Flask-AppBuilder/flask_appbuilder/utils/base.py at 48cb4d93b2b5ef4a43c91db8e702f9b2a60fbbfa · dpgaspar/Flask-AppBuilder · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
from fnmatch import fnmatch
import logging
from typing import Any, Callable
import unicodedata
from urllib.parse import urlparse

from flask import current_app, request
from flask_babel import gettext
from flask_babel.speaklater import LazyString


log = logging.getLogger(__name__)


def is_safe_redirect_url(url: str) -> bool:
    if url.startswith("///"):
        return False
    try:
        url_info = urlparse(url)
    except ValueError:
        return False
    if not url_info.netloc and url_info.scheme:
        return False
    if unicodedata.category(url[0])[0] == "C":
        return False
    scheme = url_info.scheme
    # Consider URLs without a scheme (e.g. //example.com/p) to be http.
    if not url_info.scheme and url_info.netloc:
        scheme = "http"
    valid_schemes = ["http", "https"]

    safe_hosts = current_app.config.get("FAB_SAFE_REDIRECT_HOSTS", [])
    if not safe_hosts:
        safe_hosts = [urlparse(request.host_url).netloc]

    is_host_allowed = not url_info.netloc or any(
        fnmatch(url_info.netloc, pattern) for pattern in safe_hosts
    )

    return is_host_allowed and (not scheme or scheme in valid_schemes)


def get_safe_redirect(url):
    if url and is_safe_redirect_url(url):
        return url
    log.warning("Invalid redirect detected, falling back to index")
    return current_app.appbuilder.get_url_for_index


def get_column_root_relation(column: str) -> str:
    if "." in column:
        return column.split(".")[0]
    return column


def get_column_leaf(column: str) -> str:
    if "." in column:
        return column.split(".")[1]
    return column


def is_column_dotted(column: str) -> bool:
    return "." in column


def _wrap_lazy_formatter_gettext(
    string: str, lazy_formater: Callable[[str], str], **variables: Any
) -> str:
    return gettext(lazy_formater(string), **variables)


def lazy_formatter_gettext(
    string: str, lazy_formatter: Callable[[str], str], **variables: Any
) -> LazyString:
    """Formats a lazy_gettext string with a custom function

    Example::

        def custom_formatter(string: str) -> str:
            if current_app.config["CONDITIONAL_KEY"]:
                string += " . Condition key is on"
            return string

        hello = lazy_formatter_gettext(u'Hello World', custom_formatter)

        @app.route('/')
        def index():
            return unicode(hello)
    """
    return LazyString(_wrap_lazy_formatter_gettext, string, lazy_formatter, **variables)