VRE Backend API and Scheduler
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

344 lines
12 KiB

1 year ago
"""
Django settings for VRE project.
Generated by 'django-admin startproject' using Django 3.1.5.
For more information on this file, see
https://docs.djangoproject.com/en/dev/topics/settings/
1 year ago
For the full list of settings and their values, see
https://docs.djangoproject.com/en/dev/ref/settings/
1 year ago
"""
import os
1 year ago
from pathlib import Path
import sentry_sdk
1 year ago
from decouple import config, Csv
from dj_database_url import parse as db_url
from django.utils.translation import ugettext_lazy as _
from redis import ConnectionPool
from sentry_sdk.integrations.django import DjangoIntegration
1 year ago
# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = config('SECRET_KEY')
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = config('DEBUG', default=False, cast=bool)
DEBUG_TOOLBAR = config('DEBUG', default=False, cast=bool)
1 year ago
ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='localhost,127.0.0.1', cast=Csv())
# Application definition
# We load the application in steps, based on which are available on disk
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'mozilla_django_oidc',
1 year ago
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'apps.api',
'apps.dropoff',
'apps.invitation',
'apps.researcher',
'apps.storage',
'apps.study',
'apps.university',
1 year ago
'apps.virtual_machine',
'apps.virtual_machine.providers.vrw',
'apps.virtual_machine.providers.openstack',
'apps.vre_apps',
1 year ago
'djoser',
'rest_framework',
'drf_yasg',
'hawkrest',
'huey.contrib.djhuey',
'corsheaders',
1 year ago
]
if DEBUG and DEBUG_TOOLBAR:
INSTALLED_APPS.append('django_extensions')
INSTALLED_APPS.append('debug_toolbar')
1 year ago
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
1 year ago
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
1 year ago
'django.middleware.csrf.CsrfViewMiddleware',
# 'mozilla_django_oidc.middleware.SessionRefresh', TODO: Needs some testing...
'corsheaders.middleware.CorsPostCsrfMiddleware',
1 year ago
'hawkrest.middleware.HawkResponseMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.locale.LocaleMiddleware',
]
if DEBUG and DEBUG_TOOLBAR:
MIDDLEWARE += ['debug_toolbar.middleware.DebugToolbarMiddleware', ]
1 year ago
ROOT_URLCONF = 'VRE.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [f'{BASE_DIR / "templates"}'],
1 year ago
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
WSGI_APPLICATION = 'VRE.wsgi.application'
# Database
# https://docs.djangoproject.com/en/dev/ref/settings/#databases
1 year ago
DATABASES = {
'default': config(
'DATABASE_URL',
default=f'sqlite:///{BASE_DIR / "db.sqlite3"}',
1 year ago
cast=db_url
)
}
# Password validation
# https://docs.djangoproject.com/en/dev/ref/settings/#auth-password-validators
1 year ago
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
1 year ago
# Internationalization
# https://docs.djangoproject.com/en/dev/topics/i18n/
1 year ago
LANGUAGE_CODE = 'en-us'
TIME_ZONE = config('TIME_ZONE', default='UTC')
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/dev/howto/static-files/
1 year ago
STATIC_URL = '/static/'
STATICFILES_DIRS = [
BASE_DIR / 'static',
]
STATIC_ROOT = config('STATIC_ROOT', f'{BASE_DIR / "staticfiles"}')
1 year ago
MEDIA_ROOT = config('MEDIA_ROOT', f'{BASE_DIR / "mediafiles"}')
MEDIA_URL = '/media/'
10 months ago
INTERNAL_IPS = config('INTERNAL_IPS', default='127.0.0.1', cast=Csv())
1 year ago
# SSL Checks / Setup
# This will tell Django if the request is trough SSL (proxy). This is needed for Hawk authentication
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# Huey task worker settings
1 year ago
HUEY = {
'huey_class': 'huey.RedisHuey', # Huey implementation to use.
'name': DATABASES['default']['NAME'].split('/')[-1], # Use db name for huey.
'results': True, # Store return values of tasks.
