mirror of
https://github.com/Mistake35/Cedar-Django.git
synced 2026-07-18 00:21:14 +10:00
- Change password page from profile settings has been moved over to forms.py - Login page has been moved over to forms.py. There is no JavaScript right now, however it is still functional. -Profile_tools_Form has been altered to remove a few unneeded fields that administrators don't need to mess with. - warned_reason and warned fields are gone from User_tools_Form and will be removed from models.py at a later point. - a new ban system has been implemented. While bans are still incomplete and lack capabilities to ban IP addresses as of right now, the groundwork is now here and those features can be added later. - manage_bans page was added. - A new warning system has been implemented. If a Warning is created, a notification is created automatically with it. A warning notification replaces the "new announcement" notification type. - Warning notifications are larger and stand out compared to normal notifications - When posting, commenting or messaging someone, a check is performed to make sure you've seen the warning notification. - manage_warnings page was added. This page will also show you the warning history. - help_text was added to a bunch of fields.
299 lines
9.0 KiB
Python
299 lines
9.0 KiB
Python
"""
|
|
Django settings for closedverse project.
|
|
|
|
Generated by 'django-admin startproject' using Django 2.2.13.
|
|
|
|
For more information on this file, see
|
|
https://docs.djangoproject.com/en/2.2/topics/settings/
|
|
|
|
For the full list of settings and their values, see
|
|
https://docs.djangoproject.com/en/2.2/ref/settings/
|
|
"""
|
|
|
|
import os
|
|
from django.conf.global_settings import PASSWORD_HASHERS
|
|
|
|
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
|
|
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
|
|
|
# Quick-start development settings - unsuitable for production
|
|
# See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
|
|
|
|
# SECURITY WARNING: keep the secret key used in production secret! (If you want a website that can generate key https://miniwebtool.com/django-secret-key-generator/ goto here.)
|
|
SECRET_KEY = ''
|
|
|
|
# SECURITY WARNING: don't run with debug turned on in production!
|
|
DEBUG = False
|
|
|
|
# This is just a default value for testing
|
|
# Do not include 127.0.0.1 or localhost
|
|
# in production for security reasons.
|
|
ALLOWED_HOSTS = [
|
|
'',
|
|
]
|
|
|
|
DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
|
|
|
|
STATIC_URL = '/s/'
|
|
MEDIA_URL = '/i/'
|
|
CLOSEDVERSE_PROD = True
|
|
IMAGE_DELETE_SETTING = 2
|
|
|
|
# Application definition
|
|
|
|
INSTALLED_APPS = [
|
|
'django.contrib.admin',
|
|
'django.contrib.auth',
|
|
'django.contrib.contenttypes',
|
|
'django.contrib.sessions',
|
|
'django.contrib.messages',
|
|
'django.contrib.staticfiles',
|
|
'markdown_deux',
|
|
'closedverse_main',
|
|
]
|
|
X_FRAME_OPTIONS='SAMEORIGIN'
|
|
|
|
MIDDLEWARE = [
|
|
'django.middleware.security.SecurityMiddleware',
|
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
|
# use this middleware if you need x-forwarded-for support
|
|
#'xff.middleware.XForwardedForMiddleware',
|
|
'django.middleware.common.CommonMiddleware',
|
|
'django.middleware.csrf.CsrfViewMiddleware',
|
|
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
|
'django.contrib.messages.middleware.MessageMiddleware',
|
|
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
|
'closedverse_main.middleware.ClosedMiddleware',
|
|
'closedverse_main.middleware.CheckForBanMiddleware',
|
|
]
|
|
if not DEBUG:
|
|
MIDDLEWARE += ['whitenoise.middleware.WhiteNoiseMiddleware']
|
|
|
|
ROOT_URLCONF = 'closedverse.urls'
|
|
|
|
TEMPLATES = [
|
|
{
|
|
'BACKEND': 'django.template.backends.django.DjangoTemplates',
|
|
'DIRS': [],
|
|
'APP_DIRS': True,
|
|
'OPTIONS': {
|
|
'context_processors': [
|
|
