diff --git a/.env_example b/.env_example index 7e90f965..8af8d592 100644 --- a/.env_example +++ b/.env_example @@ -1,6 +1,6 @@ DJANGO_APP_STAGE=prod # Only used in dev mode, change to "postgresql" if you want to use PostgreSQL in dev -DJANGO_DEV_STORE_METHOD=sqllite +DJANGO_DEV_STORE_METHOD=sqlite DJANGO_DB_HOST=localhost DJANGO_DB_NAME=note_db DJANGO_DB_USER=note @@ -8,13 +8,17 @@ DJANGO_DB_PASSWORD=CHANGE_ME DJANGO_DB_PORT= DJANGO_SECRET_KEY=CHANGE_ME DJANGO_SETTINGS_MODULE=note_kfet.settings +DJANGO_ALLOWED_HOST=localhost CONTACT_EMAIL=tresorerie.bde@localhost -NOTE_URL=localhost +DOMAIN=localhost + # Config for mails. Only used in production NOTE_MAIL=notekfet@localhost EMAIL_HOST=smtp.localhost -EMAIL_PORT=465 +EMAIL_PORT=25 EMAIL_USER=notekfet@localhost EMAIL_PASSWORD=CHANGE_ME + +# Wiki configuration WIKI_USER=NoteKfet2020 -WIKI_PASSWORD= \ No newline at end of file +WIKI_PASSWORD= diff --git a/README.md b/README.md index e5775b29..0c36c859 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ On supposera pour la suite que vous utilisez Debian/Ubuntu sur un serveur tout n et on renseigne des secrets et des paramètres : DJANGO_APP_STAGE=dev # ou "prod" - DJANGO_DEV_STORE_METHOD=sqllite # ou "postgres" + DJANGO_DEV_STORE_METHOD=sqlite # ou "postgres" DJANGO_DB_HOST=localhost DJANGO_DB_NAME=note_db DJANGO_DB_USER=note @@ -115,13 +115,13 @@ On supposera pour la suite que vous utilisez Debian/Ubuntu sur un serveur tout n DJANGO_DB_PORT= DJANGO_SECRET_KEY=CHANGE_ME DJANGO_SETTINGS_MODULE="note_kfet.settings + DJANGO_ALLOWED_HOST=localhost # URL où accéder à la note DOMAIN=localhost # note.example.com CONTACT_EMAIL=tresorerie.bde@localhost - NOTE_URL=localhost # URL où accéder à la note # Le reste n'est utile qu'en production, pour configurer l'envoi des mails NOTE_MAIL=notekfet@localhost EMAIL_HOST=smtp.localhost - EMAIL_PORT=465 + EMAIL_PORT=25 EMAIL_USER=notekfet@localhost EMAIL_PASSWORD=CHANGE_ME WIKI_USER=NoteKfet2020 diff --git a/note_kfet/settings/__init__.py b/note_kfet/settings/__init__.py index ce691cc9..dcfa88a8 100644 --- a/note_kfet/settings/__init__.py +++ b/note_kfet/settings/__init__.py @@ -3,8 +3,7 @@ from django.utils.translation import gettext_lazy as _ import re - -from .base import * +import os def read_env(): @@ -30,12 +29,15 @@ def read_env(): os.environ.setdefault(key, val) +# Try to load environment variables from project .env read_env() -app_stage = os.environ.get('DJANGO_APP_STAGE', 'dev') -if app_stage == 'prod': - from .production import * -else: +# Load base settings +from .base import * + +# If in dev mode, then override some settings +app_stage = os.getenv('DJANGO_APP_STAGE', 'dev') +if app_stage == 'dev': from .development import * try: diff --git a/note_kfet/settings/base.py b/note_kfet/settings/base.py index bf9b99c7..7da8680b 100644 --- a/note_kfet/settings/base.py +++ b/note_kfet/settings/base.py @@ -1,6 +1,9 @@ # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay # SPDX-License-Identifier: GPL-3.0-or-later +# This file implements sane defaults to use in production. +# Some settings are overridable with an environment variable. + import os # Build paths inside the project like this: os.path.join(BASE_DIR, ...) @@ -10,12 +13,14 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__fil # See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = os.getenv('DJANGO_SECRET_KEY', 'CHANGE_ME_IN_LOCAL_SETTINGS!') +SECRET_KEY = os.getenv('DJANGO_SECRET_KEY', 