minor fixes

P-T-I · Jul 19, 2022 · a8d5852 · a8d5852
1 parent 4d5d732
commit a8d5852
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 13 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-2.1
+2.2
diff --git a/spectacles/webapp/VERSION b/spectacles/webapp/VERSION
@@ -1 +1 @@
-2.1
+2.2
diff --git a/spectacles/webapp/config.py b/spectacles/webapp/config.py
@@ -18,12 +18,14 @@ class Config(object):
 
     SECRET_KEY = os.getenv("SECRET_KEY", str(random.getrandbits(256)))
 
-    if DB_BACKEND == "mysql":
-        SQLALCHEMY_DATABASE_URI = os.getenv(
-            "SQLALCHEMY_DATABASE_URI", "sqlite:////app/data/db/spectacles.db"
-        )
-    else:
-        SQLALCHEMY_DATABASE_URI = "sqlite:////app/data/db/spectacles.db"
+    MYSQL_DATABASE = os.getenv("MYSQL_DATABASE", "spectacles")
+    MYSQL_USER = os.getenv("MYSQL_USER", "spectacles")
+    MYSQL_PASSWORD = os.getenv("MYSQL_PASSWORD", "secret")
+
+    SQLALCHEMY_DATABASE_URI = os.getenv(
+        "SQLALCHEMY_DATABASE_URI",
+        f"mysql://{MYSQL_USER}:{MYSQL_PASSWORD}@{DB_HOST}/{MYSQL_DATABASE}",
+    )
 
     AVATARS_SAVE_PATH = os.getenv("AVATARS_SAVE_PATH", "/app/data/avatars/")
 
@@ -52,6 +54,13 @@ class Config(object):
     OIDC_INTROSPECTION_AUTH_METHOD = os.getenv(
         "OIDC_INTROSPECTION_AUTH_METHOD", "client_secret_post"
     )
+    OIDC_VALID_ISSUERS = os.getenv("OIDC_VALID_ISSUERS", "https://OIDC_VALID_ISSUERS")
+    OVERWRITE_REDIRECT_URI = os.getenv("OVERWRITE_REDIRECT_URI", False)
+    OIDC_CALLBACK_ROUTE = os.getenv("OIDC_CALLBACK_ROUTE", "/oidc_callback")
+    OIDC_ID_TOKEN_COOKIE_PATH = os.getenv("OIDC_ID_TOKEN_COOKIE_PATH", "/")
+    OIDC_ID_TOKEN_COOKIE_NAME = os.getenv(
+        "OIDC_ID_TOKEN_COOKIE_NAME", "spec_oidc_cookie"
+    )
 
     SQL_DEBUG_LOGGING = getenv_bool("SQL_DEBUG_LOGGING", "False")
 

diff --git a/spectacles/webapp/helpers/objects/token_class.py b/spectacles/webapp/helpers/objects/token_class.py
@@ -164,11 +164,16 @@ def fetch_user_authorizations(self):
             namespaces.name == self.scope_namespace
         ).first()
 
-        # check if user is admin
-        if user.status == 99 or user.role == "admin":
-            # admins have full rights by default
-            action_dict["actions"] = getattr(repo_rights, "FULL")
+        if user is not None:
+            # containerd doesn't forward a user in request, return read only rights
+            action_dict["actions"] = getattr(repo_rights, "READ")
             return action_dict
+        else:
+            # check if user is admin
+            if user.status == 99 or user.role == "admin":
+                # admins have full rights by default
+                action_dict["actions"] = getattr(repo_rights, "FULL")
+                return action_dict
 
         # first check for specific user claims
         user_claims = [

diff --git a/spectacles/webapp/run.py b/spectacles/webapp/run.py
@@ -1,6 +1,5 @@
 import logging
 import os
-import random
 import time
 from hashlib import sha1
 from pathlib import Path
@@ -49,6 +48,9 @@ def create_app(version):
     app.config["SQLALCHEMY_POOL_RECYCLE"] = 299
     app.config["SQLALCHEMY_POOL_TIMEOUT"] = 20
 
+    # Cache-control
+    app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 300
+
     if not config.DEBUG:
         app.config["SESSION_COOKIE_NAME"] = "spectacles.session"
         app.config["SESSION_COOKIE_SECURE"] = True