From 57ff25198a82b3f6f413440e4005f0ade8dfb8d8 Mon Sep 17 00:00:00 2001 From: pacien Date: Thu, 29 Jul 2021 18:04:48 +0200 Subject: app: render and serve proper web pages --- readme.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'readme.md') diff --git a/readme.md b/readme.md index 1508142..b2841a6 100644 --- a/readme.md +++ b/readme.md @@ -159,9 +159,11 @@ Because the use of an ORM is not desirable in this project for the reasons detailed in a previous section, the choices of frameworks is limited to these light-weight frameworks. Here, FastAPI is preferred over Flask due to its more modern architecture, using parameters and [dependency injection] over -thread-local global variables. +thread-local global variables. The chosen templating engine is [Jinja] for its +simplicity. [dependency injection]: https://en.wikipedia.org/wiki/Dependency_injection +[Jinja]: https://jinja.palletsprojects.com/en/2.0.x ### Project structure overview @@ -172,9 +174,12 @@ thread-local global variables. * `./app/` * `app_database.py`: database connection pool and transaction helper * `app_sessions.py`: (signed cookies) session data management helpers + * `app_templating.py`: template rendering helper * `app_{account,wallet}.py`: page-specific request handlers * `app.py`: FastAPI web application entry point +* `./templates/`: Jinja HTML templates +* `./static/`: static web resources (stylesheets) * `./flake.nix`: project runtime and development environment description ### Security considerations @@ -182,6 +187,9 @@ thread-local global variables. * SQL injections are prevented by using proper query parameters substitution, automatically handled by the embrace and psycopg libraries. +* Injections in rendered views are prevented by the automatic sanitisation of + inserted variables by the Jinja templating engine. + * Passwords are salted and hashed when stored in the database to ensure some minimal protection of the [data at rest]. The hashing is handled by the [passlib] library, which also covers algorithm migrations. -- cgit v1.2.3