GAE Application app.yaml VS .htaccess - .htaccess

How to Write a app yaml looks like htacess below
RewriteEngine on
# To append a query string part in the substitution string
RewriteRule ^([0-9a-z_/\-]+)/$ index.php\?p=$1 [QSA]
RewriteRule ^([0-9a-z_/\-]+)$ index.php\?p=$1 [QSA]
im doing so at app yaml for GAE Application was fail

as Dan mentioned, you will not be able to handle this all in the yaml, and will need to to handle the logic yourself, we do a simular thing in one of our project and will outline below our solution.
Our scenario is handling the old website article's URL structure, and trying to redirect them to the new URL structure.
In our yaml we register the pattern that we are looking to match on and direct it to a file where we will do the handling :
- url: (/.*/[0-9]{4}/[0-9]{2}/[0-9]{2}/.*) (Pattern to match on)
script: publication.custom.redirector.app (Path to your .py that will have your handling in)
In our .py file we will catch that pattern and route it to our DefaultHandler that can then do any logic you need and redirect out:
( in our project this goes to /publication/custom/redirector.py )
import request
import settings
import re
class DefaultHandler(request.handler):
def get(self, pre, year, month, day, post):
post = re.sub('(.*[^0-9])[\d]{1}$', r'\1', post)
post = re.sub('[^0-9a-zA-Z-_\/]+', '', post)
path = post.split("/")[-1]
slug = "{0}-{1}-{2}-{3}".format(year, month, day, path)
article = self.context.call('pub/articles/get', slug=slug.lower())
if article:
self.redirect(article['pub_url'], permanent=True)
else:
self.render("pages/page-not-found/page-not-found.html")
app = request.app([
('/(.*)/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*)', DefaultHandler)
], settings.gaext.config)
Hope this helps

The GAE app.yaml doesn't have a URL rewrite capability, it just parses the incoming request URL for request routing purposes, to determine which handlers to invoke.
One could maybe argue that the static_file handlers configuration has a somewhat similar capability, but it is only applicable to the static assets.
For the dynamic handlers you'd need to take care of such "rewrite" inside your app code. I'm quoting "rewrite" here as technically it's just a different way of parsing/interpreting the request URL inside your app code - the original, unchanged request URL will still be the one recorded by the GAE infra.

Related

I want to create a call back url using flask api

1)Geting error 404 The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.
2)Unable to call data user wise as I have 25 user want to call data for single user
conn = pymysql.connect(host=None, user='root', passwd=None, db='db1')
heart_data = pd.read_sql('select * from heart',con = conn)
app = Flask(__name__)
#app.route('/HRV/<userid>/',methods = ['GET'])
def HRV(userid):
db = heart_data[heart_data['userId'] == userid]
return(db)`
if __name__ == "__main__":
`app.run(debug=True)`
Try to remove the trailing slash.
For exzample you have the following code:
#app.route('/projects/')
def projects():
return 'The project page'
#app.route('/about')
def about():
return 'The about page'
The canonical URL for the projects endpoint has a trailing slash. It’s similar to a folder in a file system. If you access the URL without a trailing slash, Flask redirects you to the canonical URL with the trailing slash.
The canonical URL for the about endpoint does not have a trailing slash. It’s similar to the pathname of a file. Accessing the URL with a trailing slash produces a 404 “Not Found” error. This helps keep URLs unique for these resources, which helps search engines avoid indexing the same page twice.
Detail info see Unique URLs / Redirection Behavior — Flask 1.0.2 documentation

Retrofit2 request paths not working as expected

I have this Retrofit2 service definition:
#GET("/samples/{sampleId}")
Observable<Sample> getSampleById(#Path("sampleId") String sampleId);
and the base URL is http://xxx.xxx.xxx.xxx:8080/sampledb/. I doesn't work. I get 404
However, if I use as base URL this one: http://xxx.xxx.xxx.xxx:8080/ and I define the service this way:
#GET("/sampledb/samples/{sampleId}")
it works properly. Why? I don't want to put sampledb prefix in every request definition.
Retrofit 2.0 comes with new URL resolving concept. Base URL and #Url have not just simply been combined together but have been resolved the same way as what ahref in HTML does instead
Take a look at the image
Base URL: always ends with /
#Url: DO NOT start with /
For more info refer this blog
Try to remove the "/" from your GET annotation: #GET("samples/{sampleId}")

