Coverage for app/init.py: 100%

1import os 

2import secrets 

3import sqlite3 

4from datetime import timedelta 

5 

6import click # pyright: ignore[reportMissingImports] 

7from typing import Any 

8from urllib.parse import urlparse 

9 

10from flask import ( 

11 Flask, 

12 Response, 

13 g, 

14 has_request_context, 

15 render_template, 

16 request, 

17 send_from_directory, 

18 session, 

19) # pyright: ignore[reportMissingImports] 

20from flask.typing import ResponseReturnValue # pyright: ignore[reportMissingImports] 

21from flask_babel import Babel, get_locale as _babel_get_locale # pyright: ignore[reportMissingImports] 

22from flask_migrate import Migrate 

23from flask_wtf.csrf import CSRFProtect # pyright: ignore[reportMissingImports] 

24from werkzeug.middleware.proxy_fix import ProxyFix # pyright: ignore[reportMissingImports] 

25from sqlalchemy import event # pyright: ignore[reportMissingImports] 

26from sqlalchemy.engine import Engine # pyright: ignore[reportMissingImports] 

27 

28SUPPORTED_LOCALES = ["en", "fr", "nl"] 

29 

30LOCALE_META = { 

31 "en": {"flag": "🇬🇧", "abbr": "EN", "native": "English", "english": "English"}, 

32 "fr": {"flag": "🇫🇷", "abbr": "FR", "native": "Français", "english": "French"}, 

33 "nl": {"flag": "🇳🇱", "abbr": "NL", "native": "Nederlands", "english": "Dutch"}, 

34} 

35 

36# EE-09: aviation history days — (month, day, msgid). Add new entries here. 

37_AVIATION_DAYS: list[tuple[int, int, str]] = [ 

38 (3, 2, "First flight of Concorde — André Turcat at the controls, Toulouse (1969)"), 

39 ( 

40 5, 

41 21, 

42 "Charles Lindbergh lands at Le Bourget — first solo transatlantic flight (1927)", 

43 ), 

44 ( 

45 7, 

46 25, 

47 "Louis Blériot crosses the English Channel — first crossing by airplane (1909)", 

48 ), 

49 ( 

50 11, 

51 21, 

52 "Pilâtre de Rozier & d'Arlandes — first manned free balloon flight, Paris (1783)", 

53 ), 

54 (12, 17, "First flight: 17 Dec 1903 — 12 seconds, 37 metres. (Wright Brothers)"), 

55] 

56 

57 

58def _aviation_day_msgid(month: int, day: int) -> str | None: 

59 for m, d, msgid in _AVIATION_DAYS: 

60 if m == month and d == day: 

61 return msgid 

62 return None 

63 

64 

65@event.listens_for(Engine, "connect") 

66def _set_sqlite_fk_pragma(dbapi_connection: Any, _record: Any) -> None: 

67 if isinstance(dbapi_connection, sqlite3.Connection): 

68 cur = dbapi_connection.cursor() 

69 cur.execute("PRAGMA foreign_keys=ON") 

70 cur.close() 

71 

72 

73def _drop_and_restore_schema(database_url: str, sql_bytes: bytes) -> None: 

74 """Drop the public schema and restore it from a pg_dump byte-string.""" 

75 import subprocess # noqa: PLC0415 # nosec B404 

76 import tempfile 

77 

78 from sqlalchemy import text # pyright: ignore[reportMissingImports] 

79 

80 from models import db # pyright: ignore[reportMissingImports] 

81 

82 # Close the ORM session while its connection is still alive so Flask's 

83 # teardown has nothing left to rollback after we terminate other backends. 

84 db.session.remove() 

85 

86 with db.engine.connect() as conn: 

87 # Terminate all other connections so DROP SCHEMA can acquire its 

88 # ACCESS EXCLUSIVE lock even if the web server left a connection 

89 # idle-in-transaction (which would block indefinitely otherwise). 

