-
Notifications
You must be signed in to change notification settings - Fork 0
/
settings.py
215 lines (181 loc) · 8.49 KB
/
settings.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
"""
These settings act as reference for the provider.
The provider is the one where the user initially signs up.
The consumer is the one where the user signs up on a different
website but uses the initial website's "account" to authenticate
on the second site.
Django settings for server/provider project.
Generated by 'django-admin startproject' using Django 3.2.
"""
from pathlib import Path
# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent
# IMPORTANT SETTINGS! IMPORTANT SETTINGS! IMPORTANT SETTINGS! IMPORTANT SETTINGS!
# These are settings I changed from Django's default settings or added
# -------------------------------------------------------------------------------
# Make sure this is an ENVIRONMENT VARIABLE in production
# through whatever injection method you can do it in.
OIDC_RSA_PRIVATE_KEY = """
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAtHzXj+9EDqw3B+xoL6CrUfMfwZrfqKNTGTp62i6FGGxuPkTO
qkp65xx1bdndz2SuxGa4YwuoVkCoOisNbh+S293YPcapGUMrbaj7kODT5FCX/AQu
OXOXRnvpY26S+1/6Xfc0bVWVK9pzemVKSXfLSw1t8Xxc2ZOpkNhVr9IVbrdoOgcz
TqSXvwyGqObaU/s6ZYgLfG0Rl2y3hSDH93yX3E31f2LCCLDW8/FHZe+WKGgsw5gz
vff0fVnAHcIwvxlLLGX8yomERjkC2f9SuFVzPgI8WquEpPwzsZIdHoFcUJRn7mZx
ZxBbgoPJeSO74O5OribfzLFWQmMagxh2O29KrIRJrKGTCQBaY83jWHtOidqEpVDf
AbMD4kqKJ2eObmC6/PNvsgtHJyJ8P5NgqyC4R6F9k2hGpyy4IDSU0VGQ6jSLyEa5
Zu+BwxxBrWcfCS1/a6YgR63DGcKh6XEohYOEeGOcV2CAqixbHHWuG34ATQh/9zHK
j5yNYDIe6FOM8EkeCSnSF30aG0aeDQjyWg7Z3mpMGtNw14wvhuf2s692caaiC11v
uCLOGI2S7Ay2bo7TRu0yuTqVGd6noZ27WT0FozLzaNpVG6JKV4ks7BABmMzG5SUv
4yLDPAoYK700jmW/3eU3TturuvjVOmF3NzmiklQYPD+66YTBfN5Fm+Csga0CAwEA
AQKCAgA8iFJTt89/jEq4oZUfxCcxSPUxnZu9l2lbYL2rR0bkNhmTUMhvXKNzt5u6
yAMYd5AV1s2oilRe+ThyqdXLRVOf4fuQXHyCOIDsOmyE3qKyREV1BIHsStRFk3Fn
I8KwBDSYJzyyHq31E0L/ndEYatEHzu08vJT3dAq+xY+XdEIz69dM/vU6PwGV1cGk
DCjVWcDwJHyVso7f1lqGj8QBQQw9mvfnTVv+RjERh66GhaA61RWOVBGmeO7Ky7sf
P+3Rac5IibwKwaxXUO+f5X38zMvl1CIh1ryaCOvddj/F52TqsZtZ3YnTIy1NzJ1Z
v55XhhVlWyxcHm3rvgk6Ro4AyQal3MSAbqphuWYXyfSgK05Pdc1PB0RkaT884PuO
lwE2WAs09KPw683NeuYnwW4cY5ijYEyAkBAnYljJea5qbbO3WTZkzAxIFaAHvtjc
Nyv7Zp4zB9QPaw8SbINHTVS4geWTWAYOTHgklA8CJNULR4nxqPX7kfKXzbc4rhiG
cgVlY9v90tjKCfvv0WXojsfQrcgm9quSOTsXfKZgTZ80igAgyLP43AoyALvu7xqP
dkaLi0mzsXt60bXUBkEE7UU0TYsV2+edItAWaZx2t/ZUctA0AsbUu8+TAU4wPApJ
xVwgNQ4bX3OLjFAdI90CfVDfRSMHB7MGyOU11pduQ1b46g0hAQKCAQEA6xrTx75V
dpTuH8UkvUFdP0i5WawkgSH0wGctZrGWe+1z2bEKRPcyakvO7m1hictw/rovosP6
