1
0
mirror of https://gitlab.crans.org/mediatek/med.git synced 2024-11-30 00:13:03 +00:00
Go to file
Alexandre Iooss 48c056b210 Harden Django project configuration
Set session and CSRF cookies as secure for production.
Set HSTS header to let browser remember HTTPS for 1 year.
2022-03-09 12:30:18 +01:00
logs Add page to search a media by its ISBN 2020-09-25 10:27:43 +02:00
med Harden Django project configuration 2022-03-09 12:30:18 +01:00
media Fix game research 2021-11-14 16:41:38 +01:00
theme Translate borrows 2021-11-14 14:26:41 +01:00
users Don't put current date as default value for memberships 2021-11-14 16:24:38 +01:00
.coveragerc Do not cover dead code 2020-02-09 15:08:52 +01:00
.gitignore README Apache 2020-02-09 16:07:37 +01:00
.gitlab-ci.yml Install Django Polymorphic to use polymorphic models 2021-10-23 19:20:32 +02:00
.pylintrc Update project base 2019-08-02 13:24:49 +02:00
COPYING Update project base 2019-08-02 13:24:49 +02:00
django-med.service Fix systemd service unit 2020-09-23 18:50:50 +02:00
Dockerfile Docker 2020-02-02 18:22:28 +01:00
entrypoint.sh Socket need to be accessible by apache 2020-09-28 21:31:50 +02:00
manage.py Add Debian Stretch requirements 2019-08-02 13:32:09 +02:00
README.md No more manage memberships, we will use NK20 2021-10-23 14:49:44 +02:00
requirements.txt Start implementation of OAuth client 2021-11-04 11:29:03 +01:00
tool_barcode_getblue.py Le Fetch ouvre ensuite la page pour entrer un nouveau média (code sans doute temporaire) 2020-02-20 13:42:22 +01:00
tox.ini Fix CI, add django22-py39 CI step 2020-12-28 22:58:04 +01:00

Site de la Mediatek

License: GPL v3 pipeline status coverage report

Le projet Med permet la gestion de la base de donnée de la médiathèque de l'ENS Paris-Saclay. Elle permet de gérer les medias, bd, jeux, emprunts, ainsi que les adhérents de la med.

Licence

Ce projet est sous la licence GNU public license v3.0.

Installation

Développement

On peut soit développer avec Docker, soit utiliser un VirtualEnv.

Dans le cas du VirtualEnv,

python3 -m venv venv
. venv/bin/activate
pip install -r requirements.txt
./manage.py compilemessages
./manage.py makemigrations
./manage.py migrate
./manage.py runserver

Production

Vous pouvez soit utiliser Docker, soit configurer manuellement le serveur.

Mise en place du projet sur Zamok

Pour mettre en place le projet sans droits root, on va créer un socket uwsgi dans le répertoire personnel de l'utilisateur club-med puis on va dire à Apache2 d'utiliser ce socket avec un .htaccess.

git clone https://gitlab.crans.org/mediatek/med.git django-med
chmod go-rwx -R django-med
python3 -m venv venv --system-site-packages
. venv/bin/activate
pip install -r requirements.txt
pip install mysqlclient~=1.4.4  # si base MySQL
pip install uwsgi~=2.0.18  # si production
./entrypoint.sh  # lance en shell

Pour lancer le serveur au démarrage de Zamok, on suit les instructions dans django-med.service.

Pour reverse-proxyfier le serveur derrière Apache, on place dans ~/www/.htaccess :

RewriteEngine On

# UWSGI socket
RewriteRule ^django.wsgi/(.*)$ unix:/home/c/club-med/django-med/uwsgi.sock|fcgi://localhost/ [P,NE,L]

# When not a file and not starting with django.wsgi, then forward to UWSGI
RewriteCond %{REQUEST_URI} !^/django.wsgi/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /django.wsgi/$1 [QSA,L]

Il est néanmoins une mauvaise idée de faire de la production sur SQLite, on configure donc ensuite Django et une base de données.

Configuration d'une base de données

Sur le serveur MySQL ou PostgreSQL, il est nécessaire de créer une base de donnée med, ainsi qu'un user med et un mot de passe associé.

Voici les étapes à executer pour PostgreSQL :

CREATE DATABASE "club-med";
CREATE USER "club-med" WITH PASSWORD 'MY-STRONG-PASSWORD';
GRANT ALL PRIVILEGES ON DATABASE "club-med" TO "club-med";

Exemple de groupes de droits

bureau
    media | Can view borrowed item
    media | Can add borrowed item
    media | Can change borrowed item
    media | Can delete borrowed item
    users | Can view user
    users | Can add user
    users | Can change user
    sporz | Can view gamesave
    + permissions keyholder

keyholder
    media | Can view author
    media | Can add author
    media | Can change author
    media | Can delete author
    media | Can view medium
    media | Can add medium
    media | Can change medium
    media | Can delete medium
    media | Can view game
    media | Can add game
    media | Can change game
    media | Can delete game
    media | Can view borrowed item
    media | Can add borrowed item
    media | Can change borrowed item
    media | Can delete borrowed item
    users | Can view user

users (default group for everyone)
    media | Can view author
    media | Can view game
    media | Can view medium
    sporz | Can add gamesave
    sporz | Can change gamesave
    sporz | Can add player
    sporz | Can change player
    sporz | Can delete player
    sporz | Can view player