capsul-flask/capsulflask/__init__.py

import logging 
from logging.config import dictConfig as logging_dict_config

import atexit
import os
import hashlib
import requests
import sys

import stripe
from dotenv import load_dotenv, find_dotenv
from flask import Flask
from flask_mail import Mail, Message
from flask import render_template
from flask import url_for
from flask import current_app
from flask import flash
from flask import session
from apscheduler.schedulers.background import BackgroundScheduler


from capsulflask.shared import my_exec_info_message
from capsulflask import hub_model, spoke_model, cli
from capsulflask.payment import try_reconnnect_btcpay
from capsulflask.http_client import MyHTTPClient

class StdoutMockFlaskMail:
    def send(self, message: Message):
      current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")

load_dotenv(find_dotenv())

app = Flask(__name__)

app.config.from_mapping(
  BASE_URL=os.environ.get("BASE_URL", default="http://localhost:5000"),
  SECRET_KEY=os.environ.get("SECRET_KEY", default="dev"),
  HUB_MODE_ENABLED=os.environ.get("HUB_MODE_ENABLED", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
  SPOKE_MODE_ENABLED=os.environ.get("SPOKE_MODE_ENABLED", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
  INTERNAL_HTTP_TIMEOUT_SECONDS=os.environ.get("INTERNAL_HTTP_TIMEOUT_SECONDS", default="300"),
  HUB_MODEL=os.environ.get("HUB_MODEL", default="capsul-flask"),
  SPOKE_MODEL=os.environ.get("SPOKE_MODEL", default="mock"),
  LOG_LEVEL=os.environ.get("LOG_LEVEL", default="INFO"),
  SPOKE_HOST_ID=os.environ.get("SPOKE_HOST_ID", default="baikal"),
  SPOKE_HOST_TOKEN=os.environ.get("SPOKE_HOST_TOKEN", default="changeme"),
  HUB_TOKEN=os.environ.get("HUB_TOKEN", default="changeme"),
  LIBVIRT_DNSMASQ_PATH=os.environ.get("LIBVIRT_DNSMASQ_PATH", default="/var/lib/libvirt/dnsmasq").rstrip("/"),
  
  
  # https://www.postgresql.org/docs/9.1/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
  # https://stackoverflow.com/questions/56332906/where-to-put-ssl-certificates-when-trying-to-connect-to-a-remote-database-using
  # TLS example: sslmode=verify-full sslrootcert=letsencrypt-root-ca.crt host=db.example.com port=5432 user=postgres password=dev dbname=postgres
  POSTGRES_CONNECTION_PARAMETERS=os.environ.get(
    "POSTGRES_CONNECTION_PARAMETERS", 
    default="host=localhost port=5432 user=postgres password=dev dbname=postgres"
  ),

  DATABASE_SCHEMA=os.environ.get("DATABASE_SCHEMA", default="public"),

  MAIL_SERVER=os.environ.get("MAIL_SERVER", default=""),
  MAIL_PORT=os.environ.get("MAIL_PORT", default="465"),
  MAIL_USE_TLS=os.environ.get("MAIL_USE_TLS", default="False").lower() in ['true', '1', 't', 'y', 'yes'],
  MAIL_USE_SSL=os.environ.get("MAIL_USE_SSL", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
  MAIL_USERNAME=os.environ.get("MAIL_USERNAME", default=""),
  MAIL_PASSWORD=os.environ.get("MAIL_PASSWORD", default=""),
  MAIL_DEFAULT_SENDER=os.environ.get("MAIL_DEFAULT_SENDER", default="no-reply@capsul.org"),
  ADMIN_EMAIL_ADDRESSES=os.environ.get("ADMIN_EMAIL_ADDRESSES", default="ops@cyberia.club"),
  ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=os.environ.get("ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES", default="forest.n.johnson@gmail.com,capsul@cyberia.club"),

  PROMETHEUS_URL=os.environ.get("PROMETHEUS_URL", default="https://prometheus.cyberia.club"),

