Bumping dependencies

Dockerfiles/circleci-env.yml

@@ -2,7 +2,7 @@ version: '3.2'
 services:
   postgres:
     hostname: postgres
-    image: postgres:13
+    image: postgres:15
     ports:
       - 0.0.0.0:5432:5432
     environment:

Dockerfiles/dev-env.yml

@@ -12,14 +12,14 @@ services:
       - 0.0.0.0:5671:5671
       - 0.0.0.0:5672:5672
   postgres:
-    image: postgres:13
+    image: postgres:15
     environment:
       - POSTGRES_PASSWORD=password
       - POSTGRES_HOST_AUTH_METHOD=trust
     ports:
       - 0.0.0.0:5432:5432
     volumes:
-      - ../.jarr-data:/var/lib/postgresql/data
+      - ../.jarr-data-15:/var/lib/postgresql/data
     command:
       - "postgres"
       - "-c"

Dockerfiles/prod-example.yml

@@ -56,7 +56,7 @@ services:
   postgres:
     container_name: postgres
     hostname: postgres
-    image: postgres:13
+    image: postgres:15
     ports:
       - 127.0.0.1:5432:5432
     networks:

Dockerfiles/pythonbase

@@ -1,4 +1,4 @@
-FROM python:3.9-slim
+FROM python:3.10-slim
 
 RUN useradd jarr --create-home --shell /bin/bash --home-dir /jarr --user-group
 COPY example_conf/jarr.json /etc/jarr/jarr.json

Makefile

@@ -28,7 +28,7 @@ lint: pep8 mypy
 
 test: export JARR_CONFIG = example_conf/jarr.test.json
 test:
-	$(RUN) nosetests $(TEST) -vv --with-coverage --cover-package=jarr
+	$(RUN) pytest --cov=jarr $(TEST) -vv
 
 build-base:
 	docker build --cache-from=jarr . \
@@ -67,7 +67,7 @@ run-front:
 
 db-bootstrap-user:
 	$(COMPOSE) exec $(DB_CONTAINER_NAME) su postgres -c \
-		"createuser $(DB_NAME) --no-superuser --createdb --no-createrole"
+		"createuser $(DB_NAME) --no-superuser --createdb --superuser"
 
 db-bootstrap-tables:
 	$(COMPOSE) exec $(DB_CONTAINER_NAME) su postgres -c "createdb $(DB_NAME) --no-password"

Pipfile

@@ -7,7 +7,6 @@ name = "pypi"
 pycodestyle = "*"
 pylint = "*"
 flake8 = "*"
-nose = "*"
 mock = "*"
 coverage = "*"
 Flask-Testing = "*"
@@ -20,34 +19,36 @@ types-redis = "*"
 types-requests = "*"
 types-python-dateutil = "*"
 types-mock = "*"
-sqlalchemy-stubs = "*"
 SQLAlchemy = {extras = ["mypy"]}
+black = "*"
+pytest = "*"
+pytest-cov = "*"
 
 [packages]
 alembic = "==1.*"
 "beautifulsoup4" = "==4.*"
-blinker = "==1.4.*"
+blinker = "==1.*"
 celery = "==5.*"
-feedparser = "==6.0.2"
-json-logging-py = "==0.2"
-Flask = "==2.0.*"
+feedparser = "==6.*"
+Flask = "==2.*"
 Flask-Migrate = "==2.*"
 flask-restx = "==0.5.*"
-flask-jwt = "==0.*"
+flask-jwt-extended = "==4.*"
 goose3 = "==3.*"
 gunicorn = "==20.*"
+json-logging-py = "*"  # needed by gunicorn config
 lxml = "==4.*"
 opml = "==0.*"
-prometheus-distributed-client = "==1.2.2"
-"psycopg2" = "*"
+prometheus-distributed-client = "==1.*"
 python-dateutil = "*"
 rauth = "==0.7.3"
-redis = "==2.*"
+redis = "==4.*"
 requests = "==2.*"
-SQLAlchemy = "==1.4.*"
+SQLAlchemy = "==2.*"
 the-conf = "==0.*"
 flask-cors = "==3.*"
+psycopg2-binary = "==2.*"
 werkzeug = "==2.1.2"  # fixing for bug with last flask version
 
 [requires]
-python_version = "3.9"
+python_version = "3.10"

jarr/api/__init__.py

@@ -4,63 +4,83 @@
 
 from flask import Flask, got_request_exception, request_tearing_down
 from flask_cors import CORS
-from flask_jwt import JWT, JWTError
+from flask_jwt_extended import JWTManager
+from flask_jwt_extended.exceptions import JWTExtendedException
 from flask_restx import Api
-from sqlalchemy.exc import IntegrityError
-
 from jarr.bootstrap import commit_pending_sql, conf, rollback_pending_sql
 from jarr.controllers import UserController
 from jarr.lib.utils import default_handler
-
-
-def __authenticate(username, password):
-    return UserController().check_password(username, password)
+from sqlalchemy.exc import IntegrityError
 
