Welcome to Flask-CA’s documentation!

This contains a Flask blueprint, templates, models and database migrations pretty much ready to go. The purpose of this application is to provide a certificate authority. You can create CA’s and certificates that are signed by them. They can then be downloaded in a zip format.

It depends on pyOpenSSL, sqlalchemy-migrate, Flask-SQLAlchemy and Flask-WTF.

Here is how you configure it using the application factory:

from flask_ca import FlaskCA
db = SQLAlchemy()
flaskca = FlaskCA(db)

# Registers the certauth blueprint.
flaskca.init_app(app)
flaskca.register_blueprints()

Migrating the database

Next step required is to migrate the database (I have tested using postgresql and sqlite3). We use sqlalchemy-migrate to do this using the application name flask_ca. It is quite simple to do this in code:

from cnsdev.repository import __file__ as repfile
carep = os.path.dirname(carepo_file)
import migrate.versioning.api as migapi

migapi.version_control(url=dburi, repository=carep)
migapi.upgrade(url=dburi, repository=carep)

I personally use Flask-Script and encapsulate the migrate functionality that way:

@manager.command
def migrate_upgrade():
    migapi.upgrade(url=dburi, repository=rep)
    migapi.upgrade(url=dburi, repository=carep)


@manager.command
def migrate_downgrade(version):
    migapi.downgrade(url=dburi, repository=rep, version=version)


@manager.command
def migrate_version_control():
    migapi.version_control(url=dburi, repository=rep)
    migapi.version_control(url=dburi, repository=carep)

Where the rep repository is the one of my application and carep is the one for flask_ca.

Templates

The blueprint ships it’s own set of templates that use jQuery-UI, if you wish you override them you can place your own in the templates/ directory of your application.

To use the built in templates you need to create templates/base.html in your application directory and make it include jQuery-UI e.g.:

<link type="text/css" href="{{ url_for('static', filename='css/ui-lightness/jquery-ui-1.8.6.custom.css') }}" rel="stylesheet" />
<script type="text/javascript" src="{{ url_for('static', filename='js/jquery-1.4.2.min.js') }}"></script>
<script type="text/javascript" src="{{ url_for('static', filename='js/jquery-ui-1.8.6.custom.min.js') }}"></script>

Authentication

Here is a simple approach to add authentication for accessing the CertAuth blueprint, I do this via before_request which is possible due to the flexible nature of Flask. This example uses Flask-Principal:

@app.before_request
def before_handler():
    g.user = getattr(g.identity, 'user', None)

    # Requiring authentication for the certauth blueprint.
    if request.blueprint == 'certauth':
        # Require admin permission.
        admin_permission.test(401)

I won’t go into detail of how Flask-Principal works, there are a lot of examples around on the github. However this shows how easy it is to add authentication and we could use Flask-Login instead of whatever we please.

Fork me on GitHub