The official Blender Extensions platform. https://extensions.blender.org
Go to file
Anna Sirota 1ede405212 Files: use clamd socket directly when scanning
Calling `clamdscan` from inside the process of background tasks service
unit failed with an obscure apparmor error:

     apparmor="DENIED" operation="getattr" info="Failed name lookup - disconnected path"
     error=-13 profile="/usr/sbin/clamd" name="var/www/../media/...zip"

This has something to do with systemd sandboxing options used
in the service unit (without them it does work):

    PrivateTmp=true
    ProtectHome=true
    ProtectSystem=full

To avoid having to relax those, this sends the scan command and streams
the file content directly to clamd socket instead of doing any
forks/execs inside the sandboxed process.
2024-04-15 12:26:46 +02:00
abuse Fix 403 error on clicking "report abuse" twice (#46) 2024-04-04 18:44:45 +02:00
access Initial models, tests and other boilerplate 2022-08-25 17:37:48 +02:00
assets_shared@9d428a82a5 Update web-assets 2024-03-11 16:50:52 +01:00
blender_extensions Files: reuse the same MIME-type validation logic for ZIPs 2024-04-05 19:15:53 +02:00
common Remove unused utility copy-pasta 2024-04-12 17:54:02 +02:00
constants Extra validation of the uploaded ZIP (#73) 2024-04-11 12:32:47 +02:00
emails Add emails app 2024-02-24 00:31:00 +01:00
extensions Scan files with clamdscan (#77) 2024-04-12 19:11:28 +02:00
files Files: use clamd socket directly when scanning 2024-04-15 12:26:46 +02:00
playbooks Files: use clamd socket directly when scanning 2024-04-15 12:26:46 +02:00
public/media Blender Kitsu: Updated manifest 2024-02-02 09:50:05 +01:00
ratings Fix typo in template 2024-03-11 10:59:09 +01:00
releases Releases: Make 4.3 deactive by default 2024-02-18 15:52:16 +01:00
reviewers Scan files with clamdscan (#77) 2024-04-12 19:11:28 +02:00
stats Tags: Make tags dependent on type, and remove taggit 2024-02-29 15:52:47 +01:00
teams Admin: Improve Teams admin 2024-03-05 19:05:47 +01:00
users Ratings: Rename review template and layout adjustments 2024-03-05 14:33:45 +01:00
.eslintignore Initial models, tests and other boilerplate 2022-08-25 17:37:48 +02:00
.eslintrc.js Initial models, tests and other boilerplate 2022-08-25 17:37:48 +02:00
.gitignore Playbooks: prepare production 2022-11-03 14:58:52 +01:00
.gitmodules Fix .gitmodules (remove git://) 2023-12-14 18:16:19 +01:00
.pre-commit-config.yaml Revert "Run API schema update as part of the pre-commit hook" 2024-02-20 19:25:56 +01:00
deploy.sh Make deploy.sh support extra arguments --check --diff 2024-02-29 18:14:52 +01:00
logo-source.svg Initial models, tests and other boilerplate 2022-08-25 17:37:48 +02:00
manage.py Initial models, tests and other boilerplate 2022-08-25 17:37:48 +02:00
pyproject.toml Initial models, tests and other boilerplate 2022-08-25 17:37:48 +02:00
README.md Docs: update notes on Blender ID webhook 2024-04-04 11:32:48 +02:00
requirements_dev.txt Debug toolbar: fix 404 by adding debug_toolbar.urls before flatpages 2024-04-04 11:05:46 +02:00
requirements_prod.txt Separate production-only deps (#16) 2024-02-06 10:29:15 +01:00
requirements.txt Files: use clamd socket directly when scanning 2024-04-15 12:26:46 +02:00
setup.cfg PEP: flake8 no longer supports inline comments in setup.cfg 2024-04-04 12:04:44 +02:00
utils.py Extension slug: generated like Django's slugs, but without underscores 2024-04-11 17:21:17 +02:00

blender-extensions-logo

Blender Extensions

Blender Extensions platform, heavily inspired by Mozilla's https://github.com/mozilla/addons-server.

Requirements

  • Python 3.10

Development

Extra requirements

  • virtualenv

Setup

Checkout Blender Web Assets submodule first:

git submodule update --init --recursive

Create and activate a virtual environment using your favourite method, e.g.

virtualenv .venv -p python
source .venv/bin/activate

Install required packages:

pip install -r requirements_dev.txt

Create the database tables and load some basic data to work with using the following commands:

./manage.py migrate
./manage.py loaddata **/fixtures/*.json

It's also possible to generate fake add-on data using the following command:

./manage.py generate_fake_data

Run development server

./manage.py runserver 8111

Update /etc/hosts to point to extensions.local, e.g.:

127.0.0.1	extensions.local

Now http://extensions.local:8111 should be ready to work with and it should be possible to log into http://extensions.local:8111/admin/ with admin/admin.

Blender ID

Blender Extensions, as all other Blender web services, uses Blender ID. Blender Extensions can also receive Blender ID account modifications such as badge updates via a webhook.

For development, Blender ID's code contains a fixture with an OAuth app and a webhook that should work without any changes to default configuration. To load this fixture, go to your development Blender ID and run the following:

./manage.py loaddata blender_extensions_devserver

N.B.: the webhook view delegates the actual updating of the user profile to a background task, so in order to see the updates locally, start the processing of tasks using the following:

./manage.py process_tasks

Blender ID and staging/production

For staging/production, create an OAuth2 application in Blender ID using Admin Blender-ID OAuth2 applications -> Add:

  • Redirect URIs: https://staging.extensions.blender.org/oauth/authorized (https://extensions.blender.org for production);
  • Client type: "Confidential";
  • Authorization grant type: "Authorization code";
  • Name: "Blender Extensions Staging" (or "Blender Extensions" for production);

Copy client ID and secret and save them as BID_OAUTH_CLIENT and BID_OAUTH_SECRET into a .env file:

export BID_OAUTH_CLIENT=<CLIENT ID HERE>
export BID_OAUTH_SECRET=<SECRET HERE>

Create a webhook using Admin Blender-ID API Webhooks > Add:

  • Name: "Blender Extensions Staging" (or "Blender Extensions" for production)";
  • URL: https://staging.extensions.blender.org/webhooks/user-modified/ (or https://extensions.blender.org/webhooks/user-modified/ for production);
  • App: choose the app created in the previous step;

Copy webhook's secret into the .env file as BID_WEBHOOK_USER_MODIFIED_SECRET:

export BID_WEBHOOK_USER_MODIFIED_SECRET=<WEBHOOK SECRET HERE>

Pre-commit hooks

Make sure to enable pre-commit hooks after installing requirements from requirements_dev.txt:

pre-commit install

This will enable formatting pre-commit checks for Django templates, Python and JS modules.

Testing

To simply run the test suit use

./manage.py test

To run tests and generate a coverage report use

coverage run manage.py test && coverage html

and then open htmlcov/index.html with your favourite browser.

Deploy

See playbooks.

Feature Flags

At the moment there are the following feature flags:

  • is_alpha
  • is_beta

To create them run

./manage.py waffle_switch --create is_alpha on

./manage.py waffle_switch --create is_beta off

They can optionally be setup on the deployment platform to set the release stage of the site. These settings will be removed once the site is officially launched.