From eea720f8eb9356dda488f355e8f6f6810e93c06b Mon Sep 17 00:00:00 2001 From: Enrico Paganin Date: Sun, 4 Oct 2020 12:46:46 +0200 Subject: [PATCH 01/13] Add non-root user for running uwsgi in Dockerfile --- Dockerfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Dockerfile b/Dockerfile index 854c2b20..1c1a01e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,6 +21,12 @@ RUN apt-get update \ RUN poetry install --no-dev --no-interaction --no-ansi +RUN useradd -ms /bin/bash uwsgi + +RUN chown -R uwsgi: . + +USER uwsgi + COPY . /src EXPOSE 5000 From 1e47800996acfd32d95fd9b0ee930279d03b0beb Mon Sep 17 00:00:00 2001 From: Enrico Paganin Date: Sun, 4 Oct 2020 12:54:42 +0200 Subject: [PATCH 02/13] Fix PermissionError due to COPY after chown --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1c1a01e2..5bd410c8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,14 +21,14 @@ RUN apt-get update \ RUN poetry install --no-dev --no-interaction --no-ansi +COPY . /src + RUN useradd -ms /bin/bash uwsgi RUN chown -R uwsgi: . USER uwsgi -COPY . /src - EXPOSE 5000 CMD [ "uwsgi", "--ini", "app.ini" ] From c3107b8f4c45efd76ca51ddea3b36742b2e40a0f Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 5 Oct 2020 14:12:47 +0000 Subject: [PATCH 03/13] Bump flake8 from 3.8.3 to 3.8.4 Bumps [flake8](https://gitlab.com/pycqa/flake8) from 3.8.3 to 3.8.4. - [Release notes](https://gitlab.com/pycqa/flake8/tags) - [Commits](https://gitlab.com/pycqa/flake8/compare/3.8.3...3.8.4) Signed-off-by: dependabot-preview[bot] --- poetry.lock | 8 ++++---- pyproject.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/poetry.lock b/poetry.lock index b3ee4581..5883eb02 100644 --- a/poetry.lock +++ b/poetry.lock @@ -140,7 +140,7 @@ description = "the modular source code checker: pep8 pyflakes and co" name = "flake8" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,>=2.7" -version = "3.8.3" +version = "3.8.4" [package.dependencies] mccabe = ">=0.6.0,<0.7.0" @@ -686,7 +686,7 @@ docs = ["sphinx", "jaraco.packaging (>=3.2)", "rst.linker (>=1.9)"] testing = ["jaraco.itertools", "func-timeout"] [metadata] -content-hash = "bafb1324dd833f64d3acceb7396045bb2e8415dfca68e838580a87fab7324b80" +content-hash = "9a55c26f2a58a75d87e693cea1ad7f0fcc964bdb250270bdfce84d431bca10a4" lock-version = "1.0" python-versions = "^3.7" @@ -815,8 +815,8 @@ cryptography = [ {file = "cryptography-3.1.1.tar.gz", hash = "sha256:9d9fc6a16357965d282dd4ab6531013935425d0dc4950df2e0cf2a1b1ac1017d"}, ] flake8 = [ - {file = "flake8-3.8.3-py2.py3-none-any.whl", hash = "sha256:15e351d19611c887e482fb960eae4d44845013cc142d42896e9862f775d8cf5c"}, - {file = "flake8-3.8.3.tar.gz", hash = "sha256:f04b9fcbac03b0a3e58c0ab3a0ecc462e023a9faf046d57794184028123aa208"}, + {file = "flake8-3.8.4-py2.py3-none-any.whl", hash = "sha256:749dbbd6bfd0cf1318af27bf97a14e28e5ff548ef8e5b1566ccfb25a11e7c839"}, + {file = "flake8-3.8.4.tar.gz", hash = "sha256:aadae8761ec651813c24be05c6f7b4680857ef6afaae4651a4eccaef97ce6c3b"}, ] flask = [ {file = "Flask-1.1.2-py2.py3-none-any.whl", hash = "sha256:8a4fdd8936eba2512e9c85df320a37e694c93945b33ef33c89946a340a238557"}, diff --git a/pyproject.toml b/pyproject.toml index 5934505a..6e9d2399 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -11,7 +11,7 @@ algoliasearch = ">=2.0,<3.0" alembic = "1.4.3" bandit = "1.5.1" click = "7.1.2" -flake8 = "3.8.3" +flake8 = "3.8.4" flask = "1.1.2" Flask-Cors = "3.0.9" Flask-Limiter = "1.4" From 534177bdd12e0d8b7cfd8e0e00092d42c51a61a1 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 5 Oct 2020 21:24:41 +0000 Subject: [PATCH 04/13] Bump pytest from 6.1.0 to 6.1.1 Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.1.0 to 6.1.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/6.1.0...6.1.1) Signed-off-by: dependabot-preview[bot] --- poetry.lock | 8 ++++---- pyproject.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/poetry.lock b/poetry.lock index 5883eb02..e9f08bd6 100644 --- a/poetry.lock +++ b/poetry.lock @@ -463,7 +463,7 @@ description = "pytest: simple powerful testing with Python" name = "pytest" optional = false python-versions = ">=3.5" -version = "6.1.0" +version = "6.1.1" [package.dependencies] atomicwrites = ">=1.0" @@ -686,7 +686,7 @@ docs = ["sphinx", "jaraco.packaging (>=3.2)", "rst.linker (>=1.9)"] testing = ["jaraco.itertools", "func-timeout"] [metadata] -content-hash = "9a55c26f2a58a75d87e693cea1ad7f0fcc964bdb250270bdfce84d431bca10a4" +content-hash = "f86bf80587b5b69e7784d8c66fbeb83baa177395630bc7d006cf89d51192bfe1" lock-version = "1.0" python-versions = "^3.7" @@ -991,8 +991,8 @@ pyparsing = [ {file = "pyparsing-2.4.7.tar.gz", hash = "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1"}, ] pytest = [ - {file = "pytest-6.1.0-py3-none-any.whl", hash = "sha256:1cd09785c0a50f9af72220dd12aa78cfa49cbffc356c61eab009ca189e018a33"}, - {file = "pytest-6.1.0.tar.gz", hash = "sha256:d010e24666435b39a4cf48740b039885642b6c273a3f77be3e7e03554d2806b7"}, + {file = "pytest-6.1.1-py3-none-any.whl", hash = "sha256:7a8190790c17d79a11f847fba0b004ee9a8122582ebff4729a082c109e81a4c9"}, + {file = "pytest-6.1.1.tar.gz", hash = "sha256:8f593023c1a0f916110285b6efd7f99db07d59546e3d8c36fc60e2ab05d3be92"}, ] pytest-cov = [ {file = "pytest-cov-2.10.1.tar.gz", hash = "sha256:47bd0ce14056fdd79f93e1713f88fad7bdcc583dcd7783da86ef2f085a0bb88e"}, diff --git a/pyproject.toml b/pyproject.toml index 6e9d2399..03ffa8b5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -19,7 +19,7 @@ Flask-Migrate = "2.5.3" prometheus_client = "0.8.0" psycopg2-binary = "2.8.6" py-healthcheck = "1.10.1" -pytest = "6.1.0" +pytest = "6.1.1" pytest-mock = "3.3.1" pytest-cov = "2.10.1" python-dateutil = "2.8.1" From 84f1b4206d2c17e0124ae7ebecc24d0ac6bbe143 Mon Sep 17 00:00:00 2001 From: platipo Date: Wed, 7 Oct 2020 00:45:52 +0200 Subject: [PATCH 05/13] Remove log directory creation (#391) * Remove log directory creation * Remove unused import --- app/utils.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/app/utils.py b/app/utils.py index 2be536ca..801a1a19 100644 --- a/app/utils.py +++ b/app/utils.py @@ -1,5 +1,4 @@ import logging -import os import random import string import sys @@ -137,9 +136,6 @@ def standardize_response( def setup_logger(name, level=logging.INFO): """Function setup as many loggers as you want""" - if not os.path.exists('log'): - os.makedirs('log') # pragma: no cover - formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s') handler = logging.StreamHandler(sys.stdout) handler.setFormatter(formatter) From 78ca534bbfd2a3c108e57dbcc6d478df452616b5 Mon Sep 17 00:00:00 2001 From: Aaron Suarez Date: Tue, 6 Oct 2020 18:02:27 -0500 Subject: [PATCH 06/13] Remove rate limiting for now --- app/__init__.py | 13 - poetry.lock | 405 ++++++++++++--------------- pyproject.toml | 1 - tests/unit/test_routes/test_utils.py | 12 - 4 files changed, 180 insertions(+), 251 deletions(-) diff --git a/app/__init__.py b/app/__init__.py index 246e5cf3..3e2d3a11 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -4,10 +4,6 @@ from flask import Flask from flask_migrate import Migrate from flask_sqlalchemy import SQLAlchemy -from flask_limiter import Limiter -from flask_limiter.util import get_remote_address -from werkzeug.middleware.proxy_fix import ProxyFix -from os import environ from healthcheck import HealthCheck # from healthcheck import EnvironmentDump @@ -22,13 +18,6 @@ index = search_client.init_index(Config.INDEX_NAME) app = Flask(__name__, static_folder='app/static') -if environ['FLASK_ENV'] != 'development': - app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_host=1) -limiter = Limiter( - app, - key_func=get_remote_address, - default_limits=["200 per day", "50 per hour"] -) app.config.from_object(Config) app.url_map.strict_slashes = False @@ -47,7 +36,6 @@ @app.route("/healthz") -@limiter.exempt def healthz(): health = HealthCheck() health.add_section("application", application_data) @@ -55,7 +43,6 @@ def healthz(): # @app.route("/environment") -# @limiter.limit("1 per hour") # def environment(): # envdump = EnvironmentDump() # envdump.add_section("application", application_data) diff --git a/poetry.lock b/poetry.lock index e9f08bd6..0fa2a528 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,44 +1,43 @@ [[package]] -category = "main" -description = "A database migration tool for SQLAlchemy." name = "alembic" +version = "1.4.3" +description = "A database migration tool for SQLAlchemy." +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "1.4.3" [package.dependencies] Mako = "*" -SQLAlchemy = ">=1.1.0" python-dateutil = "*" python-editor = ">=0.3" +SQLAlchemy = ">=1.1.0" [[package]] -category = "main" -description = "Algolia Search API Client for Python." name = "algoliasearch" +version = "2.4.0" +description = "Algolia Search API Client for Python." +category = "main" optional = false python-versions = ">= 2.7, != 3.0.*, != 3.1.*, != 3.2.*, !=3.3.