2026-05-21 20:33:45 +02:00
|
|
|
"""Flask application factory."""
|
|
|
|
|
|
|
|
|
|
from __future__ import annotations
|
|
|
|
|
|
|
|
|
|
from datetime import timedelta
|
|
|
|
|
|
|
|
|
|
from flask import Flask, jsonify
|
|
|
|
|
from flask.typing import ResponseReturnValue
|
|
|
|
|
|
|
|
|
|
from mimic.api import register_blueprints
|
|
|
|
|
from mimic.auth.identity import load_user
|
|
|
|
|
from mimic.config import Settings, get_settings
|
|
|
|
|
from mimic.extensions import db, login_manager, migrate, socketio
|
|
|
|
|
from mimic.logging import configure_logging
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def create_app(settings: Settings | None = None) -> Flask:
|
|
|
|
|
settings = settings or get_settings()
|
|
|
|
|
configure_logging(settings.log_level, as_json=settings.log_json)
|
|
|
|
|
|
|
|
|
|
app = Flask(__name__)
|
|
|
|
|
app.config.update(
|
|
|
|
|
SECRET_KEY=settings.secret_key.get_secret_value(),
|
|
|
|
|
SQLALCHEMY_DATABASE_URI=settings.database_url,
|
|
|
|
|
SQLALCHEMY_TRACK_MODIFICATIONS=False,
|
|
|
|
|
SESSION_COOKIE_SECURE=settings.session_cookie_secure,
|
|
|
|
|
SESSION_COOKIE_SAMESITE=settings.session_cookie_samesite,
|
|
|
|
|
SESSION_COOKIE_HTTPONLY=True,
|
|
|
|
|
PERMANENT_SESSION_LIFETIME=timedelta(minutes=settings.session_lifetime_minutes),
|
|
|
|
|
MIMIC_SETTINGS=settings,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
db.init_app(app)
|
|
|
|
|
migrate.init_app(app, db, directory="src/mimic/db/migrations")
|
|
|
|
|
login_manager.init_app(app)
|
chore(backend): mypy strict clean + ruff format pass
Pre-merge sanity per devops checklist (ruff format --check, mypy --strict).
Type fixes:
- ORM models: `Mapped[dict]` → `Mapped[dict[str, Any]]` (audit, scenario, run,
report, ttp, detection.artifact_files_json). Equivalent on Pydantic DTOs
(TtpBase.params_schema_json, ScenarioStepBase.params_override_json).
- Rename `TtpRead.current_version` → `TtpRead.version` to mirror the ORM
column (which itself was renamed in D-009 cleanup).
- Flask blueprints: add `-> ResponseReturnValue` to every view, plus typed
UUID params on `_validate_step_consistency`.
- `templating/filters.py`: rewrite the conditional re2 import so mypy can
narrow the union (`ModuleType | None`); the runtime branch on `_re2 is not
None` removes the unused-ignore that was triggered by warn_unused_ignores.
- `pyproject.toml`: add `flask_login.*` and `pythonjsonlogger.*` to the
`[[tool.mypy.overrides]]` `ignore_missing_imports` list (both ship without
typed marker).
- Misc: drop stale `# type: ignore` comments (`app.py:36`,
`rbac/decorators.py:35`) flagged by `warn_unused_ignores`. Keep
`logging.JsonFormatter` ignore because the symbol exists at runtime but is
not re-exported through the typed surface.
Formatting:
- `ruff format` applied (15 files normalized; line-length unchanged at 100).
Verification on this commit:
- `ruff check` → All checks passed.
- `ruff format --check` → 68 files already formatted.
- `mypy --strict src` → Success: no issues found in 54 source files.
- `pytest tests/unit` → 49 passed.
2026-05-22 05:10:51 +02:00
|
|
|
login_manager.user_loader(load_user)
|
2026-05-21 20:33:45 +02:00
|
|
|
|
|
|
|
|
socketio.init_app(
|
|
|
|
|
app,
|
|
|
|
|
cors_allowed_origins=settings.cors_origins or "*",
|
|
|
|
|
async_mode="gevent",
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
register_blueprints(app)
|
|
|
|
|
|
|
|
|
|
@app.get("/healthz")
|
|
|
|
|
def healthz() -> ResponseReturnValue:
|
|
|
|
|
return jsonify(status="ok"), 200
|
|
|
|
|
|
|
|
|
|
return app
|