90 conn.execute( 

91 text( 

92 "SELECT pg_terminate_backend(pid) FROM pg_stat_activity" 

93 " WHERE datname = current_database() AND pid != pg_backend_pid()" 

94 ) 

95 ) 

96 conn.execute(text("DROP SCHEMA public CASCADE")) 

97 conn.execute(text("CREATE SCHEMA public")) 

98 conn.commit() 

99 

100 # Dispose the connection pool so no SQLAlchemy connections linger and 

101 # block psql's DDL statements with AccessShareLock. 

102 db.engine.dispose() 

103 

104 # Write the dump to a temp file so psql can read it directly rather than 

105 # via stdin — avoids pipe-buffering hangs on large dumps and lets psql 

106 # print progress to the terminal in real time. 

107 with tempfile.NamedTemporaryFile(suffix=".sql", delete=False) as tmp: 

108 tmp.write(sql_bytes) 

109 tmp_path = tmp.name 

110 

111 try: 

112 result = subprocess.run( # nosec B603 

113 ["psql", "--no-password", "-f", tmp_path, database_url], 

114 timeout=600, 

115 ) 

116 except subprocess.TimeoutExpired: 

117 raise RuntimeError("psql restore timed out after 10 minutes.") 

118 finally: 

119 os.unlink(tmp_path) 

120 

121 if result.returncode != 0: 

122 raise RuntimeError(f"psql exited with code {result.returncode}") 

123 

124 

125def _easa_sync_loop(app: Flask) -> None: 

126 import logging 

127 import os 

128 import random 

129 import time 

130 from datetime import datetime, timedelta, timezone 

131 

132 from airworthiness_sync import sync_all_nodes # pyright: ignore[reportMissingImports] 

133 

134 _log = logging.getLogger(__name__) 

135 

136 # Determine the daily sync time (UTC). Admin can pin a specific hour via 

137 # OPENHANGAR_AIRWORTHINESS_EASA_SYNC_HOUR (0-23). Default: random hour 

138 # 01-05 UTC so that different instances do not all hit EASA simultaneously. 

139 env_hour = os.environ.get("OPENHANGAR_AIRWORTHINESS_EASA_SYNC_HOUR") 

140 if env_hour is not None: 

141 try: 

142 sync_hour = int(env_hour) % 24 

143 except ValueError: 

144 sync_hour = random.randint(1, 5) 

145 else: 

146 sync_hour = random.randint(1, 5) 

147 sync_minute = random.randint(0, 59) 

148 _log.info("EASA sync scheduled daily at %02d:%02d UTC", sync_hour, sync_minute) 

149 

150 while True: 

151 now = datetime.now(timezone.utc) 

152 next_run = now.replace( 

153 hour=sync_hour, minute=sync_minute, second=0, microsecond=0 

154 ) 

155 if next_run <= now: 

156 next_run += timedelta(days=1) 

157 time.sleep((next_run - datetime.now(timezone.utc)).total_seconds()) 

158 sync_all_nodes(app) 

159 

160 

161def _start_easa_sync_scheduler(app: Flask) -> None: 

162 import threading 

163 

164 t = threading.Thread( 

165 target=_easa_sync_loop, 

166 args=(app,), 

167 daemon=True, 

168 name="easa-sync", 

169 ) 

170 t.start() 

171 

172 

173def _parse_notification_time() -> tuple[int, int]: 

174 """Return (hour, minute) from OPENHANGAR_NOTIFICATION_TIME (HH:MM, default 07:00). 

175 

176 Raises ValueError with a human-readable message if the value is set but invalid. 

177 """ 

178 raw = os.environ.get("OPENHANGAR_NOTIFICATION_TIME", "07:00") 

179 err = f"OPENHANGAR_NOTIFICATION_TIME={raw!r} is invalid — expected HH:MM (e.g. '07:00')" 

180 parts = raw.split(":") 

181 if len(parts) != 2: 

182 raise ValueError(err) 

183 try: 

184 hour, minute = int(parts[0]), int(parts[1]) 

185 except ValueError: 

186 raise ValueError(err) 

187 if not (0 <= hour <= 23 and 0 <= minute <= 59): 

