Flask-Obscure


NameFlask-Obscure JSON
Version 1.0 PyPI version JSON
download
home_pagehttp://www.github.com/jidn/flask-obscure/
SummaryObscure numerical IDs in URLs
upload_time2016-03-31 03:28:04
maintainerNone
docs_urlNone
authorClinton James
requires_pythonNone
licenseApache License 2.0
keywords flask rest obfuscate id
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI
coveralls test coverage
            =======================================
Flask-Obscure
=======================================

.. currentmodule:: flask_obscure

.. toctree::
    :maxdepth: 2
    :hidden:

    self
    api

Showing a steadily increasing sequence of integer IDs leaks information to customers, competitors, or malicious entities about the number and frequency of customers, orders, etc.  Some URL example include::

    /customer/123
    /order/308

This module impliments routing variable converters in `Flask`_ and `Jinja2`_ filters to obscure sequential integer IDs.
This is based on the `Obscure`_ python module, which is installed automagically when you install this module.

Features
=======================================

 *  Automatically obscures sequential integer IDs in the variable
    part of a URL when using :func:`flask.url_for`
 *  Automatically converts obscured IDs back to your sequential
    integer IDs in the parameter of the function bound to the URL.
 *  Jinja filters automatically available.
 *  Provide five different converters and filters.


Converters and Filters
=======================================

There are five new converters: ``num``, ``hex``, ``b32``, ``b64``, and ``tame``.
Lets assume we are using :func:`flask.url_for` to create the URLs for two sequential customer IDs.

``num``
    Non-sequential numbers::

        /customer/3303953358
        /customer/1151314503

``hex``
    Hexadecimal displays in eight characters::

        /customer/c4ee53c3
        /customer/449faa47

``b32``
    Base32 displays in seven characters::

        /customer/YTXFHTQ
        /customer/ISP2URY

``b64``
    Base64 URL safe displays in six cahracters::

        /customer/xO5Tzg
        /customer/RJ-qRw

``tame``
    Is a Base32 with a rotated, alternate alphabet.
    The letters 'I', 'O', and 'U' are replaced with the numbers '8', '9', and '0' to avoid common offensive words.
    Otherwise, it performs just like Base32.


Install
=======================================

Pip is our friend. It will also install the `Obscure`_ module as well. ::

    $ pip install flask_obscure

Configure
=======================================

The :class:`Obscure` class needs a ``salt`` or random number to make your obscured number sequence unique.  Pick any 32-bit number or use the following snippit to generate one for you::

    python -c "import os; print(int(os.urandom(4).encode('hex'),16))"

:class:`Obscure` uses the value ``OBSCURE_SALT`` in the flask configuration file if not given as the second parameter to either the constructor or :meth:`Obscure.init_app`.

.. warning::
    If your source goes to a public repository, you will want 
    to place ``OBSCURE_SALT`` in the :class:`flask.Flask` instance path.

Usage
=======================================

Import the class :class:`Obscure` and initialize the with the :class:`flask.Flask` appliation by either using the constructor

.. code-block:: python
    :emphasize-lines: 5

    from flask import Flask
    from flask.ext.obscure import Obscure

    app = Flask(app)
    obscure = Obscure(app)

or by using delayed initialization with :meth:`Obscure.init_app`

.. code-block:: python
    :emphasize-lines: 2

    obscure = Obscure()
    obscure.init_app(app)


URL Routing Variables
---------------------------------------

When creating your routes with variables, you have five converters.
The converter is similar to any of the other built in coverters.
It takes the obscured ID given in the variable portion of the URL and converts it to your sequential ID in the callable bound to the URL.

Lets look at an example using ``num`` as the converter in the route.

.. code-block:: python

    @app.route('/customers/<num:cust_id>', endpoint='get-cust')
    def get(cust_id):
        # flask.request.url is '/customers/3303953358'
        # cust_id is the sequential ID of 1
        customer = get_customer_by_id(cust_it)

        url = flask.url_for('get-cust', cust_id=customer.customer_id)
        # when you create the URL, it is automatically obscured
        # /customers/3303953358


Jinja2 Filters
---------------------------------------

The URL is not the only place you can have leaking interger IDs.  It can
also happen in the data returned from your routing function.  If you are
using Jinja2 for templating, those same converters are available as filters.

