{ "info": { "author": "British Antarctic Survey", "author_email": "webapps@bas.ac.uk", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Framework :: Flask", "Intended Audience :: Developers", "License :: Other/Proprietary License", "Operating System :: OS Independent", "Programming Language :: Python :: 3" ], "description": "# Flask Request ID Middleware\n\nPython Flask middleware to ensure all requests have a request ID header.\n\n## Purpose\n\nThis middleware ensures all request made to a Flask application includes a Request ID header (`X-Request-ID`), \ncontaining at least one unique value.\n\n[Request IDs](https://theburningmonk.com/2015/05/a-consistent-approach-to-track-correlation-ids-through-microservices/)\nor *Correlation IDs* can be used when logging errors and allows users to trace requests through multiple layers such as\nload balancers and reverse proxies. The request ID header value may consist of multiple IDs encoded according to \n[RFC 2616](http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2).\n\n## Installation\n\nThis package can be installed using Pip from [PyPi](https://pypi.org/project/flask-request-id-header):\n\n```\n$ pip install flask-request-id-header\n```\n\n## Usage\n\nThis middleware has no required parameters and by default will add a request header to requests where one does not \nalready exist, or append a unique value where existing request IDs do not contain at least one UUID (version 4) value.\n\nA minimal application would look like this:\n\n```python\nfrom flask import Flask\nfrom flask_request_id_header.middleware import RequestID\n\napp = Flask(__name__)\n\nRequestID(app)\n\n@app.route('/')\ndef hello_world():\n return 'hello world'\n```\n\nOptionally a Flask config option, `REQUEST_ID_UNIQUE_VALUE_PREFIX`, can be set whereby any request ID beginning with \nthis prefix be treated as unique, preventing an additional value being appended.\n\nA minimal application would look like this:\n\n```python\nfrom flask import Flask\nfrom flask_request_id_header.middleware import RequestID\n\napp = Flask(__name__)\n\napp.config['REQUEST_ID_UNIQUE_VALUE_PREFIX'] = 'FOO-'\nRequestID(app)\n\n@app.route('/')\ndef hello_world():\n return 'hello world'\n```\n\n### Accessing the request ID\n\nThe current request ID can be accessed wherever a request context exists:\n\n```python\nfrom flask import request, has_request_context\n\nif has_request_context():\n print(request.environ.get(\"HTTP_X_REQUEST_ID\"))\n```\n\nTo access the request ID outside of the current application, it is included in the response (as `X-Request-ID`).\n\n**Note:** Components between the application and the client, such as reverse proxies, may alter or remove this header\nvalue before reaching the client.\n\n### Logging the request ID\n\nOptionally, the current request ID can be included in application logs, where a request context exists.\n\nA minimal application would look like this:\n\n```python\nimport logging\n\nfrom flask import Flask, request, has_request_context\nfrom flask.logging import default_handler\nfrom flask_request_id_header.middleware import RequestID\n\napp = Flask(__name__)\n\napp.config['REQUEST_ID_UNIQUE_VALUE_PREFIX'] = 'FOO-'\nRequestID(app)\n\nclass RequestFormatter(logging.Formatter):\n def format(self, record):\n record.request_id = 'NA'\n\n if has_request_context():\n record.request_id = request.environ.get(\"HTTP_X_REQUEST_ID\")\n\n return super().format(record)\n\nformatter = RequestFormatter(\n '[%(asctime)s] [%(levelname)s] [%(request_id)s] %(module)s: %(message)s'\n)\ndefault_handler.setFormatter(formatter)\n\n@app.route('/')\ndef hello_world():\n return 'hello world'\n```\n\n## Developing\n\nA docker container ran through Docker Compose is used as a development environment for this project defined . It \nincludes development only dependencies listed in `requirements.txt`, a local Flask application in `app.py` and \n[Integration tests](#integration-tests).\n\nEnsure classes and methods are defined within the `flask_request_id_header` package.\n\nEnsure [Integration tests](#integration-tests) are written for any new feature, or changes to existing features.