'CHANGE_ME_IN_ENV_SETTINGS') # SECURITY WARNING: don't run with debug turned on in production! DEBUG = os.getenv('DJANGO_DEBUG', False) -ALLOWED_HOSTS = [] +ALLOWED_HOSTS = [ + os.getenv('DJANGO_ALLOWED_HOST', 'localhost'), +] # Application definition @@ -97,9 +102,10 @@ WSGI_APPLICATION = 'note_kfet.wsgi.application' DATABASES = { 'default': { - 'ENGINE': os.getenv('DJANGO_DB_ENGINE', 'django.db.backends.sqlite3'), - 'NAME': os.getenv('DJANGO_DB_NAME', os.path.join(BASE_DIR, 'db.sqlite3')), + 'ENGINE': os.getenv('DJANGO_DB_ENGINE', 'django.db.backends.postgresql'), + 'NAME': os.getenv('DJANGO_DB_NAME', 'note_db'), 'USER': os.getenv('DJANGO_DB_USER', 'note'), + 'PASSWORD': os.getenv('DJANGO_DB_PASSWORD', 'CHANGE_ME_IN_ENV_SETTINGS'), 'HOST': os.getenv('DJANGO_DB_HOST', 'localhost'), 'PORT': os.getenv('DJANGO_DB_PORT', ''), # Use default port } @@ -164,7 +170,6 @@ STATIC_ROOT = os.path.join(BASE_DIR, "static/") # Add /apps/ directory to Python modules search path import sys sys.path.append(os.path.realpath(os.path.join(BASE_DIR, 'apps'))) -print(BASE_DIR, sys.path) # Use /locale/ for locale files LOCALE_PATHS = [os.path.join(BASE_DIR, 'locale')] @@ -188,6 +193,19 @@ AUTHENTICATION_BACKENDS = ( MEDIA_ROOT = os.path.join(BASE_DIR, "media") MEDIA_URL = '/media/' +# Use mailer in production to place emails in a queue before sending them to avoid spam +EMAIL_BACKEND = 'mailer.backend.DbBackend' +MAILER_EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' +EMAIL_USE_SSL = os.getenv('EMAIL_USE_SSL', False) +EMAIL_HOST = os.getenv('EMAIL_HOST', 'smtp.example.org') +EMAIL_PORT = os.getenv('EMAIL_PORT', 25) +EMAIL_HOST_USER = os.getenv('EMAIL_USER', None) +EMAIL_HOST_PASSWORD = os.getenv('EMAIL_PASSWORD', None) + +# Mail will be sent from this address +SERVER_EMAIL = os.getenv("NOTE_MAIL", "notekfet@example.com") +DEFAULT_FROM_EMAIL = "NoteKfet2020 <" + SERVER_EMAIL + ">" + # Django REST Framework REST_FRAMEWORK = { 'DEFAULT_PERMISSION_CLASSES': [ @@ -209,6 +227,9 @@ FORM_RENDERER = 'django.forms.renderers.TemplatesSetting' # After login redirect user to transfer page LOGIN_REDIRECT_URL = '/note/transfer/' +# An user session will expired after 3 hours +SESSION_COOKIE_AGE = 60 * 60 * 3 + # Use Crispy Bootstrap4 theme CRISPY_TEMPLATE_PACK = 'bootstrap4' @@ -218,11 +239,6 @@ DJANGO_TABLES2_TEMPLATE = 'django_tables2/bootstrap4.html' # Use only one Django Sites SITE_ID = 1 -# When a server error occured, send an email to these addresses -ADMINS = ( - # ('Admin', 'webmaster@example.com'), -) - # Default regex to validate users aliases ALIAS_VALIDATOR_REGEX = r'' diff --git a/note_kfet/settings/development.py b/note_kfet/settings/development.py index cc94ffd6..0ac5864b 100644 --- a/note_kfet/settings/development.py +++ b/note_kfet/settings/development.py @@ -5,30 +5,15 @@ # Development Settings # ######################## # For local dev on your machine: -# - Enabled by default -# - use sqlite as a db engine , Debug is True. +# - debug by default +# - use sqlite as a db engine by default # - standalone mail server -# - and more ... - +# - and more... import os -# Database -# https://docs.djangoproject.com/en/2.2/ref/settings/#databases -from . import * - -if os.getenv("DJANGO_DEV_STORE_METHOD", "sqllite") == "postgresql": - DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.postgresql_psycopg2', - 'NAME': os.environ.get('DJANGO_DB_NAME', 'note_db'), - 'USER': os.environ.get('DJANGO_DB_USER', 'note'), - 