168. - if more than one argument is passed, the arguments are passed
  169. to the :meth:`flask.Flask.make_response` function as tuple.
  170. .. versionadded:: 0.6
  171. """
  172. if not args:
  173. return current_app.response_class()
  174. if len(args) == 1:
  175. args = args[0]
  176. return current_app.make_response(args)
  177. def url_for(endpoint, **values):
  178. """Generates a URL to the given endpoint with the method provided.
  179. Variable arguments that are unknown to the target endpoint are appended
  180. to the generated URL as query arguments. If the value of a query argument
  181. is ``None``, the whole pair is skipped. In case blueprints are active
  182. you can shortcut references to the same blueprint by prefixing the
  183. local endpoint with a dot (``.``).
  184. This will reference the index function local to the current blueprint::
  185. url_for('.index')
  186. For more information, head over to the :ref:`Quickstart <url-building>`.
  187. Configuration values ``APPLICATION_ROOT`` and ``SERVER_NAME`` are only used when
  188. generating URLs outside of a request context.
  189. To integrate applications, :class:`Flask` has a hook to intercept URL build
  190. errors through :attr:`Flask.url_build_error_handlers`. The `url_for`
  191. function results in a :exc:`~werkzeug.routing.BuildError` when the current
  192. app does not have a URL for the given endpoint and values. When it does, the
  193. :data:`~flask.current_app` calls its :attr:`~Flask.url_build_error_handlers` if
  194. it is not ``None``, which can return a string to use as the result of
  195. `url_for` (instead of `url_for`'s default to raise the
  196. :exc:`~werkzeug.routing.BuildError` exception) or re-raise the exception.
  197. An example::
  198. def external_url_handler(error, endpoint, values):
  199. "Looks up an external URL when `url_for` cannot build a URL."
  200. # This is an example of hooking the build_error_handler.
  201. # Here, lookup_url is some utility function you've built
  202. # which looks up the endpoint in some external URL registry.
  203. url = lookup_url(endpoint, **values)
  204. if url is None:
  205. # External lookup did not have a URL.
  206. # Re-raise the BuildError, in context of original traceback.
  207. exc_type, exc_value, tb = sys.exc_info()
  208. if exc_value is error:
  209. raise exc_type, exc_value, tb
  210. else:
  211. raise error
  212. # url_for will use this result, instead of raising BuildError.
  213. return url
  214. app.url_build_error_handlers.append(external_url_handler)
  215. Here, `error` is the instance of :exc:`~werkzeug.routing.BuildError`, and
  216. `endpoint` and `values` are the arguments passed into `url_for`. Note
  217. that this is for building URLs outside the current application, and not for
  218. handling 404 NotFound errors.
  219. .. versionadded:: 0.10
  220. The `_scheme` parameter was added.
  221. .. versionadded:: 0.9
  222. The `_anchor` and `_method` parameters were added.
  223. .. versionadded:: 0.9
  224. Calls :meth:`Flask.handle_build_error` on
  225. :exc:`~werkzeug.routing.BuildError`.
  226. :param endpoint: the endpoint of the URL (name of the function)
  227. :param values: the variable arguments of the URL rule
  228. :param _external: if set to ``True``, an absolute URL is generated. Server
  229. address can be changed via ``SERVER_NAME`` configuration variable which
  230. falls back to the `Host` header, then to the IP and port of the request.
  231. :param _scheme: a string specifying the desired URL scheme. The `_external`
  232. parameter must be set to ``True`` or a :exc:`ValueError` is raised. The default
  233. behavior uses the same scheme as the current request, or
  234. ``PREFERRED_URL_SCHEME`` from the :ref:`app configuration <config>` if no
  235. request context is available. As of Werkzeug 0.10, this also can be set
  236. to an empty string to build protocol-relative URLs.
  237. :param _anchor: if provided this is added as anchor to the URL.
  238. :param _method: if provided this explicitly specifies an HTTP method.
  239. """
  240. appctx = _app_ctx_stack.top
  241. reqctx = _request_ctx_stack.top
  242. if appctx is None:
  243. raise RuntimeError(
  244. "Attempted to generate a URL without the application context being"
  245. " pushed. This has to be executed when application context is"
  246. " available."
