You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
340 lines
12 KiB
340 lines
12 KiB
""" |
|
Django settings for VRE project. |
|
|
|
Generated by 'django-admin startproject' using Django 3.1.5. |
|
|
|
For more information on this file, see |
|
https://docs.djangoproject.com/en/dev/topics/settings/ |
|
|
|
For the full list of settings and their values, see |
|
https://docs.djangoproject.com/en/dev/ref/settings/ |
|
""" |
|
|
|
from redis import ConnectionPool |
|
from pathlib import Path |
|
from decouple import config, Csv |
|
from dj_database_url import parse as db_url |
|
from django.utils.translation import ugettext_lazy as _ |
|
import os |
|
from django.urls import reverse_lazy |
|
|
|
import sentry_sdk |
|
from sentry_sdk.integrations.django import DjangoIntegration |
|
|
|
SENTRY_DSN = config('SENTRY_DSN', None) |
|
if SENTRY_DSN: |
|
sentry_sdk.init( |
|
dsn=SENTRY_DSN, |
|
integrations=[DjangoIntegration()], |
|
|
|
# Set traces_sample_rate to 1.0 to capture 100% |
|
# of transactions for performance monitoring. |
|
# We recommend adjusting this value in production, |
|
traces_sample_rate=1.0, |
|
|
|
# If you wish to associate users to errors (assuming you are using |
|
# django.contrib.auth) you may enable sending PII data. |
|
send_default_pii=True |
|
) |
|
|
|
# Build paths inside the project like this: BASE_DIR / 'subdir'. |
|
BASE_DIR = Path(__file__).resolve().parent.parent |
|
|
|
# Quick-start development settings - unsuitable for production |
|
# See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/ |
|
|
|
# SECURITY WARNING: keep the secret key used in production secret! |
|
SECRET_KEY = config('SECRET_KEY') |
|
|
|
# SECURITY WARNING: don't run with debug turned on in production! |
|
DEBUG = config('DEBUG', default=False, cast=bool) |
|
|
|
ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='localhost,127.0.0.1', cast=Csv()) |
|
|
|
# Application definition |
|
# We load the application in steps, based on which are available on disk |
|
INSTALLED_APPS = [ |
|
'django.contrib.admin', |
|
'django.contrib.auth', |
|
|
|
'mozilla_django_oidc', |
|
|
|
'django.contrib.contenttypes', |
|
'django.contrib.sessions', |
|
'django.contrib.messages', |
|
'django.contrib.staticfiles', |
|
|
|
'apps.api', |
|
'apps.dropoff', |
|
'apps.invitation', |
|
'apps.researcher', |
|
'apps.storage', |
|
'apps.study', |
|
'apps.university', |
|
'apps.virtual_machine', |
|
'apps.virtual_machine.providers.vrw', |
|
'apps.virtual_machine.providers.openstack', |
|
'apps.vre_apps', |
|
|
|
'djoser', |
|
'rest_framework', |
|
|
|
'drf_yasg', |
|
'hawkrest', |
|
'huey.contrib.djhuey', |
|
'corsheaders', |
|
] |
|
|
|
if DEBUG: |
|
INSTALLED_APPS.append('django_extensions') |
|
INSTALLED_APPS.append('debug_toolbar') |
|
|
|
MIDDLEWARE = [ |
|
'corsheaders.middleware.CorsMiddleware', |
|
'django.middleware.security.SecurityMiddleware', |
|
'django.contrib.sessions.middleware.SessionMiddleware', |
|
'django.middleware.common.CommonMiddleware', |
|
'django.middleware.csrf.CsrfViewMiddleware', |
|
# 'mozilla_django_oidc.middleware.SessionRefresh', TODO: Needs some testing... |
|