  STRIPE_API_VERSION=os.environ.get("STRIPE_API_VERSION", default="2020-03-02"),
  STRIPE_SECRET_KEY=os.environ.get("STRIPE_SECRET_KEY", default=""),
  STRIPE_PUBLISHABLE_KEY=os.environ.get("STRIPE_PUBLISHABLE_KEY", default=""),
  #STRIPE_WEBHOOK_SECRET=os.environ.get("STRIPE_WEBHOOK_SECRET", default="")

  BTCPAY_PRIVATE_KEY=os.environ.get("BTCPAY_PRIVATE_KEY", default="").replace("\\n", "\n"),
  BTCPAY_URL=os.environ.get("BTCPAY_URL", default="")
)

app.config['HUB_URL'] = os.environ.get("HUB_URL", default=app.config['BASE_URL'])

class SetLogLevelToDebugForHeartbeatRelatedMessagesFilter(logging.Filter):
  def isHeartbeatRelatedString(self, thing):
    # thing_string = "<error>"
    is_in_string = False
    try:
      thing_string = "%s" % thing
      is_in_string = 'heartbeat-task' in thing_string or 'hub/heartbeat' in thing_string or 'spoke/heartbeat' in thing_string
    except:
      pass
    # self.warning("isHeartbeatRelatedString(%s): %s", thing_string, is_in_string )
    return is_in_string

  def filter(self, record):
    if app.config['LOG_LEVEL'] == "DEBUG":
      return True

    if self.isHeartbeatRelatedString(record.msg):
      return False
    for arg in record.args:
      if self.isHeartbeatRelatedString(arg):
        return False

    return True

logging_dict_config({
  'version': 1,
  'formatters': {'default': {
    'format': '[%(asctime)s] %(levelname)s in %(module)s: %(message)s',
  }},
  'filters': {
    'setLogLevelToDebugForHeartbeatRelatedMessages': {
        '()': SetLogLevelToDebugForHeartbeatRelatedMessagesFilter,
    }
  },
  'handlers': {'wsgi': {
    'class': 'logging.StreamHandler',
    'stream': 'ext://flask.logging.wsgi_errors_stream',
    'formatter': 'default',
    'filters': ['setLogLevelToDebugForHeartbeatRelatedMessages']
  }},
  'root': {
    'level': app.config['LOG_LEVEL'],
    'handlers': ['wsgi']
  }
})

# app.logger.critical("critical")
# app.logger.error("error")
# app.logger.warning("warning")
# app.logger.info("info")
# app.logger.debug("debug")

stripe.api_key = app.config['STRIPE_SECRET_KEY']
stripe.api_version = app.config['STRIPE_API_VERSION']

if app.config['MAIL_SERVER'] != "":
  app.config['FLASK_MAIL_INSTANCE'] = Mail(app)
else:
  app.logger.warn("No MAIL_SERVER configured. capsul will simply print emails to stdout.")
  app.config['FLASK_MAIL_INSTANCE'] = StdoutMockFlaskMail()

app.config['HTTP_CLIENT'] = MyHTTPClient(timeout_seconds=int(app.config['INTERNAL_HTTP_TIMEOUT_SECONDS']))

if app.config['BTCPAY_URL'] != "":
  try_reconnnect_btcpay(app)

# only start the scheduler and attempt to migrate the database if we are running the app.
# otherwise we are running a CLI command.
command_line = ' '.join(sys.argv)
is_running_server = ('flask run' in command_line) or ('gunicorn' in command_line)

app.logger.info(f"is_running_server: {is_running_server}")

if app.config['HUB_MODE_ENABLED']:

  if app.config['HUB_MODEL'] == "capsul-flask":
    app.config['HUB_MODEL'] = hub_model.CapsulFlaskHub()

