python-blog/src/blog/settings.py

"""
Django settings for blog project.

Generated by 'django-admin startproject' using Django 3.1.

For more information on this file, see
https://docs.djangoproject.com/en/3.1/topics/settings/

For the full list of settings and their values, see
https://docs.djangoproject.com/en/3.1/ref/settings/
"""
import os
from pathlib import Path

import environ

# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve(strict=True).parent.parent

env = environ.Env(
    DEBUG=(bool, False),
    SECRET_KEY=(str, "s#!83!8e$3s89m)r$1ghsgxbndf8=#^qt(_*o%xbq0j2t8#db5"),
    ADMINS=(list, []),
    MAILGUN_API_KEY=(str, ""),
    MAILGUN_SENDER_DOMAIN=(str, ""),
    HOSTS=(list, []),
    MEMCACHED_LOCATION=(str, ""),
    DB_BASE_DIR=(Path, BASE_DIR),
    BLOG_BASE_URL=(str, "https://gabnotes.org/"),
    SERVICES_STATUS_URL=(str, None),
    SHORTPIXEL_API_KEY=(str, None),
    SHORTPIXEL_RESIZE_WIDTH=(int, 750),
    SHORTPIXEL_RESIZE_HEIGHT=(int, 10000),
    GOATCOUNTER_DOMAIN=(str, None),
)

env_file = os.getenv("ENV_FILE", None)

if env_file:
    environ.Env.read_env(env_file)


# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.1/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = env("SECRET_KEY")

admins = env("ADMINS")
if admins:
    ADMINS = list(map(lambda x: tuple(x.split("|")), admins))

DEFAULT_FROM_EMAIL = "Gab's Notes <blog@mg.gabnotes.org>"
SERVER_EMAIL = "Gab's Notes <blog@mg.gabnotes.org>"
EMAIL_SUBJECT_PREFIX = "[Blog] "
EMAIL_TIMEOUT = 30

ANYMAIL = {
    "MAILGUN_API_KEY": env("MAILGUN_API_KEY"),
    "MAILGUN_SENDER_DOMAIN": env("MAILGUN_SENDER_DOMAIN"),
    "MAILGUN_API_URL": "https://api.eu.mailgun.net/v3",
}
EMAIL_BACKEND = "anymail.backends.mailgun.EmailBackend"


# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = env("DEBUG")
ALLOWED_HOSTS = ["localhost"]  # Required for healthcheck
if DEBUG:
    ALLOWED_HOSTS.append("127.0.0.1")

ALLOWED_HOSTS.extend(env("HOSTS"))

SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
SESSION_COOKIE_SECURE = not DEBUG
CSRF_COOKIE_SECURE = not DEBUG


# Application definition

INSTALLED_APPS = [
    "whitenoise.runserver_nostatic",
    "django.contrib.admin",
    "django.contrib.auth",
    "django.contrib.contenttypes",
    "django.contrib.sessions",
    "django.contrib.messages",
    "django.contrib.staticfiles",
    "articles",
    "attachments",
    "anymail",
    "django_cleanup.apps.CleanupConfig",
    "debug_toolbar",
    "django_otp",
    "django_otp.plugins.otp_static",
    "django_otp.plugins.otp_totp",
    "two_factor",
]

MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "whitenoise.middleware.WhiteNoiseMiddleware",
    "django.middleware.gzip.GZipMiddleware",
    "debug_toolbar.middleware.DebugToolbarMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django_otp.middleware.OTPMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "csp.middleware.CSPMiddleware",
]

ROOT_URLCONF = "blog.urls"

TEMPLATES = [
    {
        "BACKEND": "django.template.backends.django.DjangoTemplates",
        "DIRS": ["blog/templates"],
        "APP_DIRS": True,
        "OPTIONS": {
            "context_processors": [
                "django.template.context_processors.debug",
                "django.template.context_processors.request",
                "django.contrib.auth.context_processors.auth",
                "django.contrib.messages.context_processors.messages",
                "articles.context_processors.drafts_count",
                "articles.context_processors.date_format",
                "articles.context_processors.git_version",
                "articles.context_processors.analytics",
                "articles.context_processors.open_graph_image_url",
                "articles.context_processors.blog_metadata",
            ],
        },
    },
]

WSGI_APPLICATION = "blog.wsgi.application"

