class Production(Common):
DEBUG = False
DATABASE_URL = values.DatabaseURLValue(
'sqlite:////data/kubeportal.sqlite3', environ_prefix='KUBEPORTAL')
DATABASES = DATABASE_URL
STATIC_ROOT = values.Value('', environ_prefix='KUBEPORTAL')
STATICFILES_DIRS = values.TupleValue('', environ_prefix='KUBEPORTAL')
REDIRECT_HOSTS = values.TupleValue(None, environ_prefix='KUBEPORTAL')
EMAIL_HOST = values.Value('localhost', environ_prefix='KUBEPORTAL')
LOG_LEVEL_PORTAL = values.Value('ERROR', environ_prefix='KUBEPORTAL')
LOG_LEVEL_REQUEST = values.Value('ERROR', environ_prefix='KUBEPORTAL')
# read the environment variables immediately because they're used to
# configure the loggers below
LOG_LEVEL_PORTAL.setup('LOG_LEVEL_PORTAL')
LOG_LEVEL_REQUEST.setup('LOG_LEVEL_REQUEST')
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'verbose': {
'format': "[%(asctime)s] %(levelname)s %(message)s"
},
},
'handlers': {
'mail_admins': {
'level': 'ERROR',
'class': 'django.utils.log.AdminEmailHandler',
'formatter': 'verbose'
},
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
'formatter': 'verbose'
},
},
'loggers': {
'django.request': {
'handlers': ['mail_admins', 'console'],
'level': LOG_LEVEL_REQUEST.value,
'propagate': True
},
'KubePortal': {
'handlers': ['mail_admins', 'console', ],
'level': LOG_LEVEL_PORTAL.value,
'propagate': True
},
}
}
class Production(Common):
CLUSTER_API_SERVER = values.Value('', environ_prefix='KUBEPORTAL')
DEBUG = False
DATABASE_URL = values.DatabaseURLValue(
'sqlite:////data/kubeportal.sqlite3', environ_prefix='KUBEPORTAL')
DATABASES = DATABASE_URL
STATIC_ROOT = values.Value('', environ_prefix='KUBEPORTAL')
STATICFILES_DIRS = values.TupleValue('', environ_prefix='KUBEPORTAL')
REDIRECT_HOSTS = values.TupleValue(None, environ_prefix='KUBEPORTAL')
EMAIL_HOST = values.Value('localhost', environ_prefix='KUBEPORTAL')
class Production(Common):
"""
The in-production settings.
"""
# Security
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31_536_000)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
("HTTP_X_FORWARDED_PROTO", "https"))
AWS_REGION = values.Value("us-east-1", environ_prefix=None)
AWS_ACCESS_KEY_ID = values.SecretValue(environ_prefix=None)
AWS_SECRET_ACCESS_KEY = values.SecretValue(environ_prefix=None)
AWS_S3_BUCKET_NAME = values.Value(environ_prefix=None)
CONTRACTS_DOCUMENT_STORAGE = "django_s3_storage.storage.S3Storage"
@property
def CACHES(self):
return {
"default": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": f"{self.REDIS_URL}/1",
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient"
},
}
}
class Production(Common):
"""
The production settings.
"""
INSTALLED_APPS = Common.INSTALLED_APPS + (
'djangosecure',
'raven.contrib.django.raven_compat',
)
SPEAKER_SUBMISSION = False
ALLOWED_HOSTS = [
'speakers.herokuapp.com',
'calltospeakers.com',
'www.calltospeakers.com',
]
# django-secure
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_FRAME_DENY = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
class Production(Base):
DEBUG = False
TEMPLATE_DEBUG = False
ALLOWED_HOSTS = values.TupleValue(('example.com', ))
CELERY_ALWAYS_EAGER = values.BooleanValue(False)
COMPRESS_ENABLED = values.BooleanValue(True)
COMPRESS_OFFLINE = values.BooleanValue(True)
class Staging(Common):
"""
The in-staging settings.