    # debug mode (flask reloader) runs two copies of the app. When running in debug mode,
    # we only want to start the scheduler one time.
    if is_running_server and (not app.debug or os.environ.get('WERKZEUG_RUN_MAIN') == 'true'):
      scheduler = BackgroundScheduler()
      heartbeat_task_url = f"{app.config['HUB_URL']}/hub/heartbeat-task"
      heartbeat_task_headers = {'Authorization': f"Bearer {app.config['HUB_TOKEN']}"}
      heartbeat_task = lambda: requests.post(heartbeat_task_url, headers=heartbeat_task_headers)
      scheduler.add_job(name="heartbeat-task", func=heartbeat_task, trigger="interval", seconds=5)
      scheduler.start()

      atexit.register(lambda: scheduler.shutdown())

  else:
    app.config['HUB_MODEL'] = hub_model.MockHub()

  from capsulflask import db
  db.init_app(app, is_running_server)

  from capsulflask import auth, landing, console, payment, metrics, cli, hub_api, admin

  app.register_blueprint(landing.bp)
  app.register_blueprint(auth.bp)
  app.register_blueprint(console.bp)
  app.register_blueprint(payment.bp)
  app.register_blueprint(metrics.bp)
  app.register_blueprint(cli.bp)
  app.register_blueprint(hub_api.bp)
  app.register_blueprint(admin.bp)

  app.add_url_rule("/", endpoint="index")


if app.config['SPOKE_MODE_ENABLED']:

  if app.config['SPOKE_MODEL'] == "shell-scripts":
    app.config['SPOKE_MODEL'] = spoke_model.ShellScriptSpoke()
  else:
    app.config['SPOKE_MODEL'] = spoke_model.MockSpoke()

  from capsulflask import spoke_api

  app.register_blueprint(spoke_api.bp)

@app.after_request
def security_headers(response):
  response.headers['X-Frame-Options'] = 'SAMEORIGIN'
  if 'Content-Security-Policy' not in response.headers:
    response.headers['Content-Security-Policy'] = "default-src 'self'"
  response.headers['X-Content-Type-Options'] = 'nosniff'

  if current_app.config['BROADCAST_BANNER_MESSAGE'] is not None and current_app.config['BROADCAST_BANNER_MESSAGE'] != "":
    for t in session.get("_flashes", []):
      if t is not None and t[1] == current_app.config['BROADCAST_BANNER_MESSAGE']:
        return response

    flash(current_app.config['BROADCAST_BANNER_MESSAGE'])

  return response


@app.context_processor
def override_url_for():
  """
  override the url_for function built into flask 
  with our own custom implementation that busts the cache correctly when files change 
  """
  return dict(url_for=url_for_with_cache_bust)


def url_for_with_cache_bust(endpoint, **values):
  """
  Add a query parameter based on the hash of the file, this acts as a cache bust
  """
  
  if endpoint == 'static':
    filename = values.get('filename', None)
    if filename:
      if 'STATIC_FILE_HASH_CACHE' not in current_app.config:
        current_app.config['STATIC_FILE_HASH_CACHE'] = dict()
      
      if filename not in current_app.config['STATIC_FILE_HASH_CACHE']:
        filepath = os.path.join(current_app.root_path, endpoint, filename)
        #print(filepath)
        if os.path.isfile(filepath) and os.access(filepath, os.R_OK):
          
          with open(filepath, 'rb') as file:
            hasher = hashlib.md5()
            hasher.update(file.read())
            current_app.config['STATIC_FILE_HASH_CACHE'][filename] = hasher.hexdigest()[-6:]
            
      values['q'] = current_app.config['STATIC_FILE_HASH_CACHE'][filename]

