Broker/VRE/VRE/settings.py

"""
Django settings for VRE project.

Generated by 'django-admin startproject' using Django 3.1.5.

For more information on this file, see
https://docs.djangoproject.com/en/dev/topics/settings/

For the full list of settings and their values, see
https://docs.djangoproject.com/en/dev/ref/settings/
"""

import os
from pathlib import Path

import sentry_sdk
from decouple import config, Csv
from dj_database_url import parse as db_url
from django.utils.translation import ugettext_lazy as _
from redis import ConnectionPool
from sentry_sdk.integrations.django import DjangoIntegration


# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = config('SECRET_KEY')

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = config('DEBUG', default=False, cast=bool)
DEBUG_TOOLBAR = config('DEBUG', default=False, cast=bool)

ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='localhost,127.0.0.1', cast=Csv())

# Application definition
# We load the application in steps, based on which are available on disk
INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',

    'mozilla_django_oidc',

    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',

    'apps.api',
    'apps.dropoff',
    'apps.invitation',
    'apps.researcher',
    'apps.storage',
    'apps.study',
    'apps.university',
    'apps.virtual_machine',
    'apps.virtual_machine.providers.vrw',
    'apps.virtual_machine.providers.openstack',
    'apps.vre_apps',

    'djoser',
    'rest_framework',

    'drf_yasg',
    'hawkrest',
    'huey.contrib.djhuey',
    'corsheaders',
]

if DEBUG and DEBUG_TOOLBAR:
    INSTALLED_APPS.append('django_extensions')
    INSTALLED_APPS.append('debug_toolbar')

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    # 'mozilla_django_oidc.middleware.SessionRefresh', TODO: Needs some testing...
    'corsheaders.middleware.CorsPostCsrfMiddleware',
    'hawkrest.middleware.HawkResponseMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'django.middleware.locale.LocaleMiddleware',
]

if DEBUG and DEBUG_TOOLBAR:
    MIDDLEWARE += ['debug_toolbar.middleware.DebugToolbarMiddleware', ]

ROOT_URLCONF = 'VRE.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [f'{BASE_DIR / "templates"}'],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

WSGI_APPLICATION = 'VRE.wsgi.application'


# Database
# https://docs.djangoproject.com/en/dev/ref/settings/#databases

DATABASES = {
    'default': config(
        'DATABASE_URL',
        default=f'sqlite:///{BASE_DIR / "db.sqlite3"}',
        cast=db_url
    )
}

# Password validation
# https://docs.djangoproject.com/en/dev/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]

DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'

# Internationalization
# https://docs.djangoproject.com/en/dev/topics/i18n/

LANGUAGE_CODE = 'en-us'

TIME_ZONE = config('TIME_ZONE', default='UTC')

USE_I18N = True

USE_L10N = True

USE_TZ = True

# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/dev/howto/static-files/

STATIC_URL = '/static/'

STATICFILES_DIRS = [
    BASE_DIR / 'static',
]

STATIC_ROOT = config('STATIC_ROOT', f'{BASE_DIR / "staticfiles"}')

MEDIA_ROOT = config('MEDIA_ROOT', f'{BASE_DIR / "mediafiles"}')
MEDIA_URL = '/media/'

INTERNAL_IPS = config('INTERNAL_IPS', default='127.0.0.1', cast=Csv())

# SSL Checks / Setup
# This will tell Django if the request is trough SSL (proxy). This is needed for Hawk authentication
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

# Huey task worker settings
HUEY = {
    'huey_class': 'huey.RedisHuey',  # Huey implementation to use.
    'name': DATABASES['default']['NAME'].split('/')[-1],  # Use db name for huey.
    'results': True,  # Store return values of tasks.
    'store_none': False,  # If a task returns None, do not save to results.
    'immediate': False,  # If DEBUG=True, run synchronously.
    'utc': True,  # Use UTC for all times internally.
    'blocking': True,  # Perform blocking pop rather than poll Redis.
    'connection': {
        #        'host': config('REDIS_HOST'),
        #        'port': 6379,
        #        'db': 0,
        'connection_pool': ConnectionPool(
            host=config('REDIS_HOST', 'localhost'),
            password=config('REDIS_PASSWORD', None),
            port=config('REDIS_PORT', default=6379, cast=int),
            max_connections=config('REDIS_CONNECTIONS', default=10, cast=int)),  # Definitely you should use pooling!
        # ... tons of other options, see redis-py for details.

