add secure defines and sort settings file

2022-04-24 10:48:04 +00:00
parent 94dbe07f91
commit e9721dc63d
1 changed files with 140 additions and 140 deletions
--- a/fet2020/fet2020/settings.py
+++ b/fet2020/fet2020/settings.py
@@ -17,44 +17,15 @@ env = environ.Env(
    GALLERY_PATH=(str, "uploads/gallery"),
 )
 # Prints and logs are written to console
 # TODO: Change before release
 LOGGING = {
    "version": 1,
    "disable_existing_loggers": False,
    "handlers": {
        "console": {
            "class": "logging.StreamHandler",
        },
    },
    "root": {
        "handlers": ["console"],
        "level": "DEBUG",
    },
 }
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-# SECURITY WARNING: don't run with debug turned on in production!
+# DEBUGGING
 DEBUG = env("DEBUG")
 if DEBUG:
    # SECURITY WARNING: keep the secret key used in production secret!
    SECRET_KEY = "r37-i7l)vrduzz2-gira+z#u!p!di9#f+%s*5-bb($hg)55@ns"
 else:
    SECRET_KEY = env("SECRET_KEY")
 # HOST
 ALLOWED_HOSTS = ["127.0.0.1", env("HOST_NAME"), "fet.at"]
 HOST_NAME = env("HOST_NAME")
 DATA_UPLOAD_MAX_MEMORY_SIZE = 1024 * 1024 * 1024
 # MODELS
 INSTALLED_APPS = [
    "django.contrib.admin",
    "django.contrib.admindocs",
@@ -90,44 +61,16 @@ INSTALLED_APPS = [
    "intern.apps.InternConfig",
 ]
-MIDDLEWARE = [
+
-    "django.middleware.security.SecurityMiddleware",
+# AUTHENTICATIONS
-    "django.contrib.sessions.middleware.SessionMiddleware",
+AUTHENTICATION_BACKENDS = [
-    "django.middleware.locale.LocaleMiddleware",
+    "django.contrib.auth.backends.ModelBackend",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "fet2020.middleware.FETHeaderMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "django.contrib.flatpages.middleware.FlatpageFallbackMiddleware",
 ]
-ROOT_URLCONF = "fet2020.urls"
+LOGIN_URL = "/auth/login"
 TEMPLATES = [
    {
        "BACKEND": "django.template.backends.django.DjangoTemplates",
        "DIRS": [
            os.path.join(BASE_DIR, "templates"),
        ],
        "APP_DIRS": True,
        "OPTIONS": {
            "context_processors": [
                "django.template.context_processors.debug",
                "django.template.context_processors.request",
                "django.contrib.auth.context_processors.auth",
                "django.contrib.messages.context_processors.messages",
                "django.template.context_processors.i18n",
            ],
        },
    },
 ]
 WSGI_APPLICATION = "fet2020.wsgi.application"
-# Database
+# DATABASE
 if DEBUG:
    DATABASES = {
        "default": {
@@ -148,61 +91,135 @@ else:
    }
-AUTHENTICATION_BACKENDS = [
+# EMAIL
-    "django.contrib.auth.backends.ModelBackend",
+EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
-]
+EMAIL_HOST = "buran.htu.tuwien.ac.at"
 EMAIL_PORT = 587
 EMAIL_USE_TLS = True
-# Password validation
+# FILE UPLOADS
-AUTH_PASSWORD_VALIDATORS = [
+MEDIA_ROOT = os.path.join(BASE_DIR, "files/")
-    {
+MEDIA_URL = "files/"
        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
    },
    {
        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
    },
    {
        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
    },
    {
        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
    },
 ]
-# Internationalization
+# GLOBALIZATION 
 LANGUAGE_CODE = "de-at"
 LOCALE_PATHS = [os.path.join(BASE_DIR, "locale")]
 TIME_ZONE = "CET"
 USE_I18N = True
 USE_L10N = True
 USE_TZ = True
 LOCALE_PATHS = [os.path.join(BASE_DIR, "locale")]
-# Sites
+# HOST
 ALLOWED_HOSTS = ["127.0.0.1", env("HOST_NAME"), "fet.at"]
 HOST_NAME = env("HOST_NAME")
 # HTTP
 DATA_UPLOAD_MAX_MEMORY_SIZE = 1024 * 1024 * 1024
 MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.locale.LocaleMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "fet2020.middleware.FETHeaderMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "django.contrib.flatpages.middleware.FlatpageFallbackMiddleware",
 ]
 SECURE_HSTS_PRELOAD = True
 SECURE_HSTS_SECONDS = 60
 SECURE_HSTS_INCLUDE_SUBDOMAINS = True
 SESSION_COOKIE_SECURE = True