\n\nIf you have access to the BAS GitLab instance, pull the Docker image from the BAS Docker Registry:\n\n```shell\n$ docker login docker-registry.data.bas.ac.uk\n$ docker-compose pull\n\n# To run the local Flask application using the Flask development server\n$ docker-compose up\n\n# To start a shell\n$ docker-compose run app ash\n```\n\n### Code Style\n\nPEP-8 style and formatting guidelines must be used for this project, with the exception of the 80 character line limit.\n\n[Flake8](http://flake8.pycqa.org/) is used to ensure compliance, and is ran on each commit through \n[Continuous Integration](#continuous-integration).\n\nTo check compliance locally:\n\n```shell\n$ docker-compose run app flake8 . --ignore=E501\n```\n\n### Dependencies\n\nDevelopment Python dependencies should be declared in `requirements.txt` to be included in the development environment.\n\nRuntime Python dependencies should be declared in `requirements.txt` and `setup.py` to also be installed as dependencies\nof this package in other applications.\n\nAll dependencies should be periodically reviewed and update as new versions are released.\n\n```shell\n$ docker-compose run app ash\n$ pip install [dependency]==\n# this will display a list of available versions, add the latest to `requirements.txt` and or `setup.py`\n$ exit\n$ docker-compose down\n$ docker-compose build\n```\n\nIf you have access to the BAS GitLab instance, push the Docker image to the BAS Docker Registry:\n\n```shell\n$ docker login docker-registry.data.bas.ac.uk\n$ docker-compose push\n```\n\n### Dependency vulnerability scanning\n\nTo ensure the security of this API, all dependencies are checked against \n[Snyk](https://app.snyk.io/org/antarctica/project/ef12439f-4d28-45af-81c2-fad464a05184) for vulnerabilities. \n\n**Warning:** Snyk relies on known vulnerabilities and can't check for issues that are not in it's database. As with all \nsecurity tools, Snyk is an aid for spotting common mistakes, not a guarantee of secure code.\n\nSome vulnerabilities have been ignored in this project, see `.snyk` for definitions and the \n[Dependency exceptions](#dependency-vulnerability-exceptions) section for more information.\n\nThrough [Continuous Integration](#continuous-integration), on each commit current dependencies are tested and a snapshot\nuploaded to Snyk. This snapshot is then monitored for vulnerabilities.\n\n#### Dependency vulnerability exceptions\n\nThis project contains known vulnerabilities that have been ignored for a specific reason.\n\n* [Py-Yaml `yaml.load()` function allows Arbitrary Code Execution](https://snyk.io/vuln/SNYK-PYTHON-PYYAML-42159)\n * currently no known or planned resolution\n * indirect dependency, required through the `bandit` package\n * severity is rated *high*\n * risk judged to be *low* as we don't use the Yaml module in this application\n * ignored for 1 year for re-review\n\n### Static security scanning\n\nTo ensure the security of this API, source code is checked against [Bandit](https://github.com/PyCQA/bandit) for issues \nsuch as not sanitising user inputs or using weak cryptography. \n\n**Warning:** Bandit is a static analysis tool and can't check for issues that are only be detectable when running the \napplication. As with all security tools, Bandit is an aid for spotting common mistakes, not a guarantee of secure code.\n\nThrough [Continuous Integration](#continuous-integration), each commit is tested.\n\nTo check locally:\n\n```shell\n$ docker-compose run app bandit -r .\n```\n\n## Testing\n\n### Integration tests\n\nThis project uses integration tests to ensure features work as expected and to guard against regressions and \nvulnerabilities.\n\nThe Python [UnitTest](https://docs.python.org/3/library/unittest.html) library is used for running tests using Flask's \ntest framework. Test cases are defined in files within `tests/` and are automatically loaded when using the \n`test` Flask CLI command included in the local Flask application in the development environment.\n\nTests are automatically ran on each commit through [Continuous Integration](#continuous-integration).