MEMCACHED_LOCATION = env("MEMCACHED_LOCATION")
if MEMCACHED_LOCATION:
    CACHES = {
        "default": {
            "BACKEND": "django.core.cache.backends.memcached.PyLibMCCache",
            "LOCATION": MEMCACHED_LOCATION,
        }
    }
else:
    CACHES = {
        "default": {
            "BACKEND": "django.core.cache.backends.db.DatabaseCache",
            "LOCATION": "cache",
        }
    }

# Database
# https://docs.djangoproject.com/en/3.1/ref/settings/#databases

DB_BASE_DIR = env("DB_BASE_DIR")
if not DB_BASE_DIR:
    # Protect against empty strings
    DB_BASE_DIR = BASE_DIR
else:
    DB_BASE_DIR = DB_BASE_DIR.resolve(strict=True)

DATABASES = {
    "default": {
        "ENGINE": "django.db.backends.sqlite3",
        "NAME": DB_BASE_DIR / "db.sqlite3",
    }
}

INTERNAL_IPS = [
    "127.0.0.1",
    "localhost",
]

# Password validation
# https://docs.djangoproject.com/en/3.1/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
    {
        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"
    },
    {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
    {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
    {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
]


# Internationalization
# https://docs.djangoproject.com/en/3.1/topics/i18n/

LANGUAGE_CODE = "en-us"

TIME_ZONE = "Europe/Paris"

USE_I18N = True

USE_TZ = True


# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/3.1/howto/static-files/

STATIC_URL = "/static/"
STATIC_ROOT = BASE_DIR / "staticfiles"
STATICFILES_STORAGE = "whitenoise.storage.CompressedManifestStaticFilesStorage"

MEDIA_URL = "/media/"
MEDIA_ROOT = BASE_DIR / "media"

AUTH_USER_MODEL = "articles.User"

BLOG = {
    "title": "Gab's Notes",
    "author": "Gabriel Augendre",
    "email": "ga-notes@augendre.info",
    "description": "My take on tech-related subjects (but not only).",
    "base_url": env("BLOG_BASE_URL"),
    "repo": {
        "commit_url": "https://git.augendre.info/gaugendre/blog/commit/{commit_sha}",
        "homepage": "https://git.augendre.info/gaugendre/blog",
        "log": "https://git.augendre.info/gaugendre/blog/commits/branch/master",
    },
    "status_url": env("SERVICES_STATUS_URL"),
}

SHORTPIXEL_API_KEY = env("SHORTPIXEL_API_KEY")
SHORTPIXEL_RESIZE_WIDTH = env("SHORTPIXEL_RESIZE_WIDTH")
SHORTPIXEL_RESIZE_HEIGHT = env("SHORTPIXEL_RESIZE_HEIGHT")

GOATCOUNTER_DOMAIN = env("GOATCOUNTER_DOMAIN")

LOGIN_URL = "two_factor:login"
LOGIN_REDIRECT_URL = "two_factor:profile"
LOGOUT_REDIRECT_URL = "articles-list"
TWO_FACTOR_REMEMBER_COOKIE_AGE = 86400 * 30
TWO_FACTOR_REMEMBER_COOKIE_SECURE = True
TWO_FACTOR_REMEMBER_COOKIE_SAMESITE = "Strict"

SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
SECURE_HSTS_SECONDS = 63072000

SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")

# CSP
CSP_DEFAULT_SRC = ("'none'",)
https_goatcounter_domain = "https://" + str(GOATCOUNTER_DOMAIN)
CSP_IMG_SRC = ("'self'", https_goatcounter_domain)
CSP_SCRIPT_SRC = ("'self'",)
CSP_CONNECT_SRC = ("'self'", https_goatcounter_domain)
CSP_STYLE_SRC = ("'self'", "'unsafe-inline'")
CSP_MANIFEST_SRC = ("'self'",)
CSP_FONT_SRC = ("'self'",)
CSP_BASE_URI = ("'none'",)
CSP_FORM_ACTION = ("'self'",)

DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
Initial commit 2020-08-14 14:53:30 +02:00			`"""`
			`Django settings for blog project.`

			`Generated by 'django-admin startproject' using Django 3.1.`

			`For more information on this file, see`
			`https://docs.djangoproject.com/en/3.1/topics/settings/`