.. code-block:: html+jinja

    <h1>Invoice #{{ invoice_number|tame }}</h1>

Within Code
---------------------------------------

To obscure numbers within your code, use the methods of the :class:`flask_obscure.Obscure` instance object, which in turn is inherited from the python module `Obscure`_.  Assuming we used one of the code blocks from `configure`

.. code-block:: python

    visible_customer_id = obscure.encode_tame(customer_id)

Contribute
=======================================

| Issue Tracker: `http://github.com/jidn/flask-obscure/issues`
| Source Code: `http://github.com/jidn/flask-obscure`


.. Indices and tables
   =======================================
   
   * :ref:`genindex`
   * :ref:`modindex`
   * :ref:`search`

.. _Obscure: http://github.com/jidn/obscure
.. _Flask: http://flask.pocoo.org/
.. _Jinja2: http://jinja.pocoo.org/
            

Raw data

            {
    "_id": null,
    "home_page": "http://www.github.com/jidn/flask-obscure/",
    "name": "Flask-Obscure",
    "maintainer": null,
    "docs_url": null,
    "requires_python": null,
    "maintainer_email": null,
    "keywords": "flask,REST,obfuscate,ID",
    "author": "Clinton James",
    "author_email": "clinton.james@anuit.com",
    "download_url": "https://files.pythonhosted.org/packages/c4/cd/c81b63d59491774645d5e6fc04cac2286607c8912beab623898b200dab00/Flask-Obscure-1.0.tar.gz",
    "platform": "any",
    "description": "=======================================\nFlask-Obscure\n=======================================\n\n.. currentmodule:: flask_obscure\n\n.. toctree::\n    :maxdepth: 2\n    :hidden:\n\n    self\n    api\n\nShowing a steadily increasing sequence of integer IDs leaks information to customers, competitors, or malicious entities about the number and frequency of customers, orders, etc.  Some URL example include::\n\n    /customer/123\n    /order/308\n\nThis module impliments routing variable converters in `Flask`_ and `Jinja2`_ filters to obscure sequential integer IDs.\nThis is based on the `Obscure`_ python module, which is installed automagically when you install this module.\n\nFeatures\n=======================================\n\n *  Automatically obscures sequential integer IDs in the variable\n    part of a URL when using :func:`flask.url_for`\n *  Automatically converts obscured IDs back to your sequential\n    integer IDs in the parameter of the function bound to the URL.\n *  Jinja filters automatically available.\n *  Provide five different converters and filters.\n\n\nConverters and Filters\n=======================================\n\nThere are five new converters: ``num``, ``hex``, ``b32``, ``b64``, and ``tame``.\nLets assume we are using :func:`flask.url_for` to create the URLs for two sequential customer IDs.\n\n``num``\n    Non-sequential numbers::\n\n        /customer/3303953358\n        /customer/1151314503\n\n``hex``\n    Hexadecimal displays in eight characters::\n\n        /customer/c4ee53c3\n        /customer/449faa47\n\n``b32``\n    Base32 displays in seven characters::\n\n        /customer/YTXFHTQ\n        /customer/ISP2URY\n\n``b64``\n    Base64 URL safe displays in six cahracters::\n\n        /customer/xO5Tzg\n        /customer/RJ-qRw\n\n``tame``\n    Is a Base32 with a rotated, alternate alphabet.\n    The letters 'I', 'O', and 'U' are replaced with the numbers '8', '9', and '0' to avoid common offensive words.\n    Otherwise, it performs just like Base32.\n\n\nInstall\n=======================================\n\nPip is our friend. It will also install the `Obscure`_ module as well. ::\n\n    $ pip install flask_obscure\n\nConfigure\n=======================================\n\nThe :class:`Obscure` class needs a ``salt`` or random number to make your obscured number sequence unique.  Pick any 32-bit number or use the following snippit to generate one for you::\n\n    python -c \"import os; print(int(os.urandom(4).encode('hex'),16))\"\n\n:class:`Obscure` uses the value ``OBSCURE_SALT`` in the flask configuration file if not given as the second parameter to either the constructor or :meth:`Obscure.init_app`.\n\n.. warning::\n    If your source goes to a public repository, you will want \n    to place ``OBSCURE_SALT`` in the :class:`flask.Flask` instance path.\n\nUsage\n=======================================\n\nImport the class :class:`Obscure` and initialize the with the :class:`flask.Flask` appliation by either using the constructor\n\n.. code-block:: python\n    :emphasize-lines: 5\n\n    from flask import Flask\n    from flask.ext.obscure import Obscure\n\n    app = Flask(app)\n    obscure = Obscure(app)\n\nor by using delayed initialization with :meth:`Obscure.init_app`\n\n.. code-block:: python\n    :emphasize-lines: 2\n\n    obscure = Obscure()\n    obscure.init_app(app)\n\n\nURL Routing Variables\n---------------------------------------\n\nWhen creating your routes with variables, you have five converters.