'store_none': False, # If a task returns None, do not save to results.
'immediate': False, # If DEBUG=True, run synchronously.
'utc': True, # Use UTC for all times internally.
'blocking': True, # Perform blocking pop rather than poll Redis.
'connection': {
10 months ago
# 'host': config('REDIS_HOST'),
# 'port': 6379,
# 'db': 0,
1 year ago
'connection_pool': ConnectionPool(
host=config('REDIS_HOST', 'localhost'),
password=config('REDIS_PASSWORD', None),
port=config('REDIS_PORT', default=6379, cast=int),
max_connections=config('REDIS_CONNECTIONS', default=10, cast=int)), # Definitely you should use pooling!
# ... tons of other options, see redis-py for details.
# huey-specific connection parameters.
'read_timeout': 1, # If not polling (blocking pop), use timeout.
'url': None, # Allow Redis config via a DSN.
},
'consumer': {
'workers': 1,
'worker_type': 'thread',
'initial_delay': 0.1, # Smallest polling interval, same as -d.
'backoff': 1.15, # Exponential backoff using this rate, -b.
'max_delay': 10.0, # Max possible polling interval, -m.
'scheduler_interval': 1, # Check schedule every second, -s.
'periodic': True, # Enable crontab feature.
'check_worker_health': True, # Enable worker health checks.
'health_check_interval': 1, # Check worker health every second.
},
}
# Add 'mozilla_django_oidc' authentication backend
AUTHENTICATION_BACKENDS = (
# 'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
'apps.api.authentication.VRE_OIDC_Researcher_Update',
'django.contrib.auth.backends.ModelBackend' # The default https://docs.djangoproject.com/en/3.2/ref/settings/#std:setting-AUTHENTICATION_BACKENDS
)
# Dynamic load the Surfconext secrets
surfnet_conext_secrets = Path(f'{BASE_DIR}/surfnet_conext_secrets.ini')
if surfnet_conext_secrets.exists():
with surfnet_conext_secrets.open() as secrets_file:
while True:
line = secrets_file.readline()
if not line:
break
line = line.strip()
if not line.startswith('#') and line.find('='):
pos = line.find('=')
os.environ[line[:pos].strip()] = line[pos + 1:].strip()
# SURFconext OIDC authentication settings
# https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html
OIDC_RP_CLIENT_ID = config('OIDC_RP_CLIENT_ID')
OIDC_RP_CLIENT_SECRET = config('OIDC_RP_CLIENT_SECRET')
OIDC_RP_SIGN_ALGO = config('OIDC_RP_SIGN_ALGO', default='RS256')
OIDC_OP_AUTHORIZATION_ENDPOINT = config('OIDC_OP_AUTHORIZATION_ENDPOINT')
OIDC_OP_TOKEN_ENDPOINT = config('OIDC_OP_TOKEN_ENDPOINT')
OIDC_OP_USER_ENDPOINT = config('OIDC_OP_USER_ENDPOINT')
OIDC_OP_JWKS_ENDPOINT = config('OIDC_OP_JWKS_ENDPOINT')
# Login/logout after surfconext....
# LOGIN_REDIRECT_URL = config('LOGIN_REDIRECT_URL', default=(reverse_lazy('test-login-surfconext') if DEBUG else '/'))
# LOGOUT_REDIRECT_URL = config('LOGOUT_REDIRECT_URL', default=(reverse_lazy('test-login-surfconext') if DEBUG else '/'))
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'