  return url_for(endpoint, **values)
trying to fix logging 2 years ago			`import logging`
			`from logging.config import dictConfig as logging_dict_config`
btcpay generating invoices and payments can be invalidated 2 years ago
got httpclient working, spoke heartbeat is working 2 years ago			`import atexit`
starting to build console controller and views 2 years ago			`import os`
implement content-security-policy, static assets cache bust, and fix stripe back button ratchet issue because the only way to use stripe checkout is to run their proprietary JS, and we arent using a SPA, naturally what happens is, when you land on the stripe payment page if you hit the back button it goes back to the same page where you got re-directed to stripe. this commit fixes that. 2 years ago			`import hashlib`
got httpclient working, spoke heartbeat is working 2 years ago			`import requests`
don't crash if btcpay key is invalid: log warning msg 1 year ago			`import sys`
postgres automatic schema management roughly working 2 years ago
btcpay generating invoices and payments can be invalidated 2 years ago			`import stripe`
starting to work on stripe 2 years ago			`from dotenv import load_dotenv, find_dotenv`
postgres automatic schema management roughly working 2 years ago			`from flask import Flask`
fix defaults for running locally and make email server not required. 1 year ago			`from flask_mail import Mail, Message`
it sends a magic link when you log in 2 years ago			`from flask import render_template`
implement content-security-policy, static assets cache bust, and fix stripe back button ratchet issue because the only way to use stripe checkout is to run their proprietary JS, and we arent using a SPA, naturally what happens is, when you land on the stripe payment page if you hit the back button it goes back to the same page where you got re-directed to stripe. this commit fixes that. 2 years ago			`from flask import url_for`
			`from flask import current_app`
admin broadcast message feature 4 months ago			`from flask import flash`
fix duplicate broadcast message issue 4 months ago			`from flask import session`
got httpclient working, spoke heartbeat is working 2 years ago			`from apscheduler.schedulers.background import BackgroundScheduler`
starting to build console controller and views 2 years ago
don't crash if btcpay key is invalid: log warning msg 1 year ago
			`from capsulflask.shared import my_exec_info_message`
starting work on hub mode and spoke mode -- implemented hub model 2 years ago			`from capsulflask import hub_model, spoke_model, cli`
improve BTCPay server down detection and handling 6 months ago			`from capsulflask.payment import try_reconnnect_btcpay`
http client class 2 years ago			`from capsulflask.http_client import MyHTTPClient`
postgres automatic schema management roughly working 2 years ago
fix defaults for running locally and make email server not required. 1 year ago			`class StdoutMockFlaskMail:`
			`def send(self, message: Message):`
			`current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")`
got httpclient working, spoke heartbeat is working 2 years ago
starting to work on stripe 2 years ago			`load_dotenv(find_dotenv())`

create capsul and capsuls list page working 2 years ago			`app = Flask(__name__)`
trying to fix logging 2 years ago
create capsul and capsuls list page working 2 years ago			`app.config.from_mapping(`
			`BASE_URL=os.environ.get("BASE_URL", default="http://localhost:5000"),`
			`SECRET_KEY=os.environ.get("SECRET_KEY", default="dev"),`
fix defaults for running locally and make email server not required. 1 year ago			`HUB_MODE_ENABLED=os.environ.get("HUB_MODE_ENABLED", default="True").lower() in ['true', '1', 't', 'y', 'yes'],`
starting work on hub mode and spoke mode -- implemented hub model 2 years ago			`SPOKE_MODE_ENABLED=os.environ.get("SPOKE_MODE_ENABLED", default="True").lower() in ['true', '1', 't', 'y', 'yes'],`
add INTERNAL_HTTP_TIMEOUT_SECONDS option 5min default 2 years ago			`INTERNAL_HTTP_TIMEOUT_SECONDS=os.environ.get("INTERNAL_HTTP_TIMEOUT_SECONDS", default="300"),`
fix defaults for running locally and make email server not required. 1 year ago			`HUB_MODEL=os.environ.get("HUB_MODEL", default="capsul-flask"),`
starting work on hub mode and spoke mode -- implemented hub model 2 years ago			`SPOKE_MODEL=os.environ.get("SPOKE_MODEL", default="mock"),`
trying to fix logging 2 years ago			`LOG_LEVEL=os.environ.get("LOG_LEVEL", default="INFO"),`
more fixing default values for quick start 1 year ago			`SPOKE_HOST_ID=os.environ.get("SPOKE_HOST_ID", default="baikal"),`
			`SPOKE_HOST_TOKEN=os.environ.get("SPOKE_HOST_TOKEN", default="changeme"),`
			`HUB_TOKEN=os.environ.get("HUB_TOKEN", default="changeme"),`
push wip get_all_by_host_and_network 8 months ago			`LIBVIRT_DNSMASQ_PATH=os.environ.get("LIBVIRT_DNSMASQ_PATH", default="/var/lib/libvirt/dnsmasq").rstrip("/"),`