			`For the full list of settings and their values, see`
			`https://docs.djangoproject.com/en/3.1/ref/settings/`
			`"""`
Prepare for deploy 2020-08-17 08:23:00 +02:00			`import os`
Initial commit 2020-08-14 14:53:30 +02:00			`from pathlib import Path`

Reorganize env files 2021-12-27 22:10:28 +01:00			`import environ`

Initial commit 2020-08-14 14:53:30 +02:00			`# Build paths inside the project like this: BASE_DIR / 'subdir'.`
			`BASE_DIR = Path(__file__).resolve(strict=True).parent.parent`

Reorganize env files 2021-12-27 22:10:28 +01:00			`env = environ.Env(`
			`DEBUG=(bool, False),`
			`SECRET_KEY=(str, "s#!83!8e$3s89m)r$1ghsgxbndf8=#^qt(_*o%xbq0j2t8#db5"),`
			`ADMINS=(list, []),`
			`MAILGUN_API_KEY=(str, ""),`
			`MAILGUN_SENDER_DOMAIN=(str, ""),`
			`HOSTS=(list, []),`
			`MEMCACHED_LOCATION=(str, ""),`
			`DB_BASE_DIR=(Path, BASE_DIR),`
			`BLOG_BASE_URL=(str, "https://gabnotes.org/"),`
			`SERVICES_STATUS_URL=(str, None),`
			`SHORTPIXEL_API_KEY=(str, None),`
			`SHORTPIXEL_RESIZE_WIDTH=(int, 750),`
			`SHORTPIXEL_RESIZE_HEIGHT=(int, 10000),`
			`GOATCOUNTER_DOMAIN=(str, None),`
			`)`

			`env_file = os.getenv("ENV_FILE", None)`

			`if env_file:`
			`environ.Env.read_env(env_file)`

Initial commit 2020-08-14 14:53:30 +02:00
			`# Quick-start development settings - unsuitable for production`
			`# See https://docs.djangoproject.com/en/3.1/howto/deployment/checklist/`

			`# SECURITY WARNING: keep the secret key used in production secret!`
Reorganize env files 2021-12-27 22:10:28 +01:00			`SECRET_KEY = env("SECRET_KEY")`
Initial commit 2020-08-14 14:53:30 +02:00
Reorganize env files 2021-12-27 22:10:28 +01:00			`admins = env("ADMINS")`
Add email config and check pending command task 2020-08-18 22:26:46 +02:00			`if admins:`
Reorganize env files 2021-12-27 22:10:28 +01:00			`ADMINS = list(map(lambda x: tuple(x.split("\|")), admins))`
Add email config and check pending command task 2020-08-18 22:26:46 +02:00
Fix email sending 2020-08-19 12:13:44 +02:00			`DEFAULT_FROM_EMAIL = "Gab's Notes <blog@mg.gabnotes.org>"`
			`SERVER_EMAIL = "Gab's Notes <blog@mg.gabnotes.org>"`
Add email config and check pending command task 2020-08-18 22:26:46 +02:00			`EMAIL_SUBJECT_PREFIX = "[Blog] "`
			`EMAIL_TIMEOUT = 30`

Fix email sending 2020-08-19 12:13:44 +02:00			`ANYMAIL = {`
Reorganize env files 2021-12-27 22:10:28 +01:00			`"MAILGUN_API_KEY": env("MAILGUN_API_KEY"),`
			`"MAILGUN_SENDER_DOMAIN": env("MAILGUN_SENDER_DOMAIN"),`
Fix email sending 2020-08-19 12:13:44 +02:00			`"MAILGUN_API_URL": "https://api.eu.mailgun.net/v3",`
			`}`
			`EMAIL_BACKEND = "anymail.backends.mailgun.EmailBackend"`


Initial commit 2020-08-14 14:53:30 +02:00			`# SECURITY WARNING: don't run with debug turned on in production!`
Reorganize env files 2021-12-27 22:10:28 +01:00			`DEBUG = env("DEBUG")`
Fix healthcheck 2020-08-21 13:50:17 +02:00			`ALLOWED_HOSTS = ["localhost"] # Required for healthcheck`
Use local hosts only when debug is enabled 2020-08-21 13:32:09 +02:00			`if DEBUG:`
Reorganize env files 2021-12-27 22:10:28 +01:00			`ALLOWED_HOSTS.append("127.0.0.1")`
Use local hosts only when debug is enabled 2020-08-21 13:32:09 +02:00
Reorganize env files 2021-12-27 22:10:28 +01:00			`ALLOWED_HOSTS.extend(env("HOSTS"))`
Initial commit 2020-08-14 14:53:30 +02:00
Add some secure settings 2020-08-21 13:40:02 +02:00			`SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")`
			`SESSION_COOKIE_SECURE = not DEBUG`
			`CSRF_COOKIE_SECURE = not DEBUG`