'corsheaders.middleware.CorsPostCsrfMiddleware', |
|
'hawkrest.middleware.HawkResponseMiddleware', |
|
'django.contrib.auth.middleware.AuthenticationMiddleware', |
|
'django.contrib.messages.middleware.MessageMiddleware', |
|
'django.middleware.clickjacking.XFrameOptionsMiddleware', |
|
'django.middleware.locale.LocaleMiddleware', |
|
] |
|
|
|
if DEBUG: |
|
MIDDLEWARE += ['debug_toolbar.middleware.DebugToolbarMiddleware', ] |
|
|
|
ROOT_URLCONF = 'VRE.urls' |
|
|
|
TEMPLATES = [ |
|
{ |
|
'BACKEND': 'django.template.backends.django.DjangoTemplates', |
|
'DIRS': [f'{BASE_DIR / "templates"}'], |
|
'APP_DIRS': True, |
|
'OPTIONS': { |
|
'context_processors': [ |
|
'django.template.context_processors.debug', |
|
'django.template.context_processors.request', |
|
'django.contrib.auth.context_processors.auth', |
|
'django.contrib.messages.context_processors.messages', |
|
], |
|
}, |
|
}, |
|
] |
|
|
|
WSGI_APPLICATION = 'VRE.wsgi.application' |
|
|
|
|
|
# Database |
|
# https://docs.djangoproject.com/en/dev/ref/settings/#databases |
|
|
|
DATABASES = { |
|
'default': config( |
|
'DATABASE_URL', |
|
default=f'sqlite:///{BASE_DIR / "db.sqlite3"}', |
|
cast=db_url |
|
) |
|
} |
|
|
|
# Password validation |
|
# https://docs.djangoproject.com/en/dev/ref/settings/#auth-password-validators |
|
|
|
AUTH_PASSWORD_VALIDATORS = [ |
|
{ |
|
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', |
|
}, |
|
{ |
|
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', |
|
}, |
|
{ |
|
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', |
|
}, |
|
{ |
|
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', |
|
}, |
|
] |
|
|
|
DEFAULT_AUTO_FIELD = 'django.db.models.AutoField' |
|
|
|
# Internationalization |
|
# https://docs.djangoproject.com/en/dev/topics/i18n/ |
|
|
|
LANGUAGE_CODE = 'en-us' |
|
|
|
TIME_ZONE = config('TIME_ZONE', default='UTC') |
|
|
|
USE_I18N = True |
|
|
|
USE_L10N = True |
|
|
|
USE_TZ = True |
|
|
|
# Static files (CSS, JavaScript, Images) |
|
# https://docs.djangoproject.com/en/dev/howto/static-files/ |
|
|
|
STATIC_URL = '/static/' |
|
|
|
STATICFILES_DIRS = [ |
|
BASE_DIR / 'static', |
|
] |
|
|
|
STATIC_ROOT = config('STATIC_ROOT', f'{BASE_DIR / "staticfiles"}') |
|
|
|
MEDIA_ROOT = config('MEDIA_ROOT', f'{BASE_DIR / "mediafiles"}') |
|
MEDIA_URL = '/media/' |
|
|
|
INTERNAL_IPS = config('INTERNAL_IPS', default='127.0.0.1', cast=Csv()) |
|
|
|
# SSL Checks / Setup |
|
# This will tell Django if the request is trough SSL (proxy). This is needed for Hawk authentication |
|
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') |
|
|
|
# settings.py |
|
HUEY = { |
|
'huey_class': 'huey.RedisHuey', # Huey implementation to use. |
|
'name': DATABASES['default']['NAME'].split('/')[-1], # Use db name for huey. |
|
'results': True, # Store return values of tasks. |
|
'store_none': False, # If a task returns None, do not save to results. |
|
'immediate': False, # If DEBUG=True, run synchronously. |
|
'utc': True, # Use UTC for all times internally. |
|
'blocking': True, # Perform blocking pop rather than poll Redis. |
|