"""
INSTALLED_APPS = Common.INSTALLED_APPS + ('storages', )
# django-secure now integrated inside django 1.8+
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_FRAME_DENY = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
AWS_ACCESS_KEY_ID = values.Value(environ_prefix=None)
AWS_SECRET_ACCESS_KEY = values.Value(environ_prefix=None)
AWS_STORAGE_BUCKET_NAME = 'grp-portfolio-media'
AWS_QUERYSTRING_AUTH = values.BooleanValue(False)
S3_URL = 'http://%s.s3.amazonaws.com/' % AWS_STORAGE_BUCKET_NAME
MEDIA_ROOT = '/media/'
MEDIA_URL = S3_URL + MEDIA_ROOT
DEFAULT_FILE_STORAGE = 'storages.backends.s3boto.S3BotoStorage'
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
PROTOCOL = 'https'
class Staging(Common):
"""
The in-staging settings.
"""
# Security
BASE_DIR = os.path.dirname(os.path.dirname(__file__))
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https')
)
WEBPACK_LOADER = {
'DEFAULT': {
'BUNDLE_DIR_NAME': 'bundles/',
'STATS_FILE': os.path.join(BASE_DIR, 'webpack-stats.prod.json'),
}
}
class Production(Base):
"""Settings for the production environment."""
USE_X_FORWARDED_HOST = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(('HTTP_X_FORWARDED_PROTO', 'https'))
LOGGING_USE_JSON = values.Value(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000) # 1 year
DEFAULT_FILE_STORAGE = values.Value('storages.backends.s3boto3.S3Boto3Storage')
class Production(Base):
"""Settings for the production environment."""
USE_X_FORWARDED_HOST = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(('HTTP_X_FORWARDED_PROTO', 'https'))
LOGGING_USE_JSON = values.Value(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000) # 1 year
DEFAULT_FILE_STORAGE = values.Value('normandy.base.storage.S3Boto3PermissiveStorage')
AWS_S3_FILE_OVERWRITE = False
class Production(Base):
"""Settings for the production environment."""
SECURE_PROXY_SSL_HEADER = values.TupleValue(("HTTP_X_FORWARDED_PROTO", "https"))
LOGGING_USE_JSON = values.Value(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000) # 1 year
DEFAULT_FILE_STORAGE = values.Value("normandy.base.storage.NormandyS3Boto3Storage")
AWS_S3_FILE_OVERWRITE = False
METRICS_USE_STATSD = values.Value(True)
class Production(Base):
DEBUG = False
@property
def TEMPLATES(self):
TEMP = super().TEMPLATES
TEMP[0]['OPTIONS']['debug'] = False
return TEMP
ALLOWED_HOSTS = values.TupleValue(('example.com', ))
CELERY_TASK_ALWAYS_EAGER = values.BooleanValue(False)
STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.ManifestStaticFilesStorage'
class Production(Common):
# Security
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
ALLOWED_HOSTS = ['*']
class Production(Base):
DEBUG = False
@property
def TEMPLATES(self):
TEMP = super(Production, self).TEMPLATES
TEMP[0]['OPTIONS']['debug'] = False
return TEMP
ALLOWED_HOSTS = values.TupleValue(('example.com', ))
CELERY_ALWAYS_EAGER = values.BooleanValue(False)
COMPRESS_ENABLED = values.BooleanValue(True)
COMPRESS_OFFLINE = values.BooleanValue(True)
class Production(Base):
"""Settings for the production environment."""
USE_X_FORWARDED_HOST = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
LOGGING_USE_JSON = values.Value(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000) # 1 year
DEFAULT_FILE_STORAGE = values.Value(
'normandy.base.storage.S3Boto3PermissiveStorage')
AWS_S3_FILE_OVERWRITE = False
# Custom CORS settings that overrides the CORS class's configuration.
# In production we harden it down a bit extra.
CORS_ORIGIN_ALLOW_ALL = values.BooleanValue(False)
class Production(Common):
"""
The in-production settings.
"""
# Security
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(("HTTP_X_FORWARDED_PROTO", "https"))
class Staging(BaseSettings):
SECRET_KEY = values.SecretValue()
# Security
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
class Staging(Common):
"""
The in-staging settings.