trying to fix logging 2 years ago
add support for postgres sslmode 2 years ago			`# https://www.postgresql.org/docs/9.1/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS`
simplify postgres connection parameters as a single string 2 years ago			`# https://stackoverflow.com/questions/56332906/where-to-put-ssl-certificates-when-trying-to-connect-to-a-remote-database-using`
			`# TLS example: sslmode=verify-full sslrootcert=letsencrypt-root-ca.crt host=db.example.com port=5432 user=postgres password=dev dbname=postgres`
			`POSTGRES_CONNECTION_PARAMETERS=os.environ.get(`
			`"POSTGRES_CONNECTION_PARAMETERS",`
			`default="host=localhost port=5432 user=postgres password=dev dbname=postgres"`
			`),`
add support for postgres sslmode 2 years ago
create capsul and capsuls list page working 2 years ago			`DATABASE_SCHEMA=os.environ.get("DATABASE_SCHEMA", default="public"),`
it sends a magic link when you log in 2 years ago
fix defaults for running locally and make email server not required. 1 year ago			`MAIL_SERVER=os.environ.get("MAIL_SERVER", default=""),`
Correct default email settings 1 year ago			`MAIL_PORT=os.environ.get("MAIL_PORT", default="465"),`
MAIL_USE_TLS=False, MAIL_USE_SSL=True defaults 1 year ago			`MAIL_USE_TLS=os.environ.get("MAIL_USE_TLS", default="False").lower() in ['true', '1', 't', 'y', 'yes'],`
hotfix support MAIL_USE_SSL 1 year ago			`MAIL_USE_SSL=os.environ.get("MAIL_USE_SSL", default="True").lower() in ['true', '1', 't', 'y', 'yes'],`
fix defaults for running locally and make email server not required. 1 year ago			`MAIL_USERNAME=os.environ.get("MAIL_USERNAME", default=""),`
create capsul and capsuls list page working 2 years ago			`MAIL_PASSWORD=os.environ.get("MAIL_PASSWORD", default=""),`
fix defaults for running locally and make email server not required. 1 year ago			`MAIL_DEFAULT_SENDER=os.environ.get("MAIL_DEFAULT_SENDER", default="no-reply@capsul.org"),`
starting work on hub mode and spoke mode -- implemented hub model 2 years ago			`ADMIN_EMAIL_ADDRESSES=os.environ.get("ADMIN_EMAIL_ADDRESSES", default="ops@cyberia.club"),`
more managed ips work: cli sql improvements, added admin panel 1 year ago			`ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=os.environ.get("ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES", default="forest.n.johnson@gmail.com,capsul@cyberia.club"),`
starting to work on stripe 2 years ago
metrics are working!!! 2 years ago			`PROMETHEUS_URL=os.environ.get("PROMETHEUS_URL", default="https://prometheus.cyberia.club"),`

stripe payment processor 2 years ago			`STRIPE_API_VERSION=os.environ.get("STRIPE_API_VERSION", default="2020-03-02"),`
starting to work on stripe 2 years ago			`STRIPE_SECRET_KEY=os.environ.get("STRIPE_SECRET_KEY", default=""),`
added btcpay pairing instructions to readme 2 years ago			`STRIPE_PUBLISHABLE_KEY=os.environ.get("STRIPE_PUBLISHABLE_KEY", default=""),`
stripe payment processor 2 years ago			`#STRIPE_WEBHOOK_SECRET=os.environ.get("STRIPE_WEBHOOK_SECRET", default="")`
added btcpay pairing instructions to readme 2 years ago
support dotenv impls that break on multiline strings 2 years ago			`BTCPAY_PRIVATE_KEY=os.environ.get("BTCPAY_PRIVATE_KEY", default="").replace("\\n", "\n"),`
define BTCPAY_ENABLED based on URL and btcpay key, pass it explicitly 1 year ago			`BTCPAY_URL=os.environ.get("BTCPAY_URL", default="")`
create capsul and capsuls list page working 2 years ago			`)`
postgres automatic schema management roughly working 2 years ago
got httpclient working, spoke heartbeat is working 2 years ago			`app.config['HUB_URL'] = os.environ.get("HUB_URL", default=app.config['BASE_URL'])`