'connection': { |
|
# 'host': config('REDIS_HOST'), |
|
# 'port': 6379, |
|
# 'db': 0, |
|
'connection_pool': ConnectionPool( |
|
host=config('REDIS_HOST', 'localhost'), |
|
password=config('REDIS_PASSWORD', None), |
|
port=config('REDIS_PORT', default=6379, cast=int), |
|
max_connections=config('REDIS_CONNECTIONS', default=10, cast=int)), # Definitely you should use pooling! |
|
# ... tons of other options, see redis-py for details. |
|
|
|
# huey-specific connection parameters. |
|
'read_timeout': 1, # If not polling (blocking pop), use timeout. |
|
'url': None, # Allow Redis config via a DSN. |
|
}, |
|
'consumer': { |
|
'workers': 1, |
|
'worker_type': 'thread', |
|
'initial_delay': 0.1, # Smallest polling interval, same as -d. |
|
'backoff': 1.15, # Exponential backoff using this rate, -b. |
|
'max_delay': 10.0, # Max possible polling interval, -m. |
|
'scheduler_interval': 1, # Check schedule every second, -s. |
|
'periodic': True, # Enable crontab feature. |
|
'check_worker_health': True, # Enable worker health checks. |
|
'health_check_interval': 1, # Check worker health every second. |
|
}, |
|
} |
|
|
|
# Add 'mozilla_django_oidc' authentication backend |
|
AUTHENTICATION_BACKENDS = ( |
|
# 'mozilla_django_oidc.auth.OIDCAuthenticationBackend', |
|
'apps.api.authentication.VRE_OIDC_Researcher_Update', |
|
'django.contrib.auth.backends.ModelBackend' # The default https://docs.djangoproject.com/en/3.2/ref/settings/#std:setting-AUTHENTICATION_BACKENDS |
|
) |
|
|
|
# Dynamic load the Surfconext secrets |
|
surfnet_conext_secrets = Path(f'{BASE_DIR}/surfnet_conext_secrets.ini') |
|
if surfnet_conext_secrets.exists(): |
|
with surfnet_conext_secrets.open() as secrets_file: |
|
while True: |
|
line = secrets_file.readline() |
|
if not line: |
|
break |
|
|
|
line = line.strip() |
|
if not line.startswith('#') and line.find('='): |
|
pos = line.find('=') |
|
os.environ[line[:pos].strip()] = line[pos + 1:].strip() |
|
|
|
# Surfconext settings |
|
# Authentication settings |
|
# https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html |
|
OIDC_RP_CLIENT_ID = config('OIDC_RP_CLIENT_ID') |
|
OIDC_RP_CLIENT_SECRET = config('OIDC_RP_CLIENT_SECRET') |
|
OIDC_RP_SIGN_ALGO = config('OIDC_RP_SIGN_ALGO', default='RS256') |
|
OIDC_OP_AUTHORIZATION_ENDPOINT = config('OIDC_OP_AUTHORIZATION_ENDPOINT') |
|
OIDC_OP_TOKEN_ENDPOINT = config('OIDC_OP_TOKEN_ENDPOINT') |
|
OIDC_OP_USER_ENDPOINT = config('OIDC_OP_USER_ENDPOINT') |
|
OIDC_OP_JWKS_ENDPOINT = config('OIDC_OP_JWKS_ENDPOINT') |
|
|
|
# Login/logout after surfconext.... |
|
LOGIN_REDIRECT_URL = config('LOGIN_REDIRECT_URL', default=(reverse_lazy('test-login-surfconext') if DEBUG else '/')) |
|
LOGOUT_REDIRECT_URL = config('LOGOUT_REDIRECT_URL', default=(reverse_lazy('test-login-surfconext') if DEBUG else '/')) |
|
|
|
# Email settings for sending out upload invitations. |
|
DEFAULT_FROM_EMAIL = config('DEFAULT_FROM_EMAIL', default='Do not reply<no-reply@rug.nl>') |
|
EMAIL_HOST = config('EMAIL_HOST', default='') |
|
EMAIL_HOST_USER = config('EMAIL_HOST_USER', default='') |
|
EMAIL_HOST_PASSWORD = config('EMAIL_HOST_PASSWORD', default='') |