188 raise ValueError(err) 

189 return hour, minute 

190 

191 

192def _notification_daily_loop(app: Flask, run_hour: int, run_minute: int) -> None: 

193 import logging 

194 import time 

195 from datetime import datetime, timedelta, timezone 

196 

197 _log = logging.getLogger(__name__) 

198 _log.info( 

199 "Notification daily check scheduled at %02d:%02d UTC", run_hour, run_minute 

200 ) 

201 

202 while True: 

203 now = datetime.now(timezone.utc) 

204 next_run = now.replace( 

205 hour=run_hour, minute=run_minute, second=0, microsecond=0 

206 ) 

207 if next_run <= now: 

208 next_run += timedelta(days=1) 

209 time.sleep((next_run - datetime.now(timezone.utc)).total_seconds()) 

210 try: 

211 from services.notification_service import run_daily_checks # pyright: ignore[reportMissingImports] 

212 

213 run_daily_checks(app) 

214 except Exception: 

215 _log.exception("Notification daily check failed; will retry tomorrow") 

216 

217 

218def _start_notification_scheduler(app: Flask) -> None: 

219 import threading 

220 

221 run_hour, run_minute = _parse_notification_time() 

222 t = threading.Thread( 

223 target=_notification_daily_loop, 

224 args=(app, run_hour, run_minute), 

225 daemon=True, 

226 name="notification-daily", 

227 ) 

228 t.start() 

229 

230 

231def create_app() -> Flask: 

232 from security_alerts import attach_to_logger # pyright: ignore[reportMissingImports] 

233 

234 attach_to_logger() 

235 

236 app = Flask(__name__) 

237 app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1) # type: ignore[method-assign] 

238 

239 # Propagate OPENHANGAR_ENV → FLASK_ENV so Flask's own internals keep working. 

240 os.environ["FLASK_ENV"] = os.environ.get("OPENHANGAR_ENV", "production") 

241 

242 app.config["SQLALCHEMY_DATABASE_URI"] = os.environ.get( 

243 "OPENHANGAR_DATABASE_URL", "sqlite:///:memory:" 

244 ) 

245 secret_key = os.environ.get("OPENHANGAR_SECRET_KEY") 

246 if not secret_key: 

247 raise RuntimeError("OPENHANGAR_SECRET_KEY environment variable must be set") 

248 if "change" in secret_key.lower(): 

249 raise RuntimeError( 

250 "OPENHANGAR_SECRET_KEY appears to be a placeholder value. " 

251 "Generate a real key with: openssl rand -hex 32" 

252 ) 

253 app.config["SECRET_KEY"] = secret_key 

254 app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False 

255 app.config["UPLOAD_FOLDER"] = os.environ.get( 

256 "OPENHANGAR_UPLOAD_FOLDER", "/data/uploads" 

257 ) 

258 app.config["BACKUP_FOLDER"] = os.environ.get( 

259 "OPENHANGAR_BACKUP_FOLDER", "/data/backups" 

260 ) 

261 app.config["MAX_CONTENT_LENGTH"] = ( 

262 50 * 1024 * 1024 

263 ) # overridden by _validate_config 

264 app.config["SESSION_COOKIE_SECURE"] = True 

265 app.config["SESSION_COOKIE_HTTPONLY"] = True 

266 app.config["SESSION_COOKIE_SAMESITE"] = "Lax" 

267 _session_days = int(os.environ.get("OPENHANGAR_SESSION_LIFETIME_DAYS", "30")) 

268 app.config["PERMANENT_SESSION_LIFETIME"] = timedelta(days=_session_days) 

269 

270 flask_env = os.environ.get("OPENHANGAR_ENV", "production") 

271 

272 if flask_env in ("development", "test"): 

273 app.config["TEMPLATES_AUTO_RELOAD"] = True 

274 

275 from models import db 

276 

277 db.init_app(app) 

278 Migrate(app, db) 

279 

280 def _get_locale() -> str | None: 

281 if not has_request_context(): 

282 return "en" 

283 if session.get("user_id"): 

284 # Demo sessions: visitor's session language takes precedence over the 

285 # demo user's stored default so Accept-Language / manual switcher work. 