"""
INSTALLED_APPS = Common.INSTALLED_APPS + ('djangosecure', )
# django-secure
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_FRAME_DENY = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
class Staging(Common):
"""
The in-staging settings.
"""
STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
# Security
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value(None)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
class Staging(Common):
"""
The in-staging settings.
"""
# Security
BASE_DIR = os.path.dirname(os.path.dirname(__file__))
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
class Staging(Common):
"""
The in-staging settings.
"""
SESSION_COOKIE_SECURE = values.BooleanValue(False)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(False)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(False)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(False)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue(["localhost", "127.0.0.1"])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(False)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
("HTTP_X_FORWARDED_PROTO", "https"))
DATABASES = values.DatabaseURLValue("postgresql://*****:*****@postgres/pg")
class Staging(Common):
"""
The in-staging settings.
"""
# Security
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
CSRF_COOKIE_SECURE = values.BooleanValue(True)
X_FRAME_OPTIONS = 'DENY'
SECURE_HSTS_PRELOAD = values.BooleanValue(True)
class Staging(Common):
"""
The in-staging settings.
"""
# Security
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https')
)
DATABASES = Common.DATABASES
DATABASES = values.DatabaseURLValue(
'postgres://*****:*****@localhost/default'
)
class Heroku(Common):
INSTALLED_APPS = Common.INSTALLED_APPS
SECRET_KEY = os.getenv('DJANGO_SECRET_KEY')
# Site
# https://docs.djangoproject.com/en/2.0/ref/settings/#allowed-hosts
ALLOWED_HOSTS = ["*"]
INSTALLED_APPS += ("gunicorn", )
RQ_QUEUES = {
'default': {
'URL':
os.getenv('REDIS_URL',
'redis://localhost:6379/0'), # If you're on Heroku
'DEFAULT_TIMEOUT': 600,
},
}
CORS_ORIGIN_ALLOW_ALL = values.BooleanValue(
False, environ_name='CORS_ORIGIN_ALLOW_ALL')
CORS_ORIGIN_WHITELIST = values.TupleValue(
('http://localhost:8000', ), environ_name='CORS_ORIGIN_WHITELIST')
class Staging(Common):
"""
The in-staging settings.
"""
ALLOWED_HOSTS = [
'staging.smartz.io', 'stage.smartz.io', '.stage.smartz.io'
]
# Security
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value(None)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
SMARTZ_SHOW_SWAGGER_SCHEMA = True
class SSL(object):
"""Default settings for SSL-enabled servers.
Please read Django's SSL/HTTPS documentation and modify this configuration
as needed. Be advised that the default settings will not work with all web
servers.
"""
CSRF_COOKIE_SECURE = values.BooleanValue(True)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
SECURE_HSTS_SECONDS = values.IntegerValue(3600)
SECURE_PROXY_SSL_HEADER = values.TupleValue(None)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SECURE_SSL_HOST = values.Value('www.example.com')
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SESSION_COOKIE_SECURE = values.BooleanValue(True)
class Base(Configuration):
DEBUG = values.BooleanValue(True)
TEMPLATE_DEBUG = values.BooleanValue(DEBUG)
DATABASES = values.DatabaseURLValue('sqlite:///dev.db')
CONN_MAX_AGE = None
INSTALLED_APPS = values.ListValue([
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
'django_comments',
'django.contrib.flatpages',
'django.contrib.sitemaps',
# external
'haystack',
'djcelery',
'taggit',
'floppyforms',
'overextends',
'tastypie',
'tastypie_swagger',
'storages',
'compressor',
# local
'froide.foirequest',
'froide.foirequestfollower',
'froide.frontpage',
'froide.publicbody',
'froide.account',
'froide.redaction',
'froide.foisite',
'froide.helper',
])
CACHES = values.CacheURLValue('dummy://')
# ############# Site Configuration #########
# Make this unique, and don't share it with anybody.
SECRET_KEY = 'make_me_unique!!'