|
EMAIL_PORT = config('EMAIL_PORT', default=25, cast=int) |
|
EMAIL_USE_TLS = config('EMAIL_USE_TLS', default=False, cast=bool) |
|
|
|
# The sender address. This needs to be one of the allowed domains due to SPF checks |
|
# The code will use a reply-to header to make sure that replies goes to the researcher and not this address |
|
EMAIL_FROM_ADDRESS = config('EMAIL_FROM_ADDRESS', default='Do not reply<no-reply@rug.nl>') |
|
|
|
if DEBUG: |
|
EMAIL_BACKEND = 'django.core.mail.backends.filebased.EmailBackend' |
|
EMAIL_FILE_PATH = BASE_DIR / 'sent_emails' |
|
|
|
# Study settings |
|
# Duration of the JWT invite link in seconds. Default is 3 days |
|
STUDY_INVITATION_LINK_EXPIRE_DURATION = config('STUDY_INVITATION_LINK_EXPIRE_DURATION', default=3 * 24 * 60 * 60, cast=int) |
|
STUDY_INVITATION_LINK_DOMAIN = config('STUDY_INVITATION_LINK_DOMAIN', default='http://localhost:8000') |
|
|
|
# Dropoff settings. |
|
# Enter the full path to the Webbased file uploading without the Study ID part. The Study ID will be added to this url based on the visitor. |
|
DROPOFF_BASE_URL = config('DROPOFF_BASE_URL', default='http://localhost:8000/dropoffs/',) |
|
# Enter the full url to the NGINX service that is in front of the TUSD service. By default that is http://localhost:1090 |
|
DROPOFF_UPLOAD_HOST = config('DROPOFF_UPLOAD_HOST', default='http://localhost:1090',) |
|
# Which file extensions are **NOT** allowed to be uploaded. By default the extensions exe,com,bat,lnk,sh are not allowed |
|
DROPOFF_NOT_ALLOWED_EXTENSIONS = config('DROPOFF_NOT_ALLOWED_EXTENSIONS', default='exe,com,bat,lnk,sh', cast=Csv()) |
|
|
|
# CORS Headers setup |
|
CORS_ALLOWED_ORIGINS = config('CORS_ALLOWED_ORIGINS', default='http://0.0.0.0:8000,http://localhost:8000,http://127.0.0.1:8000', cast=Csv()) |
|
|
|
# This will overrule the allowed origins setting above when set to True |
|
CORS_ALLOW_ALL_ORIGINS = config('CORS_ALLOW_ALL_ORIGINS', default=False, cast=bool) |
|
if DEBUG: |
|
# Force all domains by default in Debug mode.. |
|
CORS_ALLOW_ALL_ORIGINS = True |
|
|
|
CORS_ALLOW_METHODS = config('CORS_ALLOW_METHODS', default='DELETE,GET,OPTIONS,PATCH,POST,PUT', cast=Csv()) |
|
CORS_ALLOW_HEADERS = config('CORS_ALLOW_HEADERS', default='accept,accept-encoding,authorization,content-type,dnt,origin,user-agent,x-csrftoken,x-requested-with', cast=Csv()) |
|
|
|
CORS_EXPOSE_HEADERS = CORS_ALLOW_HEADERS |
|
|
|
# LOGGING = { |
|
# 'version': 1, |
|
# 'disable_existing_loggers': False, |
|
# 'handlers': { |
|
# 'file': { |
|
# 'class': 'logging.FileHandler', |
|
# 'filename': f'{BASE_DIR}/../log/debug.log', |
|
# }, |
|
# 'console': { |
|
# 'class': 'logging.StreamHandler', |
|
# 'stream': 'ext://sys.stdout' |
|
# }, |
|
# }, |
|
# 'loggers': { |
|
# 'django': { |
|
# 'handlers': ['file'], |
|
# 'level': 'DEBUG' if DEBUG else 'INFO', |
|
# 'propagate': True, |
|
# }, |
|
# 'mozilla_django_oidc': { |
|
# 'handlers': ['console'], |
|
# 'level': 'DEBUG', |
|
# }, |
|
|
|
# 'hawkrest': { |
|
# 'handlers': ['file'], |
|
# 'level': 'DEBUG' if DEBUG else 'INFO', |
|
# } |
|
# }, |
|
# }
|
|
|