295 lines
9.1 KiB
Python
295 lines
9.1 KiB
Python
"""
|
|
Django settings for blenderid project.
|
|
|
|
Generated by 'django-admin startproject' using Django 1.9.10.
|
|
|
|
For more information on this file, see
|
|
https://docs.djangoproject.com/en/1.9/topics/settings/
|
|
|
|
For the full list of settings and their values, see
|
|
https://docs.djangoproject.com/en/1.9/ref/settings/
|
|
"""
|
|
|
|
import datetime
|
|
import pathlib
|
|
import pytz
|
|
from django.urls import reverse_lazy
|
|
|
|
BASE_DIR = pathlib.Path(__file__).absolute().parent.parent
|
|
|
|
# Used when generating links to ourselves outside of the context of a request.
|
|
# Preferrably HttpRequest.build_absolute_uri() is used.
|
|
PREFERRED_SCHEME = "https"
|
|
|
|
# SECURITY WARNING: keep the secret key used in production secret!
|
|
SECRET_KEY = "-secret-"
|
|
|
|
# SECURITY WARNING: don't run with debug turned on in production!
|
|
DEBUG = False
|
|
|
|
ALLOWED_HOSTS = []
|
|
SITE_ID = 1
|
|
|
|
# Application definition
|
|
|
|
INSTALLED_APPS = [
|
|
"django.contrib.admin",
|
|
"django.contrib.admindocs",
|
|
"django.contrib.auth",
|
|
"django.contrib.contenttypes",
|
|
"django.contrib.sessions",
|
|
"django.contrib.messages",
|
|
"django.contrib.staticfiles",
|
|
"django.contrib.sites",
|
|
"django.contrib.flatpages",
|
|
"oauth2_provider",
|
|
"pipeline",
|
|
"sorl.thumbnail",
|
|
"django_admin_select2",
|
|
"loginas",
|
|
"bid_main",
|
|
"bid_api",
|
|
"bid_addon_support",
|
|
"background_task",
|
|
]
|
|
|
|
MIDDLEWARE = [
|
|
"django.middleware.security.SecurityMiddleware",
|
|
"django.contrib.sessions.middleware.SessionMiddleware",
|
|
"django.middleware.common.CommonMiddleware",
|
|
"django.middleware.csrf.CsrfViewMiddleware",
|
|
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
|
"django.contrib.messages.middleware.MessageMiddleware",
|
|
"django.middleware.clickjacking.XFrameOptionsMiddleware",
|
|
"oauth2_provider.middleware.OAuth2TokenMiddleware",
|
|
]
|
|
|
|
AUTHENTICATION_BACKENDS = [
|
|
"oauth2_provider.backends.OAuth2Backend",
|
|
"django.contrib.auth.backends.ModelBackend",
|
|
]
|
|
|
|
ROOT_URLCONF = "blenderid.urls"
|
|
|
|
TEMPLATES = [
|
|
{
|
|
"BACKEND": "django.template.backends.django.DjangoTemplates",
|
|
"DIRS": [
|
|
BASE_DIR / "templates",
|
|
BASE_DIR / "assets_shared" / "src" / "templates",
|
|
],
|
|
"OPTIONS": {
|
|
"context_processors": [
|
|
"django.template.context_processors.debug",
|
|
"django.template.context_processors.request",
|
|
"django.contrib.auth.context_processors.auth",
|
|
"django.contrib.messages.context_processors.messages",
|
|
"bid_main.context_processors.settings",
|
|
],
|
|
'loaders': {
|
|
(
|
|
'pypugjs.ext.django.Loader',
|
|
(
|
|
'django.template.loaders.filesystem.Loader',
|
|
'django.template.loaders.app_directories.Loader',
|
|
),
|
|
)
|
|
},
|
|
'builtins': [
|
|
'pypugjs.ext.django.templatetags',
|
|
],
|
|
},
|
|
},
|
|
]
|
|
|
|
WSGI_APPLICATION = "blenderid.wsgi.application"
