Files
Cedar-Django/closedverse/settings.py
T
some weird guy ca09f3295b Login page moved to forms.py, New warning and ban system, a bunch of other shit.
- Change password page from profile settings has been moved over to forms.py
- Login page has been moved over to forms.py. There is no JavaScript right now, however it is still functional.
-Profile_tools_Form has been altered to remove a few unneeded fields that administrators don't need to mess with.
- warned_reason and warned fields are gone from User_tools_Form and will be removed from models.py at a later point.

- a new ban system has been implemented. While bans are still incomplete and lack capabilities to ban IP addresses as of right now, the groundwork is now here and those features can be added later.
- manage_bans page was added.

- A new warning system has been implemented. If a Warning is created, a notification is created automatically with it.  A warning notification replaces the "new announcement" notification type.
- Warning notifications are larger and stand out compared to normal notifications
- When posting, commenting or messaging someone, a check is performed to make sure you've seen the warning notification.
- manage_warnings page was added. This page will also show you the warning history.

- help_text was added to a bunch of fields.
2023-08-23 16:47:28 -07:00

299 lines
9.0 KiB
Python

"""
Django settings for closedverse project.
Generated by 'django-admin startproject' using Django 2.2.13.
For more information on this file, see
https://docs.djangoproject.com/en/2.2/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/2.2/ref/settings/
"""
import os
from django.conf.global_settings import PASSWORD_HASHERS
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret! (If you want a website that can generate key https://miniwebtool.com/django-secret-key-generator/ goto here.)
SECRET_KEY = ''
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
# This is just a default value for testing
# Do not include 127.0.0.1 or localhost
# in production for security reasons.
ALLOWED_HOSTS = [
'',
]
DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
STATIC_URL = '/s/'
MEDIA_URL = '/i/'
CLOSEDVERSE_PROD = True
IMAGE_DELETE_SETTING = 2
# Application definition
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'markdown_deux',
'closedverse_main',
]
X_FRAME_OPTIONS='SAMEORIGIN'
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
# use this middleware if you need x-forwarded-for support
#'xff.middleware.XForwardedForMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'closedverse_main.middleware.ClosedMiddleware',
'closedverse_main.middleware.CheckForBanMiddleware',
]
if not DEBUG:
MIDDLEWARE += ['whitenoise.middleware.WhiteNoiseMiddleware']
ROOT_URLCONF = 'closedverse.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
'closedverse_main.context_processors.brand_name_universal',
],
},
},
]
WSGI_APPLICATION = 'closedverse.wsgi.application'
# Database
# https://docs.djangoproject.com/en/2.2/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'sql.sqlite3'),
}
}
# Password validation
# https://docs.djangoproject.com/en/2.2/ref/settings/#auth-password-validators
# only use these when debug is not enabled so that making dummy accounts in debug is easier
if not DEBUG:
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
# append the old passlib hasher to the end of PASSWORD_HASHERS
# you only need this if your closedverse instance has passwords from before 08/2023, otherwise leave it commented
# although django has a bcrypt sha256 method, it's not compatible with passlib's, which is what closedverse used
# python3 -m pip install django-hashers-passlib
#PASSWORD_HASHERS += ['hashers_passlib.bcrypt_sha256']
# Internationalization
# https://docs.djangoproject.com/en/2.2/topics/i18n/
LANGUAGE_CODE = 'en-us'
# replace with your own timezone
TIME_ZONE = 'PST8PDT'
# Disable internationalization because Closedverse doesn't use it
USE_I18N = False
USE_L10N = False
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/2.2/howto/static-files/
#STATIC_URL = '/static/'
if not DEBUG:
# without this, this will not serve static for admin (and other apps potentially)
WHITENOISE_USE_FINDERS = True
STATICFILES_STORAGE = 'whitenoise.storage.CompressedStaticFilesStorage'