7klPZjq3W+C8oUCrP53qLsPiVgYC58yEMOujEb8fPpqYlvmJOETRycJMuOPByZxR
/paHoGK4wzhSHwYOkR8HYVi/dbIKmuyZAh6JFMLVg653S9iEypG47B2+DGtmW2df
1waOZFnew1Ywz12HWZD1Mls/oDIjtBuNyPuwhNb1IyOiaem4YmoNx3cKxDFBAxVN
rC0TSyUamLRd6/4qBIx3KTzZ3JLpKj3GLkZRUVeE6EA82CUCHfknh0USN2wV38QD
7449TglucK2W3QKCAQEAxIdZlSybpCRkTWWYsu9HfHonQ+OTSZmNYTo6l0AbMtHD
bibCzG4hP8+Bp1nmMqf+XUFyQPW0XhxPivDPymIVqj2sNdKHfhK+u1MQYm+Dgxqu
vxCF8jowz7hbjmymF2wbwwYIZiH3yUhmM11eBHgFgA1aWWl/MIxfFBbnwSdb99RL
N/hTgW8RKnUZT2CurJQZTJBsezx5D8xX1TGPubXQdh+NqJ2bobFTUxvBlMXnad0A
6riEz7yvi/ocrz/yHk4f9+VROqdDBEpEPMKtWN9L5P2RNttvIecU9LNcY0hWzueh
khHh5g2Z8N0+JziXkenSKv9flenGF33TTsPKqM8hEQKCAQEAx84f6CSRG1tM2IFC
TPlNFyhmJZiP2ZMTH6VQR3NrsdzG1V6JnLz9Aqt0rNsWxvW4DTQMoeauzm5NZVNH
W3UuulhscX9yc9YT+AnZ1EfSnITWLJHiKuFWBxEBlmmeZTqU25jsq7wHTzd9AkiE
P50Q5b7PCHR3YDr9VDhAnROwocVzuMowjV3rkvDrQgEASOKqDoIEFnBPWj3/K7fZ
AuewSbtx+SOhzu8PrsSN5VZ5dDK6/Np2sStqr1prUnBRT5CS/NPjLYygW1BfkkBx
TxAStipmaUE7UDef676LHFQtpkwqddfMY1mcnBEvsGt8NZD0/1cDbA15TtDytux7
CJXunQKCAQA57T8tZhGWJxfdbEW+8CJdAVBThV+jgPwYHWapsD6UExoMfKZMRWXN
fidUIX5ljfi+mgzIMuPwHV4gsOw+VfzWygjZcG15bqMDae9ZZE8aNKIvNPqWNCqw
/0EVUNb/7mCccknFeNulW46sMygEHzBX1xe7ZQoVUDqyHDJBT42fFdb571sFuqwP
nKZSLEgwHBL861DeXiu8yVlWQJ6BeaKxPomtmo8F8NODmpnLdS3JmVes16hl5tLD
anxL94gxAIwRsGjp5eUt/YnxctxPZrnjDA5iYfl2v7sAiWGA7hCQOdv4xwaTnYyz
XzLzso2Sd534CH+vG1HFGNRQ0gsJCMxRAoIBAAWQoW9YB9fPuxGTwtb1Qw099Way
2XKyF1oppuFmmSSM16bCED3ERXFjZk0IMwtfyGrZRKg42tw8Y3uMTRqePVBVU/KE
H08KzU3TUiGqxc4R1adk33qnCppBRqyl9nj17QJ1fSBQOdzPTo9yuv/atB88pJ8E
X4tcpiXytvsIXL5CARTArY2DqAki4iLaXp+sgtvGddFM1hvWxY8jqkBRIbI9EZ4H
9kXvKvbFXXik2HAQjm9j9ztAuBN1bJzRsMyJPDOW67M87W5mX9RIFpXjnQrDtpW7
HsVv2VG5qyFayDLMTTjJ/fSeXYKjbT9pPTZrmK7FGeIn3QseTVOfLpdfQoA=
-----END RSA PRIVATE KEY-----
"""
OAUTH2_PROVIDER = {
"OIDC_ENABLED": True,
"OIDC_RSA_PRIVATE_KEY": OIDC_RSA_PRIVATE_KEY,
"OAUTH2_VALIDATOR_CLASS": "server.oidc.CustomOAuth2Validator",
"SCOPES": {
"openid": "OpenID Connect scope",
},
"REQUEST_APPROVAL_PROMPT": "auto",
# https://django-oauth-toolkit.readthedocs.io/en/1.5.0/settings.html#allowed-redirect-uri-schemes
# This is only needed if you plan on supporting mobile users. Additionally
# http should only be here when DEBUG=True as it's recommended to only
# allow applications register with https
"ALLOWED_REDIRECT_URI_SCHEMES": ["http", "https", "com.oauthlogin.auth"],
"PKCE_REQUIRED": False,