working on cleaning up the logs 2 years ago			`class SetLogLevelToDebugForHeartbeatRelatedMessagesFilter(logging.Filter):`
			`def isHeartbeatRelatedString(self, thing):`
			`# thing_string = "<error>"`
			`is_in_string = False`
			`try:`
			`thing_string = "%s" % thing`
			`is_in_string = 'heartbeat-task' in thing_string or 'hub/heartbeat' in thing_string or 'spoke/heartbeat' in thing_string`
			`except:`
			`pass`
			`# self.warning("isHeartbeatRelatedString(%s): %s", thing_string, is_in_string )`
			`return is_in_string`

			`def filter(self, record):`
			`if app.config['LOG_LEVEL'] == "DEBUG":`
			`return True`

			`if self.isHeartbeatRelatedString(record.msg):`
			`return False`
			`for arg in record.args:`
			`if self.isHeartbeatRelatedString(arg):`
			`return False`

			`return True`

trying to fix logging 2 years ago			`logging_dict_config({`
implement content-security-policy, static assets cache bust, and fix stripe back button ratchet issue because the only way to use stripe checkout is to run their proprietary JS, and we arent using a SPA, naturally what happens is, when you land on the stripe payment page if you hit the back button it goes back to the same page where you got re-directed to stripe. this commit fixes that. 2 years ago			`'version': 1,`
			`'formatters': {'default': {`
			`'format': '[%(asctime)s] %(levelname)s in %(module)s: %(message)s',`
			`}},`
working on cleaning up the logs 2 years ago			`'filters': {`
			`'setLogLevelToDebugForHeartbeatRelatedMessages': {`
			`'()': SetLogLevelToDebugForHeartbeatRelatedMessagesFilter,`
			`}`
			`},`
implement content-security-policy, static assets cache bust, and fix stripe back button ratchet issue because the only way to use stripe checkout is to run their proprietary JS, and we arent using a SPA, naturally what happens is, when you land on the stripe payment page if you hit the back button it goes back to the same page where you got re-directed to stripe. this commit fixes that. 2 years ago			`'handlers': {'wsgi': {`
			`'class': 'logging.StreamHandler',`
			`'stream': 'ext://flask.logging.wsgi_errors_stream',`
working on cleaning up the logs 2 years ago			`'formatter': 'default',`
			`'filters': ['setLogLevelToDebugForHeartbeatRelatedMessages']`
implement content-security-policy, static assets cache bust, and fix stripe back button ratchet issue because the only way to use stripe checkout is to run their proprietary JS, and we arent using a SPA, naturally what happens is, when you land on the stripe payment page if you hit the back button it goes back to the same page where you got re-directed to stripe. this commit fixes that. 2 years ago			`}},`
			`'root': {`
			`'level': app.config['LOG_LEVEL'],`
			`'handlers': ['wsgi']`
			`}`
trying to fix logging 2 years ago			`})`