SITE_NAME = values.Value('Froide')
SITE_EMAIL = values.Value('*****@*****.**')
SITE_URL = values.Value('http://*****:*****@example.com'),
)
MANAGERS = ADMINS
INTERNAL_IPS = values.TupleValue(('127.0.0.1', ))
# ############## PATHS ###############
PROJECT_ROOT = os.path.abspath(os.path.dirname(__file__))
LOCALE_PATHS = values.TupleValue(
(os.path.abspath(os.path.join(PROJECT_ROOT, '..', "locale")), ))
GEOIP_PATH = None
# Absolute filesystem path to the directory that will hold user-uploaded files.
# Example: "/home/media/media.lawrence.com/media/"
MEDIA_ROOT = os.path.abspath(os.path.join(PROJECT_ROOT, "..", "files"))
# Sub path in MEDIA_ROOT that will hold FOI attachments
FOI_MEDIA_PATH = values.Value('foi')
# Absolute path to the directory static files should be collected to.
# Don't put anything in this directory yourself; store your static files
# in apps' "static/" subdirectories and in STATICFILES_DIRS.
# Example: "/home/media/media.lawrence.com/static/"
STATIC_ROOT = os.path.abspath(os.path.join(PROJECT_ROOT, "..", "public"))
# Additional locations of static files
STATICFILES_DIRS = (os.path.join(PROJECT_ROOT, "static"), )
COMPRESS_ENABLED = values.BooleanValue(False)
COMPRESS_JS_FILTERS = ['compressor.filters.jsmin.JSMinFilter']
COMPRESS_CSS_FILTERS = [
'compressor.filters.css_default.CssAbsoluteFilter',
'compressor.filters.cssmin.CSSMinFilter'
]
COMPRESS_PARSER = 'compressor.parser.HtmlParser'
# Additional locations of template files
TEMPLATE_DIRS = (os.path.join(PROJECT_ROOT, "templates"), )
# ########## URLs #################
ROOT_URLCONF = values.Value('froide.urls')
# URL that handles the media served from MEDIA_ROOT. Make sure to use a
# trailing slash.
# Examples: "http://media.lawrence.com/media/", "http://example.com/media/"
MEDIA_URL = values.Value('/files/')
# URL prefix for static files.
# Example: "http://media.lawrence.com/static/"
# URL that handles the static files like app media.
# Example: "http://media.lawrence.com"
STATIC_URL = values.Value('/static/')
USE_X_ACCEL_REDIRECT = values.BooleanValue(False)
X_ACCEL_REDIRECT_PREFIX = values.Value('/protected')
# ## URLs that can be translated to a secret value
SECRET_URLS = values.DictValue({"admin": "admin"})
# ######## Backends, Finders, Processors, Classes ####
AUTH_USER_MODEL = values.Value('account.User')
CUSTOM_AUTH_USER_MODEL_DB = values.Value('')
# List of finder classes that know how to find static files in
# various locations.
STATICFILES_FINDERS = (
'django.contrib.staticfiles.finders.AppDirectoriesFinder',
'django.contrib.staticfiles.finders.FileSystemFinder',
'compressor.finders.CompressorFinder',
)
AUTHENTICATION_BACKENDS = [
"froide.helper.auth.EmailBackend",
"django.contrib.auth.backends.ModelBackend",
]
TEMPLATE_CONTEXT_PROCESSORS = (
'django.core.context_processors.debug',
'django.core.context_processors.i18n',
'django.core.context_processors.media',
'django.core.context_processors.static',
'django.core.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
'froide.helper.context_processors.froide',
'froide.helper.context_processors.site_settings')
# List of callables that know how to import templates from various sources.
TEMPLATE_LOADERS = [
'django.template.loaders.filesystem.Loader',
'django.template.loaders.app_directories.Loader',
]
MIDDLEWARE_CLASSES = [
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
]
