# This file is part of photo21 # Copyright (C) 2022 Amicale des élèves de l'ENS Paris-Saclay # SPDX-License-Identifier: GPL-3.0-or-later """ Django settings for photo21 project. For more information on this file, see https://docs.djangoproject.com/en/2.2/topics/settings/ For the full list of settings and their values, see https://docs.djangoproject.com/en/2.2/ref/settings/ """ import os from decouple import Csv, config from django.contrib.messages import constants as messages from django.utils.translation import gettext_lazy as _ # Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = config("SECRET_KEY") # SECURITY WARNING: don't run with debug turned on in production! DEBUG = config("DEBUG", default=False, cast=bool) ALLOWED_HOSTS = ["127.0.0.1", "localhost"] + config("EXTRA_HOSTS", default="", cast=Csv()) INTERNAL_IPS = [ "127.0.0.1", "localhost", ] # Admins receive server errors, this is useful to be notified of potential bugs # Format: "Name:email,Name2:email2" ADMINS = [tuple(a.split(":")) for a in config("ADMINS", default="", cast=Csv()) if a] # Use secure cookies in production SESSION_COOKIE_SECURE = not DEBUG CSRF_COOKIE_SECURE = not DEBUG # Trust Caddy's forwarded proto header SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') # Remember HTTPS for 1 year SECURE_HSTS_SECONDS = 31536000 SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_HSTS_PRELOAD = True # Application definition OAUTH_ENABLED = config("OAUTH_ENABLED", default=False, cast=bool) OAUTH_ONLY = config("OAUTH_ONLY", default=False, cast=bool) OAUTH_CLIENT_ID = config("OAUTH_CLIENT_ID", default="") OAUTH_CLIENT_SECRET = config("OAUTH_CLIENT_SECRET", default="") OAUTH_SERVER_URL = config("OAUTH_SERVER_URL", default="") OAUTH_BUTTON_TEXT = config("OAUTH_BUTTON_TEXT", default="Login with OAuth") OAUTH_BUTTON_IMAGE = config("OAUTH_BUTTON_IMAGE", default="") OAUTH_SCOPE = config("OAUTH_SCOPE", default="openid profile email", cast=Csv(delimiter=" ")) INSTALLED_APPS = [ "django.contrib.admin", "django.contrib.admindocs", "django.contrib.auth", "django.contrib.contenttypes", "django.contrib.sessions", "django.contrib.sites", "django.contrib.messages", "django.contrib.staticfiles", "django_select2", "allauth", "allauth.account", "allauth.socialaccount", "crispy_forms", "photologue", "photo21", ] if OAUTH_ENABLED: INSTALLED_APPS += ["allauth_oauth"] if DEBUG: INSTALLED_APPS += ["debug_toolbar",] # For debug and optimisations MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", "whitenoise.middleware.WhiteNoiseMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", "django.middleware.common.CommonMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", "django.middleware.locale.LocaleMiddleware", "django.contrib.sites.middleware.CurrentSiteMiddleware", "allauth.account.middleware.AccountMiddleware", # For the django =< 5.0 ] if DEBUG: MIDDLEWARE += ["debug_toolbar.middleware.DebugToolbarMiddleware",] ROOT_URLCONF = "photo21.urls" TEMPLATES = [ { "BACKEND": "django.template.backends.django.DjangoTemplates", "DIRS": [os.path.join(BASE_DIR, "photo21/templates")], "APP_DIRS": True, "OPTIONS": { "context_processors": [ "django.template.context_processors.debug", "django.template.context_processors.request", "django.contrib.auth.context_processors.auth", "django.contrib.messages.context_processors.messages", ], }, }, ] AUTHENTICATION_BACKENDS = [ # Needed to login by username in Django admin, regardless of `allauth` "django.contrib.auth.backends.ModelBackend", # `allauth` specific authentication methods, such as login by e-mail "allauth.account.auth_backends.AuthenticationBackend", ] WSGI_APPLICATION = "photo21.wsgi.application" # Database # https://docs.djangoproject.com/en/2.2/ref/settings/#databases _db_engine = config("DB_ENGINE", default="sqlite").strip().lower() if _db_engine == "postgres": DATABASES = { "default": { "ENGINE": "django.db.backends.postgresql", "NAME": config("DB_NAME", default="photo21"), "USER": config("DB_USER", default="photo21"), "PASSWORD": config("DB_PASSWORD", default=""), "HOST": config("DB_HOST", default="localhost"), "PORT": config("DB_PORT", default="5432"), } } elif _db_engine == "sqlite": DATABASES = { "default": { "ENGINE": "django.db.backends.sqlite3", "NAME": config("DB_PATH", default=os.path.join(BASE_DIR, "db.sqlite3")), "OPTIONS": { "timeout": 10, }, } } else: raise ValueError(f"Unknown DB_ENGINE '{_db_engine}'. Must be 'sqlite' or 'postgres'.") CACHES = { "default": { "BACKEND": "django.core.cache.backends.locmem.LocMemCache", "LOCATION": "Master", } } # Password validation # https://docs.djangoproject.com/en/2.2/ref/settings/#auth-password-validators AUTH_PASSWORD_VALIDATORS = [ { "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", }, { "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", }, { "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", }, { "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", }, ] # Internationalization # https://docs.djangoproject.com/en/2.2/topics/i18n/ TIME_ZONE = "UTC" USE_TZ = True # Limit available languages to this subset LANGUAGES = [ ("en", _("English")), ("fr", _("French")), ] # Allow more fields in URL to edit large galleries DATA_UPLOAD_MAX_NUMBER_FIELDS = 10240 # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/2.2/howto/static-files/ STATIC_URL = "/static/" STATICFILES_DIRS = [ os.path.join(BASE_DIR, "photo21/static"), ] # Collect statics to /static/ # THIS FOLDER SOULD NOT BE IN GIT TREE!!! STATIC_ROOT = os.path.join(BASE_DIR, "static/") # Use /media/ for user uploaded media MEDIA_ROOT = os.path.join(BASE_DIR, "media") MEDIA_URL = "/media/" STORAGES = { "default": { "BACKEND": "django.core.files.storage.FileSystemStorage", }, "staticfiles": { "BACKEND": "photo21.storage.CompressedManifestStorage", }, } WHITENOISE_MANIFEST_STRICT = False LOCALE_PATHS = [os.path.join(BASE_DIR, "photo21/locale")] # Do not send email during debug # By default Django sends mails to localhost:25 without authentification if DEBUG: EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend" # Mail will be sent from this address SERVER_EMAIL = config("SERVER_EMAIL", default="photos@crans.org") DEFAULT_FROM_EMAIL = f"Serveur photos <{SERVER_EMAIL}>" EMAIL_SUBJECT_PREFIX = "[Serveur photos] " EMAIL_HOST = config("SMTP_HOST", default="localhost") EMAIL_PORT = config("SMTP_PORT", default=25, cast=int) EMAIL_HOST_USER = config("SMTP_USER", default="") EMAIL_HOST_PASSWORD = config("SMTP_PASSWORD", default="") EMAIL_USE_TLS = config("SMTP_USE_TLS", default=False, cast=bool) # After login redirect user to transfer page LOGIN_REDIRECT_URL = "/" # Use only one Django Sites SITE_ID = 1 # Django message MESSAGE_TAGS = { messages.DEBUG: "alert-secondary", messages.INFO: "alert-info", messages.SUCCESS: "alert-success", messages.WARNING: "alert-warning", messages.ERROR: "alert-danger", } # Allauth configuration ## For the django =< 5.0 ACCOUNT_EMAIL_REQUIRED = True # ACCOUNT_SIGNUP_FIELDS = ['email*', 'username*', 'password1*', 'password2*'] ## For the django =< 5.0 ACCOUNT_EMAIL_VERIFICATION = config("EMAIL_VERIFICATION", default="mandatory") ACCOUNT_AUTHENTICATION_METHOD = "username_email" # ACCOUNT_LOGIN_METHODS = {'username', 'email'} ACCOUNT_FORMS = {"signup": "photo21.forms.CustomSignupForm"} if OAUTH_ENABLED: SOCIALACCOUNT_ONLY = OAUTH_ONLY SOCIALACCOUNT_PROVIDERS = { "oauth": { "SCOPE": OAUTH_SCOPE, "DOMAIN": OAUTH_SERVER_URL, "APP": { "client_id": OAUTH_CLIENT_ID, "secret": OAUTH_CLIENT_SECRET, }, }, } # Use Bootstrap forms CRISPY_TEMPLATE_PACK = "bootstrap4"