\n\nTo run tests manually:\n\n```shell\n$ docker-compose run -e FLASK_ENV=testing app flask test\n```\n\nTo run tests using PyCharm:\n\n* *Run* -> *Edit Configurations*\n* *Add New Configuration* -> *Python Tests* -> *Unittests*\n\nIn *Configuration* tab:\n\n* Script path: `[absolute path to project]/tests`\n* Python interpreter: *Project interpreter* (*app* service in project Docker Compose)\n* Working directory: `[absolute path to project]`\n* Path mappings: `[absolute path to project]=/usr/src/app`\n\n**Note:** This configuration can be also be used to debug tests (by choosing *debug* instead of *run*).\n\n### Continuous Integration\n\nAll commits will trigger a Continuous Integration process using GitLab's CI/CD platform, configured in `.gitlab-ci.yml`.\n\nThis process will run the application [Integration tests](#integration-tests).\n\nPip dependencies are also [checked and monitored for vulnerabilities](#dependency-vulnerability-scanning).\n\n## Distribution\n\nBoth source and binary versions of the package are build using [SetupTools](https://setuptools.readthedocs.io), which \ncan then be published to the [Python package index](https://pypi.org/project/flask-request-id-header/) for use in other \napplications. Package settings are defined in `setup.py`.\n\nThis project is built and published to PyPi automatically through [Continuous Deployment](#continuous-deployment).\n\nTo build the source and binary artefacts for this project manually:\n\n```shell\n$ docker-compose run app ash\n# build package to /build, /dist and /flask_reverse_proxy_fix.egg-info\n$ python setup.py sdist bdist_wheel\n$ exit\n$ docker-compose down\n```\n\nTo publish built artefacts for this project manually to [PyPi testing](https://test.pypi.org):\n\n```shell\n$ docker-compose run app ash\n$ python -m twine upload --repository-url https://test.pypi.org/legacy/ dist/*\n# project then available at: https://test.pypi.org/project/flask-request-id-header/\n$ exit\n$ docker-compose down\n```\n\nTo publish manually to [PyPi](https://pypi.org):\n\n```shell\n$ docker-compose run app ash\n$ python -m twine upload --repository-url https://pypi.org/legacy/ dist/*\n# project then available at: https://pypi.org/project/flask-request-id-header/\n$ exit\n$ docker-compose down\n```\n\n### Continuous Deployment\n\nA Continuous Deployment process using GitLab's CI/CD platform is configured in `.gitlab-ci.yml`. This will:\n\n* build the source and binary artefacts for this project\n* publish built artefacts for this project to the relevant PyPi repository\n\nThis process will deploy changes to [PyPi testing](https://test.pypi.org) on all commits to the *master* branch.\n\nThis process will deploy changes to [PyPi](https://pypi.org) on all tagged commits.\n\n## Release procedure\n\n### At release\n\n1. create a `release` branch\n2. remove `.dev{ os.getenv('CI_PIPELINE_ID') or None }` from the version parameter in `setup.py` and ensure version \n is bumped as per semver\n3. close release in `CHANGELOG.md`\n4. push changes, merge the `release` branch into `master` and tag with version\n\nThe project will be built and published to PyPi automatically through [Continuous Deployment](#continuous-deployment).\n\n### After release\n\n1. create a `next-release` branch\n2. bump the version parameter in `setup.py` and append `.dev{ os.getenv('CI_PIPELINE_ID') or None }` to signify a \n pre-release\n3. push changes and merge the `next-release` branch into `master`\n\n## Feedback\n\nThe maintainer of this project is the BAS Web & Applications Team, they can be contacted at: \n[servicedesk@bas.ac.uk](mailto:servicedesk@bas.ac.uk).\n\n## Issue tracking\n\nThis project uses issue tracking, see the \n[Issue tracker](https://gitlab.data.bas.ac.uk/web-apps/flask-middleware/flask-request-id/issues) for more information.\n\n**Note:** Read & write access to this issue tracker is restricted. Contact the project maintainer to request access.\n\n## License\n\n\u00a9 UK Research and Innovation (UKRI), 2019, British Antarctic Survey.\n\nYou may use and re-use this software and associated documentation files free of charge in any format or medium, under \nthe terms of the Open Government Licence v3.0.