'django.template.context_processors.debug',
|
|
'django.template.context_processors.request',
|
|
'django.contrib.auth.context_processors.auth',
|
|
'django.contrib.messages.context_processors.messages',
|
|
'closedverse_main.context_processors.brand_name_universal',
|
|
],
|
|
},
|
|
},
|
|
]
|
|
|
|
WSGI_APPLICATION = 'closedverse.wsgi.application'
|
|
|
|
|
|
# Database
|
|
# https://docs.djangoproject.com/en/2.2/ref/settings/#databases
|
|
|
|
DATABASES = {
|
|
'default': {
|
|
'ENGINE': 'django.db.backends.sqlite3',
|
|
'NAME': os.path.join(BASE_DIR, 'sql.sqlite3'),
|
|
}
|
|
}
|
|
|
|
# Password validation
|
|
# https://docs.djangoproject.com/en/2.2/ref/settings/#auth-password-validators
|
|
|
|
# only use these when debug is not enabled so that making dummy accounts in debug is easier
|
|
if not DEBUG:
|
|
AUTH_PASSWORD_VALIDATORS = [
|
|
{
|
|
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
|
|
},
|
|
{
|
|
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
|
|
},
|
|
{
|
|
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
|
|
},
|
|
{
|
|
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
|
|
},
|
|
]
|
|
|
|
# append the old passlib hasher to the end of PASSWORD_HASHERS
|
|
# you only need this if your closedverse instance has passwords from before 08/2023, otherwise leave it commented
|
|
# although django has a bcrypt sha256 method, it's not compatible with passlib's, which is what closedverse used
|
|
# python3 -m pip install django-hashers-passlib
|
|
#PASSWORD_HASHERS += ['hashers_passlib.bcrypt_sha256']
|
|
|
|
# Internationalization
|
|
# https://docs.djangoproject.com/en/2.2/topics/i18n/
|
|
|
|
LANGUAGE_CODE = 'en-us'
|
|
|
|
# replace with your own timezone
|
|
TIME_ZONE = 'PST8PDT'
|
|
|
|
# Disable internationalization because Closedverse doesn't use it
|
|
USE_I18N = False
|
|
|
|
USE_L10N = False
|
|
|
|
USE_TZ = True
|
|
|
|
# Static files (CSS, JavaScript, Images)
|
|
# https://docs.djangoproject.com/en/2.2/howto/static-files/
|
|
|
|
#STATIC_URL = '/static/'
|
|
if not DEBUG:
|
|
# without this, this will not serve static for admin (and other apps potentially)
|
|
WHITENOISE_USE_FINDERS = True
|
|
STATICFILES_STORAGE = 'whitenoise.storage.CompressedStaticFilesStorage'
|
|
STATIC_ROOT = os.path.join(BASE_DIR, 'static/')
|
|
else:
|
|
# Define static files in the base directory
|
|
STATICFILES_DIRS = [
|
|
os.path.join(BASE_DIR, 'static/'),
|
|
]
|
|
|
|
# Closedverse models and routes for Django
|
|
AUTH_USER_MODEL = 'closedverse_main.User'
|
|
CSRF_FAILURE_VIEW = 'closedverse_main.views.csrf_fail'
|
|
LOGIN_URL = '/login/'
|
|
LOGIN_REDIRECT_URL = '/login/'
|
|
|
|
# User-uploaded media paths for Closedverse
|
|
#MEDIA_URL = '/media/'
|
|
# Must end with a trailing slash
|
|
MEDIA_ROOT = os.path.join(BASE_DIR, 'media/')
|
|
|
|
# Settings for markdown_deux, a module
|
|
# that Closedverse uses in user messages
|
|
MARKDOWN_DEUX_STYLES = {
|
|
'default': {
|
|
'extras': {
|
|
'code-friendly': None,
|
|
},
|
|
'safe_mode': 'escape',
|
|
},
|
|
}
|
|
|
|
# Initialize version and Git URL
|
|
CLOSEDVERSE_GIT_VERSION = 'unknown'
|
|
CLOSEDVERSE_GIT_URL = ''
|
|
CLOSEDVERSE_GIT_HAS_CHANGES = False
|
|
|
|
# Only set git version/URL if .git folder exists
|
|
if os.path.isdir(os.path.join(BASE_DIR, '.git')):
|
|
# Get version from Git. This is shown in the layout
|
|
git_process = os.popen('git rev-parse HEAD', 'r')
|
|
CLOSEDVERSE_GIT_VERSION = git_process.read()[:-1]
|
|
|
|
# if this command returns a non-zero exit code, then
|
|
# there have been some changes so let's indicate that
|
|
if os.system('git diff-index --quiet HEAD --'):
|
|
CLOSEDVERSE_GIT_HAS_CHANGES = True
|
|
|
|
git_process = os.popen('git remote get-url origin', 'r')
|
|
CLOSEDVERSE_GIT_URL = git_process.read()[:-1]
|
|
|
|
try:
|
|
git_url_without_ext = CLOSEDVERSE_GIT_URL.split('.git')[0]
|
|
except IndexError:
|
|
pass
|
|
else:
|
|
CLOSEDVERSE_GIT_URL = git_url_without_ext + '/commit/' + CLOSEDVERSE_GIT_VERSION
|
|
|
|
# Google reCAPTCHA (v2) settings
|
|
# This feature won't work if these fields are not populated.
|
|
RECAPTCHA_PUBLIC_KEY = None
|
|
RECAPTCHA_PRIVATE_KEY = None
|
|
|
|
# Key for IPHub service for Closedverse, which detects proxies.
|
|
IPHUB_KEY = None
|
|
# If this is set to True, then users will receive an error
|
|
# upon trying to sign up for the site behind a proxy.
|
|
# Uses IPHub service and requires an API key defined above.
|
|
DISALLOW_PROXY = False
|
|
|
|
# Setting this to True forces every user to log in/
|
|
# sign up for the site to view any content.
|
|
FORCE_LOGIN = False
|
|
|
|
# A list of URLs that are always accessible
|
|
# whether the above value is set or not.
|
|
LOGIN_EXEMPT_URLS = {
|
|
r'^login/$',
|
|
r'^signup/$',
|
|
r'^logout/$',
|
|
r'^reset/$',
|
|
r'^help/rules$',
|
|
r'^help/contact$',
|
|
r'^help/login$',
|
|
r'^s/.*$',
|
|
}
|
|
|
|
# Action to perform on images belonging to posts/
|
|
# comments when they are deleted
|
|
# 0: keep, 1: move to 'rm' folder, 2: delete
|
|
IMAGE_DELETE_SETTING = 2
|
|
|
|
# allow sign ups.
|
|
allow_signups = True
|
|
|
|
# Whatever the reason may be, you have the option to make your clone invite only.
|
|
invite_only = False
|
|
|
|
# Minimum level required to view IP addresses and user agents. (default: 10)
|
|
# Mods under this level will still be able to manage users, however will not be able to view any sensitive data.
|
|
# Set this to 0 to prevent anyone from viewing data.
|
|
min_lvl_metadata_perms = 0
|
|
|
|
# if someone's level is equal or above this, they can edit the most communities on your clone.
|
|
level_needed_to_man_communities = 5
|
|
|
|
# if someone's level is equal or above this, they can edit any user with a lower level on your clone.
|
|
level_needed_to_man_users = 5
|
|
|
|
# minimum_password_length is removed as the AUTH_PASSWORD_VALIDATORS work as of 08/2023
|
|
|
|
# The hard limit for uploading, Will cause an error if this is exceeded. This is set to 15MB by default (15728640)
|
|
DATA_UPLOAD_MAX_MEMORY_SIZE = 52428800
|
|
|
|
# Set the default theme here! Set this to None to use the normal Closedverse theme.
|
|
# TODO, make this work for users who aren't logged in.
|
|
site_wide_theme_hex = 'ff4159'
|
|
|
|
# Option to delete image if it's local
|
|
# 0 - keep, 1 - move to 'rm' folder, 2 - DELETE
|
|
image_delete_opt = 0
|
|
|
|
# age (minimal 13 due to C.O.P.P.A)
|
|
age_allowed = "13"
|
|
|
|
# brand name currently being implemented throughout templates
|
|
brand_name = "Cedar"
|
|
|
|
memo_title = 'Cedar-Django'
|
|
memo_msg = """
|
|
<h2>Cedar</h2>
|
|
<p>what</p>
|
|
<h2>Why is this person rehosting it?</h2>
|
|
<p>im bored</p>
|
|
"""
|
|
|
|
# This option enables some production-specific pages
|
|
# and routines, such as HTTPS scheme redirection and
|
|
# proxy detection via IPHub.
|
|
CLOSEDVERSE_PROD = True
|
|
|
|
XFF_TRUSTED_PROXY_DEPTH = 1
|
|
XFF_STRICT = True
|
|
XFF_NO_SPOOFING = True
|
|
XFF_ALWAYS_PROXY = True
|
|
XFF_HEADER_REQUIRED = True
|
|
|
|
# uncomment this if you want miis to be retrieved on the server
|
|
#mii_endpoint = '/origin?a='
|