Initial commit 2020-08-14 14:53:30 +02:00
			`# Application definition`

			`INSTALLED_APPS = [`
Switch from django compressor to whitenoise 2021-03-21 15:30:16 +01:00			`"whitenoise.runserver_nostatic",`
Initial commit 2020-08-14 14:53:30 +02:00			`"django.contrib.admin",`
			`"django.contrib.auth",`
			`"django.contrib.contenttypes",`
			`"django.contrib.sessions",`
			`"django.contrib.messages",`
			`"django.contrib.staticfiles",`
Add basis to work on articles 2020-08-14 15:53:42 +02:00			`"articles",`
Add attachments and resize images 2020-08-26 19:04:48 +02:00			`"attachments",`
Fix email sending 2020-08-19 12:13:44 +02:00			`"anymail",`
Use shortpixel to compress and resize images 2020-08-27 22:03:22 +02:00			`"django_cleanup.apps.CleanupConfig",`
Enable debug toolbar 2021-03-20 11:23:33 +01:00			`"debug_toolbar",`
Add TOTP 2021-12-26 23:24:33 +01:00			`"django_otp",`
			`"django_otp.plugins.otp_static",`
			`"django_otp.plugins.otp_totp",`
			`"two_factor",`
Initial commit 2020-08-14 14:53:30 +02:00			`]`

			`MIDDLEWARE = [`
			`"django.middleware.security.SecurityMiddleware",`
Switch from django compressor to whitenoise 2021-03-21 15:30:16 +01:00			`"whitenoise.middleware.WhiteNoiseMiddleware",`
Add gzip middleware 2021-04-15 21:35:42 +02:00			`"django.middleware.gzip.GZipMiddleware",`
Enable debug toolbar 2021-03-20 11:23:33 +01:00			`"debug_toolbar.middleware.DebugToolbarMiddleware",`
Initial commit 2020-08-14 14:53:30 +02:00			`"django.contrib.sessions.middleware.SessionMiddleware",`
			`"django.middleware.common.CommonMiddleware",`
			`"django.middleware.csrf.CsrfViewMiddleware",`
			`"django.contrib.auth.middleware.AuthenticationMiddleware",`
Add TOTP 2021-12-26 23:24:33 +01:00			`"django_otp.middleware.OTPMiddleware",`
Initial commit 2020-08-14 14:53:30 +02:00			`"django.contrib.messages.middleware.MessageMiddleware",`
			`"django.middleware.clickjacking.XFrameOptionsMiddleware",`
Set security headers in django instead of reverse proxy 2021-03-21 16:00:33 +01:00			`"csp.middleware.CSPMiddleware",`
Initial commit 2020-08-14 14:53:30 +02:00			`]`

			`ROOT_URLCONF = "blog.urls"`

			`TEMPLATES = [`
			`{`
			`"BACKEND": "django.template.backends.django.DjangoTemplates",`
Add a robots.txt 2020-09-05 09:04:45 +02:00			`"DIRS": ["blog/templates"],`
Initial commit 2020-08-14 14:53:30 +02:00			`"APP_DIRS": True,`
			`"OPTIONS": {`
			`"context_processors": [`
			`"django.template.context_processors.debug",`
			`"django.template.context_processors.request",`
			`"django.contrib.auth.context_processors.auth",`
			`"django.contrib.messages.context_processors.messages",`
Add drafts count and pill css 2020-08-18 14:23:51 +02:00			`"articles.context_processors.drafts_count",`
Use a custom ISO date format to please HTML <time> 2020-08-25 23:11:15 +02:00			`"articles.context_processors.date_format",`
Display git commit sha in footer 2020-09-09 18:32:46 +02:00			`"articles.context_processors.git_version",`
Add goatcounter as analytics source 2021-01-04 21:32:03 +01:00			`"articles.context_processors.analytics",`
Use an absolute url for open graph image 2020-11-28 20:26:37 +01:00			`"articles.context_processors.open_graph_image_url",`
Switch to new.css and cleanup markup & models 2020-12-24 17:49:47 +01:00			`"articles.context_processors.blog_metadata",`
Initial commit 2020-08-14 14:53:30 +02:00			`],`
			`},`
			`},`
			`]`