1 year ago
# Email settings for sending out upload invitations.
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
1 year ago
DEFAULT_FROM_EMAIL = config('DEFAULT_FROM_EMAIL', default='Do not reply<no-reply@rug.nl>')
EMAIL_HOST = config('EMAIL_HOST', default='')
EMAIL_HOST_USER = config('EMAIL_HOST_USER', default='')
EMAIL_HOST_PASSWORD = config('EMAIL_HOST_PASSWORD', default='')
EMAIL_PORT = config('EMAIL_PORT', default=25, cast=int)
EMAIL_USE_TLS = config('EMAIL_USE_TLS', default=False, cast=bool)
# The sender address. This needs to be one of the allowed domains due to SPF checks
# The code will use a reply-to header to make sure that replies goes to the researcher and not this address
EMAIL_FROM_ADDRESS = config('EMAIL_FROM_ADDRESS', default='Do not reply<no-reply@rug.nl>')
if DEBUG:
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
1 year ago
# Study settings
# Duration of the JWT invite link in seconds. Default is 3 days
STUDY_INVITATION_LINK_EXPIRE_DURATION = config('STUDY_INVITATION_LINK_EXPIRE_DURATION', default=3 * 24 * 60 * 60, cast=int)
STUDY_INVITATION_LINK_DOMAIN = config('STUDY_INVITATION_LINK_DOMAIN', default='http://localhost:8000')
1 year ago
# Dropoff settings.
# Enter the full path to the Webbased file uploading without the Study ID part. The Study ID will be added to this url based on the visitor.
DROPOFF_BASE_URL = config('DROPOFF_BASE_URL', default='http://localhost:8000/dropoffs/',)
# Enter the full url to the NGINX service that is in front of the TUSD service. By default that is http://localhost:1090
DROPOFF_UPLOAD_HOST = config('DROPOFF_UPLOAD_HOST', default='http://localhost:1090',)
# Which file extensions are **NOT** allowed to be uploaded. By default the extensions exe,com,bat,lnk,sh are not allowed
10 months ago
DROPOFF_NOT_ALLOWED_EXTENSIONS = config('DROPOFF_NOT_ALLOWED_EXTENSIONS', default='exe,com,bat,lnk,sh', cast=Csv())
1 year ago
# CORS Headers setup
CORS_ALLOWED_ORIGINS = config('CORS_ALLOWED_ORIGINS', default='http://0.0.0.0:8000,http://localhost:8000,http://127.0.0.1:8000', cast=Csv())
1 year ago
# This will overrule the allowed origins setting above when set to True
CORS_ALLOW_ALL_ORIGINS = config('CORS_ALLOW_ALL_ORIGINS', default=False, cast=bool)
if DEBUG:
# Force all domains by default in Debug mode..
CORS_ALLOW_ALL_ORIGINS = True
CORS_ALLOW_METHODS = config('CORS_ALLOW_METHODS', default='DELETE,GET,OPTIONS,PATCH,POST,PUT', cast=Csv())
CORS_ALLOW_HEADERS = config('CORS_ALLOW_HEADERS', default='accept,accept-encoding,authorization,content-type,dnt,origin,user-agent,x-csrftoken,x-requested-with', cast=Csv())
CORS_EXPOSE_HEADERS = CORS_ALLOW_HEADERS
# Sentry settings
SENTRY_DSN = config('SENTRY_DSN', None)
if SENTRY_DSN:
sentry_sdk.init(
dsn=SENTRY_DSN,
integrations=[DjangoIntegration()],
# Set traces_sample_rate to 1.0 to capture 100%
# of transactions for performance monitoring.
# We recommend adjusting this value in production,
traces_sample_rate=1.0,
# If you wish to associate users to errors (assuming you are using
# django.contrib.auth) you may enable sending PII data.
send_default_pii=True
)
#Todo: Logging config
# LOGGING = {
# 'version': 1,
# 'disable_existing_loggers': False,
# 'handlers': {
# 'file': {
# 'class': 'logging.FileHandler',
# 'filename': f'{BASE_DIR}/../log/debug.log',
# },
# 'console': {
# 'class': 'logging.StreamHandler',
# 'stream': 'ext://sys.stdout'
# },
# },
# 'loggers': {
# 'django': {
# 'handlers': ['file'],
# 'level': 'DEBUG' if DEBUG else 'INFO',
# 'propagate': True,
# },
# 'mozilla_django_oidc': {
# 'handlers': ['console'],
# 'level': 'DEBUG',
# },
# 'hawkrest': {
# 'handlers': ['file'],
# 'level': 'DEBUG' if DEBUG else 'INFO',
# }
# },
# }