205 lines
5.7 KiB
Python
205 lines
5.7 KiB
Python
"""
|
|
Django settings for config project.
|
|
|
|
Generated by 'django-admin startproject' using Django 3.2.5.
|
|
|
|
For more information on this file, see
|
|
https://docs.djangoproject.com/en/3.2/topics/settings/
|
|
|
|
For the full list of settings and their values, see
|
|
https://docs.djangoproject.com/en/3.2/ref/settings/
|
|
"""
|
|
|
|
import hashlib
|
|
from os import environ, path
|
|
from pathlib import Path
|
|
|
|
import ldap
|
|
from corsheaders.defaults import default_headers
|
|
from django_auth_ldap.config import LDAPSearch
|
|
from home.src.ta.config import AppConfig
|
|
|
|
# Build paths inside the project like this: BASE_DIR / 'subdir'.
|
|
BASE_DIR = Path(__file__).resolve().parent.parent
|
|
|
|
|
|
# Quick-start development settings - unsuitable for production
|
|
# See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
|
|
|
|
PW_HASH = hashlib.sha256(environ.get("TA_PASSWORD").encode())
|
|
SECRET_KEY = PW_HASH.hexdigest()
|
|
|
|
# SECURITY WARNING: don't run with debug turned on in production!
|
|
DEBUG = bool(environ.get("DJANGO_DEBUG"))
|
|
|
|
ALLOWED_HOSTS = [i.strip() for i in environ.get("TA_HOST").split()]
|
|
|
|
CSRF_TRUSTED_ORIGINS = []
|
|
for host in ALLOWED_HOSTS:
|
|
if host.startswith("http://") or host.startswith("https://"):
|
|
CSRF_TRUSTED_ORIGINS.append(host)
|
|
else:
|
|
CSRF_TRUSTED_ORIGINS.append(f"http://{host}")
|
|
|
|
|
|
# Application definition
|
|
|
|
INSTALLED_APPS = [
|
|
"home.apps.HomeConfig",
|
|
"django.contrib.admin",
|
|
"django.contrib.auth",
|
|
"django.contrib.contenttypes",
|
|
"django.contrib.sessions",
|
|
"django.contrib.messages",
|
|
"corsheaders",
|
|
"whitenoise.runserver_nostatic",
|
|
"django.contrib.staticfiles",
|
|
"django.contrib.humanize",
|
|
"rest_framework",
|
|
"rest_framework.authtoken",
|
|
"api",
|
|
]
|
|
|
|
MIDDLEWARE = [
|
|
"django.middleware.security.SecurityMiddleware",
|
|
"django.contrib.sessions.middleware.SessionMiddleware",
|
|
"corsheaders.middleware.CorsMiddleware",
|
|
"whitenoise.middleware.WhiteNoiseMiddleware",
|
|
"django.middleware.common.CommonMiddleware",
|
|
"django.middleware.csrf.CsrfViewMiddleware",
|
|
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
|
"django.contrib.messages.middleware.MessageMiddleware",
|
|
"django.middleware.clickjacking.XFrameOptionsMiddleware",
|
|
]
|
|
|
|
ROOT_URLCONF = "config.urls"
|
|
|
|
TEMPLATES = [
|
|
{
|
|
"BACKEND": "django.template.backends.django.DjangoTemplates",
|
|
"DIRS": [],
|
|
"APP_DIRS": True,
|
|
"OPTIONS": {
|
|
"context_processors": [
|
|
"django.template.context_processors.debug",
|
|
"django.template.context_processors.request",
|
|
"django.contrib.auth.context_processors.auth",
|
|
"django.contrib.messages.context_processors.messages",
|
|
],
|
|
},
|
|
},
|
|
]
|
|
|
|
WSGI_APPLICATION = "config.wsgi.application"
|
|
|
|
if bool(environ.get("TA_LDAP")):
|
|
# pylint: disable=global-at-module-level
|
|
global AUTH_LDAP_SERVER_URI
