profile
viewpoint
Benjamin "Ziirish" SANS ziirish France https://ziirish.info/blog/ FOSS contributor since 2008

noirbizarre/flask-restplus 2418

Fully featured framework for fast, easy and documented API development with Flask

ziirish/burp-ui 78

Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap

ziirish/zerocli 18

Simple cli interface for ZeroBin

ziirish/OctoPrint-TuyaSmartplug 9

Tuya Smartplug plugin for OctoPrint

ziirish/shelldone 8

A shell just for fun

ziirish/pluzzdl 7

My own fork of pluzzdl

lenaing/fmb 2

Full Metal Blog

lenaing/fmb-plugins 1

Full Metal Blog Plugins

ziirish/ZeroBin2 1

ZeroBin2 is a rewrite of https://github.com/sebsauvage/ZeroBin using Crypto-js instead of SJCL to be compatible with openssl

ziirish/burp 0

burp - backup and restore program

issue commentziirish/OctoPrint-TuyaSmartplug

Feature Request: Off on Idle

You can accomplish this by using also PSU control plugin and setting GCODE as off command image and enabling "GCODE Trigger" in TuyaSmartplug

seawitch4

comment created time in a day

issue commentpython-restx/flask-restx

Cannot use an array as json body

A simple workaround: @NAMESPACE.expect([DICT_MODEL]) . But this thing will allow to provide both a single item and a list of items.

autra

comment created time in a day

fork speed47/appimage.github.io

Given an URL to an AppImage, AppImageHub inspects the AppImage and puts it into a community-maintained catalog

https://appimage.github.io/

fork in 2 days

issue openedpython-restx/flask-restx

Cannot use an array as json body

Description

I'm not sure if it's a bug, a feature request or a question. What I want to do is to POST a list of entities to my endpoints, but I'm unable to do so (I can only post objects/dictionnaries). The POST body would therefore look like:

[
    { "id": 1, "foo": "bar", ...},
    { "id": 2, "foo": "baz, ...},
    ...
]

I do not want a wrapping dict, even though it is of course a possible workaround.

I cannot manage to achieve such a result. Basically in the code I want to be able to do something like:

# it could be a fields.Nested instead of a fields.String here
test_fields = api.model('test', fields.List(fields.String))
# or 
test_fields = api.model('test', [fields.String])
# none of these works...

@api.route('/test')
class Tests(Resource):
    @api.expect(test_fields)
    def post(self):
        """
        Test a route
        """
        print('Got length', len(api.payload))
        # then use the array of entities

        return { 'msg': 'success', 'payload': api.payload }

Additional context

I've managed to achieve such a result, by implementing a ListModel as such:

class ListModel(RawModel, list):

    def __init__(self, name, *args, **kwargs):
        super(ListModel, self).__init__(name, *args, **kwargs)
        self.type = args[0][0]

        def instance_clone(name, *parents):
            return self.__class__.clone(name, self, *parents)

        self.clone = instance_clone

    @property
    def _schema(self):
        return {
                "type": "array",
                "items": self.type.__schema__
        }

    def items(self):
        return [self.type]

    def __deepcopy__(self, memo):
        obj = self.__class__(
            self.name,
            [copy.deepcopy(value, memo) for value in iter(self)],
            mask=self.__mask__,
        )
        obj.__parents__ = self.__parents__
        return obj

Did I miss something? If not, would flask-restx be interested in adding such a ListModel?

created time in 2 days

issue openedpython-restx/flask-restx

Inline CSS style breaks Swagger UI due to content security policy (Flask Talisman)

Flask Talisman is often used to secure a flask application.

If Flask Talisman is added to a Flask Restx project, the Swagger UI is no longer rendered in any modern browser. Adding Flask Talisman is done with:

from flask import Flask
from flask_talisman import Talisman

app = Flask()
...
Talisman(app)

Browser says: Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-xmHxD8PCyVLff5pky6+I50yPBEE+4wkuKmblJOCd+Wo='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

Reason is the inline CSS in https://github.com/python-restx/flask-restx/blob/84ae8361526005b8f1cf147b428d00c1faa86491/flask_restx/templates/swagger-ui-css.html#L14

The easiest solution would be to move this inline CSS to an extra file. Generating a nonce or hash seems to be too complicated as it needs to be done on every page request. Also, it would require a direct integration between Flask Restx and Talisman.

A workaround is allowing such inline CSS, but this basically makes using a content security policy pointless.