|
|
|
|
# Database
|
|
# https://docs.djangoproject.com/en/1.9/ref/settings/#databases
|
|
DATABASES = {
|
|
"default": {
|
|
'ENGINE': 'django.db.backends.postgresql',
|
|
'NAME': 'blender_id',
|
|
'USER': 'blender_id',
|
|
'PASSWORD': 'blender_id',
|
|
'HOST': '127.0.0.1',
|
|
'PORT': '5432',
|
|
}
|
|
}
|
|
|
|
# Password validation
|
|
# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
|
|
|
|
AUTH_PASSWORD_VALIDATORS = [
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
|
|
},
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
|
|
},
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
|
|
},
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
|
|
},
|
|
]
|
|
|
|
# Internationalization
|
|
# https://docs.djangoproject.com/en/1.9/topics/i18n/
|
|
|
|
LANGUAGE_CODE = "en-us"
|
|
|
|
TIME_ZONE = "CET"
|
|
DATE_FORMAT = "d-b-Y (D)"
|
|
TIME_FORMAT = "H:i:s"
|
|
DATETIME_FORMAT = "d-b-Y, H:i"
|
|
SHORT_DATE_FORMAT = "Y-m-d"
|
|
SHORT_DATETIME_FORMAT = f"{SHORT_DATE_FORMAT}, H:i"
|
|
|
|
DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
|
|
|
|
USE_I18N = True
|
|
|
|
USE_L10N = False
|
|
|
|
USE_TZ = True
|
|
|
|
PIPELINE = {
|
|
'JS_COMPRESSOR': 'pipeline.compressors.jsmin.JSMinCompressor',
|
|
'CSS_COMPRESSOR': 'pipeline.compressors.NoopCompressor',
|
|
'JAVASCRIPT': {
|
|
'notifications': {
|
|
'source_filenames': [
|
|
'bid_main/scripts/notifications.js',
|
|
],
|
|
'output_filename': 'js/notifications.js',
|
|
'extra_context': {'async': False, 'defer': False},
|
|
},
|
|
'web-assets': {
|
|
'source_filenames': ('tutti/10_navbar.js',),
|
|
'output_filename': 'js/web-assets.js',
|
|
'extra_context': {'async': True, 'defer': True},
|
|
},
|
|
},
|
|
'STYLESHEETS': {
|
|
'main': {
|
|
'source_filenames': ('bid_main/styles/main.sass',),
|
|
'output_filename': 'css/main.css',
|
|
'extra_context': {'media': 'screen,projection'},
|
|
},
|
|
},
|
|
'COMPILERS': ('libsasscompiler.LibSassCompiler',),
|
|
'DISABLE_WRAPPER': True,
|
|
}
|
|
|
|
# Static files (CSS, JavaScript, Images)
|
|
# https://docs.djangoproject.com/en/1.10/howto/static-files/
|
|
STATIC_URL = "/static/"
|
|
STATIC_ROOT = BASE_DIR / "static"
|
|
|
|
STATICFILES_DIRS = [
|
|
str(BASE_DIR / 'assets_shared'),
|
|
str(BASE_DIR / 'assets_shared/src/scripts/'),
|
|
]
|
|
|
|
STATICFILES_FINDERS = [
|
|
'django.contrib.staticfiles.finders.FileSystemFinder',
|
|
'django.contrib.staticfiles.finders.AppDirectoriesFinder',
|
|
'pipeline.finders.PipelineFinder',
|
|
]
|
|
STATICFILES_STORAGE = 'pipeline.storage.PipelineManifestStorage'
|
|
|
|
# Uploaded files
|
|
# https://docs.djangoproject.com/en/2.0/ref/settings/#std:setting-MEDIA_ROOT
|
|
MEDIA_URL = "/media/"
|
|
MEDIA_ROOT = BASE_DIR / "media" # may not be inside STATIC_ROOT
|
|
|
|
BLENDER_ID_ADDON_CLIENT_ID = "-secret-"
|
|
|
|
with open(BASE_DIR / "oidc.key", "r") as file:
|
|
# Can be generated with 'openssl genrsa -out oidc.key 4096'
|
|
oidc_rsa_private_key = file.read()