*" -version = "2.4.0" [package.dependencies] requests = ">=2.21,<3.0" [[package]] -category = "main" -description = "Atomic file writes." -marker = "sys_platform == \"win32\"" name = "atomicwrites" +version = "1.4.0" +description = "Atomic file writes." +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "1.4.0" [[package]] -category = "main" -description = "Classes Without Boilerplate" name = "attrs" +version = "19.3.0" +description = "Classes Without Boilerplate" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "19.3.0" [package.extras] azure-pipelines = ["coverage", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "zope.interface", "pytest-azurepipelines"] @@ -47,12 +46,12 @@ docs = ["sphinx", "zope.interface"] tests = ["coverage", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "zope.interface"] [[package]] -category = "main" -description = "Security oriented static analyser for python code." name = "bandit" +version = "1.5.1" +description = "Security oriented static analyser for python code." +category = "main" optional = false python-versions = "*" -version = "1.5.1" [package.dependencies] GitPython = ">=1.0.1" @@ -61,67 +60,66 @@ six = ">=1.10.0" stevedore = ">=1.20.0" [[package]] -category = "main" -description = "Python package for providing Mozilla's CA Bundle." name = "certifi" +version = "2020.4.5.2" +description = "Python package for providing Mozilla's CA Bundle." +category = "main" optional = false python-versions = "*" -version = "2020.4.5.2" [[package]] -category = "main" -description = "Foreign Function Interface for Python calling C code." name = "cffi" +version = "1.14.0" +description = "Foreign Function Interface for Python calling C code." +category = "main" optional = false python-versions = "*" -version = "1.14.0" [package.dependencies] pycparser = "*" [[package]] -category = "main" -description = "Universal encoding detector for Python 2 and 3" name = "chardet" +version = "3.0.4" +description = "Universal encoding detector for Python 2 and 3" +category = "main" optional = false python-versions = "*" -version = "3.0.4" [[package]] -category = "main" -description = "Composable command line interface toolkit" name = "click" +version = "7.1.2" +description = "Composable command line interface toolkit" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" -version = "7.1.2" [[package]] -category = "main" -description = "Cross-platform colored terminal text." -marker = "sys_platform == \"win32\"" name = "colorama" +version = "0.4.3" +description = "Cross-platform colored terminal text." +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" -version = "0.4.3" [[package]] -category = "main" -description = "Code coverage measurement for Python" name = "coverage" +version = "5.1" +description = "Code coverage measurement for Python" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4" -version = "5.1" [package.extras] toml = ["toml"] [[package]] -category = "main" -description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers." name = "cryptography" +version = "3.1.1" +description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers." +category = "main" optional = false python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*" -version = "3.1.1" [package.dependencies] cffi = ">=1.8,<1.11.3 || >1.11.3" @@ -135,35 +133,32 @@ ssh = ["bcrypt (>=3.1.5)"] test = ["pytest (>=3.6.0,<3.9.0 || >3.9.0,<3.9.1 || >3.9.1,<3.9.2 || >3.9.2)", "pretend", "iso8601", "pytz", "hypothesis (>=1.11.4,<3.79.2 || >3.79.2)"] [[package]] -category = "main" -description = "the modular source code checker: pep8 pyflakes and co" name = "flake8" +version = "3.8.4" +description = "the modular source code checker: pep8 pyflakes and co" +category = "main" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,>=2.7" -version = "3.8.4" [package.dependencies] +importlib-metadata = {version = "*", markers = "python_version < \"3.8\""} mccabe = ">=0.6.0,<0.7.0" pycodestyle = ">=2.6.0a1,<2.7.0" pyflakes = ">=2.2.0,<2.3.0" -[package.dependencies.importlib-metadata] -python = "<3.8" -version = "*" - [[package]] -category = "main" -description = "A simple framework for building complex web applications." name = "flask" +version = "1.1.2" +description = "A simple framework for building complex web applications." +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" -version = "1.1.2" [package.dependencies] -Jinja2 = ">=2.10.1" -Werkzeug = ">=0.15" click = ">=5.1" itsdangerous = ">=0.24" +Jinja2 = ">=2.10.1" +Werkzeug = ">=0.15" [package.extras] dev = ["pytest", "coverage", "tox", "sphinx", "pallets-sphinx-themes", "sphinxcontrib-log-cabinet", "sphinx-issues"] @@ -171,93 +166,79 @@ docs = ["sphinx", "pallets-sphinx-themes", "sphinxcontrib-log-cabinet", "sphinx- dotenv = ["python-dotenv"] [[package]] -category = "main" -description = "A Flask extension adding a decorator for CORS support" name = "flask-cors" -optional = false -python-versions = "*" version = "3.0.9" - -[package.dependencies] -Flask = ">=0.9" -Six = "*" - -[[package]] +description = "A Flask extension adding a decorator for CORS support" category = "main" -description = "Rate limiting for flask applications" -name = "flask-limiter" optional = false python-versions = "*" -version = "1.4" [package.dependencies] -Flask = ">=0.8" -limits = "*" -six = ">=1.4.1" +Flask = ">=0.9" +Six = "*" [[package]] -category = "main" -description = "SQLAlchemy database migrations for Flask applications using Alembic" name = "flask-migrate" +version = "2.5.3" +description = "SQLAlchemy database migrations for Flask applications using Alembic" +category = "main" optional = false python-versions = "*" -version = "2.5.3" [package.dependencies] +alembic = ">=0.7" Flask = ">=0.9" Flask-SQLAlchemy = ">=1.0" -alembic = ">=0.7" [[package]] -category = "main" -description = "Adds SQLAlchemy support to your Flask application." name = "flask-sqlalchemy" +version = "2.4.3" +description = "Adds SQLAlchemy support to your Flask application." +category = "main" optional = false python-versions = ">= 2.7, != 3.0.*, != 3.1.*, != 3.2.*, != 3.3.*" -version = "2.4.3" [package.dependencies] Flask = ">=0.10" SQLAlchemy = ">=0.8.0" [[package]] -category = "main" -description = "Git Object Database" name = "gitdb" +version = "4.0.5" +description = "Git Object Database" +category = "main" optional = false python-versions = ">=3.4" -version = "4.0.5" [package.dependencies] smmap = ">=3.0.1,<4" [[package]] -category = "main" -description = "Python Git Library" name = "gitpython" +version = "3.1.3" +description = "Python Git Library" +category = "main" optional = false python-versions = ">=3.4" -version = "3.1.3" [package.dependencies] gitdb = ">=4.0.1,<5" [[package]] -category = "main" -description = "Internationalized Domain Names in Applications (IDNA)" name = "idna" +version = "2.9" +description = "Internationalized Domain Names in Applications (IDNA)" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "2.9" [[package]] -category = "main" -description = "Read metadata from Python packages" -marker = "python_version < \"3.8\"" name = "importlib-metadata" +version = "1.6.1" +description = "Read metadata from Python packages" +category = "main" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7" -version = "1.6.1" [package.dependencies] zipp = ">=0.5" @@ -267,28 +248,28 @@ docs = ["sphinx", "rst.linker"] testing = ["packaging", "pep517", "importlib-resources (>=1.3)"] [[package]] -category = "main" -description = "iniconfig: brain-dead simple config-ini parsing" name = "iniconfig" +version = "1.0.0" +description = "iniconfig: brain-dead simple config-ini parsing" +category = "main" optional = false python-versions = "*" -version = "1.0.0" [[package]] -category = "main" -description = "Various helpers to pass data to untrusted environments and back." name = "itsdangerous" +version = "1.1.0" +description = "Various helpers to pass data to untrusted environments and back." +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "1.1.0" [[package]] -category = "main" -description = "A very fast and expressive template engine." name = "jinja2" +version = "2.11.2" +description = "A very fast and expressive template engine." +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" -version = "2.11.2" [package.dependencies] MarkupSafe = ">=0.23" @@ -297,23 +278,12 @@ MarkupSafe = ">=0.23" i18n = ["Babel (>=0.8)"] [[package]] -category = "main" -description = "Rate limiting utilities" -name = "limits" -optional = false -python-versions = "*" -version = "1.5.1" - -[package.dependencies] -six = ">=1.4.1" - -[[package]] -category = "main" -description = "A super-fast templating language that borrows the best ideas from the existing templating languages." name = "mako" +version = "1.1.3" +description = "A super-fast templating language that borrows the best ideas from the existing templating languages." +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "1.1.3" [package.dependencies] MarkupSafe = ">=0.9.2" @@ -323,126 +293,124 @@ babel = ["babel"] lingua = ["lingua"] [[package]] -category = "main" -description = "Safely add untrusted strings to HTML/XML markup." name = "markupsafe" +version = "1.1.1" +description = "Safely add untrusted strings to HTML/XML markup." +category = "main" optional = false python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*" -version = "1.1.1" [[package]] -category = "main" -description = "McCabe checker, plugin for flake8" name = "mccabe" +version = "0.6.1" +description = "McCabe checker, plugin for flake8" +category = "main" optional = false python-versions = "*" -version = "0.6.1" [[package]] -category = "main" -description = "Core utilities for Python packages" name = "packaging" +version = "20.4" +description = "Core utilities for Python packages" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "20.4" [package.dependencies] pyparsing = ">=2.0.2" six = "*" [[package]] -category = "main" -description = "Python Build Reasonableness" name = "pbr" +version = "5.4.5" +description = "Python Build Reasonableness" +category = "main" optional = false python-versions = "*" -version = "5.4.5" [[package]] -category = "main" -description = "plugin and hook calling mechanisms for python" name = "pluggy" +version = "0.13.1" +description = "plugin and hook calling mechanisms for python" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "0.13.1" [package.dependencies] -[package.dependencies.importlib-metadata] -python = "<3.8" -version = ">=0.12" +importlib-metadata = {version = ">=0.12", markers = "python_version < \"3.8\""} [package.extras] dev = ["pre-commit", "tox"] [[package]] -category = "main" -description = "Python client for the Prometheus monitoring system." name = "prometheus-client" +version = "0.8.0" +description = "Python client for the Prometheus monitoring system." +category = "main" optional = false python-versions = "*" -version = "0.8.0" [package.extras] twisted = ["twisted"] [[package]] -category = "main" -description = "psycopg2 - Python-PostgreSQL Database Adapter" name = "psycopg2-binary" +version = "2.8.6" +description = "psycopg2 - Python-PostgreSQL Database Adapter" +category = "main" optional = false python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*" -version = "2.8.6" [[package]] -category = "main" -description = "library with cross-python path, ini-parsing, io, code, log facilities" name = "py" +version = "1.8.2" +description = "library with cross-python path, ini-parsing, io, code, log facilities" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "1.8.2" [[package]] -category = "main" -description = "Adds healthcheck endpoints to Flask or Tornado apps" name = "py-healthcheck" +version = "1.10.1" +description = "Adds healthcheck endpoints to Flask or Tornado apps" +category = "main" optional = false python-versions = "*" -version = "1.10.1" [package.dependencies] six = "*" [[package]] -category = "main" -description = "Python style guide checker" name = "pycodestyle" +version = "2.6.0" +description = "Python style guide checker" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "2.6.0" [[package]] -category = "main" -description = "C parser in Python" name = "pycparser" +version = "2.20" +description = "C parser in Python" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "2.20" [[package]] -category = "main" -description = "passive checker of Python programs" name = "pyflakes" +version = "2.2.0" +description = "passive checker of Python programs" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "2.2.0" [[package]] -category = "main" -description = "JSON Web Token implementation in Python" name = "pyjwt" +version = "1.7.1" +description = "JSON Web Token implementation in Python" +category = "main" optional = false python-versions = "*" -version = "1.7.1" [package.extras] crypto = ["cryptography (>=1.4)"] @@ -450,46 +418,43 @@ flake8 = ["flake8", "flake8-import-order", "pep8-naming"] test = ["pytest (>=4.0.1,<5.0.0)", "pytest-cov (>=2.6.0,<3.0.0)", "pytest-runner (>=4.2,<5.0.0)"] [[package]] -category = "main" -description = "Python parsing module" name = "pyparsing" +version = "2.4.7" +description = "Python parsing module" +category = "main" optional = false python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" -version = "2.4.7" [[package]] -category = "main" -description = "pytest: simple powerful testing with Python" name = "pytest" +version = "6.1.1" +description = "pytest: simple powerful testing with Python" +category = "main" optional = false python-versions = ">=3.5" -version = "6.1.1" [package.dependencies] -atomicwrites = ">=1.0" +atomicwrites = {version = ">=1.0", markers = "sys_platform == \"win32\""} attrs = ">=17.4.0" -colorama = "*" +colorama = {version = "*", markers = "sys_platform == \"win32\""} +importlib-metadata = {version = ">=0.12", markers = "python_version < \"3.8\""} iniconfig = "*" packaging = "*" pluggy = ">=0.12,<1.0" py = ">=1.8.2" toml = "*" -[package.dependencies.importlib-metadata] -python = "<3.8" -version = ">=0.12" - [package.extras] checkqa_mypy = ["mypy (0.780)"] testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "requests", "xmlschema"] [[package]] -category = "main" -description = "Pytest plugin for measuring coverage." name = "pytest-cov" +version = "2.10.1" +description = "Pytest plugin for measuring coverage." +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" -version = "2.10.1" [package.dependencies] coverage = ">=4.4" @@ -499,12 +464,12 @@ pytest = ">=4.6" testing = ["fields", "hunter", "process-tests (2.0.2)", "six", "pytest-xdist", "virtualenv"] [[package]] -category = "main" -description = "Thin-wrapper around the mock package for easier use with pytest" name = "pytest-mock" +version = "3.3.1" +description = "Thin-wrapper around the mock package for easier use with pytest" +category = "main" optional = false python-versions = ">=3.5" -version = "3.3.1" [package.dependencies] pytest = ">=5.0" @@ -513,39 +478,39 @@ pytest = ">=5.0" dev = ["pre-commit", "tox", "pytest-asyncio"] [[package]] -category = "main" -description = "Extensions to the standard Python datetime module" name = "python-dateutil" +version = "2.8.1" +description = "Extensions to the standard Python datetime module" +category = "main" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7" -version = "2.8.1" [package.dependencies] six = ">=1.5" [[package]] -category = "main" -description = "Programmatically open an editor, capture the result." name = "python-editor" +version = "1.0.4" +description = "Programmatically open an editor, capture the result." +category = "main" optional = false python-versions = "*" -version = "1.0.4" [[package]] -category = "main" -description = "YAML parser and emitter for Python" name = "pyyaml" +version = "5.3.1" +description = "YAML parser and emitter for Python" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" -version = "5.3.1" [[package]] -category = "main" -description = "Python HTTP for Humans." name = "requests" +version = "2.24.0" +description = "Python HTTP for Humans." +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" -version = "2.24.0" [package.dependencies] certifi = ">=2017.4.17" @@ -558,28 +523,28 @@ security = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)"] socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7)", "win-inet-pton"] [[package]] -category = "main" -description = "Python 2 and 3 compatibility utilities" name = "six" +version = "1.15.0" +description = "Python 2 and 3 compatibility utilities" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*" -version = "1.15.0" [[package]] -category = "main" -description = "A pure Python implementation of a sliding window memory map manager" name = "smmap" +version = "3.0.4" +description = "A pure Python implementation of a sliding window memory map manager" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "3.0.4" [[package]] -category = "main" -description = "Database Abstraction Library" name = "sqlalchemy" +version = "1.3.19" +description = "Database Abstraction Library" +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -version = "1.3.19" [package.extras] mssql = ["pyodbc"] @@ -594,16 +559,16 @@ postgresql_psycopg2cffi = ["psycopg2cffi"] pymysql = ["pymysql"] [[package]] -category = "main" -description = "Various utility functions for SQLAlchemy." name = "sqlalchemy-utils" +version = "0.36.8" +description = "Various utility functions for SQLAlchemy." +category = "main" optional = false python-versions = "*" -version = "0.36.8" [package.dependencies] -SQLAlchemy = ">=1.0" six = "*" +SQLAlchemy = ">=1.0" [package.extras] anyjson = ["anyjson (>=0.3.3)"] @@ -621,31 +586,31 @@ timezone = ["python-dateutil"] url = ["furl (>=0.4.1)"] [[package]] -category = "main" -description = "Manage dynamic plugins for Python applications" name = "stevedore" +version = "2.0.0" +description = "Manage dynamic plugins for Python applications" +category = "main" optional = false python-versions = ">=3.6" -version = "2.0.0" [package.dependencies] pbr = ">=2.0.0,<2.1.0 || >2.1.0" [[package]] -category = "main" -description = "Python Library for Tom's Obvious, Minimal Language" name = "toml" +version = "0.10.1" +description = "Python Library for Tom's Obvious, Minimal Language" +category = "main" optional = false python-versions = "*" -version = "0.10.1" [[package]] -category = "main" -description = "HTTP library with thread-safe connection pooling, file post, and more." name = "urllib3" +version = "1.25.9" +description = "HTTP library with thread-safe connection pooling, file post, and more." +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4" -version = "1.25.9" [package.extras] brotli = ["brotlipy (>=0.6.0)"] @@ -653,42 +618,41 @@ secure = ["certifi", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "pyOpenSSL (>=0 socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7,<2.0)"] [[package]] -category = "main" -description = "The uWSGI server" name = "uwsgi" +version = "2.0.19.1" +description = "The uWSGI server" +category = "main" optional = false python-versions = "*" -version = "2.0.19.1" [[package]] -category = "main" -description = "The comprehensive WSGI web application library." name = "werkzeug" +version = "1.0.1" +description = "The comprehensive WSGI web application library." +category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" -version = "1.0.1" [package.extras] dev = ["pytest", "pytest-timeout", "coverage", "tox", "sphinx", "pallets-sphinx-themes", "sphinx-issues"] watchdog = ["watchdog"] [[package]] -category = "main" -description = "Backport of pathlib-compatible object wrapper for zip files" -marker = "python_version < \"3.8\"" name = "zipp" +version = "3.1.0" +description = "Backport of pathlib-compatible object wrapper for zip files" +category = "main" optional = false python-versions = ">=3.6" -version = "3.1.0" [package.extras] docs = ["sphinx", "jaraco.packaging (>=3.2)", "rst.linker (>=1.9)"] testing = ["jaraco.itertools", "func-timeout"] [metadata] -content-hash = "f86bf80587b5b69e7784d8c66fbeb83baa177395630bc7d006cf89d51192bfe1" -lock-version = "1.0" +lock-version = "1.1" python-versions = "^3.7" +content-hash = "b9eea96125dc0d4a910ed2ac4715b212856e848b39ab47d63c1004900cb47d16" [metadata.files] alembic = [ @@ -826,11 +790,6 @@ flask-cors = [ {file = "Flask-Cors-3.0.9.tar.gz", hash = "sha256:6bcfc100288c5d1bcb1dbb854babd59beee622ffd321e444b05f24d6d58466b8"}, {file = "Flask_Cors-3.0.9-py2.py3-none-any.whl", hash = "sha256:cee4480aaee421ed029eaa788f4049e3e26d15b5affb6a880dade6bafad38324"}, ] -flask-limiter = [ - {file = "Flask-Limiter-1.4.tar.gz", hash = "sha256:021279c905a1e24f181377ab3be711be7541734b494f4e6db2b8edeba7601e48"}, - {file = "Flask_Limiter-1.4-py3-none-any.whl", hash = "sha256:f8a65a7874f48ff8df2ea5e86d5b85b48fcbae065ebeb5271b317fe68fcfa979"}, - {file = "Flask_Limiter-1.4-py3.7.egg", hash = "sha256:055a388a89f4d5768c64025443f1f41e3babcbbbf315c728413c27b4975af239"}, -] flask-migrate = [ {file = "Flask-Migrate-2.5.3.tar.gz", hash = "sha256:a69d508c2e09d289f6e55a417b3b8c7bfe70e640f53d2d9deb0d056a384f37ee"}, {file = "Flask_Migrate-2.5.3-py2.py3-none-any.whl", hash = "sha256:4dc4a5cce8cbbb06b8dc963fd86cf8136bd7d875aabe2d840302ea739b243732"}, @@ -866,10 +825,6 @@ jinja2 = [ {file = "Jinja2-2.11.2-py2.py3-none-any.whl", hash = "sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035"}, {file = "Jinja2-2.11.2.tar.gz", hash = "sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0"}, ] -limits = [ - {file = "limits-1.5.1-py2-none-any.whl", hash = "sha256:0e5f8b10f18dd809eb2342f5046eb9aa5e4e69a0258567b5f4aa270647d438b3"}, - {file = "limits-1.5.1.tar.gz", hash = "sha256:f0c3319f032c4bfad68438ed1325c0fac86dac64582c7c25cddc87a0b658fa20"}, -] mako = [ {file = "Mako-1.1.3-py2.py3-none-any.whl", hash = "sha256:93729a258e4ff0747c876bd9e20df1b9758028946e976324ccd2d68245c7b6a9"}, {file = "Mako-1.1.3.tar.gz", hash = "sha256:8195c8c1400ceb53496064314c6736719c6f25e7479cd24c77be3d9361cddc27"}, diff --git a/pyproject.toml b/pyproject.toml index 03ffa8b5..dcd1f535 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -14,7 +14,6 @@ click = "7.1.2" flake8 = "3.8.4" flask = "1.1.2" Flask-Cors = "3.0.9" -Flask-Limiter = "1.4" Flask-Migrate = "2.5.3" prometheus_client = "0.8.0" psycopg2-binary = "2.8.6" diff --git a/tests/unit/test_routes/test_utils.py b/tests/unit/test_routes/test_utils.py index d1e498da..e6014cc2 100644 --- a/tests/unit/test_routes/test_utils.py +++ b/tests/unit/test_routes/test_utils.py @@ -110,18 +110,6 @@ def test_open_api_yaml(module_client): assert (open_api_yaml.get("info").get("version") == LATEST_API_VERSION) -# This method must come last if using the persistent client and db -def test_rate_limit(module_client, module_db): - client = module_client - - for _ in range(50): - client.get('api/v1/resources') - - # Response should be a failure on request 51 - response = client.get('api/v1/resources') - assert_correct_response(response, 429) - - # Ensure the healthz endpoint is never rate limited def test_rate_limit_healthz(module_client, module_db): client = module_client From 214a4e65ba93714dafac6a87168f1233e3c0a282 Mon Sep 17 00:00:00 2001 From: Enrico Paganin Date: Wed, 7 Oct 2020 19:58:57 +0200 Subject: [PATCH 07/13] Fix volume permission overwrite This problem seems to be already known in https://github.com/docker/compose/issues/3270#issuecomment-363478501 --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5bd410c8..c6c8b2b6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,7 +25,9 @@ COPY . /src RUN useradd -ms /bin/bash uwsgi -RUN chown -R uwsgi: . +RUN mkdir /src + +RUN chown -R uwsgi: . /src USER uwsgi From 0ffdb8b02d0e03695e43ccd8e2416e08c4b39104 Mon Sep 17 00:00:00 2001 From: Enrico Paganin Date: Wed, 7 Oct 2020 21:09:01 +0200 Subject: [PATCH 08/13] Fix duplicate root mkdir --- Dockerfile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index c6c8b2b6..e0df1265 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,14 +23,12 @@ RUN poetry install --no-dev --no-interaction --no-ansi COPY . /src -RUN useradd -ms /bin/bash uwsgi +RUN useradd -ms /bin/bash uwsgi && chown -R uwsgi: /src -RUN mkdir /src - -RUN chown -R uwsgi: . /src +EXPOSE 5000 USER uwsgi -EXPOSE 5000 +VOLUME /src CMD [ "uwsgi", "--ini", "app.ini" ] From d06fe81a0385d59104b2b51dd138377edb386842 Mon Sep 17 00:00:00 2001 From: Enrico Paganin Date: Wed, 7 Oct 2020 22:09:45 +0200 Subject: [PATCH 09/13] Disable pytest test caching See https://github.com/pytest-dev/pytest/issues/3557 --- pytest.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pytest.ini b/pytest.ini index c1fa8785..fc4176eb 100644 --- a/pytest.ini +++ b/pytest.ini @@ -1,2 +1,2 @@ [pytest] -addopts = -p no:warnings \ No newline at end of file +addopts = -p no:warnings -p no:cacheprovider From f8606131074150b8352fb7f5e484423a8029096a Mon Sep 17 00:00:00 2001 From: Enrico Paganin Date: Wed, 7 Oct 2020 22:35:58 +0200 Subject: [PATCH 10/13] Add blank coverage file --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e0df1265..97885526 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,7 @@ RUN poetry install --no-dev --no-interaction --no-ansi COPY . /src -RUN useradd -ms /bin/bash uwsgi && chown -R uwsgi: /src +RUN useradd -ms /bin/bash uwsgi && touch .coverage && chown -R uwsgi: /src EXPOSE 5000 From 51aad42a11d7af8f91eb4ae2ab1f1a9dafa44258 Mon Sep 17 00:00:00 2001 From: Abdelrahman Kandil Date: Thu, 8 Oct 2020 01:18:16 +0200 Subject: [PATCH 11/13] Added extra overriding of permissions command in CI config --- .circleci/config.yml | 1 + Dockerfile | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e9fce981..edd2c91e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -60,6 +60,7 @@ jobs: curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > /usr/local/bin/cc-test-reporter chmod +x /usr/local/bin/cc-test-reporter /usr/local/bin/cc-test-reporter before-build + - run: sudo chown -R uwsgi . - run: name: Run tests command: | diff --git a/Dockerfile b/Dockerfile index 97885526..638e34a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,12 +23,12 @@ RUN poetry install --no-dev --no-interaction --no-ansi COPY . /src -RUN useradd -ms /bin/bash uwsgi && touch .coverage && chown -R uwsgi: /src +RUN useradd -ms /bin/bash uwsgi + +RUN chown -R uwsgi /src EXPOSE 5000 USER uwsgi -VOLUME /src - CMD [ "uwsgi", "--ini", "app.ini" ] From b15490132141e6995ee23c9587322cbebf02dd91 Mon Sep 17 00:00:00 2001 From: Abdelrahman Kandil Date: Thu, 8 Oct 2020 01:20:44 +0200 Subject: [PATCH 12/13] Added user UID --- .circleci/config.yml | 2 +- Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index edd2c91e..0661491e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -60,7 +60,7 @@ jobs: curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > /usr/local/bin/cc-test-reporter chmod +x /usr/local/bin/cc-test-reporter /usr/local/bin/cc-test-reporter before-build - - run: sudo chown -R uwsgi . + - run: sudo chown -R 5000 . - run: name: Run tests command: | diff --git a/Dockerfile b/Dockerfile index 638e34a1..a80b2e13 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,7 @@ RUN poetry install --no-dev --no-interaction --no-ansi COPY . /src -RUN useradd -ms /bin/bash uwsgi +RUN useradd -ms /bin/bash --uid 5000 uwsgi RUN chown -R uwsgi /src From 266b10e2d4229080b3857de07c37fbab0060c21e Mon Sep 17 00:00:00 2001 From: Enrico Paganin Date: Thu, 8 Oct 2020 19:47:21 +0200 Subject: [PATCH 13/13] Clean Dockerfile and revert pytest.ini --- Dockerfile | 2 +- pytest.ini | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a80b2e13..2eea6695 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,7 @@ RUN poetry install --no-dev --no-interaction --no-ansi COPY . /src -RUN useradd -ms /bin/bash --uid 5000 uwsgi +RUN useradd --no-create-home --system -s /bin/false --uid 5000 uwsgi RUN chown -R uwsgi /src diff --git a/pytest.ini b/pytest.ini index fc4176eb..1ceab942 100644 --- a/pytest.ini +++ b/pytest.ini @@ -1,2 +1,2 @@ [pytest] -addopts = -p no:warnings -p no:cacheprovider +addopts = -p no:warnings