Python Requests: Use * as wildcard part of URL

Let's say I want to get a zip file (and then extract it) from a specific URL.
I want to be able to use a wildcard character in the URL like this:
https://www.urlgoeshere.domain/+*+-one.zip
instead of this:
https://www.urlgoeshere.domain/two-one.zip
Here's an example of the code I'm using (URL is contrived):
import requests, zipfile, io
year='2016'
monthnum='01'
month='Jan'
zip_file_url='https://www.urlgoeshere.domain/two-one.zip'
r = requests.get(zip_file_url, stream=True)
z = zipfile.ZipFile(io.BytesIO(r.content))
z.extractall()
Thanks in advance!
HTTP does not work that way. You must use the exact URL in order to request a page from the server.
I'm not sure if this helps you, but Flask has a feature that works similarly to what you require. Here's a working example:
#app.route('/categories/<int:category_id>')
def categoryDisplay(category_id):
''' Display a category's items
'''
# Get category and it's items via queries on session
category =session.query(Category).filter_by(id=category_id).one()
items = session.query(Item).filter_by(category_id=category.id)
# Display items using Flask HTML Templates
return render_template('category.html', category=category, items=items,
editItem=editItem, deleteItem=deleteItem, logged_in = check_logged_in())
the route decorator tells the web server to call that method when a url like */categories/(1/2/3/4/232...) is accessed. I'm not sure but I think you could do the same with the name of your zip as a String. See here (project.py) for more details.

Avoiding repetition with Flask - but is it too DRY?

