212 lines
7.3 KiB
Python
212 lines
7.3 KiB
Python
"""
|
|
Django settings for servala project.
|
|
|
|
Servala is run using environment variables. Documentation:
|
|
|
|
- README.md for project information
|
|
- .env.example for environment variables in use
|
|
- Django settings guide: https://docs.djangoproject.com/en/5.2/topics/settings/
|
|
- Django settings reference: https://docs.djangoproject.com/en/5.2/ref/settings/
|
|
"""
|
|
|
|
import os
|
|
from pathlib import Path
|
|
|
|
from django.contrib import messages
|
|
|
|
SERVALA_ENVIRONMENT = os.environ.get("SERVALA_ENVIRONMENT", "development")
|
|
DEBUG = SERVALA_ENVIRONMENT == "development"
|
|
|
|
SECRET_KEY = os.environ.get("SERVALA_SECRET_KEY")
|
|
if previous_secret_key := os.environ.get("SERVALA_PREVIOUS_SECRET_KEY"):
|
|
SECRET_KEY_FALLBACKS = [previous_secret_key]
|
|
|
|
SALT_KEY = os.environ.get("SERVALA_SALT_KEY")
|
|
if previous_salt := os.environ.get("SERVALA_PREVIOUS_SALT_KEY"):
|
|
SALT_KEY = [SALT_KEY, previous_salt]
|
|
|
|
BASE_DIR = Path(__file__).resolve().parent.parent
|
|
|
|
ALLOWED_HOSTS = []
|
|
if allowed_hosts := os.environ.get("SERVALA_ALLOWED_HOSTS"):
|
|
ALLOWED_HOSTS = allowed_hosts.split(",")
|
|
CSRF_TRUSTED_ORIGINS = [f"https://{h}" for h in ALLOWED_HOSTS]
|
|
|
|
db_name = os.environ.get("SERVALA_DB_NAME", "")
|
|
if SERVALA_ENVIRONMENT == "development" and not db_name:
|
|
DATABASES = {
|
|
"default": {
|
|
"ENGINE": "django.db.backends.sqlite3",
|
|
"NAME": BASE_DIR / "db.sqlite3",
|
|
"OPTIONS": {"timeout": 10},
|
|
}
|
|
}
|
|
else:
|
|
DATABASES = {
|
|
"default": {
|
|
"ENGINE": "django.db.backends.postgresql",
|
|
"NAME": db_name or "servala",
|
|
"USER": os.environ.get("SERVALA_DB_USER", "servala"),
|
|
"PASSWORD": os.environ.get("SERVALA_DB_PASSWORD"),
|
|
"HOST": os.environ.get("SERVALA_DB_HOST", "localhost"),
|
|
"PORT": os.environ.get("SERVALA_DB_PORT", "5432"),
|
|
"CONN_MAX_AGE": 120,
|
|
"CONN_HEALTH_CHECKS": True,
|
|
}
|
|
}
|
|
|
|
MEDIA_ROOT = os.environ.get("SERVALA_MEDIA_ROOT", "media")
|
|
|
|
if MEDIA_ROOT.startswith("/"):
|
|
MEDIA_ROOT = Path(MEDIA_ROOT)
|
|
else:
|
|
MEDIA_ROOT = BASE_DIR / MEDIA_ROOT
|
|
|
|
EMAIL_HOST = os.environ.get("SERVALA_EMAIL_HOST", "localhost")
|
|
EMAIL_PORT = int(os.environ.get("SERVALA_EMAIL_PORT", "25"))
|
|
EMAIL_HOST_USER = os.environ.get("SERVALA_EMAIL_USER", "")
|
|
EMAIL_HOST_PASSWORD = os.environ.get("SERVALA_EMAIL_PASSWORD", "")
|
|
EMAIL_USE_TLS = os.environ.get("SERVALA_EMAIL_TLS", "False") == "True"
|
|
EMAIL_USE_SSL = os.environ.get("SERVALA_EMAIL_SSL", "False") == "True"
|
|
|
|
SERVALA_DEFAULT_ORIGIN = int(os.environ.get("SERVALA_DEFAULT_ORIGIN", "1"))
|
|
|
|
SOCIALACCOUNT_PROVIDERS = {
|
|
"openid_connect": {
|
|
"APPS": [
|
|
{
|
|
"provider_id": "keycloak",
|
|
"name": "VSHN Account",
|
|
"client_id": os.environ.get("SERVALA_KEYCLOAK_CLIENT_ID"),
|
|
"secret": os.environ.get("SERVALA_KEYCLOAK_CLIENT_SECRET"),
|
|
"settings": {
|
|
"server_url": os.environ.get("SERVALA_KEYCLOAK_SERVER_URL"),
|
|
},
|
|
}
|
|
]
|
|
}
|
|
}
|
|
|
|
#######################################
|
|
# Non-configurable settings below #
|
|
#######################################
|
|
|
|
WSGI_APPLICATION = "servala.wsgi.application"
|
|
|
|
INSTALLED_APPS = [
|
|
"django.contrib.admin",
|
|
"django.contrib.auth",
|
|
"django.contrib.contenttypes",
|
|
"django.contrib.sessions",
|
|
"django.contrib.messages",
|
|
"django.contrib.staticfiles",
|
|
"django.forms",
|
|
"template_partials",
|
|
"rules.apps.AutodiscoverRulesConfig",
|
|
# The frontend app is loaded early in order to supersede some allauth views/behaviour
|
|
"servala.frontend",
|
|
"allauth",
|
|
"allauth.account",
|
|
"allauth.socialaccount",
|
|
"allauth.socialaccount.providers.openid_connect",
|
|
"servala.core",
|
|
]
|
|
|
|
MIDDLEWARE = [
|
|
"django.middleware.security.SecurityMiddleware",
|
|
"django.contrib.sessions.middleware.SessionMiddleware",
|
|
"django.middleware.common.CommonMiddleware",
|
|
"django.middleware.csrf.CsrfViewMiddleware",
|
|
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
|
"django.contrib.messages.middleware.MessageMiddleware",
|
|
"django.middleware.clickjacking.XFrameOptionsMiddleware",
|
|
"allauth.account.middleware.AccountMiddleware",
|
|
"django.contrib.auth.middleware.LoginRequiredMiddleware",
|
|
"servala.core.middleware.OrganizationMiddleware",
|
|
]
|
|
LOGIN_URL = "account_login"
|
|
|
|
ROOT_URLCONF = "servala.urls"
|
|
STATIC_URL = "static/" # CSS, JavaScript, etc.
