diff options
| author | pacien | 2021-07-29 18:04:48 +0200 |
|---|---|---|
| committer | pacien | 2021-07-29 18:04:48 +0200 |
| commit | 57ff25198a82b3f6f413440e4005f0ade8dfb8d8 (patch) | |
| tree | 817c43e04b3413d773a999c1950e1af43f26c3e2 /readme.md | |
| parent | f80c19c18eb01ed7e7c6f44cc25535c14659ba20 (diff) | |
| download | uge_l2_rdbms_python_proto-57ff25198a82b3f6f413440e4005f0ade8dfb8d8.tar.gz | |
app: render and serve proper web pages
Diffstat (limited to 'readme.md')
| -rw-r--r-- | readme.md | 10 |
1 files changed, 9 insertions, 1 deletions
| @@ -159,9 +159,11 @@ Because the use of an ORM is not desirable in this project for the reasons | |||
| 159 | detailed in a previous section, the choices of frameworks is limited to these | 159 | detailed in a previous section, the choices of frameworks is limited to these |
| 160 | light-weight frameworks. Here, FastAPI is preferred over Flask due to its more | 160 | light-weight frameworks. Here, FastAPI is preferred over Flask due to its more |
| 161 | modern architecture, using parameters and [dependency injection] over | 161 | modern architecture, using parameters and [dependency injection] over |
| 162 | thread-local global variables. | 162 | thread-local global variables. The chosen templating engine is [Jinja] for its |
| 163 | simplicity. | ||
| 163 | 164 | ||
| 164 | [dependency injection]: https://en.wikipedia.org/wiki/Dependency_injection | 165 | [dependency injection]: https://en.wikipedia.org/wiki/Dependency_injection |
| 166 | [Jinja]: https://jinja.palletsprojects.com/en/2.0.x | ||
| 165 | 167 | ||
| 166 | ### Project structure overview | 168 | ### Project structure overview |
| 167 | 169 | ||
| @@ -172,9 +174,12 @@ thread-local global variables. | |||
| 172 | * `./app/` | 174 | * `./app/` |
| 173 | * `app_database.py`: database connection pool and transaction helper | 175 | * `app_database.py`: database connection pool and transaction helper |
| 174 | * `app_sessions.py`: (signed cookies) session data management helpers | 176 | * `app_sessions.py`: (signed cookies) session data management helpers |
| 177 | * `app_templating.py`: template rendering helper | ||
| 175 | * `app_{account,wallet}.py`: page-specific request handlers | 178 | * `app_{account,wallet}.py`: page-specific request handlers |
| 176 | * `app.py`: FastAPI web application entry point | 179 | * `app.py`: FastAPI web application entry point |
| 177 | 180 | ||
| 181 | * `./templates/`: Jinja HTML templates | ||
| 182 | * `./static/`: static web resources (stylesheets) | ||
| 178 | * `./flake.nix`: project runtime and development environment description | 183 | * `./flake.nix`: project runtime and development environment description |
| 179 | 184 | ||
| 180 | ### Security considerations | 185 | ### Security considerations |
| @@ -182,6 +187,9 @@ thread-local global variables. | |||
| 182 | * SQL injections are prevented by using proper query parameters substitution, | 187 | * SQL injections are prevented by using proper query parameters substitution, |
| 183 | automatically handled by the embrace and psycopg libraries. | 188 | automatically handled by the embrace and psycopg libraries. |
| 184 | 189 | ||
| 190 | * Injections in rendered views are prevented by the automatic sanitisation of | ||
| 191 | inserted variables by the Jinja templating engine. | ||
| 192 | |||
| 185 | * Passwords are salted and hashed when stored in the database to ensure some | 193 | * Passwords are salted and hashed when stored in the database to ensure some |
| 186 | minimal protection of the [data at rest]. The hashing is handled by the | 194 | minimal protection of the [data at rest]. The hashing is handled by the |
| 187 | [passlib] library, which also covers algorithm migrations. | 195 | [passlib] library, which also covers algorithm migrations. |