  247. )
  248. # If request specific information is available we have some extra
  249. # features that support "relative" URLs.
  250. if reqctx is not None:
  251. url_adapter = reqctx.url_adapter
  252. blueprint_name = request.blueprint
  253. if endpoint[:1] == ".":
  254. if blueprint_name is not None:
  255. endpoint = blueprint_name + endpoint
  256. else:
  257. endpoint = endpoint[1:]
  258. external = values.pop("_external", False)
  259. # Otherwise go with the url adapter from the appctx and make
  260. # the URLs external by default.
  261. else:
  262. url_adapter = appctx.url_adapter
  263. if url_adapter is None:
  264. raise RuntimeError(
  265. "Application was not able to create a URL adapter for request"
  266. " independent URL generation. You might be able to fix this by"
  267. " setting the SERVER_NAME config variable."
  268. )
  269. external = values.pop("_external", True)
  270. anchor = values.pop("_anchor", None)
  271. method = values.pop("_method", None)
  272. scheme = values.pop("_scheme", None)
  273. appctx.app.inject_url_defaults(endpoint, values)
  274. # This is not the best way to deal with this but currently the
  275. # underlying Werkzeug router does not support overriding the scheme on
  276. # a per build call basis.
  277. old_scheme = None
  278. if scheme is not None:
  279. if not external:
  280. raise ValueError("When specifying _scheme, _external must be True")
  281. old_scheme = url_adapter.url_scheme
  282. url_adapter.url_scheme = scheme
  283. try:
  284. try:
  285. rv = url_adapter.build(
  286. endpoint, values, method=method, force_external=external
  287. )
  288. finally:
  289. if old_scheme is not None:
  290. url_adapter.url_scheme = old_scheme
  291. except BuildError as error:
  292. # We need to inject the values again so that the app callback can
  293. # deal with that sort of stuff.
  294. values["_external"] = external
  295. values["_anchor"] = anchor
  296. values["_method"] = method
  297. values["_scheme"] = scheme
  298. return appctx.app.handle_url_build_error(error, endpoint, values)
  299. if anchor is not None:
  300. rv += "#" + url_quote(anchor)
  301. return rv
  302. def get_template_attribute(template_name, attribute):
  303. """Loads a macro (or variable) a template exports. This can be used to
  304. invoke a macro from within Python code. If you for example have a
  305. template named :file:`_cider.html` with the following contents:
  306. .. sourcecode:: html+jinja
  307. {% macro hello(name) %}Hello {{ name }}!{% endmacro %}
  308. You can access this from Python code like this::
  309. hello = get_template_attribute('_cider.html', 'hello')
  310. return hello('World')
  311. .. versionadded:: 0.2
  312. :param template_name: the name of the template
  313. :param attribute: the name of the variable of macro to access
  314. """
  315. return getattr(current_app.jinja_env.get_template(template_name).module, attribute)
  316. def flash(message, category="message"):
  317. """Flashes a message to the next request. In order to remove the
  318. flashed message from the session and to display it to the user,
  319. the template has to call :func:`get_flashed_messages`.
  320. .. versionchanged:: 0.3
  321. `category` parameter added.
  322. :param message: the message to be flashed.
  323. :param category: the category for the message. The following values
  324. are recommended: ``'message'`` for any kind of message,
  325. ``'error'`` for errors, ``'info'`` for information
  326. messages and ``'warning'`` for warnings. However any
  327. kind of string can be used as category.
  328. """
  329. # Original implementation:
  330. #
  331. # session.setdefault('_flashes', []).append((category, message))
  332. #
  333. # This assumed that changes made to mutable structures in the session are
  334. # always in sync with the session object, which is not true for session
  335. # implementations that use external storage for keeping their keys/values.
  336. flashes = session.get("_flashes", [])
  337. flashes.append((category, message))
  338. session["_flashes"] = flashes
  339. message_flashed.send(
  340. current_app._get_current_object(), message=message, category=category
  341. )
  342. def get_flashed_messages(with_categories=False, category_filter=()):
  343. """Pulls all flashed messages from the session and returns them.
  344. Further calls in the same request to the function will return
  345. the same messages. By default just the messages are returned,
  346. but when `with_categories` is set to ``True``, the return value will
  347. be a list of tuples in the form ``(category, message)`` instead.