286 if ( 

287 session.get("demo_slot_id") 

288 and session.get("language") in SUPPORTED_LOCALES 

289 ): 

290 return str(session["language"]) 

291 from models import User 

292 

293 user = db.session.get(User, session["user_id"]) 

294 if user and user.language in SUPPORTED_LOCALES: 

295 return str(user.language) 

296 if session.get("language") in SUPPORTED_LOCALES: 

297 return str(session["language"]) 

298 return str(request.accept_languages.best_match(SUPPORTED_LOCALES, default="en")) 

299 

300 Babel(app, locale_selector=_get_locale) 

301 CSRFProtect(app) 

302 

303 from extensions import cache as _cache # pyright: ignore[reportMissingImports] 

304 from extensions import limiter as _limiter # pyright: ignore[reportMissingImports] 

305 

306 app.config["CACHE_TYPE"] = "SimpleCache" 

307 app.config["CACHE_DEFAULT_TIMEOUT"] = 300 

308 _cache.init_app(app) 

309 _limiter.init_app(app) 

310 

311 @app.before_request 

312 def _generate_csp_nonce() -> None: 

313 g.csp_nonce = secrets.token_urlsafe(16) 

314 

315 def _csp_nonce() -> str: 

316 return getattr(g, "csp_nonce", "") 

317 

318 app.jinja_env.globals["csp_nonce"] = _csp_nonce 

319 

320 @app.after_request 

321 def _security_headers(response: Any) -> Any: 

322 nonce = getattr(g, "csp_nonce", "") 

323 response.headers["Content-Security-Policy"] = ( 

324 f"default-src 'self'; " 

325 f"script-src 'nonce-{nonce}'; " 

326 f"worker-src 'self' blob:; " 

327 f"style-src-elem 'self'; " 

328 f"style-src-attr 'none'; " 

329 f"font-src 'self'; " 

330 f"img-src 'self' data: blob: tile.openstreetmap.org *.basemaps.cartocdn.com api.tiles.openaip.net; " 

331 f"connect-src 'self'; " 

332 f"object-src 'none'; " 

333 f"base-uri 'self'; " 

334 f"form-action 'self'; " 

335 f"frame-ancestors 'none';" 

336 ) 

337 response.headers["X-Frame-Options"] = "DENY" 

338 response.headers["X-Content-Type-Options"] = "nosniff" 

339 response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin" 

340 response.headers["Permissions-Policy"] = ( 

341 "camera=(), microphone=(), geolocation=(), payment=()" 

342 ) 

343 response.headers["Cross-Origin-Opener-Policy"] = "same-origin" 

344 response.headers["Cross-Origin-Resource-Policy"] = "same-origin" 

345 if session.get("user_id"): 

346 existing_cc = response.headers.get("Cache-Control", "") 

347 if "public" not in existing_cc and "immutable" not in existing_cc: 

348 response.headers["Cache-Control"] = "no-store, private" 

349 return response 

350 

351 from flask_babel import format_date, format_datetime, format_decimal 

352 

353 app.jinja_env.globals.update( 

354 format_date=format_date, 

355 format_datetime=format_datetime, 

356 format_decimal=format_decimal, 

357 ) 

358 

359 if app.config.get("TESTING") or os.environ.get("OPENHANGAR_ENV") == "development": 

360 from jinja2 import StrictUndefined 

361 

362 app.jinja_env.undefined = StrictUndefined 

363 

364 from utils import ( 

365 _load_aircraft_type_variants, 

366 _load_airport_names, 

367 ) 

368 

369 @app.template_filter("airport_name") 

370 def _airport_name_filter(code: str | None) -> str: 

371 if not code: 

372 return "" 

373 return _load_airport_names().get(code.upper(), "") 

374 

375 @app.route("/manifest.json") 

376 def pwa_manifest() -> ResponseReturnValue: 