 # TODO: Warning (security.W008) - should be True
 SECURE_SSL_REDIRECT = False
 WSGI_APPLICATION = "fet2020.wsgi.application"
 # LOGGING
 LOGGING = {
    "version": 1,
    "disable_existing_loggers": False,
    "handlers": {
        "console": {
            "class": "logging.StreamHandler",
        },
    },
    "root": {
        "handlers": ["console"],
        "level": "DEBUG",
    },
 }
 # MIGRATION TO DJANGO 3.2
 DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
 # SITES
 SITE_ID = 1
-# Static files (CSS, JavaScript, Images)
+# STATIC FILES
 STATIC_ROOT = "assets/"
 if DEBUG:
-    STATIC_URL = "/static/"
+    STATIC_URL = "static/"
 else:
-    STATIC_URL = "/assets/"
+    STATIC_URL = "assets/"
 STATICFILES_DIRS = [
    os.path.join(BASE_DIR, "gallery/static"),
    os.path.join(BASE_DIR, "static"),
 ]
-STATIC_ROOT = "assets/"
+
-MEDIA_ROOT = os.path.join(BASE_DIR, "files/")
+# SECURITY
-MEDIA_URL = "/files/"
+CSRF_COOKIE_SECURE = True
 CSRF_TRUSTED_ORIGINS = [
    "https://" + env("HOST_NAME"),
 ]
 if DEBUG:
    SECRET_KEY = "r37-i7l)vrduzz2-gira+z#u!p!di9#f+%s*5-bb($hg)55@ns"
 else:
    SECRET_KEY = env("SECRET_KEY")
-# TAGGIT
+# TEMPLATES
-TAGGIT_FORCE_LOWERCASE = True
+TEMPLATES = [
    {
        "BACKEND": "django.template.backends.django.DjangoTemplates",
        "DIRS": [
            os.path.join(BASE_DIR, "templates"),
        ],
        "APP_DIRS": True,
        "OPTIONS": {
            "context_processors": [
                "django.template.context_processors.debug",
                "django.template.context_processors.request",
                "django.contrib.auth.context_processors.auth",
                "django.contrib.messages.context_processors.messages",
                "django.template.context_processors.i18n",
            ],
        },
    },
 ]
 # URLS
 ROOT_URLCONF = "fet2020.urls"
 ### THIRD-PARTY ###
 # CKEDITOR
 CKEDITOR_UPLOAD_PATH = "upload"
@@ -274,22 +291,17 @@ CKEDITOR_CONFIGS = {
 }
-# THUMBNAIL
+# CRON JOBS
-THUMBNAIL_ALIASES = {
+CRONJOBS = [
-    "": {
+    ("0 16 * * *", "posts.cronjobs.check_to_send_agenda_mail"),
-        "avatar": {"size": (50, 50), "crop": True},
+]
        "thumb": {"size": (150, 150), "crop": True},
        "portrait": {"size": (200, 300), "crop": False},
    },
 }
-# ETHERPAD HOST
+# ETHERPAD
 ETHERPAD_HOST = env("ETHERPAD_HOST").strip()
 if not ETHERPAD_HOST or ETHERPAD_HOST == "":
    ETHERPAD_HOST = urljoin("https://" + env("HOST_NAME"), "etherpad/")
 # ETHERPAD CLIENT
 if DEBUG:
    ETHERPAD_CLIENT = {
        "url": "http://etherpad:" + env("ETHERPAD_PORT"),
@@ -306,6 +318,22 @@ else:
    }
 # GALLERY
 GALLERY = {
    "path": env("GALLERY_PATH"),
    "thumb_path": env("GALLERY_PATH") + "_thumb",
 }
 # HAYSTACK
 HAYSTACK_CONNECTIONS = {
    "default": {
        "ENGINE": "haystack.backends.whoosh_backend.WhooshEngine",
        "PATH": os.path.join(BASE_DIR, "whoosh_index"),
    },
 }
 # REST FRAMEWORK
 REST_FRAMEWORK = {
    "DEFAULT_PERMISSION_CLASSES_CLASSES": [
@@ -315,43 +343,15 @@ REST_FRAMEWORK = {
 }
-# DJANGO MAIL
+# TAGGIT
-EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
+TAGGIT_FORCE_LOWERCASE = True
 EMAIL_HOST = "buran.htu.tuwien.ac.at"
 EMAIL_PORT = 587
 EMAIL_USE_TLS = True
-# CRON JOBS
+# THUMBNAIL
-CRONJOBS = [
+THUMBNAIL_ALIASES = {
-    ("0 16 * * *", "posts.cronjobs.check_to_send_agenda_mail"),
+    "": {
-]
+        "avatar": {"size": (50, 50), "crop": True},
-
+        "thumb": {"size": (150, 150), "crop": True},
-
+        "portrait": {"size": (200, 300), "crop": False},
 # AUTHENTICATIONS
 LOGIN_URL = "/auth/login"
 # MIGRATION FROM DJANGO 3.1 TO DJANGO 3.2
 DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
 # GALLERY
 GALLERY = {
    "path": env("GALLERY_PATH"),
    "thumb_path": env("GALLERY_PATH") + "_thumb",
 }
 # MIGRATION TO DJANGO 4.0
 CSRF_TRUSTED_ORIGINS = [
    "https://" + env("HOST_NAME"),
 ]
 # DJANGO HAYSTACK
 HAYSTACK_CONNECTIONS = {
    "default": {
        "ENGINE": "haystack.backends.whoosh_backend.WhooshEngine",
        "PATH": os.path.join(BASE_DIR, "whoosh_index"),
    },
 }