  348. Filter the flashed messages to one or more categories by providing those
  349. categories in `category_filter`. This allows rendering categories in
  350. separate html blocks. The `with_categories` and `category_filter`
  351. arguments are distinct:
  352. * `with_categories` controls whether categories are returned with message
  353. text (``True`` gives a tuple, where ``False`` gives just the message text).
  354. * `category_filter` filters the messages down to only those matching the
  355. provided categories.
  356. See :ref:`message-flashing-pattern` for examples.
  357. .. versionchanged:: 0.3
  358. `with_categories` parameter added.
  359. .. versionchanged:: 0.9
  360. `category_filter` parameter added.
  361. :param with_categories: set to ``True`` to also receive categories.
  362. :param category_filter: whitelist of categories to limit return values
  363. """
  364. flashes = _request_ctx_stack.top.flashes
  365. if flashes is None:
  366. _request_ctx_stack.top.flashes = flashes = (
  367. session.pop("_flashes") if "_flashes" in session else []
  368. )
  369. if category_filter:
  370. flashes = list(filter(lambda f: f[0] in category_filter, flashes))
  371. if not with_categories:
  372. return [x[1] for x in flashes]
  373. return flashes
  374. def send_file(
  375. filename_or_fp,
  376. mimetype=None,
  377. as_attachment=False,
  378. attachment_filename=None,
  379. add_etags=True,
  380. cache_timeout=None,
  381. conditional=False,
  382. last_modified=None,
  383. ):
  384. """Sends the contents of a file to the client. This will use the
  385. most efficient method available and configured. By default it will
  386. try to use the WSGI server's file_wrapper support. Alternatively
  387. you can set the application's :attr:`~Flask.use_x_sendfile` attribute
  388. to ``True`` to directly emit an ``X-Sendfile`` header. This however
  389. requires support of the underlying webserver for ``X-Sendfile``.
  390. By default it will try to guess the mimetype for you, but you can
  391. also explicitly provide one. For extra security you probably want
  392. to send certain files as attachment (HTML for instance). The mimetype
  393. guessing requires a `filename` or an `attachment_filename` to be
  394. provided.
  395. ETags will also be attached automatically if a `filename` is provided. You
  396. can turn this off by setting `add_etags=False`.
  397. If `conditional=True` and `filename` is provided, this method will try to
  398. upgrade the response stream to support range requests. This will allow
  399. the request to be answered with partial content response.
  400. Please never pass filenames to this function from user sources;
  401. you should use :func:`send_from_directory` instead.
  402. .. versionadded:: 0.2
  403. .. versionadded:: 0.5
  404. The `add_etags`, `cache_timeout` and `conditional` parameters were
  405. added. The default behavior is now to attach etags.
  406. .. versionchanged:: 0.7
  407. mimetype guessing and etag support for file objects was
  408. deprecated because it was unreliable. Pass a filename if you are
  409. able to, otherwise attach an etag yourself. This functionality
  410. will be removed in Flask 1.0
  411. .. versionchanged:: 0.9
  412. cache_timeout pulls its default from application config, when None.
  413. .. versionchanged:: 0.12
  414. The filename is no longer automatically inferred from file objects. If
  415. you want to use automatic mimetype and etag support, pass a filepath via
  416. `filename_or_fp` or `attachment_filename`.
  417. .. versionchanged:: 0.12
  418. The `attachment_filename` is preferred over `filename` for MIME-type
  419. detection.
  420. .. versionchanged:: 1.0
  421. UTF-8 filenames, as specified in `RFC 2231`_, are supported.
  422. .. _RFC 2231: https://tools.ietf.org/html/rfc2231#section-4
  423. .. versionchanged:: 1.0.3
  424. Filenames are encoded with ASCII instead of Latin-1 for broader
  425. compatibility with WSGI servers.
  426. .. versionchanged:: 1.1
  427. Filename may be a :class:`~os.PathLike` object.
  428. .. versionadded:: 1.1
  429. Partial content supports :class:`~io.BytesIO`.
  430. :param filename_or_fp: the filename of the file to send.
  431. This is relative to the :attr:`~Flask.root_path`
  432. if a relative path is specified.
