import sqlahelper
from pyramid_beaker import set_cache_regions_from_settings
+from pyramid.authentication import AuthTktAuthenticationPolicy
from pyramid.config import Configurator
from pyramid.httpexceptions import HTTPNotFound
from pyramid.renderers import JSONP
from sqlalchemy import engine_from_config
from xonstat.models import initialize_db
from xonstat.views import *
+from xonstat.security import *
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
# set up beaker cache
set_cache_regions_from_settings(settings)
- config = Configurator(settings=settings)
+ config = Configurator(settings=settings, root_factory=ACLFactory)
+ # mako for templating
+ config.include('pyramid_mako')
+
+ # Mozilla Persona as the login verifier. It defines default
+ # authentication and authorization policies.
+ config.include('pyramid_persona')
+
+ # override the authn policy to provide a callback
+ secret = settings.get('persona.secret', None)
+ authn_policy = AuthTktAuthenticationPolicy(secret, callback=groupfinder, hashalg='sha512')
+ config.set_authentication_policy(authn_policy)
+
+ # for json-encoded responses
config.add_renderer('jsonp', JSONP(param_name='callback'))
# for static assets
config.add_static_view('static', 'xonstat:static')
+ # robots
+ config.add_route("robots", "robots.txt")
+ config.add_view(robots, route_name="robots")
+
# for 404s
config.add_view(notfound, context=HTTPNotFound, renderer="404.mako")
config.add_route("search_json", "search.json")
config.add_view(search_json, route_name="search_json", renderer="jsonp")
+ # ADMIN ROUTES
+ config.add_forbidden_view(forbidden, renderer="forbidden.mako")
+
+ config.add_route("login", "/login")
+ config.add_view(login, route_name="login", check_csrf=True, renderer="json")
+
+ config.add_route("merge", "/admin/merge")
+ config.add_view(merge, route_name="merge", renderer="merge.mako", permission="merge")
+
return config.make_wsgi_app()