Add the flask_sri module

.gitignore

+__pycache__

README.md

+ai_web_common
+====
+
+This Python package contains helpers and utilities to run user-facing
+web applications safely. It is assumed that the web apps will be based
+on [Flask](https://flask.palletprojects.com). This package is meant to
+reduce the amount of copy&pasted code between our various web
+applications.
+
+### Features
+
+* SSO authentication (in-app, not via Apache module or
+  sso-proxy)
+* CSP and other common security-related HTTP headers
+* Serve pre-compressed assets transparently
+* Helpers to manage user language selection, for multi-language
+  applications
+* Helpers for making RPC calls to internal services
+* Tracing, via OpenCensus and Zipkin
+
+
+
+

ai_web_common/flask_sri/ext.py

+import json
+import markupsafe
+
+
+def load_sri_map(path):
+    """Load the SRI map generated by generator.py."""
+    with open(path) as fd:
+        return json.load(fd)
+
+
+def setup_app(app, sri_map):
+    app.sri_map = sri_map
+
+    @app.template_filter('sri_tag')
+    def _sri_tag(s):
+        if s in app.sri_map:
+            return markupsafe.Markup(
+                ' integrity="f{app.sri_map[s]}"')
+        return ''

ai_web_common/flask_sri/generator.py

+from __future__ import print_function
+
+import base64
+import json
+import optparse
+import os
+import sys
+from hashlib import sha384
+
+
+def compute_checksum(path):
+    with open(path, 'rb') as fd:
+        data = fd.read()
+        h = sha384(data).digest()
+        b = base64.b64encode(h)
+        return str('sha384-' + b.decode().strip())
+
+
+def main():
+    parser = optparse.OptionParser()
+    parser.add_option('--python', action='store_true',
+                      help='Output Python code')
+    parser.add_option('--base', default='/static',
+                      help='Path prefix of public URLs')
+    opts, args = parser.parse_args()
+
+    dir = '.'
+    if args:
+        dir = args[0]
+    if dir.endswith('/'):
+        dir = dir[:-1]
+
+    base_url = opts.base
+    if not base_url.endswith('/'):
+        base_url += '/'
+
+    sri_map = {}
+
+    for root, dirs, files in os.walk(dir):
+        for f in files:
+            path = os.path.join(root, f)
+            rel_path = path[len(dir)+1:]
+            url = os.path.join(base_url, rel_path)
+            sri_map[url] = compute_checksum(path)
+
+    if opts.python:
+        print("sri_map = %s\n" % (sri_map,))
+    else:
+        json.dump(sri_map, sys.stdout)
+
+
+if __name__ == '__main__':
+    main()

setup.py

@@ -4,23 +4,25 @@ from setuptools import setup, find_packages
 
 
 setup(
-    name="ai_web_common",
+    name="ai-web-common",
     version="3.0",
     description="A/I Web Application Common Code",
     author="Autistici/Inventati",
     author_email="info@autistici.org",
     url="https://git.autistici.org/ai3/tools/python-web-common",
-    install_requires=["Flask",
-                      "flask-talisman",
+    install_requires=[
         "backoff",
-                      "requests",
+        "Flask",
+        "flask-talisman",
         "opencensus",
         "opencensus-ext-zipkin",
         "opencensus-ext-flask",
         "opencensus-ext-requests",
-                      "sso"],
+        "requests",
+        "sso",
+        "whitenoise",
+    ],
     zip_safe=False,
     packages=find_packages(),
     entry_points={},
 )
-