The cryptography package was getting old, and since Flamenco is going to
issue JWT tokens soon, I wanted to be up to date with security fixes.
Also requires updating pillar-python-sdk.
project.
Javascript tutti.js and timeline.js is needed, and then the following to
init the timeline:
$('.timeline')
.timeline({
url: '/api/timeline'
});
# Javascript Notes:
## ES6 transpile:
* Files in src/scripts/js/es6/common will be transpiled from
modern es6 js to old es5 js, and then added to tutti.js
* Files in src/scripts/js/es6/individual will be transpiled from
modern es6 js to old es5 js to individual module files
## JS Testing
* Added the Jest test framework to write javascript tests.
* `npm test` will run all the javascript tests
Thanks to Sybren for reviewing
Added shortcodes 2.5.0 as dependency; Earlier versions corrupted
non-ASCII characters, see
https://github.com/dmulholland/shortcodes/issues/6
The rendered elements have a `shortcode` CSS class.
The YouTube shortcode supports various ways to refer to a video:
- `{youtube VideoID}`
- `{youtube youtube.com or youtu.be URL}`
URLs containing an '=' should be quoted, or otherwise the shortcodes
library will parse it as "key=value" pair.
The IFrame shortcode supports the `cap` and `nocap` attributes. `cap`
indicates the required capability the user should have in order to
render the tag. If `nocap` is given, its contents are shown as a message
to users who do not have this tag; without it, the iframe is silently
hidden.
`{iframe src='https://source' cap='subscriber' nocap='Subscribe to view'}`
Merged test code + added HTML class for shortcode iframes
By default CSRF protection is disabled for all views, since most
web endpoints and all API endpoints do not need it.
On the views that require it, we use the
current_app.csrf.protect() method.
This is done via coercion rules. To cache the field 'content' in the
database, include this in your Eve schema:
{'content': {'type': 'string', 'coerce': 'markdown'},
'_content_html': {'type': 'string'}}
The `_content_html` field will be filled automatically when saving the
document via Eve.
To display the cached HTML, and fall back to display-time rendering if it
is not there, use `{{ document | markdowned('content') }}` in your template.
Still needs unit testing, a CLI command for regenerating the caches, and
a CLI command for migrating the node type definitions in existing projects.
We can now store IP ranges with Organizations. The aim is to have any user
logging in with a remote IP address within such a race will get the
organization roles assigned to the user object stored in the Flask session.
This commit just contains the MongoDB storage and querying, and not yet the
updates to the user.
Note that pillar/bugsnag_extra.py still exists; I'm keeping it around for
a while until we know what info we miss in Sentry, can port it, and then
remove/refactor it.
I hope this fixes this error; I no longer see it locally:
Traceback (most recent call last):
File "/data/git/blender-cloud/runserver.wsgi", line 16, in <module>
application = PillarServer(my_path)
File "/data/git/pillar/pillar/__init__.py", line 96, in __init__
self._config_bugsnag()
File "/data/git/pillar/pillar/__init__.py", line 191, in _config_bugsnag
handle_exceptions(self)
File "/opt/python/lib/python3.6/site-packages/bugsnag/flask/__init__.py", line 27, in handle_exceptions
got_request_exception.connect(__log_exception, app)
File "/opt/python/lib/python3.6/site-packages/blinker/base.py", line 130, in connect
sender_ref = reference(sender, self._cleanup_sender)
File "/opt/python/lib/python3.6/site-packages/blinker/_utilities.py", line 134, in reference
weak = callable_reference(object, callback)
File "/opt/python/lib/python3.6/site-packages/blinker/_utilities.py", line 145, in callable_reference
return BoundMethodWeakref(target=object, on_delete=callback)
File "/opt/python/lib/python3.6/site-packages/blinker/_saferef.py", line 135, in __new__
key = cls.calculate_key(target)
File "/opt/python/lib/python3.6/site-packages/blinker/_saferef.py", line 196, in calculate_key
return (id(get_self(target)), id(get_func(target)))
File "/opt/python/lib/python3.6/site-packages/events/events.py", line 41, in __getattr__
(self.__class__.__name__, name))
AttributeError: type object 'PillarServer' has no attribute '__self__'
User experience
===============
For users it means we can provide localized web-sites to enrich their
overall experiences.
Although for the Blender Cloud this doesn't make much sense (since the
content is in English), Flamenco and Attract can really benefit from
this.
New configuration settings
==========================
There are two new parameters in config.py:
* DEFAULT_LOCALE='en_US'
* SUPPORT_ENGLISH=True
They are both properly documented in the `config.py` file.
Technicall details
==================
We are using the 'Accept-Languages' header to match the
available translations with the user supported languages.
If an extension has a `translations` folder, it's used for translations.
However the main application (e.g., Blender Cloud) is the one that
determines the supported languages based on its `languages` folder.
How to mark strings for translation
===================================
See the documentation in README.md.
But as an example, 404.pug and pillar/__init__.py::handle_sdk_resource_invalid
have marked up strings that will be extracted once you install pillar,
or run any of the translations commangs.
Remember to **gulp** after you update the template files.
How to setup translations
=========================
You will need to create translation for the main project, and for each
extension that you want to see translated. I added a new entry-point to
the installation of Pillar.
So all you need is to use the `translations`
script to initialize, update and compile your translations.
Pending tasks
=============
Aside from marking more strings for extraction and start the translation
effort it would be interesting to replace the pretty_date routine with
momentjs.
Acknowledgement
===============
Many thanks for Sybren Stüvel for the suggestions and throughout code
review. Thanks also to Francesco Siddi for the original documentation
and suggesting me to tackle this. And Kudos for Pablo Vazquez for the
motivational support and for the upcoming "strings mark up" task force!
The core of the implementation is based on Miguel Grinberg i18n chapter
of his great 'The Mega Flask Tutorial'.
Reviewers: sybren
Differential Revision: https://developer.blender.org/D2826
Eve expects 'flask>=0.10.1,<=0.12' so we can't use flask==0.12.2 in
pillar for now.
This needs to be fixed upstream (eve), but for now `python setup.py
install`.
The implementation is still rather simple, using hard-coded configuration
values. This will change in subsequent commits.
The worker can be started with "manage.py operations worker". Celery
Worker CLI options can be passed after a double dash, like this:
./manage.py operations worker -- -C -E
Switched from Sybren's RSA library to the new stdlib module 'secrets' to
generate secret tokens. This also means that the rsa library was demoted
to secondary requirement.
Some packages had to be removed; they are deployment-specific anyway,
and may not even be needed any more.
I've also added some secondary requirements that weren't specified yet.
The next steps will be to split into runtime and development requirements.
- Comments are stored in HTML as well as Markdown, so that conversion
only happens when saving (rather than when viewing).
- Added 'markdown' Jinja filter for easy development. This is quite
a heavy filter, so it shouldn't be used (much) in production.
- Added CLI command to update schemas on existing node types.
A POST will create a short link (if it doesn't exist already), whereas
a GET will return the short link for the node.
The endpoint will return a dict like:
{'short_code': 'XXXXXX',
'short_link': 'https://blender.cloud/r/XXXXX',
'theatre_link': 'https://blender.cloud/r/XXXXX?t'}