			`WSGI_APPLICATION = "blog.wsgi.application"`

Reorganize env files 2021-12-27 22:10:28 +01:00			`MEMCACHED_LOCATION = env("MEMCACHED_LOCATION")`
Add memcached config 2021-01-05 02:36:20 +01:00			`if MEMCACHED_LOCATION:`
			`CACHES = {`
			`"default": {`
			`"BACKEND": "django.core.cache.backends.memcached.PyLibMCCache",`
			`"LOCATION": MEMCACHED_LOCATION,`
			`}`
			`}`
Switch to offline compressed assets 2021-01-05 17:59:58 +01:00			`else:`
			`CACHES = {`
			`"default": {`
			`"BACKEND": "django.core.cache.backends.db.DatabaseCache",`
			`"LOCATION": "cache",`
			`}`
			`}`
Initial commit 2020-08-14 14:53:30 +02:00
			`# Database`
			`# https://docs.djangoproject.com/en/3.1/ref/settings/#databases`

Reorganize env files 2021-12-27 22:10:28 +01:00			`DB_BASE_DIR = env("DB_BASE_DIR")`
Prepare for deploy 2020-08-17 08:23:00 +02:00			`if not DB_BASE_DIR:`
			`# Protect against empty strings`
			`DB_BASE_DIR = BASE_DIR`
			`else:`
Reorganize env files 2021-12-27 22:10:28 +01:00			`DB_BASE_DIR = DB_BASE_DIR.resolve(strict=True)`
Prepare for deploy 2020-08-17 08:23:00 +02:00
Initial commit 2020-08-14 14:53:30 +02:00			`DATABASES = {`
			`"default": {`
			`"ENGINE": "django.db.backends.sqlite3",`
Prepare for deploy 2020-08-17 08:23:00 +02:00			`"NAME": DB_BASE_DIR / "db.sqlite3",`
Initial commit 2020-08-14 14:53:30 +02:00			`}`
			`}`

Enable debug toolbar 2021-03-20 11:23:33 +01:00			`INTERNAL_IPS = [`
			`"127.0.0.1",`
			`"localhost",`
			`]`
Initial commit 2020-08-14 14:53:30 +02:00
			`# Password validation`
			`# https://docs.djangoproject.com/en/3.1/ref/settings/#auth-password-validators`

			`AUTH_PASSWORD_VALIDATORS = [`
			`{`
Upgrade black 2020-09-05 09:09:59 +02:00			`"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"`
Initial commit 2020-08-14 14:53:30 +02:00			`},`
Upgrade black 2020-09-05 09:09:59 +02:00			`{"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},`
			`{"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},`
			`{"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},`
Initial commit 2020-08-14 14:53:30 +02:00			`]`


			`# Internationalization`
			`# https://docs.djangoproject.com/en/3.1/topics/i18n/`

			`LANGUAGE_CODE = "en-us"`

Add basis to work on articles 2020-08-14 15:53:42 +02:00			`TIME_ZONE = "Europe/Paris"`
Initial commit 2020-08-14 14:53:30 +02:00
			`USE_I18N = True`

			`USE_TZ = True`


			`# Static files (CSS, JavaScript, Images)`
			`# https://docs.djangoproject.com/en/3.1/howto/static-files/`

			`STATIC_URL = "/static/"`
Move collected staticfiles to other dir 2020-08-18 08:45:49 +02:00			`STATIC_ROOT = BASE_DIR / "staticfiles"`
Switch from django compressor to whitenoise 2021-03-21 15:30:16 +01:00			`STATICFILES_STORAGE = "whitenoise.storage.CompressedManifestStaticFilesStorage"`
Add assets pipeline to bundle and minimize css 2020-12-25 14:20:13 +01:00
Add attachments and resize images 2020-08-26 19:04:48 +02:00			`MEDIA_URL = "/media/"`
			`MEDIA_ROOT = BASE_DIR / "media"`

