freedomofpress · legoktm · Jun 15, 2022 · May 3, 2022
@@ -236,7 +236,6 @@
   /var/www/securedrop/source_templates/use-tor-browser.html r,
   /var/www/securedrop/source_templates/utils.html r,
   /var/www/securedrop/source_templates/why-public-key.html r,
-  /var/www/securedrop/static/.webassets-cache/** rw,
   /var/www/securedrop/static/css/journalist.css r,
   /var/www/securedrop/static/css/source.css r,
   /var/www/securedrop/static/fonts/fa-brands-400.eot r,
@@ -254,8 +253,6 @@
   /var/www/securedrop/static/fonts/fa-solid-900.ttf r,
   /var/www/securedrop/static/fonts/fa-solid-900.woff r,
   /var/www/securedrop/static/fonts/fa-solid-900.woff2 r,
-  /var/www/securedrop/static/gen/journalist.js rw,
-  /var/www/securedrop/static/gen/source.js rw,
   /var/www/securedrop/static/i/check.png r,
   /var/www/securedrop/static/i/checkbox.png r,
   /var/www/securedrop/static/i/close.png r,

@@ -104,8 +104,6 @@
     state: directory
     dest: "{{ item }}"
   with_items:
-    - "{{ securedrop_app_code_deb_dir }}/var/www/securedrop/static/gen"
-    - "{{ securedrop_app_code_deb_dir }}/var/www/securedrop/static/.webassets-cache"
     - "{{ securedrop_app_code_deb_dir }}/var/www/securedrop/.well-known/pki-validation"
 
 - name: Build securedrop-app-code Debian package

@@ -234,8 +234,9 @@ case "$1" in
     # Restart apache so it loads with the apparmor profiles in enforce mode.
     service apache2 restart
 
-    # cleanup dynamically generated assets
-    rm -fr /var/www/securedrop/static/gen/*
+    # remove previously dynamically-generated assets
+    rm -fr /var/www/securedrop/static/gen/
+    rm -fr /var/www/securedrop/static/.webassets-cache/
 
     # Version migrations
 

@@ -266,37 +266,25 @@ def test_securedrop_app_code_contains_mo_files(
 def test_deb_package_contains_no_generated_assets(securedrop_app_code_contents: str):
     """
     Ensures the `securedrop-app-code` package does not ship minified
-    static assets, which are built automatically via Flask-Assets, and
-    may be present in the source directory used to build from.
+    static assets previously built at runtime via Flask-Assets under /gen, and
+    which may be present in the source directory used to build from.
     """
-    # static/gen/ directory should exist
-    assert re.search(
-        r"^.*\./var/www/securedrop" "/static/gen/$", securedrop_app_code_contents, re.M
-    )
-    # static/gen/ directory should be empty
+    # static/gen/ directory not should exist
     assert not re.search(
-        r"^.*\./var/www/securedrop" "/static/gen/.+$",
-        securedrop_app_code_contents,
-        re.M,
+        r"^.*\./var/www/securedrop" "/static/gen/$", securedrop_app_code_contents, re.M
     )
 
-    # static/.webassets-cache/ directory should exist
-    assert re.search(
-        r"^.*\./var/www/securedrop" "/static/.webassets-cache/$",
-        securedrop_app_code_contents,
-        re.M,
-    )
-    # static/.webassets-cache/ directory should be empty
+    # static/.webassets-cache/ directory should not exist
     assert not re.search(
-        r"^.*\./var/www/securedrop" "/static/.webassets-cache/.+$",
+        r"^.*\./var/www/securedrop" "/static/.webassets-cache/$",
         securedrop_app_code_contents,
         re.M,
     )
 
-    # no SASS files should exist; only the generated CSS files.
+    # no SASS files should exist.
     assert not re.search("^.*sass$", securedrop_app_code_contents, re.M)
 
-    # no .map files should exist; only the generated CSS files.
+    # no .map files should exist.
     assert not re.search("^.*css.map$", securedrop_app_code_contents, re.M)
 
 

@@ -1,6 +1,4 @@
 **/__pycache__
 **/*.pyc
 .sass-cache
-static/gen
-static/.webassets-cache
 tests/log/*
@@ -28,10 +28,8 @@ include source_app/*.py
 include source_templates/
 include source_templates/*.html
 include static/
-include static/.webassets-cache/
 include static/fonts/
 include static/fonts/**
-include static/gen/
 include static/i/
 exclude static/i/custom_logo.png
 include static/i/**

@@ -9,4 +9,4 @@ silent=False
 
 [jinja2: */*.html]
 silent=False
-extensions=jinja2.ext.autoescape,jinja2.ext.with_,webassets.ext.jinja2.AssetsExtension,jinja2.ext.do
+extensions=jinja2.ext.autoescape,jinja2.ext.with_,jinja2.ext.do
@@ -5,7 +5,6 @@
 
 from flask import (Flask, session, redirect, url_for, flash, g, request,
                    render_template, json)
-from flask_assets import Environment
 from flask_babel import gettext
 from flask_wtf.csrf import CSRFProtect, CSRFError
 from os import path
@@ -64,7 +63,6 @@ def create_app(config: 'SDConfig') -> Flask:
     app.session_interface = JournalistInterfaceSessionInterface()
 
     csrf = CSRFProtect(app)
-    Environment(app)
 
     app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
     app.config['SQLALCHEMY_DATABASE_URI'] = config.DATABASE_URI