STATIC_ROOT = os.path.join(BASE_DIR, 'static/')
else:
# Define static files in the base directory
STATICFILES_DIRS = [
os.path.join(BASE_DIR, 'static/'),
]
# Closedverse models and routes for Django
AUTH_USER_MODEL = 'closedverse_main.User'
CSRF_FAILURE_VIEW = 'closedverse_main.views.csrf_fail'
LOGIN_URL = '/login/'
LOGIN_REDIRECT_URL = '/login/'
# User-uploaded media paths for Closedverse
#MEDIA_URL = '/media/'
# Must end with a trailing slash
MEDIA_ROOT = os.path.join(BASE_DIR, 'media/')
# Settings for markdown_deux, a module
# that Closedverse uses in user messages
MARKDOWN_DEUX_STYLES = {
'default': {
'extras': {
'code-friendly': None,
},
'safe_mode': 'escape',
},
}
# Initialize version and Git URL
CLOSEDVERSE_GIT_VERSION = 'unknown'
CLOSEDVERSE_GIT_URL = ''
CLOSEDVERSE_GIT_HAS_CHANGES = False
# Only set git version/URL if .git folder exists
if os.path.isdir(os.path.join(BASE_DIR, '.git')):
# Get version from Git. This is shown in the layout
git_process = os.popen('git rev-parse HEAD', 'r')
CLOSEDVERSE_GIT_VERSION = git_process.read()[:-1]
# if this command returns a non-zero exit code, then
# there have been some changes so let's indicate that
if os.system('git diff-index --quiet HEAD --'):
CLOSEDVERSE_GIT_HAS_CHANGES = True
git_process = os.popen('git remote get-url origin', 'r')
CLOSEDVERSE_GIT_URL = git_process.read()[:-1]
try:
git_url_without_ext = CLOSEDVERSE_GIT_URL.split('.git')[0]
except IndexError:
pass
else:
CLOSEDVERSE_GIT_URL = git_url_without_ext + '/commit/' + CLOSEDVERSE_GIT_VERSION
# Google reCAPTCHA (v2) settings
# This feature won't work if these fields are not populated.
RECAPTCHA_PUBLIC_KEY = None
RECAPTCHA_PRIVATE_KEY = None
# Key for IPHub service for Closedverse, which detects proxies.
IPHUB_KEY = None
# If this is set to True, then users will receive an error
# upon trying to sign up for the site behind a proxy.
# Uses IPHub service and requires an API key defined above.
DISALLOW_PROXY = False
# Setting this to True forces every user to log in/
# sign up for the site to view any content.
FORCE_LOGIN = False
# A list of URLs that are always accessible
# whether the above value is set or not.
LOGIN_EXEMPT_URLS = {
r'^login/$',
r'^signup/$',
r'^logout/$',
r'^reset/$',
r'^help/rules$',
r'^help/contact$',
r'^help/login$',
r'^s/.*$',
}
# Action to perform on images belonging to posts/
# comments when they are deleted
# 0: keep, 1: move to 'rm' folder, 2: delete
IMAGE_DELETE_SETTING = 2
# allow sign ups.
allow_signups = True
# Whatever the reason may be, you have the option to make your clone invite only.
invite_only = False
# Minimum level required to view IP addresses and user agents. (default: 10)
# Mods under this level will still be able to manage users, however will not be able to view any sensitive data.
# Set this to 0 to prevent anyone from viewing data.
min_lvl_metadata_perms = 0
# if someone's level is equal or above this, they can edit the most communities on your clone.
level_needed_to_man_communities = 5
# if someone's level is equal or above this, they can edit any user with a lower level on your clone.
level_needed_to_man_users = 5
# minimum_password_length is removed as the AUTH_PASSWORD_VALIDATORS work as of 08/2023
# The hard limit for uploading, Will cause an error if this is exceeded. This is set to 15MB by default (15728640)
DATA_UPLOAD_MAX_MEMORY_SIZE = 52428800
# Set the default theme here! Set this to None to use the normal Closedverse theme.
# TODO, make this work for users who aren't logged in.
site_wide_theme_hex = 'ff4159'
# Option to delete image if it's local
# 0 - keep, 1 - move to 'rm' folder, 2 - DELETE
image_delete_opt = 0
# age (minimal 13 due to C.O.P.P.A)
age_allowed = "13"
# brand name currently being implemented throughout templates
brand_name = "Cedar"
memo_title = 'Cedar-Django'
memo_msg = """
<h2>Cedar</h2>
<p>what</p>
<h2>Why is this person rehosting it?</h2>
<p>im bored</p>
"""
# This option enables some production-specific pages
# and routines, such as HTTPS scheme redirection and
# proxy detection via IPHub.
CLOSEDVERSE_PROD = True
XFF_TRUSTED_PROXY_DEPTH = 1
XFF_STRICT = True
XFF_NO_SPOOFING = True
XFF_ALWAYS_PROXY = True
XFF_HEADER_REQUIRED = True
# uncomment this if you want miis to be retrieved on the server
#mii_endpoint = '/origin?a='