  433. Alternatively a file object might be provided in
  434. which case ``X-Sendfile`` might not work and fall
  435. back to the traditional method. Make sure that the
  436. file pointer is positioned at the start of data to
  437. send before calling :func:`send_file`.
  438. :param mimetype: the mimetype of the file if provided. If a file path is
  439. given, auto detection happens as fallback, otherwise an
  440. error will be raised.
  441. :param as_attachment: set to ``True`` if you want to send this file with
  442. a ``Content-Disposition: attachment`` header.
  443. :param attachment_filename: the filename for the attachment if it
  444. differs from the file's filename.
  445. :param add_etags: set to ``False`` to disable attaching of etags.
  446. :param conditional: set to ``True`` to enable conditional responses.
  447. :param cache_timeout: the timeout in seconds for the headers. When ``None``
  448. (default), this value is set by
  449. :meth:`~Flask.get_send_file_max_age` of
  450. :data:`~flask.current_app`.
  451. :param last_modified: set the ``Last-Modified`` header to this value,
  452. a :class:`~datetime.datetime` or timestamp.
  453. If a file was passed, this overrides its mtime.
  454. """
  455. mtime = None
  456. fsize = None
  457. if hasattr(filename_or_fp, "__fspath__"):
  458. filename_or_fp = fspath(filename_or_fp)
  459. if isinstance(filename_or_fp, string_types):
  460. filename = filename_or_fp
  461. if not os.path.isabs(filename):
  462. filename = os.path.join(current_app.root_path, filename)
  463. file = None
  464. if attachment_filename is None:
  465. attachment_filename = os.path.basename(filename)
  466. else:
  467. file = filename_or_fp
  468. filename = None
  469. if mimetype is None:
  470. if attachment_filename is not None:
  471. mimetype = (
  472. mimetypes.guess_type(attachment_filename)[0]
  473. or "application/octet-stream"
  474. )
  475. if mimetype is None:
  476. raise ValueError(
  477. "Unable to infer MIME-type because no filename is available. "
  478. "Please set either `attachment_filename`, pass a filepath to "
  479. "`filename_or_fp` or set your own MIME-type via `mimetype`."
  480. )
  481. headers = Headers()
  482. if as_attachment:
  483. if attachment_filename is None:
  484. raise TypeError("filename unavailable, required for sending as attachment")
  485. if not isinstance(attachment_filename, text_type):
  486. attachment_filename = attachment_filename.decode("utf-8")
  487. try:
  488. attachment_filename = attachment_filename.encode("ascii")
  489. except UnicodeEncodeError:
  490. filenames = {
  491. "filename": unicodedata.normalize("NFKD", attachment_filename).encode(
  492. "ascii", "ignore"
  493. ),
  494. "filename*": "UTF-8''%s" % url_quote(attachment_filename, safe=b""),
  495. }
  496. else:
  497. filenames = {"filename": attachment_filename}
  498. headers.add("Content-Disposition", "attachment", **filenames)
  499. if current_app.use_x_sendfile and filename:
  500. if file is not None:
  501. file.close()
  502. headers["X-Sendfile"] = filename
  503. fsize = os.path.getsize(filename)
  504. headers["Content-Length"] = fsize
  505. data = None
  506. else:
  507. if file is None:
  508. file = open(filename, "rb")
  509. mtime = os.path.getmtime(filename)
  510. fsize = os.path.getsize(filename)
  511. headers["Content-Length"] = fsize
  512. elif isinstance(file, io.BytesIO):
  513. try:
  514. fsize = file.getbuffer().nbytes
  515. except AttributeError:
  516. # Python 2 doesn't have getbuffer
  517. fsize = len(file.getvalue())
  518. headers["Content-Length"] = fsize
  519. data = wrap_file(request.environ, file)
  520. rv = current_app.response_class(
  521. data, mimetype=mimetype, headers=headers, direct_passthrough=True
  522. )
  523. if last_modified is not None:
  524. rv.last_modified = last_modified
  525. elif mtime is not None:
  526. rv.last_modified = mtime
  527. rv.cache_control.public = True
  528. if cache_timeout is None:
  529. cache_timeout = current_app.get_send_file_max_age(filename)
  530. if cache_timeout is not None:
  531. rv.cache_control.max_age = cache_timeout
  532. rv.expires = int(time() + cache_timeout)
  533. if add_etags and filename is not None:
  534. from warnings import warn
  535. try:
  536. rv.set_etag(
  537. "%s-%s-%s"
  538. % (
  539. os.path.getmtime(filename),
  540. os.path.getsize(filename),
  541. adler32(
  542. filename.encode("utf-8")
  543. if isinstance(filename, text_type)
  544. else filename
  545. )
  546. & 0xFFFFFFFF,
  547. )
  548. )
  549. except OSError:
  550. warn(
  551. "Access %s failed, maybe it does not exist, so ignore etags in "
  552. "headers" % filename,
  553. stacklevel=2,
  554. )
  555. if conditional:
  556. try:
  557. rv = rv.make_conditional(request, accept_ranges=True, complete_length=fsize)
  558. except RequestedRangeNotSatisfiable:
  559. if file is not None:
  560. file.close()
  561. raise
  562. # make sure we don't send x-sendfile for servers that
  563. # ignore the 304 status code for x-sendfile.