|
|
# Collected static files as provided by ``collectstatic`` management command are stored here ready to be served by a web server.
|
|
STATIC_ROOT = BASE_DIR / "static.dist"
|
|
MEDIA_URL = "media/" # User uploads, e.g. images
|
|
|
|
# Additional locations of static files
|
|
STATICFILES_FINDERS = (
|
|
"django.contrib.staticfiles.finders.FileSystemFinder",
|
|
"django.contrib.staticfiles.finders.AppDirectoriesFinder",
|
|
)
|
|
STATICFILES_DIRS = [BASE_DIR / "servala" / "static"]
|
|
template_loaders = (
|
|
"django.template.loaders.filesystem.Loader",
|
|
"django.template.loaders.app_directories.Loader",
|
|
)
|
|
if not DEBUG:
|
|
template_loaders = (("django.template.loaders.cached.Loader", template_loaders),)
|
|
|
|
TEMPLATES = [
|
|
{
|
|
"BACKEND": "django.template.backends.django.DjangoTemplates",
|
|
"DIRS": [],
|
|
"APP_DIRS": False,
|
|
"OPTIONS": {
|
|
"context_processors": [
|
|
"django.template.context_processors.request",
|
|
"django.contrib.auth.context_processors.auth",
|
|
"django.contrib.messages.context_processors.messages",
|
|
"django.template.context_processors.static",
|
|
"servala.frontend.context_processors.add_organizations",
|
|
],
|
|
"loaders": template_loaders,
|
|
},
|
|
},
|
|
]
|
|
|
|
FORM_RENDERER = "servala.frontend.forms.renderers.VerticalFormRenderer"
|
|
MESSAGE_TAGS = {
|
|
messages.ERROR: "danger",
|
|
}
|
|
|
|
AUTH_USER_MODEL = "core.User"
|
|
ACCOUNT_USER_MODEL_USERNAME_FIELD = None
|
|
ACCOUNT_UNIQUE_EMAIL = True
|
|
ACCOUNT_LOGIN_METHODS = {"email"}
|
|
ACCOUNT_SIGNUP_FIELDS = ["email*", "password1*", "password2*"]
|
|
ACCOUNT_SIGNUP_FORM_CLASS = "servala.frontend.forms.auth.ServalaSignupForm"
|
|
if ALLOWED_HOSTS or not DEBUG:
|
|
ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
|
|
|
|
AUTHENTICATION_BACKENDS = [
|
|
"rules.permissions.ObjectPermissionBackend",
|
|
# Needed to login by username in Django admin, regardless of `allauth`
|
|
"django.contrib.auth.backends.ModelBackend",
|
|
"allauth.account.auth_backends.AuthenticationBackend",
|
|
]
|
|
AUTH_PASSWORD_VALIDATORS = [
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"
|
|
},
|
|
{"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
|
|
{"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
|
|
{"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
|
|
]
|
|
PASSWORD_HASHERS = [
|
|
"django.contrib.auth.hashers.Argon2PasswordHasher",
|
|
"django.contrib.auth.hashers.PBKDF2PasswordHasher",
|
|
"django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
|
|
"django.contrib.auth.hashers.BCryptSHA256PasswordHasher",
|
|
"django.contrib.auth.hashers.ScryptPasswordHasher",
|
|
]
|
|
CSRF_COOKIE_NAME = "servala_csrf"
|
|
LANGUAGE_COOKIE_NAME = "servala_lang"
|
|
SESSION_COOKIE_NAME = "servala_sess"
|
|
SESSION_COOKIE_SECURE = not DEBUG
|
|
|
|
DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
|
|
|
|
# TODO
|
|
TIME_ZONE = "UTC"
|
|
|
|
if SERVALA_ENVIRONMENT in ("staging", "production"):
|
|
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
|