|
|
|
|
# Defining one of those means you have to define them all.
|
|
OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = "bid_main.OAuth2AccessToken"
|
|
OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = "bid_main.OAuth2RefreshToken"
|
|
OAUTH2_PROVIDER_APPLICATION_MODEL = "bid_main.OAuth2Application"
|
|
OAUTH2_PROVIDER_ID_TOKEN_MODEL = "oauth2_provider.IDToken"
|
|
|
|
OAUTH2_PROVIDER = {
|
|
"OAUTH2_VALIDATOR_CLASS": "bid_main.oauth_validator.BlenderIDOAuth2Validator",
|
|
"OIDC_ENABLED": True,
|
|
"OIDC_RSA_PRIVATE_KEY": oidc_rsa_private_key,
|
|
"SCOPES": {
|
|
"email": "Default scope",
|
|
"badge": "Read access to the user's badges",
|
|
"openid": "OpenID Connect scope",
|
|
"profile": "Profile details such as name and nickname",
|
|
},
|
|
"PKCE_REQUIRED": False,
|
|
"ALLOWED_REDIRECT_URI_SCHEMES": ["https"],
|
|
"REQUEST_APPROVAL_PROMPT": "auto",
|
|
"ACCESS_TOKEN_EXPIRE_SECONDS": 3600 * 24 * 31, # keep for a month
|
|
"REFRESH_TOKEN_EXPIRE_SECONDS": 3600 * 24 * 31, # keep for a month
|
|
"ACCESS_TOKEN_MODEL": OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL,
|
|
"REFRESH_TOKEN_MODEL": OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL,
|
|
"APPLICATION_MODEL": OAUTH2_PROVIDER_APPLICATION_MODEL,
|
|
}
|
|
|
|
# This is required for compatibility with Blender Cloud, as it performs
|
|
# a POST request to /oauth/token.
|
|
APPEND_SLASH = False
|
|
|
|
# Read https://docs.djangoproject.com/en/1.9/topics/auth/passwords/#password-upgrading
|
|
# before removing any password hasher from this list.
|
|
PASSWORD_HASHERS = [
|
|
"bid_main.hashers.BlenderIdPasswordHasher",
|
|
"django.contrib.auth.hashers.BCryptSHA256PasswordHasher",
|
|
"django.contrib.auth.hashers.BCryptPasswordHasher",
|
|
"django.contrib.auth.hashers.PBKDF2PasswordHasher",
|
|
"django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
|
|
]
|
|
|
|
AUTH_USER_MODEL = "bid_main.User"
|
|
LOGIN_URL = "bid_main:login"
|
|
LOGIN_REDIRECT_URL = "bid_main:index"
|
|
LOGOUT_URL = reverse_lazy("bid_main:logout")
|
|
|
|
# Hosts that we allow redirecting to with a next=xxx parameter on the /login and /switch
|
|
# endpoints. This is a limited set for security reasons.
|
|
NEXT_REDIR_AFTER_LOGIN_ALLOWED_HOSTS = {
|
|
"cloud.local:5000",
|
|
"cloud.local:5001",
|
|
"cloud.blender.org",
|
|
"blender.cloud",
|
|
"blender.community",
|
|
}
|
|
|
|
CSRF_FAILURE_VIEW = "bid_main.views.errors.csrf_failure"
|
|
|
|
|
|
# Privacy Policy date; anyone who agreed to the privacy policy before this date
|
|
# (or never) will be presented with an agreement prompt and has to agree before
|
|
# being able to use the website.
|
|
PPDATE = datetime.datetime(2018, 5, 18, 0, 0, 0, tzinfo=pytz.utc)
|
|
|
|
AVATAR_ALLOWED_FILE_EXTS = {".jpeg", ".jpg", ".png", ".webp"}
|
|
# Make sure this is less than the client_max_body_size nginx setting:
|
|
AVATAR_MAX_SIZE_BYTES = 2 * 1024**2
|
|
AVATAR_DEFAULT_FILENAME = "assets/images/default_user_avatar.png"
|
|
AVATAR_CONTENT_TYPE = "image/jpeg"
|
|
AVATAR_DEFAULT_SIZE_PIXELS = 160
|
|
# **N.B.**: thumbnail sizes are not intended to just be changed on the fly:
|
|
# thumbnails of existing images must exist in MEDIA_ROOT before
|
|
# the code expecting the new dimensions can be deployed!
|
|
AVATAR_THUMBNAIL_SIZES = [AVATAR_DEFAULT_SIZE_PIXELS, 128, 32]
|
|
THUMBNAIL_FORMAT = "JPEG"
|
|
THUMBNAIL_QUALITY = 83
|
|
|
|
GOOGLE_RECAPTCHA_SITE_KEY = ''
|
|
GOOGLE_RECAPTCHA_SECRET_KEY = ''
|
|
|
|
# Background tasks settings
|
|
MAX_ATTEMPTS = 5
|