\nThe converter is similar to any of the other built in coverters.\nIt takes the obscured ID given in the variable portion of the URL and converts it to your sequential ID in the callable bound to the URL.\n\nLets look at an example using ``num`` as the converter in the route.\n\n.. code-block:: python\n\n    @app.route('/customers/<num:cust_id>', endpoint='get-cust')\n    def get(cust_id):\n        # flask.request.url is '/customers/3303953358'\n        # cust_id is the sequential ID of 1\n        customer = get_customer_by_id(cust_it)\n\n        url = flask.url_for('get-cust', cust_id=customer.customer_id)\n        # when you create the URL, it is automatically obscured\n        # /customers/3303953358\n\n\nJinja2 Filters\n---------------------------------------\n\nThe URL is not the only place you can have leaking interger IDs.  It can\nalso happen in the data returned from your routing function.  If you are\nusing Jinja2 for templating, those same converters are available as filters.\n\n.. code-block:: html+jinja\n\n    <h1>Invoice #{{ invoice_number|tame }}</h1>\n\nWithin Code\n---------------------------------------\n\nTo obscure numbers within your code, use the methods of the :class:`flask_obscure.Obscure` instance object, which in turn is inherited from the python module `Obscure`_.  Assuming we used one of the code blocks from `configure`\n\n.. code-block:: python\n\n    visible_customer_id = obscure.encode_tame(customer_id)\n\nContribute\n=======================================\n\n| Issue Tracker: `http://github.com/jidn/flask-obscure/issues`\n| Source Code: `http://github.com/jidn/flask-obscure`\n\n\n.. Indices and tables\n   =======================================\n   \n   * :ref:`genindex`\n   * :ref:`modindex`\n   * :ref:`search`\n\n.. _Obscure: http://github.com/jidn/obscure\n.. _Flask: http://flask.pocoo.org/\n.. _Jinja2: http://jinja.pocoo.org/",
    "bugtrack_url": null,
    "license": "Apache License 2.0",
    "summary": "Obscure numerical IDs in URLs",
    "version": "1.0",
    "project_urls": {
        "Download": "UNKNOWN",
        "Homepage": "http://www.github.com/jidn/flask-obscure/"
    },
    "split_keywords": [
        "flask",
        "rest",
        "obfuscate",
        "id"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "3e935e031e41203da41fe34d59ffa98eec99c345c40b3d7cede6d8f4797be4d7",
                "md5": "1940741cecbc423ab8339d3ebf22c6ed",
                "sha256": "cbafd0daaac29e0b54a3f99c15f29f661180e621ffddfa0883fb734c6d05727c"
            },
            "downloads": -1,
            "filename": "Flask_Obscure-1.0-py2-none-any.whl",
            "has_sig": false,
            "md5_digest": "1940741cecbc423ab8339d3ebf22c6ed",
            "packagetype": "bdist_wheel",
            "python_version": "2.7",
            "requires_python": null,
            "size": 8063,
            "upload_time": "2016-03-31T03:28:31",
            "upload_time_iso_8601": "2016-03-31T03:28:31.529723Z",
            "url": "https://files.pythonhosted.org/packages/3e/93/5e031e41203da41fe34d59ffa98eec99c345c40b3d7cede6d8f4797be4d7/Flask_Obscure-1.0-py2-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "c4cdc81b63d59491774645d5e6fc04cac2286607c8912beab623898b200dab00",
                "md5": "98e557a90caa0e3f56aab456ac91370f",
                "sha256": "8259a4972ec932baaa58d3e2afebd145cd40c89dc3e32adac9094bafaa665987"
            },
            "downloads": -1,
            "filename": "Flask-Obscure-1.0.tar.gz",
            "has_sig": false,
            "md5_digest": "98e557a90caa0e3f56aab456ac91370f",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 5289,
            "upload_time": "2016-03-31T03:28:04",
            "upload_time_iso_8601": "2016-03-31T03:28:04.796942Z",
            "url": "https://files.pythonhosted.org/packages/c4/cd/c81b63d59491774645d5e6fc04cac2286607c8912beab623898b200dab00/Flask-Obscure-1.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2016-03-31 03:28:04",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "jidn",
    "github_project": "flask-obscure",
    "travis_ci": true,
    "coveralls": true,
    "github_actions": false,
    "requirements": [],
    "tox": true,
    "lcname": "flask-obscure"
}
        
Elapsed time: 0.18911s