diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
new file mode 100644
index 0000000000..4044174e45
--- /dev/null
+++ b/.github/workflows/push.yml
@@ -0,0 +1,54 @@
+name: Push
+on:
+ push:
+ branches:
+ - "production"
+
+env:
+ ECR_REPOSITORY: images
+ GIT_REF: "${{ github.ref }}"
+ IMAGE_TAG: ${{ github.sha }}
+
+jobs:
+ build:
+ name: Build
+ runs-on: ubuntu-20.04
+ env:
+ AWS_REGION: us-east-2
+ if: startsWith( github.ref, 'refs/heads/dependabot/' ) != true
+ steps:
+ - uses: actions/checkout@v2
+
+ - uses: actions/setup-node@v2-beta
+ with:
+ node-version: "14"
+
+ - name: Set extra environment variables
+ run: echo "BRANCH_REF_SLUG=$(./infratools/bin/slugify "$GIT_REF")" >> $GITHUB_ENV
+
+ - name: Configure AWS credentials
+ uses: aws-actions/configure-aws-credentials@v1
+ with:
+ aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+ aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+ aws-region: ${{ env.AWS_REGION }}
+
+ - name: Login to Amazon ECR
+ id: login-ecr
+ uses: aws-actions/amazon-ecr-login@v1
+
+ - name: Build, tag, and push image to Amazon ECR
+ id: build-image
+ env:
+ ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+ run: |
+ docker build \
+ --file Dockerfile \
+ -t $ECR_REGISTRY/$ECR_REPOSITORY:redash_$IMAGE_TAG \
+ -t $ECR_REGISTRY/$ECR_REPOSITORY:redash_11 .
+ docker push $ECR_REGISTRY/$ECR_REPOSITORY:redash_$IMAGE_TAG
+ docker push $ECR_REGISTRY/$ECR_REPOSITORY:redash_11
+ echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+ - name: Logout of Amazon ECR
+ if: always()
+ run: docker logout ${{ steps.login-ecr.outputs.registry }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9c53e7b7f4..b1e4ec981d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -117,7 +117,7 @@ Following that, force a recreation of your containers with `docker-compose up --
- Added “Last 12 months” option for dynamic date ranges
### Bug Fixes
-- Fix: Private addresses were not allowed even when enforcing was disabled
+- Fix: Private addresses were not allowed even when enforcing was disabled
- Fix: Python query runner wasn’t updated for Python 3
- Fix: Sorting queries by schedule returned the wrong order
- Fix: Counter visualization was enormous in some cases
diff --git a/bin/docker-entrypoint b/bin/docker-entrypoint
index b5d7b0ac17..611cadfa93 100755
--- a/bin/docker-entrypoint
+++ b/bin/docker-entrypoint
@@ -32,7 +32,7 @@ server() {
# Recycle gunicorn workers every n-th request. See http://docs.gunicorn.org/en/stable/settings.html#max-requests for more details.
MAX_REQUESTS=${MAX_REQUESTS:-1000}
MAX_REQUESTS_JITTER=${MAX_REQUESTS_JITTER:-100}
- exec /usr/local/bin/gunicorn -b 0.0.0.0:5000 --name redash -w${REDASH_WEB_WORKERS:-4} redash.wsgi:app --max-requests $MAX_REQUESTS --max-requests-jitter $MAX_REQUESTS_JITTER
+ exec /usr/local/bin/gunicorn -b 0.0.0.0:5000 --log-level debug --timeout 300 --name redash -w${REDASH_WEB_WORKERS:-4} redash.wsgi:app --max-requests $MAX_REQUESTS --max-requests-jitter $MAX_REQUESTS_JITTER
}
create_db() {
diff --git a/client/app/unauthorized.html b/client/app/unauthorized.html
new file mode 100644
index 0000000000..18cadbf195
--- /dev/null
+++ b/client/app/unauthorized.html
@@ -0,0 +1,19 @@
+
+
+
+
+
+
+ Masterworks' Redash
+
+
+ You need to login using a new tab
+
+ Go to login page
+
+
+
diff --git a/docker-compose.yml b/docker-compose.yml
index fdfcdd1a5d..3c50d87808 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,7 @@ x-redash-service: &redash-service
env_file:
- .env
x-redash-environment: &redash-environment
- REDASH_LOG_LEVEL: "INFO"
+ REDASH_LOG_LEVEL: "DEBUG"
REDASH_REDIS_URL: "redis://redis:6379/0"
REDASH_DATABASE_URL: "postgresql://postgres@postgres/postgres"
REDASH_RATELIMIT_ENABLED: "false"
diff --git a/redash/authentication/__init__.py b/redash/authentication/__init__.py
index f06cd3cdb2..b58481a0cd 100644
--- a/redash/authentication/__init__.py
+++ b/redash/authentication/__init__.py
@@ -5,6 +5,7 @@
from datetime import timedelta
from urllib.parse import urlsplit, urlunsplit
+from flask import safe_join, send_file
from flask import jsonify, redirect, request, url_for, session
from flask_login import LoginManager, login_user, logout_user, user_logged_in
from redash import models, settings
@@ -14,6 +15,8 @@
from redash.tasks import record_event
from sqlalchemy.orm.exc import NoResultFound
from werkzeug.exceptions import Unauthorized
+from werkzeug.urls import url_parse
+from flask_login import login_url as make_login_url
login_manager = LoginManager()
logger = logging.getLogger("authentication")
@@ -241,6 +244,16 @@ def logout_and_redirect_to_index():
return redirect(index_url)
+def custom_unauthorized_handler():
+ url = request.referrer
+ if url and url_parse(url).host == "admin.masterworks.com":
+ full_path = safe_join(settings.STATIC_ASSETS_PATH, "unauthorized.html")
+ response = send_file(full_path, **dict(cache_timeout=0, conditional=True))
+ return response
+ else:
+ redirect_url = make_login_url("redash.login", next_url=request.url)
+ return redirect(redirect_url)
+
def init_app(app):
from redash.authentication import (
saml_auth,
@@ -253,6 +266,7 @@ def init_app(app):
login_manager.init_app(app)
login_manager.anonymous_user = models.AnonymousUser
login_manager.REMEMBER_COOKIE_DURATION = settings.REMEMBER_COOKIE_DURATION
+ login_manager.unauthorized_handler(custom_unauthorized_handler)
@app.before_request
def extend_session():
diff --git a/webpack.config.js b/webpack.config.js
index 76465291dd..bd32baced2 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -112,6 +112,7 @@ const config = {
new CopyWebpackPlugin([
{ from: "client/app/assets/robots.txt" },
{ from: "client/app/unsupported.html" },
+ { from: "client/app/unauthorized.html" },
{ from: "client/app/unsupportedRedirect.js" },
{ from: "client/app/assets/css/*.css", to: "styles/", flatten: true },
{ from: "client/app/assets/fonts", to: "fonts/" }