Files @ 5c5f0eb45681
Branch filter:

Location: kallithea/kallithea/model/meta.py

5c5f0eb45681 2.1 KiB text/x-python Show Annotation Show as Raw Download as Raw
mads
auth: move CSRF checks from the optional LoginRequired to the more basic BaseController._before

_before is not called for the CSRF-immune JSON-API controller and is thus a
good place to check CSRF. This also apply CSRF protection to the login
controller.

The flag for needing CSRF checking is stored in the thread global request
object when passed from __call__ to _before for regular controllers. It is thus
also set for requests to the JSON-RPC controller, but not used.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# -*- coding: utf-8 -*-
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
"""
SQLAlchemy Metadata and Session object
"""
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import scoped_session, sessionmaker
from beaker import cache

from kallithea.lib import caching_query


# Beaker CacheManager.  A home base for cache configurations.
cache_manager = cache.CacheManager()

__all__ = ['Base', 'Session']

#
# SQLAlchemy session manager.
#
session_factory = sessionmaker(
    query_cls=caching_query.query_callable(cache_manager),
    expire_on_commit=True)
Session = scoped_session(session_factory)

# The base class for declarative schemas in db.py
# Engine is injected when model.__init__.init_model() sets meta.Base.metadata.bind
Base = declarative_base()

# to use cache use this in query:
#   .options(FromCache("sqlalchemy_cache_type", "cachekey"))


# Define naming conventions for foreign keys, primary keys, indexes,
# check constraints, and unique constraints, respectively.
Base.metadata.naming_convention = {
    'fk': 'fk_%(table_name)s_%(column_0_name)s',
    'pk': 'pk_%(table_name)s',
    'ix': 'ix_%(column_0_label)s',
    'ck': 'ck_%(table_name)s_%(column_0_name)s',
    'uq': 'uq_%(table_name)s_%(column_0_name)s',
}
# For custom CheckConstraints (not those autogenerated e.g. for Boolean
# types), a name should be given explicitly, since "column_0" is here a
# rather vague notion. A custom name is also necesarry if the generated
# name is very long, since MySQL limits identifiers to 64 characters.
Server instance: clio-25883 This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3. – Support