@@ -10,9 +10,7 @@
 
   <link rel="icon" type="image/png" href="/static/i/favicon.png">
 
-  {% assets filters="jsmin", output="gen/journalist.js", "js/journalist.js" %}
-  <script src="{{ ASSET_URL }}"></script>
-  {% endassets %}
+  <script src="{{ url_for("static", filename="js/journalist.js") }}"></script>
   {% block extrahead %}{% endblock %}
 </head>
 

@@ -6,13 +6,11 @@ cffi>=1.14.2
 # This version needs Rust for compilation.
 cryptography>=3.4.7
 
-Flask-Assets
 Flask-Babel>=1.0.0
 Flask-SQLAlchemy
 Flask-WTF>=1.0.0
 Flask>=2.0.2
 Jinja2>=3.0.0
-jsmin
 markupsafe>=2.0
 mod_wsgi
 passlib

@@ -105,9 +105,6 @@ cryptography==3.4.7 \
     --hash=sha256:eb8cc2afe8b05acbd84a43905832ec78e7b3873fb124ca190f574dca7389a87d \
     --hash=sha256:ee77aa129f481be46f8d92a1a7db57269a2f23052d5f2433b4621bb457081cc9
     # via -r requirements/python3/securedrop-app-code-requirements.in
-flask-assets==0.12 \
-    --hash=sha256:6031527b89fb3509d1581d932affa5a79dd348cfffb58d0aef99a43461d47847
-    # via -r requirements/python3/securedrop-app-code-requirements.in
 flask-babel==2.0.0 \
     --hash=sha256:e6820a052a8d344e178cdd36dd4bb8aea09b4bda3d5f9fa9f008df2c7f2f5468 \
     --hash=sha256:f9faf45cdb2e1a32ea2ec14403587d4295108f35017a7821a2b1acb8cfd9257d
@@ -125,7 +122,6 @@ flask==2.0.2 \
     --hash=sha256:cb90f62f1d8e4dc4621f52106613488b5ba826b2e1e10a33eac92f723093ab6a
     # via
     #   -r requirements/python3/securedrop-app-code-requirements.in
-    #   flask-assets
     #   flask-babel
     #   flask-sqlalchemy
     #   flask-wtf
@@ -142,9 +138,6 @@ jinja2==3.0.2 \
     #   -r requirements/python3/securedrop-app-code-requirements.in
     #   flask
     #   flask-babel
-jsmin==2.2.2 \
-    --hash=sha256:b6df99b2cd1c75d9d342e4335b535789b8da9107ec748212706ef7bbe5c2553b
-    # via -r requirements/python3/securedrop-app-code-requirements.in
 mako==1.0.7 \
     --hash=sha256:4e02fde57bd4abb5ec400181e4c314f56ac3e49ba4fb8b0d50bba18cb27d25ae
     # via alembic
@@ -299,9 +292,6 @@ sqlalchemy==1.3.3 \
     #   -r requirements/python3/securedrop-app-code-requirements.in
     #   alembic
     #   flask-sqlalchemy
-webassets==0.12.1 \
-    --hash=sha256:e7d9c8887343123fd5b32309b33167428cb1318cdda97ece12d0907fd69d38db
-    # via flask-assets
 werkzeug==2.0.2 \
     --hash=sha256:63d3dc1cf60e7b7e35e97fa9861f7397283b75d765afcaefd993d6046899de8f \
     --hash=sha256:aa2bb6fc8dee8d6c504c0ac1e7f5f7dc5810a9903e793b6f715a9f015bdadb9a

@@ -6,7 +6,6 @@
 import werkzeug
 from flask import (Flask, render_template, request, g, session, redirect, url_for)
 from flask_babel import gettext
-from flask_assets import Environment
 from flask_wtf.csrf import CSRFProtect, CSRFError
 from os import path
 from typing import Tuple
@@ -70,9 +69,6 @@ def setup_i18n() -> None:
     def handle_csrf_error(e: CSRFError) -> werkzeug.Response:
         return clear_session_and_redirect_to_logged_out_page(flask_session=session)
 
-    assets = Environment(app)
-    app.config['assets'] = assets
-
     app.jinja_env.trim_blocks = True
     app.jinja_env.lstrip_blocks = True
     app.jinja_env.globals['version'] = version.__version__

@@ -14,9 +14,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <meta name="robots" content="noindex,nofollow">
 
-  {% assets filters="jsmin", output="gen/source.js", "js/source.js" %}
-  <script src="{{ ASSET_URL }}"></script>
-  {% endassets %}
+  <script src="{{ url_for("static", filename="js/source.js") }}"></script>
 </head>
 
 <body id="source-index">