Coverage for /usr/local/lib/python3.12/site-packages/prefect/settings/models/server/api.py: 100%

18 statements  

« prev     ^ index     » next       coverage.py v7.10.6, created at 2025-12-05 10:48 +0000

1from datetime import timedelta 1a

2from typing import ClassVar, Optional 1a

3 

4from pydantic import AliasChoices, AliasPath, Field, SecretStr 1a

5from pydantic_settings import SettingsConfigDict 1a

6 

7from prefect.settings.base import PrefectBaseSettings, build_settings_config 1a

8 

9 

10class ServerAPISettings(PrefectBaseSettings): 1a

11 """ 

12 Settings for controlling API server behavior 

13 """ 

14 

15 model_config: ClassVar[SettingsConfigDict] = build_settings_config( 1a

16 ("server", "api") 

17 ) 

18 

19 auth_string: Optional[SecretStr] = Field( 1a

20 default=None, 

21 description="A string to use for basic authentication with the API in the form 'user:password'.", 

22 ) 

23 

24 host: str = Field( 1a

25 default="127.0.0.1", 

26 description="The API's host address (defaults to `127.0.0.1`).", 

27 ) 

28 

29 port: int = Field( 1a

30 default=4200, 

31 description="The API's port address (defaults to `4200`).", 

32 ) 

33 

34 base_path: Optional[str] = Field( 1a

35 default=None, 

36 description="The base URL path to serve the API under.", 

37 examples=["/v2/api"], 

38 ) 

39 

40 default_limit: int = Field( 1a

41 default=200, 

42 description="The default limit applied to queries that can return multiple objects, such as `POST /flow_runs/filter`.", 

43 validation_alias=AliasChoices( 

44 AliasPath("default_limit"), 

45 "prefect_server_api_default_limit", 

46 "prefect_api_default_limit", 

47 ), 

48 ) 

49 

50 keepalive_timeout: int = Field( 1a

51 default=5, 

52 description=""" 

53 The API's keep alive timeout (defaults to `5`). 

54 Refer to https://www.uvicorn.org/settings/#timeouts for details. 

55 

56 When the API is hosted behind a load balancer, you may want to set this to a value 

57 greater than the load balancer's idle timeout. 

58 

59 Note this setting only applies when calling `prefect server start`; if hosting the 

60 API with another tool you will need to configure this there instead. 

61 """, 

62 ) 

63 

64 csrf_protection_enabled: bool = Field( 1a

65 default=False, 

66 description=""" 

67 Controls the activation of CSRF protection for the Prefect server API. 

68 

69 When enabled (`True`), the server enforces CSRF validation checks on incoming 

70 state-changing requests (POST, PUT, PATCH, DELETE), requiring a valid CSRF 

71 token to be included in the request headers or body. This adds a layer of 

72 security by preventing unauthorized or malicious sites from making requests on 

73 behalf of authenticated users. 

74 

75 It is recommended to enable this setting in production environments where the 

76 API is exposed to web clients to safeguard against CSRF attacks. 

77 

78 Note: Enabling this setting requires corresponding support in the client for 

79 CSRF token management. See PREFECT_CLIENT_CSRF_SUPPORT_ENABLED for more. 

80 """, 

81 validation_alias=AliasChoices( 

82 AliasPath("csrf_protection_enabled"), 

83 "prefect_server_api_csrf_protection_enabled", 

84 "prefect_server_csrf_protection_enabled", 

85 ), 

86 ) 

87 

88 csrf_token_expiration: timedelta = Field( 1a

89 default=timedelta(hours=1), 

90 description=""" 

91 Specifies the duration for which a CSRF token remains valid after being issued 

92 by the server. 

93 

94 The default expiration time is set to 1 hour, which offers a reasonable 

95 compromise. Adjust this setting based on your specific security requirements 

96 and usage patterns. 

97 """, 

98 validation_alias=AliasChoices( 

99 AliasPath("csrf_token_expiration"), 

100 "prefect_server_api_csrf_token_expiration", 

101 "prefect_server_csrf_token_expiration", 

102 ), 

103 ) 

104 

105 cors_allowed_origins: str = Field( 1a

106 default="*", 

107 description=""" 

108 A comma-separated list of origins that are authorized to make cross-origin requests to the API. 

109 

110 By default, this is set to `*`, which allows requests from all origins. 

111 """, 

112 validation_alias=AliasChoices( 

113 AliasPath("cors_allowed_origins"), 

114 "prefect_server_api_cors_allowed_origins", 

115 "prefect_server_cors_allowed_origins", 

116 ), 

117 ) 

118 

119 cors_allowed_methods: str = Field( 1a

120 default="*", 

121 description=""" 

122 A comma-separated list of methods that are authorized to make cross-origin requests to the API. 

123 

124 By default, this is set to `*`, which allows requests from all methods. 

125 """, 

126 validation_alias=AliasChoices( 

127 AliasPath("cors_allowed_methods"), 

128 "prefect_server_api_cors_allowed_methods", 

129 "prefect_server_cors_allowed_methods", 

130 ), 

131 ) 

132 

133 cors_allowed_headers: str = Field( 1a

134 default="*", 

135 description=""" 

136 A comma-separated list of headers that are authorized to make cross-origin requests to the API. 

137 

138 By default, this is set to `*`, which allows requests from all headers. 

139 """, 

140 validation_alias=AliasChoices( 

141 AliasPath("cors_allowed_headers"), 

142 "prefect_server_api_cors_allowed_headers", 

143 "prefect_server_cors_allowed_headers", 

144 ), 

145 )