Initial commit 2020-08-14 14:53:30 +02:00			`AUTH_USER_MODEL = "articles.User"`
Move views and add feeds 2020-08-16 19:24:31 +02:00
			`BLOG = {`
Add task to notify commenters once their comment has been moderated. 2020-08-20 16:22:15 +02:00			`"title": "Gab's Notes",`
Switch to new.css and cleanup markup & models 2020-12-24 17:49:47 +01:00			`"author": "Gabriel Augendre",`
Add reply via email button 2021-12-27 22:41:32 +01:00			`"email": "ga-notes@augendre.info",`
Update articles list look with blog title and description 2020-09-12 17:20:56 +02:00			`"description": "My take on tech-related subjects (but not only).",`
Reorganize env files 2021-12-27 22:10:28 +01:00			`"base_url": env("BLOG_BASE_URL"),`
Add link to deployed commit in footer 2020-09-12 17:02:29 +02:00			`"repo": {`
Update links to Gitea 2021-02-07 07:31:40 +01:00			`"commit_url": "https://git.augendre.info/gaugendre/blog/commit/{commit_sha}",`
			`"homepage": "https://git.augendre.info/gaugendre/blog",`
			`"log": "https://git.augendre.info/gaugendre/blog/commits/branch/master",`
Add link to deployed commit in footer 2020-09-12 17:02:29 +02:00			`},`
Reorganize env files 2021-12-27 22:10:28 +01:00			`"status_url": env("SERVICES_STATUS_URL"),`
Move views and add feeds 2020-08-16 19:24:31 +02:00			`}`
Use shortpixel to compress and resize images 2020-08-27 22:03:22 +02:00
Reorganize env files 2021-12-27 22:10:28 +01:00			`SHORTPIXEL_API_KEY = env("SHORTPIXEL_API_KEY")`
			`SHORTPIXEL_RESIZE_WIDTH = env("SHORTPIXEL_RESIZE_WIDTH")`
			`SHORTPIXEL_RESIZE_HEIGHT = env("SHORTPIXEL_RESIZE_HEIGHT")`
Add plausible analytics if env variable exists 2020-11-10 15:44:05 +01:00
Reorganize env files 2021-12-27 22:10:28 +01:00			`GOATCOUNTER_DOMAIN = env("GOATCOUNTER_DOMAIN")`
Fix login url 2020-12-03 23:05:06 +01:00
Add TOTP 2021-12-26 23:24:33 +01:00			`LOGIN_URL = "two_factor:login"`
			`LOGIN_REDIRECT_URL = "two_factor:profile"`
			`LOGOUT_REDIRECT_URL = "articles-list"`
			`TWO_FACTOR_REMEMBER_COOKIE_AGE = 86400 * 30`
			`TWO_FACTOR_REMEMBER_COOKIE_SECURE = True`
			`TWO_FACTOR_REMEMBER_COOKIE_SAMESITE = "Strict"`
Set security headers in django instead of reverse proxy 2021-03-21 16:00:33 +01:00
			`SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"`
			`SECURE_HSTS_INCLUDE_SUBDOMAINS = True`
			`SECURE_HSTS_PRELOAD = True`
			`SECURE_HSTS_SECONDS = 63072000`

			`SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")`

			`# CSP`
			`CSP_DEFAULT_SRC = ("'none'",)`
Fix test 2021-03-21 16:15:52 +01:00			`https_goatcounter_domain = "https://" + str(GOATCOUNTER_DOMAIN)`
Set security headers in django instead of reverse proxy 2021-03-21 16:00:33 +01:00			`CSP_IMG_SRC = ("'self'", https_goatcounter_domain)`
			`CSP_SCRIPT_SRC = ("'self'",)`
			`CSP_CONNECT_SRC = ("'self'", https_goatcounter_domain)`
			`CSP_STYLE_SRC = ("'self'", "'unsafe-inline'")`
			`CSP_MANIFEST_SRC = ("'self'",)`
CSP allow fonts 2021-03-21 16:34:37 +01:00			`CSP_FONT_SRC = ("'self'",)`
Add some more CSP stuff 2021-04-24 09:19:48 +02:00			`CSP_BASE_URI = ("'none'",)`
			`CSP_FORM_ACTION = ("'self'",)`
Bump dependencies, upgrade python fix warnings and apply pre-commit 2021-12-19 20:40:51 +01:00
			`DEFAULT_AUTO_FIELD = "django.db.models.AutoField"`