			`# app.logger.critical("critical")`
			`# app.logger.error("error")`
			`# app.logger.warning("warning")`
			`# app.logger.info("info")`
			`# app.logger.debug("debug")`

stripe payment processor 2 years ago			`stripe.api_key = app.config['STRIPE_SECRET_KEY']`
			`stripe.api_version = app.config['STRIPE_API_VERSION']`

fix defaults for running locally and make email server not required. 1 year ago			`if app.config['MAIL_SERVER'] != "":`
			`app.config['FLASK_MAIL_INSTANCE'] = Mail(app)`
			`else:`
warning -> warn 8 months ago			`app.logger.warn("No MAIL_SERVER configured. capsul will simply print emails to stdout.")`
fix defaults for running locally and make email server not required. 1 year ago			`app.config['FLASK_MAIL_INSTANCE'] = StdoutMockFlaskMail()`

add INTERNAL_HTTP_TIMEOUT_SECONDS option 5min default 2 years ago			`app.config['HTTP_CLIENT'] = MyHTTPClient(timeout_seconds=int(app.config['INTERNAL_HTTP_TIMEOUT_SECONDS']))`
don't crash if btcpay key is invalid 1 year ago
Fix SyntaxWarning on `is not ""` `capsulflask/__init__.py:143: SyntaxWarning: "is not" with a literal. Did you mean "!="?` 1 year ago			`if app.config['BTCPAY_URL'] != "":`
fixing bugs in btcpay server down detection 6 months ago			`try_reconnnect_btcpay(app)`
don't crash if btcpay key is invalid 1 year ago
more managed ips work: cli sql improvements, added admin panel 1 year ago			`# only start the scheduler and attempt to migrate the database if we are running the app.`
			`# otherwise we are running a CLI command.`
			`command_line = ' '.join(sys.argv)`
			`is_running_server = ('flask run' in command_line) or ('gunicorn' in command_line)`

			`app.logger.info(f"is_running_server: {is_running_server}")`
it sends a magic link when you log in 2 years ago
starting work on hub mode and spoke mode -- implemented hub model 2 years ago			`if app.config['HUB_MODE_ENABLED']:`

			`if app.config['HUB_MODEL'] == "capsul-flask":`
			`app.config['HUB_MODEL'] = hub_model.CapsulFlaskHub()`
got httpclient working, spoke heartbeat is working 2 years ago
			`# debug mode (flask reloader) runs two copies of the app. When running in debug mode,`
			`# we only want to start the scheduler one time.`
more managed ips work: cli sql improvements, added admin panel 1 year ago			`if is_running_server and (not app.debug or os.environ.get('WERKZEUG_RUN_MAIN') == 'true'):`
got httpclient working, spoke heartbeat is working 2 years ago			`scheduler = BackgroundScheduler()`
			`heartbeat_task_url = f"{app.config['HUB_URL']}/hub/heartbeat-task"`
			`heartbeat_task_headers = {'Authorization': f"Bearer {app.config['HUB_TOKEN']}"}`
			`heartbeat_task = lambda: requests.post(heartbeat_task_url, headers=heartbeat_task_headers)`
working on cleaning up the logs 2 years ago			`scheduler.add_job(name="heartbeat-task", func=heartbeat_task, trigger="interval", seconds=5)`
got httpclient working, spoke heartbeat is working 2 years ago			`scheduler.start()`

			`atexit.register(lambda: scheduler.shutdown())`

starting work on hub mode and spoke mode -- implemented hub model 2 years ago			`else:`
			`app.config['HUB_MODEL'] = hub_model.MockHub()`
more managed ips work: cli sql improvements, added admin panel 1 year ago
starting work on hub mode and spoke mode -- implemented hub model 2 years ago			`from capsulflask import db`
more managed ips work: cli sql improvements, added admin panel 1 year ago			`db.init_app(app, is_running_server)`
starting work on hub mode and spoke mode -- implemented hub model 2 years ago
more managed ips work: cli sql improvements, added admin panel 1 year ago			`from capsulflask import auth, landing, console, payment, metrics, cli, hub_api, admin`
starting work on hub mode and spoke mode -- implemented hub model 2 years ago
			`app.register_blueprint(landing.bp)`
			`app.register_blueprint(auth.bp)`
			`app.register_blueprint(console.bp)`
			`app.register_blueprint(payment.bp)`
			`app.register_blueprint(metrics.bp)`
			`app.register_blueprint(cli.bp)`
			`app.register_blueprint(hub_api.bp)`
more managed ips work: cli sql improvements, added admin panel 1 year ago			`app.register_blueprint(admin.bp)`
starting work on hub mode and spoke mode -- implemented hub model 2 years ago
			`app.add_url_rule("/", endpoint="index")`
postgres automatic schema management roughly working 2 years ago
got httpclient working, spoke heartbeat is working 2 years ago