|
|
AUTH_LDAP_SERVER_URI = environ.get("TA_LDAP_SERVER_URI")
|
|
|
|
global AUTH_LDAP_BIND_DN
|
|
AUTH_LDAP_BIND_DN = environ.get("TA_LDAP_BIND_DN")
|
|
|
|
global AUTH_LDAP_BIND_PASSWORD
|
|
AUTH_LDAP_BIND_PASSWORD = environ.get("TA_LDAP_BIND_PASSWORD")
|
|
|
|
global AUTH_LDAP_USER_SEARCH
|
|
# pylint: disable=no-member
|
|
AUTH_LDAP_USER_SEARCH = LDAPSearch(
|
|
environ.get("TA_LDAP_USER_BASE"),
|
|
ldap.SCOPE_SUBTREE,
|
|
"(&(uid=%(user)s)" + environ.get("TA_LDAP_USER_FILTER") + ")",
|
|
)
|
|
|
|
global AUTH_LDAP_USER_ATTR_MAP
|
|
AUTH_LDAP_USER_ATTR_MAP = {
|
|
"username": "uid",
|
|
"first_name": "givenName",
|
|
"last_name": "sn",
|
|
"email": "mail",
|
|
}
|
|
|
|
global AUTHENTICATION_BACKENDS
|
|
AUTHENTICATION_BACKENDS = ("django_auth_ldap.backend.LDAPBackend",)
|
|
|
|
# Database
|
|
# https://docs.djangoproject.com/en/3.2/ref/settings/#databases
|
|
|
|
CACHE_DIR = AppConfig().config["application"]["cache_dir"]
|
|
DB_PATH = path.join(CACHE_DIR, "db.sqlite3")
|
|
DATABASES = {
|
|
"default": {
|
|
"ENGINE": "django.db.backends.sqlite3",
|
|
"NAME": DB_PATH,
|
|
}
|
|
}
|
|
|
|
|
|
# Password validation
|
|
# https://docs.djangoproject.com/en/3.2/ref/settings/#auth-password-validators
|
|
|
|
AUTH_PASSWORD_VALIDATORS = [
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", # noqa: E501
|
|
},
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", # noqa: E501
|
|
},
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", # noqa: E501
|
|
},
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", # noqa: E501
|
|
},
|
|
]
|
|
|
|
AUTH_USER_MODEL = "home.Account"
|
|
|
|
|
|
# Internationalization
|
|
# https://docs.djangoproject.com/en/3.2/topics/i18n/
|
|
|
|
LANGUAGE_CODE = "en-us"
|
|
TIME_ZONE = environ.get("TZ") or "UTC"
|
|
USE_I18N = True
|
|
USE_L10N = True
|
|
USE_TZ = True
|
|
|
|
|
|
# Static files (CSS, JavaScript, Images)
|
|
# https://docs.djangoproject.com/en/3.2/howto/static-files/
|
|
|
|
STATIC_URL = "/static/"
|
|
STATICFILES_DIRS = (str(BASE_DIR.joinpath("static")),)
|
|
STATIC_ROOT = str(BASE_DIR.joinpath("staticfiles"))
|
|
STATICFILES_STORAGE = "whitenoise.storage.CompressedManifestStaticFilesStorage"
|
|
|
|
# Default primary key field type
|
|
# https://docs.djangoproject.com/en/3.2/ref/settings/#default-auto-field
|
|
|
|
DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
|
|
|
|
LOGIN_URL = "/login/"
|
|
LOGOUT_REDIRECT_URL = "/login/"
|
|
|
|
# Cors needed for browser extension
|
|
# background.js makes the request so HTTP_ORIGIN will be from extension
|
|
if environ.get("DISABLE_CORS"):
|
|
# disable cors
|
|
CORS_ORIGIN_ALLOW_ALL = True
|
|
else:
|
|
CORS_ALLOWED_ORIGIN_REGEXES = [
|
|
r"moz-extension://*",
|
|
r"chrome-extension://*",
|
|
]
|
|
CORS_ALLOWED_ORIGINS = ["http://localhost:3000"]
|
|
|
|
|
|
CORS_ALLOW_HEADERS = list(default_headers) + [
|
|
"mode",
|
|
]
|
|
|
|
# TA application settings
|
|
TA_UPSTREAM = "https://github.com/tubearchivist/tubearchivist"
|
|
TA_VERSION = "v0.2.1"
|