Talisman(app, content_security_policy={
        'style-src': [
            '\'unsafe-inline\'',
            '\'self\'',
        ]
    })

Environment

  • Python version: 3.8.6
  • Flask version: 1.1.2
  • Flask-RESTX version: 0.2.0
  • flask-talisman: 0.7.0

created time in 2 days

created repositoryscalair/terraform-azure-automation-account

Terraform module to manage an Automation Account

created time in 3 days

created repositoryscalair/terraform-azure-automation-certificate

Terraform module to manage an `Automation Account` certificate.

created time in 3 days

created repositoryscalair/terraform-azure-automation-connection

Terraform module to manage an Automation Account connection using a Service Principal

created time in 3 days

push eventovh/celery-director

Nicolas Crocfer

commit sha c1fddf8b02e69c406f3ec865e2703207b75a5423

Deployed 1dd5d7c with MkDocs version: 1.0.4

view details

push time in 3 days

created tagovh/celery-director

tagv0.3.0

Simple and rapid framework to build workflows using Celery

created time in 3 days

release ovh/celery-director

v0.3.0

released time in 3 days

push eventovh/celery-director

Nicolas Crocfer

commit sha 1dd5d7cd30597e4e274ea7c55b009bbf089a4935

bump: v0.3.0 Signed-off-by: Nicolas Crocfer <nicolas.crocfer@corp.ovh.com>

view details

push time in 3 days

PR merged ovh/celery-director

Reviewers
bump: v0.3

Signed-off-by: Nicolas Crocfer nicolas.crocfer@corp.ovh.com

+10 -1

0 comment

2 changed files

ncrocfer

pr closed time in 3 days

issue commentpython-restx/flask-restx

Customizable Swagger.json Path

Any changes of making the json use the same prefix as docs itself?

from flask import Flask from flask_restx import Api, Resource from flask_restx import Namespace, Resource, fields from werkzeug.middleware.proxy_fix import ProxyFix

app = Flask(name) app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)

api = Api( app=app, doc='/pyapi/docs/', url_scheme='http', )

With this the docs route is correct but the json path is still pointing to /swagger.json

Anyungu

comment created time in 3 days

issue commentziirish/OctoPrint-TuyaSmartplug

status unknown for <ip of smart plug>

I've checked the Firmware version of my Teckin SP23/27 plugs, and they are 1.0.3. and 1.0.0 respectively. Not sure if this makes a difference or incompatible with the Plugin.

hanzala-123

comment created time in 3 days

issue commentpython-restx/flask-restx

How to use dictionary decorator in resource

You can modify your validators to check method names like:

def mydecorator(meth):
    if meth.__name__ in ("get", "post"):
        # put here actual validation code
        pass
    
    return meth

or even write some wrapper like:

def validation_limiter(methods, validator):
    methods = [name.lower() for name in methods]
    def inner(meth):
        if meth.__name__ not in methods:
             return meth
        return validator(meth)
    return inner

and use it like

class SomeResource(flask_restx.Resource):
    method_decorators = [
        validation_limiter(["GET", "POST"], mydecorator),
        validation_limiter(["GET"], mydecorator2),
    ]
suxiaobai

comment created time in 4 days

fork flexbox/dotfiles

Default configuration for Le Wagon's students

https://www.lewagon.com

fork in 4 days

pull request commentpython-trio/trio

Bump cffi from 1.14.3 to 1.14.4

One of your CI runs failed on this pull request, so Dependabot won't merge it.

Dependabot will still automatically merge this pull request if you amend it and your tests pass.

dependabot-preview[bot]

comment created time in 4 days

pull request commentpython-trio/trio

Bump cffi from 1.14.3 to 1.14.4

Codecov Report

Merging #1807 (4743d3d) into master (f751897) will decrease coverage by 7.46%. The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #1807      +/-   ##
==========================================
- Coverage   99.64%   92.18%   -7.47%     
==========================================
  Files         114      114              
  Lines       14503    14503              
  Branches     1105     1105              
==========================================
- Hits        14451    13369    -1082     
- Misses         37     1057    +1020     
- Partials       15       77      +62     
Impacted Files Coverage Δ
trio/_windows_pipes.py 0.00% <0.00%> (-100.00%) :arrow_down:
trio/_wait_for_object.py 0.00% <0.00%> (-100.00%) :arrow_down:
trio/_core/_windows_cffi.py 0.00% <0.00%> (-100.00%) :arrow_down:
trio/_subprocess_platform/kqueue.py 0.00% <0.00%> (-100.00%) :arrow_down:
trio/_subprocess_platform/windows.py 0.00% <0.00%> (-100.00%) :arrow_down:
trio/_core/_io_windows.py 0.00% <0.00%> (-98.68%) :arrow_down:
trio/tests/test_wait_for_object.py 10.37% <0.00%> (-89.63%) :arrow_down:
trio/_core/_io_kqueue.py 0.00% <0.00%> (-85.49%) :arrow_down:
trio/_core/tests/test_windows.py 17.18% <0.00%> (-82.82%) :arrow_down:
trio/tests/test_windows_pipes.py 24.67% <0.00%> (-75.33%) :arrow_down:
... and 32 more
dependabot-preview[bot]

comment created time in 4 days

create barnchpython-trio/trio

branch : dependabot/pip/cffi-1.14.4

created branch time in 4 days

PR opened python-trio/trio

Bump cffi from 1.14.3 to 1.14.4

Bumps cffi from 1.14.3 to 1.14.4. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/python-cffi/release-doc/commits">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+1 -1

0 comment

1 changed file

pr created time in 4 days

issue commentpython-restx/flask-restx

Adding choices to add_argument() throws a runtime error (no application found)

I think the important part of this is actually related to the db, not the parser

RuntimeError: No application found. Either work inside a view function or push an application context. See http://flask-sqlalchemy.pocoo.org/contexts/.