        # huey-specific connection parameters.
        'read_timeout': 1,  # If not polling (blocking pop), use timeout.
        'url': None,  # Allow Redis config via a DSN.
    },
    'consumer': {
        'workers': 1,
        'worker_type': 'thread',
        'initial_delay': 0.1,  # Smallest polling interval, same as -d.
        'backoff': 1.15,  # Exponential backoff using this rate, -b.
        'max_delay': 10.0,  # Max possible polling interval, -m.
        'scheduler_interval': 1,  # Check schedule every second, -s.
        'periodic': True,  # Enable crontab feature.
        'check_worker_health': True,  # Enable worker health checks.
        'health_check_interval': 1,  # Check worker health every second.
    },
}

# Add 'mozilla_django_oidc' authentication backend
AUTHENTICATION_BACKENDS = (
    # 'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
    'apps.api.authentication.VRE_OIDC_Researcher_Update',
    'django.contrib.auth.backends.ModelBackend'  # The default https://docs.djangoproject.com/en/3.2/ref/settings/#std:setting-AUTHENTICATION_BACKENDS
)

# Dynamic load the Surfconext secrets
surfnet_conext_secrets = Path(f'{BASE_DIR}/surfnet_conext_secrets.ini')
if surfnet_conext_secrets.exists():
    with surfnet_conext_secrets.open() as secrets_file:
        while True:
            line = secrets_file.readline()
            if not line:
                break

            line = line.strip()
            if not line.startswith('#') and line.find('='):
                pos = line.find('=')
                os.environ[line[:pos].strip()] = line[pos + 1:].strip()

# SURFconext OIDC authentication settings
# https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html
OIDC_RP_CLIENT_ID = config('OIDC_RP_CLIENT_ID')
OIDC_RP_CLIENT_SECRET = config('OIDC_RP_CLIENT_SECRET')
OIDC_RP_SIGN_ALGO = config('OIDC_RP_SIGN_ALGO', default='RS256')
OIDC_OP_AUTHORIZATION_ENDPOINT = config('OIDC_OP_AUTHORIZATION_ENDPOINT')
OIDC_OP_TOKEN_ENDPOINT = config('OIDC_OP_TOKEN_ENDPOINT')
OIDC_OP_USER_ENDPOINT = config('OIDC_OP_USER_ENDPOINT')
OIDC_OP_JWKS_ENDPOINT = config('OIDC_OP_JWKS_ENDPOINT')

# Login/logout after surfconext....
# LOGIN_REDIRECT_URL = config('LOGIN_REDIRECT_URL', default=(reverse_lazy('test-login-surfconext') if DEBUG else '/'))
# LOGOUT_REDIRECT_URL = config('LOGOUT_REDIRECT_URL', default=(reverse_lazy('test-login-surfconext') if DEBUG else '/'))

LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'

# Email settings for sending out upload invitations.
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
DEFAULT_FROM_EMAIL = config('DEFAULT_FROM_EMAIL', default='Do not reply<no-reply@rug.nl>')
EMAIL_HOST = config('EMAIL_HOST', default='')
EMAIL_HOST_USER = config('EMAIL_HOST_USER', default='')
EMAIL_HOST_PASSWORD = config('EMAIL_HOST_PASSWORD', default='')
EMAIL_PORT = config('EMAIL_PORT', default=25, cast=int)
EMAIL_USE_TLS = config('EMAIL_USE_TLS', default=False, cast=bool)