# Default for PKCE_REQUIRED is False anyway, but I wanted to make a note: use True
# iff your OAuth clients are mobile apps. Normal JS and HTML
# files delivered by Django don't need PKCE. SPAs should deploy via
# Django templates with a script tag pointing to your CDN to take
# advantage of session authentication and Django allauth.
# PKCE_REQUIRED is very useful when you know hijacking is possible
# which basically happens during the redirect; so this, imo, should
# be left to mobile app clients only. And if you serve both, it really
# won't matter. So long as your request includes a code_challenge,
# OAuth will check the challenge with the verifier. In other words,
# you really don't need to set this to True :P
}
INSTALLED_APPS = [
"django.contrib.admin",
"django.contrib.auth",
"django.contrib.contenttypes",
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
"oauth2_provider",
"corsheaders",
]
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
"corsheaders.middleware.CorsMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
]
LOGIN_REDIRECT_URL = "home"
TEMPLATES = [
{
"BACKEND": "django.template.backends.django.DjangoTemplates",
"DIRS": ["templates"],
"APP_DIRS": True,
"OPTIONS": {
"context_processors": [
"django.template.context_processors.debug",
"django.template.context_processors.request",
"django.contrib.auth.context_processors.auth",
"django.contrib.messages.context_processors.messages",
],
},
},
]
# OTHER SETTINGS! OTHER SETTINGS! OTHER SETTINGS! OTHER SETTINGS! OTHER SETTINGS!
# These are part of the default Django project set up settings
# -------------------------------------------------------------------------------
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = "django-insecure-2uvenlcj#!hbnve_0h%7zl*i$f8%(x0p1q1+mmfp6@oq1trzx%"
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
ALLOWED_HOSTS = []
ROOT_URLCONF = "server.urls"
WSGI_APPLICATION = "server.wsgi.application"
# Database
# https://docs.djangoproject.com/en/3.2/ref/settings/#databases
DATABASES = {
"default": {
"ENGINE": "django.db.backends.sqlite3",
"NAME": BASE_DIR / "db.sqlite3",
}
}
# Password validation
# https://docs.djangoproject.com/en/3.2/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
{
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
},
{
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
},
{
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
},
{
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
},
]
# Internationalization
# https://docs.djangoproject.com/en/3.2/topics/i18n/
LANGUAGE_CODE = "en-us"
TIME_ZONE = "UTC"
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/3.2/howto/static-files/
STATIC_URL = "/static/"
# Default primary key field type
# https://docs.djangoproject.com/en/3.2/ref/settings/#default-auto-field
DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"