Metadata-Version: 2.4
Name: invenio-app
Version: 3.1.0
Summary: WSGI, Celery and CLI applications for Invenio flavours.
Home-page: https://github.com/inveniosoftware/invenio-app
Author: CERN
Author-email: info@inveniosoftware.org
License: MIT
Keywords: invenio applications
Platform: any
Classifier: Development Status :: 5 - Production/Stable
Requires-Python: >=3.7
License-File: LICENSE
License-File: AUTHORS.rst
Requires-Dist: flask>=3.1.0
Requires-Dist: flask-limiter<5,>=4
Requires-Dist: flask-shell-ipython>=0.3.1
Requires-Dist: flask-talisman<1.0,>=0.3.2
Requires-Dist: invenio-base<3.0.0,>=2.2.0
Requires-Dist: invenio-cache<4.0.0,>=3.0.0
Requires-Dist: invenio-celery<3.0.0,>=2.0.0
Requires-Dist: invenio-config<2.0.0,>=1.0.0
Requires-Dist: uritools>=1.0.1
Provides-Extra: tests
Requires-Dist: pytest-black>=0.6.0; extra == "tests"
Requires-Dist: pytest-invenio<5.0.0,>=4.0.0; extra == "tests"
Requires-Dist: mock>=4.0.0; extra == "tests"
Requires-Dist: sphinx>=5.0; extra == "tests"
Dynamic: license-file

..
    This file is part of Invenio.
    Copyright (C) 2017-2018 CERN.

    Invenio is free software; you can redistribute it and/or modify it
    under the terms of the MIT License; see LICENSE file for more details.

=============
 Invenio-App
=============

.. image:: https://img.shields.io/github/license/inveniosoftware/invenio-app.svg
        :target: https://github.com/inveniosoftware/invenio-app/blob/master/LICENSE

.. image:: https://github.com/inveniosoftware/invenio-app/workflows/CI/badge.svg
        :target: https://github.com/inveniosoftware/invenio-app/actions

.. image:: https://img.shields.io/coveralls/inveniosoftware/invenio-app.svg
        :target: https://coveralls.io/r/inveniosoftware/invenio-app

.. image:: https://img.shields.io/pypi/v/invenio-app.svg
        :target: https://pypi.org/pypi/invenio-app

WSGI, Celery and CLI applications for Invenio flavours.

Further documentation is available on
https://invenio-app.readthedocs.io/

..
    This file is part of Invenio.
    Copyright (C) 2017-2023 CERN.
    Copyright (C) 2023-2026 Graz University of Technology.
    Copyright (C) 2025 Northwestern University.

    Invenio is free software; you can redistribute it and/or modify it
    under the terms of the MIT License; see LICENSE file for more details.

Changes
=======

Version v3.1.0 (released 2026-04-29)

- feat(ext): provide easier-to-access Flask-Limiter instance
    * this requires a bump of the `Flask-Limiter` dependency, due to an
      `assert key_func` statement not playing nice with `LocalProxy` objects
      in older versions of `Flask-Limiter`
- feat(ext): provide easier-to-access Flask-Talisman instance
    * addresses https://github.com/inveniosoftware/invenio-app/issues/22

Version v3.0.0 (released 2026-01-27)

- chore(setup): bump dependencies
- tests: extend support to Python 3.14

Version 2.3.0 (release 2025-07-02)

- fix: pkg_resources DeprecationWarning
- fix: click breaking changes

Version 2.2.0 (release 2025-04-25)

- factory: pass converters to create_invenio_apps_builder_factory

Version 2.1.0 (release 2025-04-17)

- factory: integrate invenio_url_for mechanism
- limiter: replace usage of `pkg_resources` with import
- limiter/tests: refactor current_user access

Version 2.0.0 (release 2024-12-03)

- factory: change to new TRUSTS_HOSTS from flask
- setup: bump major dependencies

Version 1.5.1 (release 2024-12-03)

- setup: change to reusable workflows
- setup: pin dependencies
- config: updated rate limit for password
- security: added default rate limits for endpoints

Version 1.5.0 (released 2023-03-04)

- Bumps Flask-Limiter to v2.x, to support Python 3.12.
- Fixes deprecated RATELIMIT_STORAGE_URL variable, now called RATELIMIT_STORAGE_URI.

Version 1.4.0 (released 2023-06-26)

- Adds ``invenio_base.finalize_app`` and ``invenio_base.api_finalize_app``
  entry points to the creation of the factory function ``create_app`` and
  ``create_api`` to overcome the deprecation of ``before_(app_)first_request``
  in Flask>=2.3.0

Version 1.3.4 (released 2022-04-06)

- Added support for Flask-Security-Invenio.

Version 1.3.3 (released 2021-12-06)

- Pinned Limits library to align with Flask-Limiter.

Version 1.3.2 (released 2021-10-28)

- Unpins Flask-Talisman to allow newer versions.

- Removes Python 2 support.

Version 1.3.1 (released 2020-12-07)

- Adds HEAD and OPTIONS HTTP verbs to the /ping endpoint as recommended
  in HAProxy documentation.

Version 1.3.0 (released 2020-05-13)

- Adds new template theming via allowing Jinja to load templates from different
  theme folders via the new configuration variable ``APP_THEME``.

- Removes the ChoiceLoader used to load templates from the instance folder in
  favour of using Flask instead. Invenio-App sets the application's root_path
  to the instance folder, which makes Flask create the same behavior
  previously achieved with the ChoiceLoader.

Version 1.2.6 (released 2020-05-06)

- Deprecated Python versions lower than 3.6.0. Now supporting 3.6.0 and 3.7.0.

Version 1.2.5 (released 2020-02-26)

Version 1.2.4 (released 2019-11-20)

- Disable ratelimit for celery.

Version 1.2.3 (released 2019-10-10)

- Make `static_url_path` configurable through environment variable.

Version 1.2.2 (released 2019-08-29)

- Unpins Invenio packages versions.

Version 1.2.1 (released 2019-08-21)

- Exempts the "/ping" view from rate limiting.

Version 1.2.0 (released 2019-07-29)

- Fixes issue with instance_path and static_folder being globals. Depends on
  change in Invenio-Base v1.1.0

- Improves rate limiting function to have limits per guest and per
  authenticated users.

Version 1.1.1 (released 2019-07-15)

- Fixes a security issue where APP_ALLOWED_HOSTS was not always being checked,
  and thus could allow host header injection attacks.

  NOTE: you should never route requests to your application with a wrong host
  header. The APP_ALLOWED_HOSTS exists as an extra protective measure, because
  it is easy to misconfigure your web server.

  The root cause was that Werkzeug's trusted host feature only works when
  request.host is being evaluated. This means that for instance when only
  url_for (part of the routing system) is used, then the host header check is
  not performed.

Version 1.1.0 (released 2018-12-14)

- The Flask-DebugToolbar extension is now automatically registered if
  installed.

Version 1.0.5 (released 2018-12-05)

- Add health check view

- Fix response headers assertion in tests

Version 1.0.4 (released 2018-10-11)

- Fix Content Security Policy headers when set empty in DEBUG mode.

Version 1.0.3 (released 2018-10-08)

- Fix Content Security Policy headers when running in DEBUG mode.

Version 1.0.2 (released 2018-08-24)

- Allows use of Flask-DebugToolbar when running in DEBUG mode.

Version 1.0.1 (released 2018-06-29)

- Pin Flask-Talisman.

Version 1.0.0 (released 2018-03-23)

- Initial public release.