  564. if rv.status_code == 304:
  565. rv.headers.pop("x-sendfile", None)
  566. return rv
  567. def safe_join(directory, *pathnames):
  568. """Safely join `directory` and zero or more untrusted `pathnames`
  569. components.
  570. Example usage::
  571. @app.route('/wiki/<path:filename>')
  572. def wiki_page(filename):
  573. filename = safe_join(app.config['WIKI_FOLDER'], filename)
  574. with open(filename, 'rb') as fd:
  575. content = fd.read() # Read and process the file content...
  576. :param directory: the trusted base directory.
  577. :param pathnames: the untrusted pathnames relative to that directory.
  578. :raises: :class:`~werkzeug.exceptions.NotFound` if one or more passed
  579. paths fall out of its boundaries.
  580. """
  581. parts = [directory]
  582. for filename in pathnames:
  583. if filename != "":
  584. filename = posixpath.normpath(filename)
  585. if (
  586. any(sep in filename for sep in _os_alt_seps)
  587. or os.path.isabs(filename)
  588. or filename == ".."
  589. or filename.startswith("../")
  590. ):
  591. raise NotFound()
  592. parts.append(filename)
  593. return posixpath.join(*parts)
  594. def send_from_directory(directory, filename, **options):
  595. """Send a file from a given directory with :func:`send_file`. This
  596. is a secure way to quickly expose static files from an upload folder
  597. or something similar.
  598. Example usage::
  599. @app.route('/uploads/<path:filename>')
  600. def download_file(filename):
  601. return send_from_directory(app.config['UPLOAD_FOLDER'],
  602. filename, as_attachment=True)
  603. .. admonition:: Sending files and Performance
  604. It is strongly recommended to activate either ``X-Sendfile`` support in
  605. your webserver or (if no authentication happens) to tell the webserver
  606. to serve files for the given path on its own without calling into the
  607. web application for improved performance.
  608. .. versionadded:: 0.5
  609. :param directory: the directory where all the files are stored.
  610. :param filename: the filename relative to that directory to
  611. download.
  612. :param options: optional keyword arguments that are directly
  613. forwarded to :func:`send_file`.
  614. """
  615. filename = fspath(filename)
  616. directory = fspath(directory)
  617. filename = safe_join(directory, filename)
  618. if not os.path.isabs(filename):
  619. filename = os.path.join(current_app.root_path, filename)
  620. try:
  621. if not os.path.isfile(filename):
  622. raise NotFound()
  623. except (TypeError, ValueError):
  624. raise BadRequest()
  625. options.setdefault("conditional", True)
  626. return send_file(filename, **options)
  627. def get_root_path(import_name):
  628. """Returns the path to a package or cwd if that cannot be found. This
  629. returns the path of a package or the folder that contains a module.
  630. Not to be confused with the package path returned by :func:`find_package`.
  631. """
  632. # Module already imported and has a file attribute. Use that first.
  633. mod = sys.modules.get(import_name)
  634. if mod is not None and hasattr(mod, "__file__"):
  635. return os.path.dirname(os.path.abspath(mod.__file__))
  636. # Next attempt: check the loader.