# ######### I18N and L10N ##################
# Local time zone for this installation. Choices can be found here:
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
# although not all choices may be available on all operating systems.
# On Unix systems, a value of None will cause Django to use the same
# timezone as the operating system.
# If running in a Windows environment this must be set to the same as your
# system time zone.
TIME_ZONE = values.Value('Europe/Berlin')
USE_TZ = values.BooleanValue(True)
# Language code for this installation. All choices can be found here:
# http://www.i18nguy.com/unicode/language-identifiers.html
LANGUAGE_CODE = values.Value('en-us')
LANGUAGES = (
('en', gettext('English')),
('es', gettext('Spanish')),
('fi-fi', gettext('Finnish (Finland)')),
('de', gettext('German')),
('da-dk', gettext('Danish (Denmark)')),
('it', gettext('Italian')),
('pt', gettext('Portuguese')),
('sv-se', gettext('Swedish (Sweden)')),
('sv-fi', gettext('Swedish (Finland)')),
('zh-cn', gettext('Chinese (Simplified)')),
('zh-hk', gettext('Chinese (Traditional, Hong Kong)')),
)
# If you set this to False, Django will make some optimizations so as not
# to load the internationalization machinery.
USE_I18N = values.BooleanValue(True)
# If you set this to False, Django will not format dates, numbers and
# calendars according to the current locale
USE_L10N = values.BooleanValue(True)
DATE_FORMAT = values.Value("d. F Y")
SHORT_DATE_FORMAT = values.Value("d.m.Y")
DATE_INPUT_FORMATS = values.TupleValue(("%d.%m.%Y", ))
SHORT_DATETIME_FORMAT = values.Value("d.m.Y H:i")
DATETIME_INPUT_FORMATS = values.TupleValue(("%d.%m.%Y %H:%M", ))
TIME_FORMAT = values.Value("H:i")
TIME_INPUT_FORMATS = values.TupleValue(("%H:%M", ))
HOLIDAYS = [
(1, 1), # New Year's Day
(12, 25), # Christmas
(12, 26) # Second day of Christmas
]
# Weekends are non-working days
HOLIDAYS_WEEKENDS = True
# Calculates other holidays based on easter sunday
HOLIDAYS_FOR_EASTER = (0, -2, 1, 39, 50, 60)
# ######## Logging ##########
# A sample logging configuration.
LOGGING = {
'version': 1,
'disable_existing_loggers': True,
'root': {
'level': 'WARNING',
'handlers': [],
},
'filters': {
'require_debug_false': {
'()': 'django.utils.log.RequireDebugFalse'
}
},
'formatters': {
'verbose': {
'format':
'%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
},
},
'handlers': {
'mail_admins': {
'level': 'ERROR',
'filters': ['require_debug_false'],
'class': 'django.utils.log.AdminEmailHandler'
},
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
}
},
'loggers': {
'froide': {
'handlers': ['console'],
'propagate': True,
'level': 'DEBUG',
},
'django.request': {
'handlers': ['mail_admins'],
'level': 'ERROR',
'propagate': True,
},
'django.db.backends': {
'level': 'ERROR',
'handlers': ['console'],
'propagate': False,
}
}
}
# ######## Security ###########
CSRF_COOKIE_SECURE = False
CSRF_COOKIE_HTTPONLY = True
CSRF_FAILURE_VIEW = values.Value('froide.account.views.csrf_failure')
# Change this
# ALLOWED_HOSTS = ()
SESSION_COOKIE_AGE = values.IntegerValue(3628800) # six weeks
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_SECURE = False