377 from flask import jsonify as _jsonify 

378 

379 return _jsonify( 

380 { 

381 "name": "OpenHangar", 

382 "short_name": "OpenHangar", 

383 "description": "Open-source aircraft operations and pilot logbook", 

384 "start_url": "/", 

385 "display": "standalone", 

386 "theme_color": "#1a3a5c", 

387 "background_color": "#1a3a5c", 

388 "icons": [ 

389 { 

390 "src": "/static/icons/icon.svg", 

391 "sizes": "any", 

392 "type": "image/svg+xml", 

393 }, 

394 { 

395 "src": "/static/icons/icon-maskable.svg", 

396 "sizes": "any", 

397 "type": "image/svg+xml", 

398 "purpose": "maskable", 

399 }, 

400 ], 

401 "share_target": { 

402 "action": "/pwa/shared", 

403 "method": "POST", 

404 "enctype": "multipart/form-data", 

405 "params": { 

406 "title": "title", 

407 "text": "text", 

408 "url": "url", 

409 "files": [ 

410 { 

411 "name": "files", 

412 "accept": ["application/pdf", "image/*"], 

413 } 

414 ], 

415 }, 

416 }, 

417 "shortcuts": [ 

418 { 

419 "name": "Log a Flight", 

420 "short_name": "Log Flight", 

421 "url": "/flights/new", 

422 "icons": [ 

423 { 

424 "src": "/static/icons/shortcut-log-flight.svg", 

425 "sizes": "any", 

426 "type": "image/svg+xml", 

427 } 

428 ], 

429 }, 

430 { 

431 "name": "My Aircraft", 

432 "short_name": "Aircraft", 

433 "url": "/aircraft", 

434 "icons": [ 

435 { 

436 "src": "/static/icons/shortcut-aircraft.svg", 

437 "sizes": "any", 

438 "type": "image/svg+xml", 

439 } 

440 ], 

441 }, 

442 { 

443 "name": "Documents", 

444 "short_name": "Documents", 

445 "url": "/documents", 

446 "icons": [ 

447 { 

448 "src": "/static/icons/shortcut-documents.svg", 

449 "sizes": "any", 

450 "type": "image/svg+xml", 

451 } 

452 ], 

453 }, 

454 ], 

455 } 

456 ) 

457 

458 @app.route("/sw.js") 

459 def service_worker() -> ResponseReturnValue: 

460 sw_path = os.path.join(app.static_folder or "static", "js", "sw.js") 

461 with open(sw_path, encoding="utf-8") as fh: 

462 content = fh.read() 

463 version = os.environ.get("OPENHANGAR_VERSION", "") 

464 cache_name = ( 

465 f"openhangar-{version}" 

466 if version and version != "development" 

467 else f"openhangar-{secrets.token_hex(8)}" 

468 ) 

469 content = content.replace("__SW_CACHE_VERSION__", cache_name) 

470 response = Response(content, mimetype="application/javascript") 

471 response.headers["Service-Worker-Allowed"] = "/" 

472 return response 

473 

474 @app.route("/api/check-flight-duplicate") 

475 def api_check_flight_duplicate() -> ResponseReturnValue: 

476 from flask import jsonify as _jsonify 

477 

478 if not session.get("user_id"): 

479 return _jsonify({"error": "unauthorized"}), 401 

480 date_str = request.args.get("date", "") 

481 aircraft_id_str = request.args.get("aircraft_id", "") 

482 dep = request.args.get("departure_icao", "") 

483 arr = request.args.get("arrival_icao", "") 

484 if not (date_str and dep and arr): 

485 return _jsonify({"duplicate": False}) 

486 from models import Aircraft, FlightEntry, PilotLogbookEntry, TenantUser 

487 

488 uid = int(session["user_id"]) 

489 try: 

490 from datetime import date as _date 

491 

492 flight_date = _date.fromisoformat(date_str) 

493 except ValueError: 

494 return _jsonify({"duplicate": False}) 

495 

496 tu = TenantUser.query.filter_by(user_id=uid).first() 

497 

498 if tu and aircraft_id_str and aircraft_id_str.isdigit(): 

499 ac_id = int(aircraft_id_str) 

500 # Scope by tenant: only match flights on an aircraft the caller's 

501 # tenant owns, otherwise this leaks a cross-tenant existence oracle. 