  637. loader = pkgutil.get_loader(import_name)
  638. # Loader does not exist or we're referring to an unloaded main module
  639. # or a main module without path (interactive sessions), go with the
  640. # current working directory.
  641. if loader is None or import_name == "__main__":
  642. return os.getcwd()
  643. # For .egg, zipimporter does not have get_filename until Python 2.7.
  644. # Some other loaders might exhibit the same behavior.
  645. if hasattr(loader, "get_filename"):
  646. filepath = loader.get_filename(import_name)
  647. else:
  648. # Fall back to imports.
  649. __import__(import_name)
  650. mod = sys.modules[import_name]
  651. filepath = getattr(mod, "__file__", None)
  652. # If we don't have a filepath it might be because we are a
  653. # namespace package. In this case we pick the root path from the
  654. # first module that is contained in our package.
  655. if filepath is None:
  656. raise RuntimeError(
  657. "No root path can be found for the provided "
  658. 'module "%s". This can happen because the '
  659. "module came from an import hook that does "
  660. "not provide file name information or because "
  661. "it's a namespace package. In this case "
  662. "the root path needs to be explicitly "
  663. "provided." % import_name
  664. )
  665. # filepath is import_name.py for a module, or __init__.py for a package.
  666. return os.path.dirname(os.path.abspath(filepath))
  667. def _matching_loader_thinks_module_is_package(loader, mod_name):
  668. """Given the loader that loaded a module and the module this function
  669. attempts to figure out if the given module is actually a package.
  670. """
  671. # If the loader can tell us if something is a package, we can
  672. # directly ask the loader.
  673. if hasattr(loader, "is_package"):
  674. return loader.is_package(mod_name)
  675. # importlib's namespace loaders do not have this functionality but
  676. # all the modules it loads are packages, so we can take advantage of
  677. # this information.
  678. elif (
  679. loader.__class__.__module__ == "_frozen_importlib"
  680. and loader.__class__.__name__ == "NamespaceLoader"
  681. ):
  682. return True
  683. # Otherwise we need to fail with an error that explains what went
  684. # wrong.
  685. raise AttributeError(
  686. (
  687. "%s.is_package() method is missing but is required by Flask of "
  688. "PEP 302 import hooks. If you do not use import hooks and "
  689. "you encounter this error please file a bug against Flask."
  690. )
  691. % loader.__class__.__name__
  692. )
  693. def _find_package_path(root_mod_name):
  694. """Find the path where the module's root exists in"""
  695. if sys.version_info >= (3, 4):
  696. import importlib.util
  697. try:
  698. spec = importlib.util.find_spec(root_mod_name)
  699. if spec is None:
  700. raise ValueError("not found")
  701. # ImportError: the machinery told us it does not exist
  702. # ValueError:
  703. # - the module name was invalid
  704. # - the module name is __main__
  705. # - *we* raised `ValueError` due to `spec` being `None`
  706. except (ImportError, ValueError):
  707. pass # handled below
  708. else:
  709. # namespace package
  710. if spec.origin in {"namespace", None}:
  711. return os.path.dirname(next(iter(spec.submodule_search_locations)))
  712. # a package (with __init__.py)
  713. elif spec.submodule_search_locations:
  714. return os.path.dirname(os.path.dirname(spec.origin))
  715. # just a normal module
  716. else:
  717. return os.path.dirname(spec.origin)
  718. # we were unable to find the `package_path` using PEP 451 loaders
  719. loader = pkgutil.get_loader(root_mod_name)
  720. if loader is None or root_mod_name == "__main__":
  721. # import name is not found, or interactive/main module
  722. return os.getcwd()
  723. else:
  724. # For .egg, zipimporter does not have get_filename until Python 2.7.
  725. if hasattr(loader, "get_filename"):
  726. filename = loader.get_filename(root_mod_name)
  727. elif hasattr(loader, "archive"):
  728. # zipimporter's loader.archive points to the .egg or .zip
  729. # archive filename is dropped in call to dirname below.
  730. filename = loader.archive
  731. else:
  732. # At least one loader is missing both get_filename and archive:
  733. # Google App Engine's HardenedModulesHook
  734. #
  735. # Fall back to imports.