starting work on hub mode and spoke mode -- implemented hub model 2 years ago			`if app.config['SPOKE_MODE_ENABLED']:`
postgres automatic schema management roughly working 2 years ago
starting work on hub mode and spoke mode -- implemented hub model 2 years ago			`if app.config['SPOKE_MODEL'] == "shell-scripts":`
			`app.config['SPOKE_MODEL'] = spoke_model.ShellScriptSpoke()`
			`else:`
			`app.config['SPOKE_MODEL'] = spoke_model.MockSpoke()`
postgres automatic schema management roughly working 2 years ago
starting work on hub mode and spoke mode -- implemented hub model 2 years ago			`from capsulflask import spoke_api`
postgres automatic schema management roughly working 2 years ago
starting work on hub mode and spoke mode -- implemented hub model 2 years ago			`app.register_blueprint(spoke_api.bp)`
it sends a magic link when you log in 2 years ago
implement content-security-policy, static assets cache bust, and fix stripe back button ratchet issue because the only way to use stripe checkout is to run their proprietary JS, and we arent using a SPA, naturally what happens is, when you land on the stripe payment page if you hit the back button it goes back to the same page where you got re-directed to stripe. this commit fixes that. 2 years ago			`@app.after_request`
			`def security_headers(response):`
			`response.headers['X-Frame-Options'] = 'SAMEORIGIN'`
			`if 'Content-Security-Policy' not in response.headers:`
			`response.headers['Content-Security-Policy'] = "default-src 'self'"`
			`response.headers['X-Content-Type-Options'] = 'nosniff'`
admin broadcast message feature 4 months ago
			`if current_app.config['BROADCAST_BANNER_MESSAGE'] is not None and current_app.config['BROADCAST_BANNER_MESSAGE'] != "":`
fix duplicate broadcast message issue 4 months ago			`for t in session.get("_flashes", []):`
			`if t is not None and t[1] == current_app.config['BROADCAST_BANNER_MESSAGE']:`
			`return response`

admin broadcast message feature 4 months ago			`flash(current_app.config['BROADCAST_BANNER_MESSAGE'])`

implement content-security-policy, static assets cache bust, and fix stripe back button ratchet issue because the only way to use stripe checkout is to run their proprietary JS, and we arent using a SPA, naturally what happens is, when you land on the stripe payment page if you hit the back button it goes back to the same page where you got re-directed to stripe. this commit fixes that. 2 years ago			`return response`


			`@app.context_processor`
			`def override_url_for():`
			`"""`
			`override the url_for function built into flask`
			`with our own custom implementation that busts the cache correctly when files change`
			`"""`
			`return dict(url_for=url_for_with_cache_bust)`


			`def url_for_with_cache_bust(endpoint, **values):`
			`"""`
			`Add a query parameter based on the hash of the file, this acts as a cache bust`
			`"""`

			`if endpoint == 'static':`
			`filename = values.get('filename', None)`
			`if filename:`
			`if 'STATIC_FILE_HASH_CACHE' not in current_app.config:`
			`current_app.config['STATIC_FILE_HASH_CACHE'] = dict()`

			`if filename not in current_app.config['STATIC_FILE_HASH_CACHE']:`
			`filepath = os.path.join(current_app.root_path, endpoint, filename)`
			`#print(filepath)`
			`if os.path.isfile(filepath) and os.access(filepath, os.R_OK):`

			`with open(filepath, 'rb') as file:`
			`hasher = hashlib.md5()`
			`hasher.update(file.read())`
			`current_app.config['STATIC_FILE_HASH_CACHE'][filename] = hasher.hexdigest()[-6:]`

			`values['q'] = current_app.config['STATIC_FILE_HASH_CACHE'][filename]`

			`return url_for(endpoint, **values)`