Makes me think of this specific issue with flask and FlaskSQLAlchemy. This sort of error normally occurs when you're trying to do something that requires the Flask app context, but it isn't present.

kashyapm94

comment created time in 5 days

issue commentpython-restx/flask-restx

How to use dictionary decorator in resource

method_decorators is a list, not a dict, associated with a Resource, that then gets called, in list order, over the method in question.

class Resource(MethodView):
    """
    Represents an abstract RESTX resource.

    Concrete resources should extend from this class
    and expose methods for each supported HTTP method.
    If a resource is invoked with an unsupported HTTP method,
    the API will return a response with status 405 Method Not Allowed.
    Otherwise the appropriate method is called and passed all arguments
    from the url rule used when adding the resource to an Api instance.
    See :meth:`~flask_restx.Api.add_resource` for details.
    """

    representations = None
    method_decorators = []

    def __init__(self, api=None, *args, **kwargs):
        self.api = api

    def dispatch_request(self, *args, **kwargs):
        # Taken from flask
        meth = getattr(self, request.method.lower(), None)
        if meth is None and request.method == "HEAD":
            meth = getattr(self, "get", None)
        assert meth is not None, "Unimplemented method %r" % request.method

        for decorator in self.method_decorators:
            meth = decorator(meth)

        self.validate_payload(meth)

        resp = meth(*args, **kwargs)

        if isinstance(resp, BaseResponse):
            return resp

So, you can't set a way to do it for only some methods in a Resource.

You can pass in decorators via an Api or a Namespace as well. However, again, these decorate every method (at least from what I'm reading in the code). from Api: :param list decorators: Decorators to attach to every resource

unfortunately, I'm not seeing a way to set method_decorators as a dict that affects only specific methods. However, I think this is a good (and much safer) suggestion!

suxiaobai

comment created time in 5 days

issue closedpython-restx/flask-restx

Cross Origin Resource Sharing support

How can I enable CORS headers for Flask-restx?

I have a need to enable CORS headers on my API response. Digging through the flask-restx code base, I noticed there is an undocumented cors submodule.

I see in #64 , there is a recommendation to use Flask-CORS for adding CORS headers, so I'm wondering if the undocumented cors functionality in restx should be avoided?

I have lightly tested it with the following:

from flask_restx import Namespace, Resource, reqparse, fields, cors

ns = Namespace('inventories', description="Inventory",
               decorators=[cors.crossdomain(origin="*")])

And it seems to return the headers as expected

 access-control-allow-methods: GET, HEAD 
 access-control-allow-origin: * 
 access-control-max-age: 21600 

Based on the tests in test_cors.py, I originally tried

@ns.route("/oem/")
class OEMInventory(Resource):
    @cors.crossdomain(origin="*")
    @ns.marshal_with(oem_inventory_model)
    def get(self):
      ...
      return [data for host, data in oem_hosts.items()]

But that seem to break marshal_with, as I started getting errors about "list is not a valid response object".

closed time in 5 days

jhampson-dbre

issue commentpython-restx/flask-restx

Cross Origin Resource Sharing support

@s-weigand Glad this helped! Since I never got any response on if the undocumented built-in cors should be avoided, I ended up using Flask-CORS. Even with this, I'm still having trouble getting the decorator to work on individual routes (same with other Flask extensions I've tried to use decorators with). Fortunately, I only had one route in this namespace so I could use the decorators property of Namespace to apply it.

from flask_restx import Namespace, Resource, reqparse, fields, inputs
from flask_cors import cross_origin

ns = Namespace('inventories', description="OEM Inventory",
               decorators=[cross_origin()])

If anyone gets the decorator working, I'd be interested to see that implementation.

jhampson-dbre

comment created time in 5 days

push eventpython-restx/flask-restx

Brian DeRocher

commit sha 8a6605dc91a66fbbbb242ff99884f3f4a6748d1c

File Upload section of docs needs to set args

view details

John Chittum

commit sha 84ae8361526005b8f1cf147b428d00c1faa86491

Merge pull request #242 from openbrian/patch-1 File Upload section of docs needs to set args

view details

push time in 5 days

pull request commentpython-restx/flask-restx

Add output_yaml and representation docs

Thank you for the contribution. We'll need some discussion on if we want this new functionality in the framework, or present a way to have users plug this in separately.

mas15

comment created time in 5 days

Pull request review commentpython-restx/flask-restx

Add output_yaml and representation docs

 def output_json(data, code, headers=None):     # see https://github.com/mitsuhiko/flask/pull/1262     dumped = dumps(data, **settings) + "\n" +    return output_from_dumped(code, dumped, headers)+++def output_yaml(data, code, headers=None):+    """Makes a Flask response with a YAML encoded body"""+    import yaml

How is yaml getting into the project here? we don't have pyyaml in requirements/install.pip. For this functionality to work, we'll need to install yaml

mas15

comment created time in 5 days

more