  736. __import__(root_mod_name)
  737. filename = sys.modules[root_mod_name].__file__
  738. package_path = os.path.abspath(os.path.dirname(filename))
  739. # In case the root module is a package we need to chop of the
  740. # rightmost part. This needs to go through a helper function
  741. # because of python 3.3 namespace packages.
  742. if _matching_loader_thinks_module_is_package(loader, root_mod_name):
  743. package_path = os.path.dirname(package_path)
  744. return package_path
  745. def find_package(import_name):
  746. """Finds a package and returns the prefix (or None if the package is
  747. not installed) as well as the folder that contains the package or
  748. module as a tuple. The package path returned is the module that would
  749. have to be added to the pythonpath in order to make it possible to
  750. import the module. The prefix is the path below which a UNIX like
  751. folder structure exists (lib, share etc.).
  752. """
  753. root_mod_name, _, _ = import_name.partition(".")
  754. package_path = _find_package_path(root_mod_name)
  755. site_parent, site_folder = os.path.split(package_path)
  756. py_prefix = os.path.abspath(sys.prefix)
  757. if package_path.startswith(py_prefix):
  758. return py_prefix, package_path
  759. elif site_folder.lower() == "site-packages":
  760. parent, folder = os.path.split(site_parent)
  761. # Windows like installations
  762. if folder.lower() == "lib":
  763. base_dir = parent
  764. # UNIX like installations
  765. elif os.path.basename(parent).lower() == "lib":
  766. base_dir = os.path.dirname(parent)
  767. else:
  768. base_dir = site_parent
  769. return base_dir, package_path
  770. return None, package_path
  771. class locked_cached_property(object):
  772. """A decorator that converts a function into a lazy property. The
  773. function wrapped is called the first time to retrieve the result
  774. and then that calculated result is used the next time you access
  775. the value. Works like the one in Werkzeug but has a lock for
  776. thread safety.
  777. """
  778. def __init__(self, func, name=None, doc=None):
  779. self.__name__ = name or func.__name__
  780. self.__module__ = func.__module__
  781. self.__doc__ = doc or func.__doc__
  782. self.func = func
  783. self.lock = RLock()
  784. def __get__(self, obj, type=None):
  785. if obj is None:
  786. return self
  787. with self.lock:
  788. value = obj.__dict__.get(self.__name__, _missing)
  789. if value is _missing:
  790. value = self.func(obj)
  791. obj.__dict__[self.__name__] = value
  792. return value
  793. class _PackageBoundObject(object):
  794. #: The name of the package or module that this app belongs to. Do not
  795. #: change this once it is set by the constructor.
  796. import_name = None
  797. #: Location of the template files to be added to the template lookup.
  798. #: ``None`` if templates should not be added.
  799. template_folder = None
  800. #: Absolute path to the package on the filesystem. Used to look up
  801. #: resources contained in the package.
  802. root_path = None
  803. def __init__(self, import_name, template_folder=None, root_path=None):
  804. self.import_name = import_name
  805. self.template_folder = template_folder
  806. if root_path is None:
  807. root_path = get_root_path(self.import_name)
  808. self.root_path = root_path
  809. self._static_folder = None
  810. self._static_url_path = None
  811. # circular import
  812. from .cli import AppGroup
  813. #: The Click command group for registration of CLI commands
  814. #: on the application and associated blueprints. These commands
  815. #: are accessible via the :command:`flask` command once the
  816. #: application has been discovered and blueprints registered.
  817. self.cli = AppGroup()
  818. @property
  819. def static_folder(self):
  820. """The absolute path to the configured static folder."""
  821. if self._static_folder is not None:
  822. return os.path.join(self.root_path, self._static_folder)
  823. @static_folder.setter
  824. def static_folder(self, value):
  825. if value is not None:
  826. value = value.rstrip("/\\")
  827. self._static_folder = value
  828. @property
  829. def static_url_path(self):
  830. """The URL prefix that the static route will be accessible from.
  831. If it was not configured during init, it is derived from
  832. :attr:`static_folder`.