502 owned = Aircraft.query.filter_by(id=ac_id, tenant_id=tu.tenant_id).first() 

503 if owned: 

504 dup = FlightEntry.query.filter_by( 

505 aircraft_id=ac_id, 

506 date=flight_date, 

507 departure_icao=dep, 

508 arrival_icao=arr, 

509 ).first() 

510 if dup: 

511 return _jsonify({"duplicate": True}) 

512 

513 if tu: 

514 dup_pilot = PilotLogbookEntry.query.filter_by( 

515 pilot_user_id=uid, 

516 date=flight_date, 

517 departure_place=dep, 

518 arrival_place=arr, 

519 ).first() 

520 if dup_pilot: 

521 return _jsonify({"duplicate": True}) 

522 

523 return _jsonify({"duplicate": False}) 

524 

525 @app.route("/airport-search") 

526 def airport_search() -> ResponseReturnValue: 

527 if not session.get("user_id"): 

528 return {"results": []} 

529 q = request.args.get("q", "").strip() 

530 if len(q) < 2: 

531 return {"results": []} 

532 q_code = q.upper() 

533 q_low = q.lower() 

534 names = _load_airport_names() 

535 code_hits: list[dict[str, str]] = [] 

536 name_hits: list[dict[str, str]] = [] 

537 for code, name in names.items(): 

538 if code.startswith(q_code): 

539 code_hits.append({"code": code, "name": name}) 

540 elif q_low in name.lower(): 

541 name_hits.append({"code": code, "name": name}) 

542 return {"results": (code_hits + name_hits)[:10]} 

543 

544 @app.route("/aircraft-type-search") 

545 def aircraft_type_search() -> ResponseReturnValue: 

546 if not session.get("user_id"): 

547 return {"results": []} 

548 q = request.args.get("q", "").strip() 

549 if len(q) < 2: 

550 return {"results": []} 

551 q_up = q.upper() 

552 words = q.lower().split() 

553 variants = _load_aircraft_type_variants() 

554 code_hits: list[dict[str, str]] = [] 

555 name_hits: list[dict[str, str]] = [] 

556 for des, full_name, mfr, mdl in variants: 

557 name_low = full_name.lower() 

558 entry = {"code": des, "name": full_name, "manufacturer": mfr, "model": mdl} 

559 if des.startswith(q_up): 

560 code_hits.append(entry) 

561 elif all(w in name_low for w in words): 

562 name_hits.append(entry) 

563 return {"results": code_hits + name_hits} 

564 

565 from auth.routes import auth_bp 

566 

567 app.register_blueprint(auth_bp) 

568 

569 from aircraft.routes import aircraft_bp 

570 

571 app.register_blueprint(aircraft_bp) 

572 

573 from flights.routes import flights_bp 

574 

575 app.register_blueprint(flights_bp) 

576 

577 from maintenance.routes import maintenance_bp 

578 

579 app.register_blueprint(maintenance_bp) 

580 

581 from expenses.routes import expenses_bp 

582 

583 app.register_blueprint(expenses_bp) 

584 

585 from documents.routes import documents_bp 

586 

587 app.register_blueprint(documents_bp) 

588 

589 from config.routes import config_bp 

590 

591 app.register_blueprint(config_bp) 

592 

593 from share.routes import share_bp 

594 

595 app.register_blueprint(share_bp) 

596 

597 from snags.routes import snags_bp 

598 

599 app.register_blueprint(snags_bp) 

600 

601 from pilots.routes import pilots_bp 

602 

603 app.register_blueprint(pilots_bp) 

604 

605 from users.routes import users_bp 

606 

607 app.register_blueprint(users_bp) 

608 

609 from reservations.routes import reservations_bp 

610 

611 app.register_blueprint(reservations_bp) 

612 

613 from squawk.routes import squawk_bp 

614 

615 app.register_blueprint(squawk_bp) 