'PASSWORD': os.environ.get('DJANGO_DB_PASSWORD', 'CHANGE_ME_IN_ENV_SETTINGS'), - 'HOST': os.environ.get('DJANGO_DB_HOST', 'localhost'), - 'PORT': os.environ.get('DJANGO_DB_PORT', ''), # Use default port - } - } -else: +if os.getenv("DJANGO_DEV_STORE_METHOD", "sqlite") != "postgresql": + # Use an SQLite database DATABASES = { 'default': { 'ENGINE': 'django.db.backends.sqlite3', @@ -39,15 +24,14 @@ else: # Break it, fix it! DEBUG = True -# Mandatory ! +# Allow access from all hostnames ALLOWED_HOSTS = ['*'] -# Emails +# Drop emails to server console EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' - SERVER_EMAIL = 'notekfet@localhost' -# Security settings +# Disable some security settings SECURE_CONTENT_TYPE_NOSNIFF = False SECURE_BROWSER_XSS_FILTER = False SESSION_COOKIE_SECURE = False @@ -55,7 +39,3 @@ CSRF_COOKIE_SECURE = False CSRF_COOKIE_HTTPONLY = False X_FRAME_OPTIONS = 'DENY' SESSION_COOKIE_AGE = 60 * 60 * 3 - -STATIC_ROOT = '' # not needed in development settings -STATICFILES_DIRS = [ - os.path.join(BASE_DIR, 'static')] diff --git a/note_kfet/settings/production.py b/note_kfet/settings/production.py deleted file mode 100644 index d7c51ebc..00000000 --- a/note_kfet/settings/production.py +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay -# SPDX-License-Identifier: GPL-3.0-or-later - -import os - -######################## -# Production Settings # -######################## -# For local dev on your machine: -# - Enabled by setting env variable DJANGO_APP_STAGE = 'prod' -# - use Postgresql as db engine -# - Debug should be false. -# - should have a dedicated mail server -# - and more ... - -DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.postgresql_psycopg2', - 'NAME': os.environ.get('DJANGO_DB_NAME', 'note_db'), - 'USER': os.environ.get('DJANGO_DB_USER', 'note'), - 'PASSWORD': os.environ.get('DJANGO_DB_PASSWORD', 'CHANGE_ME_IN_ENV_SETTINGS'), - 'HOST': os.environ.get('DJANGO_DB_HOST', 'localhost'), - 'PORT': os.environ.get('DJANGO_DB_PORT', ''), # Use default port - } -} - -# Break it, fix it! -DEBUG = False - -# Mandatory ! -ALLOWED_HOSTS = [os.environ.get('NOTE_URL', 'localhost')] - -SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY', 'CHANGE_ME_IN_ENV_SETTINGS') - -# Emails -EMAIL_BACKEND = 'mailer.backend.DbBackend' # Mailer place emails in a queue before sending them to avoid spam -MAILER_EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' -EMAIL_USE_SSL = False -EMAIL_HOST = os.getenv('EMAIL_HOST', 'smtp.example.org') -EMAIL_PORT = os.getenv('EMAIL_PORT', 465) -EMAIL_HOST_USER = os.getenv('EMAIL_USER', None) -EMAIL_HOST_PASSWORD = os.getenv('EMAIL_PASSWORD', None) - -SERVER_EMAIL = os.getenv("NOTE_MAIL", "notekfet@example.com") -DEFAULT_FROM_EMAIL = "NoteKfet2020 <" + SERVER_EMAIL + ">" - -# Security settings -SECURE_CONTENT_TYPE_NOSNIFF = False -SECURE_BROWSER_XSS_FILTER = False -SESSION_COOKIE_SECURE = False -CSRF_COOKIE_SECURE = False -CSRF_COOKIE_HTTPONLY = False -X_FRAME_OPTIONS = 'DENY' -SESSION_COOKIE_AGE = 60 * 60 * 3 diff --git a/note_kfet/settings/secrets_example.py b/note_kfet/settings/secrets_example.py index 5f4b8ff5..b1f9e399 100644 --- a/note_kfet/settings/secrets_example.py +++ b/note_kfet/settings/secrets_example.py @@ -7,4 +7,7 @@ OPTIONAL_APPS = [ # 'debug_toolbar' ] -ADMINS = [('Note Kfet', 'notekfet@example.com')] +# When a server error occured, send an email to these addresses +ADMINS = ( + ('Note Kfet', 'notekfet@example.com'), +)