  833. """
  834. if self._static_url_path is not None:
  835. return self._static_url_path
  836. if self.static_folder is not None:
  837. basename = os.path.basename(self.static_folder)
  838. return ("/" + basename).rstrip("/")
  839. @static_url_path.setter
  840. def static_url_path(self, value):
  841. if value is not None:
  842. value = value.rstrip("/")
  843. self._static_url_path = value
  844. @property
  845. def has_static_folder(self):
  846. """This is ``True`` if the package bound object's container has a
  847. folder for static files.
  848. .. versionadded:: 0.5
  849. """
  850. return self.static_folder is not None
  851. @locked_cached_property
  852. def jinja_loader(self):
  853. """The Jinja loader for this package bound object.
  854. .. versionadded:: 0.5
  855. """
  856. if self.template_folder is not None:
  857. return FileSystemLoader(os.path.join(self.root_path, self.template_folder))
  858. def get_send_file_max_age(self, filename):
  859. """Provides default cache_timeout for the :func:`send_file` functions.
  860. By default, this function returns ``SEND_FILE_MAX_AGE_DEFAULT`` from
  861. the configuration of :data:`~flask.current_app`.
  862. Static file functions such as :func:`send_from_directory` use this
  863. function, and :func:`send_file` calls this function on
  864. :data:`~flask.current_app` when the given cache_timeout is ``None``. If a
  865. cache_timeout is given in :func:`send_file`, that timeout is used;
  866. otherwise, this method is called.
  867. This allows subclasses to change the behavior when sending files based
  868. on the filename. For example, to set the cache timeout for .js files
  869. to 60 seconds::
  870. class MyFlask(flask.Flask):
  871. def get_send_file_max_age(self, name):
  872. if name.lower().endswith('.js'):
  873. return 60
  874. return flask.Flask.get_send_file_max_age(self, name)
  875. .. versionadded:: 0.9
  876. """
  877. return total_seconds(current_app.send_file_max_age_default)
  878. def send_static_file(self, filename):
  879. """Function used internally to send static files from the static
  880. folder to the browser.
  881. .. versionadded:: 0.5
  882. """
  883. if not self.has_static_folder:
  884. raise RuntimeError("No static folder for this object")
  885. # Ensure get_send_file_max_age is called in all cases.
  886. # Here, we ensure get_send_file_max_age is called for Blueprints.
  887. cache_timeout = self.get_send_file_max_age(filename)
  888. return send_from_directory(
  889. self.static_folder, filename, cache_timeout=cache_timeout
  890. )
  891. def open_resource(self, resource, mode="rb"):
  892. """Opens a resource from the application's resource folder. To see
  893. how this works, consider the following folder structure::
  894. /myapplication.py
  895. /schema.sql
  896. /static
  897. /style.css
  898. /templates
  899. /layout.html
  900. /index.html
  901. If you want to open the :file:`schema.sql` file you would do the
  902. following::
  903. with app.open_resource('schema.sql') as f:
  904. contents = f.read()
  905. do_something_with(contents)
  906. :param resource: the name of the resource. To access resources within
  907. subfolders use forward slashes as separator.
  908. :param mode: Open file in this mode. Only reading is supported,
  909. valid values are "r" (or "rt") and "rb".
  910. """
  911. if mode not in {"r", "rt", "rb"}:
  912. raise ValueError("Resources can only be opened for reading")
  913. return open(os.path.join(self.root_path, resource), mode)
  914. def total_seconds(td):
  915. """Returns the total seconds from a timedelta object.
  916. :param timedelta td: the timedelta to be converted in seconds
  917. :returns: number of seconds
  918. :rtype: int
  919. """
  920. return td.days * 60 * 60 * 24 + td.seconds
  921. def is_ip(value):
  922. """Determine if the given string is an IP address.
  923. Python 2 on Windows doesn't provide ``inet_pton``, so this only
  924. checks IPv4 addresses in that environment.
  925. :param value: value to check
  926. :type value: str
  927. :return: True if string is an IP address
  928. :rtype: bool
  929. """
  930. if PY2 and os.name == "nt":
  931. try:
  932. socket.inet_aton(value)
  933. return True
  934. except socket.error:
  935. return False
  936. for family in (socket.AF_INET, socket.AF_INET6):
  937. try:
  938. socket.inet_pton(family, value)
  939. except socket.error:
  940. pass
  941. else:
  942. return True
  943. return False