616 

617 from hangar.routes import hangar_bp 

618 

619 app.register_blueprint(hangar_bp) 

620 

621 from airworthiness.routes import airworthiness_bp 

622 

623 app.register_blueprint(airworthiness_bp) 

624 

625 from pwa.routes import pwa_bp 

626 

627 app.register_blueprint(pwa_bp) 

628 

629 if flask_env == "demo": 

630 from demo.routes import demo_bp 

631 

632 app.register_blueprint(demo_bp) 

633 

634 def _current_theme( 

635 user_obj: Any, in_request: bool, sess: Any, is_demo: bool 

636 ) -> str: 

637 if in_request and user_obj and not is_demo and not sess.get("demo_slot_id"): 

638 t = getattr(user_obj, "theme", None) 

639 if t in ("light", "dark"): 

640 return str(t) 

641 if in_request: 

642 t = sess.get("theme") 

643 if t in ("light", "dark", "system"): 

644 return str(t) 

645 return "system" 

646 

647 @app.context_processor 

648 def inject_globals() -> dict[str, Any]: 

649 from models import DemoSlot, Role, TenantProfile, TenantUser, User 

650 from utils import current_user_role 

651 

652 is_demo = flask_env == "demo" 

653 demo_next_wipe_utc = ( 

654 os.environ.get("OPENHANGAR_DEMO_NEXT_WIPE_UTC") if is_demo else None 

655 ) 

656 demo_site_url = os.environ.get("OPENHANGAR_DEMO_SITE_URL") 

657 repo_url = os.environ.get( 

658 "OPENHANGAR_REPO_URL", "https://github.com/e2jk/OpenHangar" 

659 ) 

660 _in_request = has_request_context() 

661 demo_display_id = None 

662 if is_demo and _in_request: 

663 slot_id = session.get("demo_slot_id") 

664 if slot_id: 

665 slot = db.session.get(DemoSlot, slot_id) 

666 if slot: 

667 demo_display_id = slot.display_id 

668 role = current_user_role() if _in_request else None 

669 # Phase 23: is_pilot/is_maint also enabled by per-user capability flags 

670 uid = session.get("user_id") if _in_request else None 

671 _user_flags = db.session.get(User, uid) if uid else None 

672 _flag_pilot = bool(_user_flags and _user_flags.is_pilot) 

673 _flag_maint = bool(_user_flags and _user_flags.is_maintenance) 

674 

675 # Phase 26: adaptive UI based on TenantProfile 

676 _tenant_profile = None 

677 if uid: 

678 tu = TenantUser.query.filter_by(user_id=uid).first() 

679 if tu: 

680 _tenant_profile = TenantProfile.query.filter_by( 

681 tenant_id=tu.tenant_id 

682 ).first() 

683 _pac = ( 

684 _tenant_profile.planned_aircraft_count 

685 if _tenant_profile and _tenant_profile.planned_aircraft_count is not None 

686 else None 

687 ) 

688 # logbook_only: planned_aircraft_count == 0 → hide all aircraft UI 

689 _logbook_only = _pac == 0 

690 # single_aircraft_mode: planned_aircraft_count == 1 → hide fleet-level widgets 

691 _single_aircraft_mode = _pac == 1 

692 

693 # EE-09: aviation history day banner 

694 from datetime import date as _date # noqa: PLC0415 

695 from flask_babel import gettext as _gt, ngettext as _ngt # noqa: PLC0415 

696 

697 _today = _date.today() 

698 _avi_msgid = _aviation_day_msgid(_today.month, _today.day) 

699 _aviation_banner = _gt(_avi_msgid) if _avi_msgid else None 

700 

701 # EE-10: personal anniversary banner (first solo / PPL) 

702 _pilot_anniversary: dict[str, Any] | None = None 

703 _pilot_anniversary_confetti = False 

704 if uid: 

705 from models import PilotProfile as _PP # noqa: PLC0415 

706 

707 _pp = _PP.query.filter_by(user_id=uid).first() 

708 if _pp: 