# The sender address. This needs to be one of the allowed domains due to SPF checks
# The code will use a reply-to header to make sure that replies goes to the researcher and not this address
EMAIL_FROM_ADDRESS = config('EMAIL_FROM_ADDRESS', default='Do not reply<no-reply@rug.nl>')

if DEBUG:
    EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'

# Study settings
# Duration of the JWT invite link in seconds. Default is 3 days
STUDY_INVITATION_LINK_EXPIRE_DURATION = config('STUDY_INVITATION_LINK_EXPIRE_DURATION', default=3 * 24 * 60 * 60, cast=int)
STUDY_INVITATION_LINK_DOMAIN = config('STUDY_INVITATION_LINK_DOMAIN', default='http://localhost:8000')

# Dropoff settings.
# Enter the full path to the Webbased file uploading without the Study ID part. The Study ID will be added to this url based on the visitor.
DROPOFF_BASE_URL = config('DROPOFF_BASE_URL', default='http://localhost:8000/dropoffs/',)
# Enter the full url to the NGINX service that is in front of the TUSD service. By default that is http://localhost:1090
DROPOFF_UPLOAD_HOST = config('DROPOFF_UPLOAD_HOST', default='http://localhost:1090',)
# Which file extensions are **NOT** allowed to be uploaded. By default the extensions exe,com,bat,lnk,sh are not allowed
DROPOFF_NOT_ALLOWED_EXTENSIONS = config('DROPOFF_NOT_ALLOWED_EXTENSIONS', default='exe,com,bat,lnk,sh', cast=Csv())

# CORS Headers setup
CORS_ALLOWED_ORIGINS = config('CORS_ALLOWED_ORIGINS', default='http://0.0.0.0:8000,http://localhost:8000,http://127.0.0.1:8000', cast=Csv())

# This will overrule the allowed origins setting above when set to True
CORS_ALLOW_ALL_ORIGINS = config('CORS_ALLOW_ALL_ORIGINS', default=False, cast=bool)
if DEBUG:
    # Force all domains by default in Debug mode..
    CORS_ALLOW_ALL_ORIGINS = True

CORS_ALLOW_METHODS = config('CORS_ALLOW_METHODS', default='DELETE,GET,OPTIONS,PATCH,POST,PUT', cast=Csv())
CORS_ALLOW_HEADERS = config('CORS_ALLOW_HEADERS', default='accept,accept-encoding,authorization,content-type,dnt,origin,user-agent,x-csrftoken,x-requested-with', cast=Csv())

CORS_EXPOSE_HEADERS = CORS_ALLOW_HEADERS

# Sentry settings
SENTRY_DSN = config('SENTRY_DSN', None)
if SENTRY_DSN:
    sentry_sdk.init(
        dsn=SENTRY_DSN,
        integrations=[DjangoIntegration()],

        # Set traces_sample_rate to 1.0 to capture 100%
        # of transactions for performance monitoring.
        # We recommend adjusting this value in production,
        traces_sample_rate=1.0,

        # If you wish to associate users to errors (assuming you are using
        # django.contrib.auth) you may enable sending PII data.
        send_default_pii=True
    )

#Todo: Logging config

# LOGGING = {
#     'version': 1,
#     'disable_existing_loggers': False,
#     'handlers': {
#         'file': {
#             'class': 'logging.FileHandler',
#             'filename': f'{BASE_DIR}/../log/debug.log',
#         },
#         'console': {
#             'class': 'logging.StreamHandler',
#             'stream': 'ext://sys.stdout'
#         },
#     },
#     'loggers': {
#         'django': {
#             'handlers': ['file'],
#             'level': 'DEBUG' if DEBUG else 'INFO',
#             'propagate': True,
#         },
#         'mozilla_django_oidc': {
#             'handlers': ['console'],
#             'level': 'DEBUG',
#         },

#         'hawkrest': {
#             'handlers': ['file'],
#             'level': 'DEBUG' if DEBUG else 'INFO',
#         }
#     },
# }