# ######## Celery #############
CELERY_RESULT_BACKEND = values.Value(
'djcelery.backends.database:DatabaseBackend')
CELERYBEAT_SCHEDULER = values.Value(
"djcelery.schedulers.DatabaseScheduler")
CELERY_ALWAYS_EAGER = values.BooleanValue(True)
CELERY_ROUTES = {
'froide.foirequest.tasks.fetch_mail': {
"queue": "emailfetch"
},
}
CELERY_TIMEZONE = TIME_ZONE
# ######## Haystack ###########
HAYSTACK_CONNECTIONS = {
'default': {
'ENGINE': 'haystack.backends.simple_backend.SimpleEngine',
}
}
# ######### Tastypie #########
TASTYPIE_SWAGGER_API_MODULE = values.Value('froide.urls.v1_api')
# ######### Froide settings ########
FROIDE_THEME = None
FROIDE_CONFIG = dict(
create_new_publicbody=True,
publicbody_empty=True,
user_can_hide_web=True,
public_body_officials_public=True,
public_body_officials_email_public=False,
request_public_after_due_days=14,
payment_possible=True,
currency="Euro",
default_law=1,
search_engine_query=
"http://www.google.de/search?as_q=%(query)s&as_epq=&as_oq=&as_eq=&hl=en&lr=&cr=&as_ft=i&as_filetype=&as_qdr=all&as_occt=any&as_dt=i&as_sitesearch=%(domain)s&as_rights=&safe=images",
greetings=[rec(u"Dear (?:Mr\.?|Ms\.? .*?)")],
closings=[rec(u"Sincerely yours,?")],
public_body_boosts={},
dryrun=False,
request_throttle=
None, # Set to [(15, 7 * 24 * 60 * 60),] for 15 requests in 7 days
dryrun_domain="testmail.example.com",
allow_pseudonym=False,
doc_conversion_binary=None, # replace with libreoffice instance
doc_conversion_call_func=None, # see settings_test for use
)
# ###### Email ##############
# Django settings
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
EMAIL_SUBJECT_PREFIX = values.Value('[Froide] ')
SERVER_EMAIL = values.Value('*****@*****.**')
DEFAULT_FROM_EMAIL = values.Value('*****@*****.**')
# Official Notification Mail goes through
# the normal Django SMTP Backend
EMAIL_HOST = values.Value("")
EMAIL_PORT = values.IntegerValue(587)
EMAIL_HOST_USER = values.Value("")
EMAIL_HOST_PASSWORD = values.Value("")
EMAIL_USE_TLS = values.BooleanValue(True)
# Froide special case settings
# IMAP settings for fetching mail
FOI_EMAIL_PORT_IMAP = values.IntegerValue(993)
FOI_EMAIL_HOST_IMAP = values.Value("imap.example.com")
FOI_EMAIL_ACCOUNT_NAME = values.Value("*****@*****.**")
FOI_EMAIL_ACCOUNT_PASSWORD = values.Value("")
FOI_EMAIL_USE_SSL = values.BooleanValue(True)
# SMTP settings for sending FoI mail
FOI_EMAIL_HOST_USER = values.Value(FOI_EMAIL_ACCOUNT_NAME)
FOI_EMAIL_HOST_FROM = values.Value(FOI_EMAIL_HOST_USER)
FOI_EMAIL_HOST_PASSWORD = values.Value(FOI_EMAIL_ACCOUNT_PASSWORD)
FOI_EMAIL_HOST = values.Value("smtp.example.com")
FOI_EMAIL_PORT = values.IntegerValue(537)
FOI_EMAIL_USE_TLS = values.BooleanValue(True)
# The FoI Mail can use a different account
FOI_EMAIL_DOMAIN = values.Value("example.com")
FOI_EMAIL_TEMPLATE = None
# Example:
# FOI_EMAIL_TEMPLATE = lambda user_name, secret: "{username}.{secret}@{domain}" % (user_name, secret, FOI_EMAIL_DOMAIN)
# Is the message you can send from fixed
# or can you send from any address you like?
FOI_EMAIL_FIXED_FROM_ADDRESS = values.BooleanValue(True)
class Base(Core):
"""Settings that may change on a per-environment basis, some with defaults."""