709 for _ann_date, _ann_type in ( 

710 (_pp.first_solo_date, "solo"), 

711 (_pp.ppl_issue_date, "ppl"), 

712 ): 

713 if _ann_date and (_ann_date.month, _ann_date.day) == ( 

714 _today.month, 

715 _today.day, 

716 ): 

717 _years = _today.year - _ann_date.year 

718 if _ann_type == "solo": 

719 _msg = ( 

720 _ngt( 

721 "🎉 Today marks %(n)s year since your first solo flight!", 

722 "🎉 Today marks %(n)s years since your first solo flight!", 

723 _years, 

724 n=_years, 

725 ) 

726 if _years > 0 

727 else _gt( 

728 "🎉 Today is the anniversary of your first solo flight!" 

729 ) 

730 ) 

731 else: 

732 _msg = ( 

733 _ngt( 

734 "🎉 Today marks %(n)s year since you earned your PPL!", 

735 "🎉 Today marks %(n)s years since you earned your PPL!", 

736 _years, 

737 n=_years, 

738 ) 

739 if _years > 0 

740 else _gt("🎉 Today is the anniversary of your PPL!") 

741 ) 

742 _pilot_anniversary = { 

743 "type": _ann_type, 

744 "years": _years, 

745 "message": _msg, 

746 } 

747 _sess_key = f"anniversary_confetti_{_today.isoformat()}" 

748 if not session.get(_sess_key): 

749 session[_sess_key] = True 

750 _pilot_anniversary_confetti = True 

751 break 

752 

753 return { 

754 "logged_in": bool(uid), 

755 "has_users": User.query.count() > 0, 

756 "flask_env": flask_env, 

757 "is_demo": is_demo, 

758 "demo_next_wipe_utc": demo_next_wipe_utc, 

759 "demo_display_id": demo_display_id, 

760 "demo_site_url": demo_site_url, 

761 "repo_url": repo_url, 

762 "current_locale": str(_babel_get_locale()), 

763 "supported_locales": SUPPORTED_LOCALES, 

764 "locale_meta": LOCALE_META, 

765 "current_role": role, 

766 "is_owner": role in (Role.ADMIN, Role.OWNER), 

767 "is_pilot": role in (Role.ADMIN, Role.OWNER, Role.PILOT, Role.INSTRUCTOR) 

768 or _flag_pilot, 

769 "is_maint": role 

770 in (Role.ADMIN, Role.OWNER, Role.MAINTENANCE, Role.INSTRUCTOR) 

771 or _flag_maint, 

772 "is_crew": role not in (None, Role.VIEWER), 

773 "nav_user_label": (_user_flags.name or _user_flags.email) 

774 if _user_flags 

775 else None, 

776 "tenant_profile": _tenant_profile, 

777 "allows_rental": bool(_tenant_profile and _tenant_profile.allows_rental), 

778 "logbook_only": _logbook_only, 

779 "single_aircraft_mode": _single_aircraft_mode, 

780 "aircraft_count_goal": _pac, 

781 "aviation_day_banner": _aviation_banner, 

782 "pilot_anniversary": _pilot_anniversary, 

783 "pilot_anniversary_confetti": _pilot_anniversary_confetti, 

784 "today": _date.today(), 

785 "current_theme": _current_theme(_user_flags, _in_request, session, is_demo), 

786 "oh_debug": app.debug 

787 and os.environ.get("OPENHANGAR_SW_ENABLED", "").lower() 

788 not in ("1", "true", "yes"), 

789 } 

790 

791 @app.errorhandler(403) 

792 def forbidden(e: Exception) -> ResponseReturnValue: 

793 return render_template("errors/403.html"), 403 

794 

795 @app.errorhandler(404) 

796 def not_found(e: Exception) -> ResponseReturnValue: 

797 return render_template("errors/404.html"), 404 

798 

799 @app.errorhandler(500) 

800 def internal_error(e: Exception) -> ResponseReturnValue: 

801 import traceback as _tb 

802 

803 show_debug = flask_env in ("development", "test")