\n\nYou may obtain a copy of the Open Government Licence at http://www.nationalarchives.gov.uk/doc/open-government-licence/\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/antarctica/flask-request-id-header", "keywords": "", "license": "Open Government Licence v3.0", "maintainer": "", "maintainer_email": "", "name": "flask-request-id-header", "package_url": "https://pypi.org/project/flask-request-id-header/", "platform": "", "project_url": "https://pypi.org/project/flask-request-id-header/", "project_urls": { "Homepage": "https://github.com/antarctica/flask-request-id-header" }, "release_url": "https://pypi.org/project/flask-request-id-header/0.1.1/", "requires_dist": [ "flask" ], "requires_python": "", "summary": "Python Flask middleware to ensure all requests have a request ID header", "version": "0.1.1" }, "last_serial": 4888641, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "8c203ddae5371ce8a710b6e85b9f0566", "sha256": "557e0b7f0617771d29cd11988792a3e561de16b9f57fd52ad1229dec49cf26ce" }, "downloads": -1, "filename": "flask_request_id_header-0.1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "8c203ddae5371ce8a710b6e85b9f0566", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 7818, "upload_time": "2019-03-02T15:57:01", "url": "https://files.pythonhosted.org/packages/b8/bf/88d43b5a4c4ca82304c3ef60d076fa4fb47565a69c39dca81dc3105e8cdf/flask_request_id_header-0.1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "51824ca790ba6d686cf652e3af42a0c0", "sha256": "59cea9d7a730a1bfda515412e29e5c804cbf36a1e4a98c1bae74a105acf1cbbc" }, "downloads": -1, "filename": "flask-request-id-header-0.1.0.tar.gz", "has_sig": false, "md5_digest": "51824ca790ba6d686cf652e3af42a0c0", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8465, "upload_time": "2019-03-02T15:57:04", "url": "https://files.pythonhosted.org/packages/12/17/a8450224d2dc63d41a03d41612f6691c4e5a13c010cfb7bc57d06aae28bb/flask-request-id-header-0.1.0.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "4acb340fe4f9c30d8b0d8cab5dea6222", "sha256": "b8f433f51c3accc2b5c0f928f3decd2b22e6b143401058ef7b5f85d38fbbcee4" }, "downloads": -1, "filename": "flask_request_id_header-0.1.1-py3-none-any.whl", "has_sig": false, "md5_digest": "4acb340fe4f9c30d8b0d8cab5dea6222", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 7816, "upload_time": "2019-03-02T16:43:58", "url": "https://files.pythonhosted.org/packages/70/ea/c483978c2342b2a92065d4020d1640ff3dbae9cde22e9a6ce821496e6835/flask_request_id_header-0.1.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "d3394c33f7b088aefb22acce0a8738f7", "sha256": "a6245ee731bb32e566f10ada18a7ce521125519ab0fcd648d23208c8d1928fee" }, "downloads": -1, "filename": "flask-request-id-header-0.1.1.tar.gz", "has_sig": false, "md5_digest": "d3394c33f7b088aefb22acce0a8738f7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8461, "upload_time": "2019-03-02T16:43:59", "url": "https://files.pythonhosted.org/packages/06/ea/637ce01f81c4d0b0b2ee11c45a1899849832af8392d59e25d86f6f7709c5/flask-request-id-header-0.1.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "4acb340fe4f9c30d8b0d8cab5dea6222", "sha256": "b8f433f51c3accc2b5c0f928f3decd2b22e6b143401058ef7b5f85d38fbbcee4" }, "downloads": -1, "filename": "flask_request_id_header-0.1.1-py3-none-any.whl", "has_sig": false, "md5_digest": "4acb340fe4f9c30d8b0d8cab5dea6222", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 7816, "upload_time": "2019-03-02T16:43:58", "url": "https://files.pythonhosted.org/packages/70/ea/c483978c2342b2a92065d4020d1640ff3dbae9cde22e9a6ce821496e6835/flask_request_id_header-0.1.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "d3394c33f7b088aefb22acce0a8738f7", "sha256": "a6245ee731bb32e566f10ada18a7ce521125519ab0fcd648d23208c8d1928fee" }, "downloads": -1, "filename": "flask-request-id-header-0.1.1.tar.gz", "has_sig": false, "md5_digest": "d3394c33f7b088aefb22acce0a8738f7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8461, "upload_time": "2019-03-02T16:43:59", "url": "https://files.pythonhosted.org/packages/06/ea/637ce01f81c4d0b0b2ee11c45a1899849832af8392d59e25d86f6f7709c5/flask-request-id-header-0.1.1.tar.gz" } ] }