Let us assume I serve data to colleagues in-office with a small Flask app, and let us also assume that it is a project I am not explicitly 'paid to do' so I don't have all the time in the world to write code.
It has occurred to me in my experimentation with pet projects at home that instead of decorating every last route with #app.route('/some/local/page') that I can do the following:
from flask import Flask, render_template, url_for, redirect, abort
from collections import OrderedDict
goodURLS = OrderedDict([('/index','Home'), ##can be passed to the template
('/about', 'About'), ##to create the navigation bar
('/foo', 'Foo'),
('/bar', 'Bar'), ##hence the use of OrderedDict
('/eggs', 'Eggs'), ##to have a set order for that navibar
('/spam', 'Spam')])
app = Flask(__name__)
#app.route('/<destination>')
def goThere(destination):
availableRoutes = goodURLS.keys():
if "/" + destination in availableRoutes:
return render_template('/%s.html' % destination, goodURLS=goodURLS)
else:
abort(404)
#app.errorhandler(404)
def notFound(e):
return render_template('/notFound.html'), 404
Now all I need to do is update my one list, and both my navigation bar and route handling function are lock-step.
Alternatively, I've written a method to determine the viable file locations by using os.walk in conjunction with file.endswith('.aGivenFileExtension') to locate every file which I mean to make accessible. The user's request can then be compared against the list this function returns (which obviously changes the serveTheUser() function.
from os import path, walk
def fileFinder(directory, extension=".html"):
"""Returns a list of files with a given file extension at a given path.
By default .html files are returned.
"""
foundFilesList = []
if path.exists(directory):
for p, d, files in walk(directory):
for file in files:
if file.endswith(extension):
foundFilesList.append(file)
return foundFilesList
goodRoutes = fileFinder('./templates/someFolderWithGoodRoutes/')
The question is, Is This Bad?
There are many aspects of Flask I'm just not using (mainly because I haven't needed to know about them yet) - so maybe this is actually limiting, or redundant when compared against a built-in feature of Flask. Does my lack of explicitly decorating each route rob me of a great feature of Flask?
Additionally, is either of these methods more or less safe than the other? I really don't know much about web security - and like I said, right now this is all in-office stuff, the security of my data is assured by our IT professional and there are no incoming requests from outside the office - but in a real-world setting, would either of these be detrimental? In particular, if I am using the backend to os.walk a location on the server's local disk, I'm not asking to have it abused by some ne'er-do-well am I?
EDIT: I've offered this as a bounty, because if it is not a safe or constructive practice I'd like to avoid using it for things that I'd want to like push to Heroku or just in general publicly serve for family, etc. It just seems like decorating every viable route with app.route is a waste of time.
There isn't anything really wrong with your solution, in my opinion. The problem is that with this kind of setup the things you can do are pretty limited.
I'm not sure if you simplified your code to show here, but if all you are doing in your view function is to gather some data and then select one of a few templates to render it then you might as well render the whole thing in a single page and maybe use a Javascript tab control to divide it up in sections on the client.
If each template requires different data, then the logic that obtains and processes the data for each template will have to be in your view function, and that is going to look pretty messy because you'll have a long chain of if statements to handle each template. Between that and separate view functions per template I think the latter will be quicker, even more so if you also consider the maintenance effort.
Update: based on the conversion in the comments I stand by my answer, with some minor reservations.
I think your solution works and has no major problems. I don't see a security risk because you are validating the input that comes from the client before you use it.
You are just using Flask to serve files that can be considered static if you ignore the navigation bar at the top. You should consider compiling the Flask app into a set of static files using an extension like Frozen-Flask, then you just host the compiled files with a regular web server. And when you need to add/remove routes you can modify the Flask app and compile it again.
Another thought is that your Flask app structure will not scale well if you need to add server-side logic. Right now you don't have any logic in the server, everything is handled by jQuery in the browser, so having a single view function works just fine. If at some point you need to add server logic for these pages then you will find that this structure isn't convenient.
I hope this helps.
I assume based on your code that all the routes have a corresponding template file of the same name (destination to destination.html) and that the goodURL menu bar is changed manually. An easier method would be to try to render the template at request and return your 404 page if it doesn't exist.
from jinja2 import TemplateNotFound
from werkzeug import secure_filename
....
#app.route('/<destination>')
def goThere(destination):
destTemplate = secure_filename("%s.html" % destination)
try:
return render_template(destTemplate, goodURLS=goodURLS)
except TemplateNotFound:
abort(404)
#app.errorhandler(404)
def notFound(e):
return render_template('/notFound.html'), 404
This is adapted from the answer to Stackoverflow: How do I create a 404 page?.
Edit: Updated to make use of Werkzeug's secure_filename to clean user input.

HTACCESS - Block everything but specified SEO friendly URL

I haven't found all the answer to my current problem.
Here is the root of the site:
cache
img
display.php
admin.php
What I need is to block all the direct access of the files and allow only access via url formatted like that:
1 ht*p://sub.domain.com/image/param/size/folder/img.jpg (param, size, folder, img are parameters)
2 ht*p://sub.domain.com/action/param1/param2/ (param1, param2 are parameters)
1 would point to display.php with the correct parameters
2 would point to admin.php with the correct parameters
Every other access must be 404 (at best) or 403
my rules are (the htaccess is in ht*p://sub.domain.com/):
RewriteRule ^image/([^/]+)/([0-9]+)/([^/]+)/([^/]+)\.jpg display.php?param=$1&size=$2&folder=$3&img=$4 [L]
RewriteRule ^action/([^/]+)/([^/]+) admin.php?action=$1&param=$2 [L]
Those rules work as I want to but I am stuck on how to block any access that does not come from those URL!
Also (as a bonus) I would like to be able to use the same htaccess on diferrent web address without having to change this file.
Thanks in advance
Have you try moving the image out of the public folder and use php to call the image in?
For the PHP files you can use the switch statement (http://www.php.net/switch).
For the admin.php file you can do something like:
$get_action = $_GET['action'];
switch ($get_action) {
case "edit":
case "view":
case "delete":
case "add":
//Continue loading the page
break;
default:
header('HTTP/1.1 403 Forbidden');
die();
}
Note: I don't know how your code looks or works, but you can have an idea base on the code I added.

Resources