# General settings
DEBUG = values.BooleanValue(False)
# Database settings
DATABASES = values.DatabaseURLValue(
'postgres://postgres@localhost/morgoth')
# Security settings
SECRET_KEY = values.SecretValue()
ALLOWED_HOSTS = values.ListValue([])
AUTH_PASSWORD_VALIDATORS = [
{
'NAME':
'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'
},
{
'NAME':
'django.contrib.auth.password_validation.MinimumLengthValidator'
},
{
'NAME':
'django.contrib.auth.password_validation.CommonPasswordValidator'
},
{
'NAME':
'django.contrib.auth.password_validation.NumericPasswordValidator'
},
]
PASSWORD_HASHERS = values.ListValue([
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
])
USE_X_FORWARDED_HOST = values.BooleanValue(False)
SECURE_PROXY_SSL_HEADER = values.TupleValue()
SECURE_HSTS_SECONDS = values.IntegerValue(3600)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
CSRF_COOKIE_HTTPONLY = values.BooleanValue(True)
CSRF_COOKIE_SECURE = values.BooleanValue(True)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
X_FRAME_OPTIONS = values.Value('DENY')
# Media and static settings
STATIC_URL = '/static/'
STATIC_ROOT = values.Value(os.path.join(Core.BASE_DIR, 'static'))
MEDIA_URL = values.Value('/media/')
MEDIA_ROOT = values.Value(os.path.join(Core.BASE_DIR, 'media'))
STATICFILES_DIRS = (os.path.join(Core.BASE_DIR, 'assets'), )
STATICFILES_STORAGE = values.Value(
'whitenoise.django.GzipManifestStaticFilesStorage')
ADMIN_ENABLED = values.BooleanValue(True)
# statsd
STATSD_HOST = values.Value('localhost')
STATSD_PORT = values.IntegerValue(8125)
STATSD_IPV6 = values.BooleanValue(False)
STATSD_PREFIX = values.Value('morgoth')
STATSD_MAXUDPSIZE = values.IntegerValue(512)
class Production(Base):
"""Settings for the production environment."""
USE_X_FORWARDED_HOST = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(
('HTTP_X_FORWARDED_PROTO', 'https'))
class Production(Base):
"""Settings for the production environment."""
USE_X_FORWARDED_HOST = values.BooleanValue(True)
SECURE_PROXY_SSL_HEADER = values.TupleValue(('HTTP_X_FORWARDED_PROTO', 'https'))
LOGGING_USE_JSON = values.Value(True)
SECURE_HSTS_SECONDS = values.IntegerValue(31536000) # 1 year
class Base(Core):
"""Settings that may change per-environment, some with defaults."""
# Flags that affect other settings, via setting methods below
LOGGING_USE_JSON = values.BooleanValue(False)
USE_OIDC = values.BooleanValue(False)
# General settings
DEBUG = values.BooleanValue(False)
ADMINS = values.SingleNestedListValue([])
SILENCED_SYSTEM_CHECKS = values.ListValue([
# Check CSRF cookie http only. disabled because we read the
# CSRF cookie in JS for forms in React.
'security.W017',
])
# Authentication
def AUTHENTICATION_BACKENDS(self):
if self.USE_OIDC:
return ['normandy.base.auth_backends.LoggingRemoteUserBackend']
else:
return ['normandy.base.auth_backends.LoggingModelBackend']
OIDC_REMOTE_AUTH_HEADER = values.Value('HTTP_REMOTE_USER')
OIDC_LOGOUT_URL = values.Value(None)
# Middleware that _most_ environments will need. Subclasses can override this list.
EXTRA_MIDDLEWARE = [
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
]
def MIDDLEWARE(self):
"""
Determine middleware by combining the core set and
per-environment set.
"""
middleware = Core.MIDDLEWARE + self.EXTRA_MIDDLEWARE
if self.USE_OIDC:
middleware.append('normandy.base.middleware.ConfigurableRemoteUserMiddleware')
return middleware
def LOGGING(self):
return {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'json': {
'()': 'mozilla_cloud_services_logger.formatters.JsonLogFormatter',
'logger_name': 'normandy',
},
'development': {
'format': '%(levelname)s %(asctime)s %(name)s %(message)s',
},
},
'handlers': {
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
'formatter': 'json' if self.LOGGING_USE_JSON else 'development',
},
},
'root': {
'handlers': ['console'],
'level': 'WARNING',
},
'loggers': {
'normandy': {
'propagate': False,