 
 @lru_cache(maxsize=10)
 def get_cached_user(user_id):
     return UserController().get(id=user_id)
 
 
-def __identity(payload):
-    return get_cached_user(payload['identity'])
-
-
 def setup_jwt(application, api):
-    application.config['JWT_AUTH_USERNAME_KEY'] = 'login'
-    application.config['JWT_EXPIRATION_DELTA'] \
-        = timedelta(seconds=conf.auth.expiration_sec)
-    application.config['JWT_AUTH_HEADER_PREFIX'] = conf.auth.jwt_header_prefix
-    application.config['SECRET_KEY'] = conf.auth.secret_key
-    jwt = JWT(application, __authenticate, __identity)
-
-    @api.errorhandler(JWTError)
+    application.config["JWT_REFRESH_TOKEN_EXPIRES"] = timedelta(
+        days=conf.auth.refresh_token_expiration_days
+    )
+    application.config["JWT_ACCESS_TOKEN_EXPIRES"] = timedelta(
+        seconds=conf.auth.expiration_sec
+    )
+    application.config["JWT_SECRET_KEY"] = conf.auth.secret_key
+    jwt = JWTManager(application)
+
+    @jwt.user_identity_loader
+    def user_identity_lookup(user):
+        return user.id
+
+    @jwt.user_lookup_loader
+    def __identity(_jwt_header, jwt_data):
+        return get_cached_user(jwt_data["sub"])
+
+    @api.errorhandler(JWTExtendedException)
     def handle_jwt_error(error):
         """Mapping JWT error to Unauthorized."""
-        return {'message': ', '.join(error.args)}, 401
+        return {
+            "error": error.__class__.__name__,
+            "message": ", ".join(error.args),
+        }, 401
 
     @api.errorhandler(IntegrityError)
     def handle_sqla_error(error):
         """Mapping IntegrityError to HTTP Conflict(409)."""
-        return {'message': 'Database rules prevented this operation'}, 409
+        return {"message": "Database rules prevented this operation"}, 409
+
     return jwt, handle_jwt_error, handle_sqla_error
 
 
 def setup_api(application):
     authorizations = {
-        'apikey': {
-            'type': 'apiKey',
-            'in': 'header',
-            'name': 'Authorization',
+        "apikey": {
+            "type": "apiKey",
+            "in": "header",
+            "name": "Authorization",
         }
     }
 
-    api = Api(application, version='3.0', doc='/', security='apikey',
-              authorizations=authorizations,
-              contact_mail=conf.api.admin_mail)
-
-    from jarr.api import (feed, cluster, category, one_page_app, opml,
-                          user, auth, oauth, metrics)
+    api = Api(
+        application,
+        version="3.0",
+        doc="/",
+        security="apikey",
+        authorizations=authorizations,
+        contact_mail=conf.api.admin_mail,
+    )
+
+    from jarr.api import (
+        auth,
+        category,
+        cluster,
+        feed,
+        metrics,
+        oauth,
+        one_page_app,
+        opml,
+        user,
+    )
 
     api.add_namespace(one_page_app.default_ns)
     api.add_namespace(feed.feed_ns)
@@ -75,20 +95,21 @@ def setup_api(application):
 
 
 def create_app(testing=False):
-    application = Flask(__name__, static_folder='jarr/static',
-                        template_folder='../templates')
+    application = Flask(
+        __name__, static_folder="jarr/static", template_folder="../templates"
+    )
 
     CORS(application, resources={r"/*": {"origins": "*"}})
     if testing:
         application.debug = True
-        application.config['TESTING'] = True
-        application.config['PRESERVE_CONTEXT_ON_EXCEPTION'] = False
+        application.config["TESTING"] = True
+        application.config["PRESERVE_CONTEXT_ON_EXCEPTION"] = False
     else:
         application.debug = conf.log.level <= logging.DEBUG
-    application.config['PREFERRED_URL_SCHEME'] = conf.api.scheme
-    application.config['RESTX_JSON'] = {'default': default_handler}
+    application.config["PREFERRED_URL_SCHEME"] = conf.api.scheme
+    application.config["RESTX_JSON"] = {"default": default_handler}
     if conf.api.server_name:
-        application.config['SERVER_NAME'] = conf.api.server_name
+        application.config["SERVER_NAME"] = conf.api.server_name
 
     api = setup_api(application)
     setup_jwt(application, api)