""" Django settings for config project. Generated by 'django-admin startproject' using Django 3.2.5. For more information on this file, see https://docs.djangoproject.com/en/3.2/topics/settings/ For the full list of settings and their values, see https://docs.djangoproject.com/en/3.2/ref/settings/ """ import hashlib from os import environ, path from pathlib import Path import ldap from corsheaders.defaults import default_headers from django_auth_ldap.config import LDAPSearch from home.src.ta.config import AppConfig # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/ PW_HASH = hashlib.sha256(environ.get("TA_PASSWORD").encode()) SECRET_KEY = PW_HASH.hexdigest() # SECURITY WARNING: don't run with debug turned on in production! DEBUG = bool(environ.get("DJANGO_DEBUG")) ALLOWED_HOSTS = [i.strip() for i in environ.get("TA_HOST").split()] CSRF_TRUSTED_ORIGINS = [] for host in ALLOWED_HOSTS: if host.startswith("http://") or host.startswith("https://"): CSRF_TRUSTED_ORIGINS.append(host) else: CSRF_TRUSTED_ORIGINS.append(f"http://{host}") # Application definition INSTALLED_APPS = [ "home.apps.HomeConfig", "django.contrib.admin", "django.contrib.auth", "django.contrib.contenttypes", "django.contrib.sessions", "django.contrib.messages", "corsheaders", "whitenoise.runserver_nostatic", "django.contrib.staticfiles", "django.contrib.humanize", "rest_framework", "rest_framework.authtoken", "api", ] MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", "corsheaders.middleware.CorsMiddleware", "whitenoise.middleware.WhiteNoiseMiddleware", "django.middleware.common.CommonMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", ] ROOT_URLCONF = "config.urls" TEMPLATES = [ { "BACKEND": "django.template.backends.django.DjangoTemplates", "DIRS": [], "APP_DIRS": True, "OPTIONS": { "context_processors": [ "django.template.context_processors.debug", "django.template.context_processors.request", "django.contrib.auth.context_processors.auth", "django.contrib.messages.context_processors.messages", ], }, }, ] WSGI_APPLICATION = "config.wsgi.application" if bool(environ.get("TA_LDAP")): # pylint: disable=global-at-module-level global AUTH_LDAP_SERVER_URI AUTH_LDAP_SERVER_URI = environ.get("TA_LDAP_SERVER_URI") global AUTH_LDAP_BIND_DN AUTH_LDAP_BIND_DN = environ.get("TA_LDAP_BIND_DN") global AUTH_LDAP_BIND_PASSWORD AUTH_LDAP_BIND_PASSWORD = environ.get("TA_LDAP_BIND_PASSWORD") global AUTH_LDAP_USER_SEARCH # pylint: disable=no-member AUTH_LDAP_USER_SEARCH = LDAPSearch( environ.get("TA_LDAP_USER_BASE"), ldap.SCOPE_SUBTREE, "(&(uid=%(user)s)" + environ.get("TA_LDAP_USER_FILTER") + ")", ) global AUTH_LDAP_USER_ATTR_MAP AUTH_LDAP_USER_ATTR_MAP = { "username": "uid", "first_name": "givenName", "last_name": "sn", "email": "mail", } if bool(environ.get("TA_LDAP_DISABLE_CERT_CHECK")): global AUTH_LDAP_GLOBAL_OPTIONS AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER, } global AUTHENTICATION_BACKENDS AUTHENTICATION_BACKENDS = ("django_auth_ldap.backend.LDAPBackend",) # Database # https://docs.djangoproject.com/en/3.2/ref/settings/#databases CACHE_DIR = AppConfig().config["application"]["cache_dir"] DB_PATH = path.join(CACHE_DIR, "db.sqlite3") DATABASES = { "default": { "ENGINE": "django.db.backends.sqlite3", "NAME": DB_PATH, } } # Password validation # https://docs.djangoproject.com/en/3.2/ref/settings/#auth-password-validators AUTH_PASSWORD_VALIDATORS = [ { "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", # noqa: E501 }, { "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", # noqa: E501 }, { "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", # noqa: E501 }, { "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", # noqa: E501 }, ] AUTH_USER_MODEL = "home.Account" # Internationalization # https://docs.djangoproject.com/en/3.2/topics/i18n/ LANGUAGE_CODE = "en-us" TIME_ZONE = environ.get("TZ") or "UTC" USE_I18N = True USE_L10N = True USE_TZ = True # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/3.2/howto/static-files/ STATIC_URL = "/static/" STATICFILES_DIRS = (str(BASE_DIR.joinpath("static")),) STATIC_ROOT = str(BASE_DIR.joinpath("staticfiles")) STATICFILES_STORAGE = "whitenoise.storage.CompressedManifestStaticFilesStorage" # Default primary key field type # https://docs.djangoproject.com/en/3.2/ref/settings/#default-auto-field DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField" LOGIN_URL = "/login/" LOGOUT_REDIRECT_URL = "/login/" # Cors needed for browser extension # background.js makes the request so HTTP_ORIGIN will be from extension if environ.get("DISABLE_CORS"): # disable cors CORS_ORIGIN_ALLOW_ALL = True else: CORS_ALLOWED_ORIGIN_REGEXES = [ r"moz-extension://*", r"chrome-extension://*", ] CORS_ALLOWED_ORIGINS = ["http://localhost:3000"] CORS_ALLOW_HEADERS = list(default_headers) + [ "mode", ] # TA application settings TA_UPSTREAM = "https://github.com/tubearchivist/tubearchivist" TA_VERSION = "v0.2.2"