'handlers': ['console'],
'level': 'DEBUG',
},
'request.summary': {
'propagate': False,
'handlers': ['console'],
'level': 'DEBUG',
},
},
}
# Remote services
DATABASES = values.DatabaseURLValue('postgres://postgres@localhost/normandy')
CONN_MAX_AGE = values.IntegerValue(0)
GEOIP2_DATABASE = values.Value(os.path.join(Core.BASE_DIR, 'GeoLite2-Country.mmdb'))
# Email settings
EMAIL_HOST_USER = values.Value()
EMAIL_HOST = values.Value()
EMAIL_PORT = values.IntegerValue(587)
EMAIL_USE_TLS = values.BooleanValue(True)
EMAIL_HOST_PASSWORD = values.Value()
EMAIL_BACKEND = values.Value('django.core.mail.backends.smtp.EmailBackend')
def RAVEN_CONFIG(self):
version_path = os.path.join(Core.BASE_DIR, '__version__', 'tag')
try:
with open(version_path) as f:
version = f.read().strip()
except IOError:
version = None
return {
'dsn': values.URLValue(None, environ_name='RAVEN_CONFIG_DSN'),
'release': values.Value(version, environ_name='RAVEN_CONFIG_RELEASE'),
}
# statsd
STATSD_HOST = values.Value('localhost')
STATSD_PORT = values.IntegerValue(8125)
STATSD_IPV6 = values.BooleanValue(False)
STATSD_PREFIX = values.Value('normandy')
STATSD_MAXUDPSIZE = values.IntegerValue(512)
# Security settings
SECRET_KEY = values.SecretValue()
ALLOWED_HOSTS = values.ListValue([])
AUTH_PASSWORD_VALIDATORS = [
{'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'},
{'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'},
{'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator'},
{'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'},
]
PASSWORD_HASHERS = values.ListValue([
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
])
USE_X_FORWARDED_HOST = values.BooleanValue(False)
SECURE_PROXY_SSL_HEADER = values.TupleValue()
SECURE_HSTS_SECONDS = values.IntegerValue(3600)
SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)
CSRF_COOKIE_HTTPONLY = values.BooleanValue(False)
CSRF_COOKIE_SECURE = values.BooleanValue(True)
SECURE_SSL_REDIRECT = values.BooleanValue(True)
SECURE_REDIRECT_EXEMPT = values.ListValue([])
SESSION_COOKIE_SECURE = values.BooleanValue(True)
SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True)
SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True)
X_FRAME_OPTIONS = values.Value('DENY')
REQUIRE_RECIPE_AUTH = values.BooleanValue(True)
# Media and static settings
STATIC_URL = values.Value('/static/')
STATIC_ROOT = values.Value(os.path.join(Core.BASE_DIR, 'static'))
MEDIA_URL = values.Value('/media/')
MEDIA_ROOT = values.Value(os.path.join(Core.BASE_DIR, 'media'))
STATICFILES_DIRS = (
os.path.join(Core.BASE_DIR, 'assets'),
)
# URL that the CDN exists at to front cached parts of the site, if any.
CDN_URL = values.URLValue(None)
# URL that bypasses any CDNs
APP_SERVER_URL = values.URLValue(None)
# URL for the CSP report-uri directive.
CSP_REPORT_URI = values.Value('/__cspreport__')
# Normandy settings
ADMIN_ENABLED = values.BooleanValue(True)
ACTION_IMPLEMENTATION_CACHE_TIME = values.IntegerValue(60 * 60 * 24 * 365)
NUM_PROXIES = values.IntegerValue(0)
API_CACHE_TIME = values.IntegerValue(30)
API_CACHE_ENABLED = values.BooleanValue(True)
# If true, approvals must come from two separate users. If false, the same
# user can approve their own request.
PEER_APPROVAL_ENFORCED = values.BooleanValue(True)
# Autograph settings
AUTOGRAPH_URL = values.Value()
AUTOGRAPH_HAWK_ID = values.Value()
AUTOGRAPH_HAWK_SECRET_KEY = values.Value()
AUTOGRAPH_SIGNATURE_MAX_AGE = values.IntegerValue(60 * 60 * 24 * 7)
AUTOGRAPH_X5U_CACHE_BUST = values.Value(None)
# How many days before expiration to warn for expired certificates
CERTIFICATES_EXPIRE_EARLY_DAYS = values.IntegerValue(None)
PROD_DETAILS_DIR = values.Value(os.path.join(Core.BASE_DIR, 'product_details'))
# AWS settings
AWS_ACCESS_KEY_ID = values.Value()
AWS_SECRET_ACCESS_KEY = values.Value()
AWS_STORAGE_BUCKET_NAME = values.Value()
GITHUB_URL = values.Value('https://github.com/mozilla/normandy')
