fix: split default config and instance config

2022-11-30 23:52:50 +01:00 · 2022-11-30 23:52:50 +01:00 · b96cbbde25
commit b96cbbde25
parent d9ef64d983
6 changed files with 70 additions and 30 deletions
--- a/config.py
+++ b/config.py
@ -0,0 +1,35 @@
+"""Configuration file for LUMI2."""
+
+# The Flask secret key used cryptographic operations.
+# This should be a long (>32 characters), random alphanumeric string.
+SECRET_KEY = 'CHANGEME'
+# The hashed administrator password, which defaults to 'admin'.
+# Replace this with the hash of a STRONG password.
+ADMIN_PASSWORD = 'pbkdf2:sha256:260000$J9yKJOAvWfvaO9Op$f959d88402f67a5143808a00e35d17e636546f1caf5a85c1b6ab1165d1780448'
+
+# The hostname and port number where this LUMI2 instance can be reached.
+#SERVER_NAME = 'lumi2.example.com:80'
+
+# The title of pages as displayed in the browser.
+SITE_TITLE = 'LUMI 2'
+# Site metadata as displayed by search engines.
+SITE_AUTHOR = 'LUMI 2 Development Team'
+SITE_DESCRIPTION = 'A simple frontend for LDAP account management.'
+
+# URL or hostname of the LDAP server.
+# Currently, only unencrypted connections are supported.
+LDAP_HOSTNAME = 'ldap://openldap'
+# Credentials for an LDAP bind user with read- and write access to the server.
+LDAP_BIND_USER_DN = 'cn=admin,dc=example,dc=com'
+LDAP_BIND_USER_PASSWORD = 'admin'
+# Base DN of the LDAP server.
+LDAP_BASE_DN = 'dc=example,dc=com'
+
+# DN of the organizational unit beneath which users are located.
+LDAP_USERS_OU = 'ou=users,dc=example,dc=com'
+# DN of the organizational unit beneath which groups are located.
+LDAP_GROUPS_OU = 'ou=groups,dc=example,dc=com'
+
+# Maximum size in Bytes for incoming requests, both for improved security and
+# to limit the size of uploaded user profile pictures.
+MAX_CONTENT_LENGTH = 8_000_000
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -9,18 +9,22 @@ services:
    command: flask --app /app/lumi2 --debug run --host 0.0.0.0 --port 80
    volumes:
      - ./lumi2/__init__.py:/app/lumi2/__init__.py:ro
+      - ./lumi2/auth.py:/app/lumi2/auth.py:ro
+      - ./lumi2/default_configuration.py:/app/lumi2/default_configuration.py:ro
      - ./lumi2/exceptions.py:/app/lumi2/exceptions.py:ro
      - ./lumi2/ldap.py:/app/lumi2/ldap.py:ro
-      - ./lumi2/auth.py:/app/lumi2/auth.py:ro
-      - ./lumi2/usermodel.py:/app/lumi2/usermodel.py:ro
-      - ./lumi2/webapi.py:/app/lumi2/webapi.py:ro
-      - ./lumi2/usermanager.py:/app/lumi2/usermanager.py:ro
-      - ./lumi2/static/js:/app/lumi2/static/js:ro
      - ./lumi2/static/css:/app/lumi2/static/css:ro
      - ./lumi2/static/images/base:/app/lumi2/static/images/base:ro
      - ./lumi2/static/images/default:/app/lumi2/static/images/default:ro
+      - ./lumi2/static/js:/app/lumi2/static/js:ro
      - ./lumi2/templates/:/app/lumi2/templates/:ro
+      - ./lumi2/usermanager.py:/app/lumi2/usermanager.py:ro
+      - ./lumi2/usermodel.py:/app/lumi2/usermodel.py:ro
+      - ./lumi2/webapi.py:/app/lumi2/webapi.py:ro
      - ./tests/fakedata.py/:/app/tests/fakedata.py:ro
+      - ./config.py/:/app/config.py:ro
+    environment:
+      - LUMI_CONFIG=/app/config.py
    ports:
      - "8000:80"
    depends_on:
--- a/lumi2/init.py
+++ b/lumi2/init.py
@ -13,28 +13,13 @@ def create_app(test_config=None):
    Creates and configures the flask app.
    """

+    from . import default_configuration
    app = Flask(__name__, instance_relative_config=True)
-    app.config.from_mapping(
-        SECRET_KEY='ChangeMeInProduction',
-        ADMIN_PASSWORD='pbkdf2:sha256:260000$J9yKJOAvWfvaO9Op$f959d88402f67a5143808a00e35d17e636546f1caf5a85c1b6ab1165d1780448',
-        SITE_URL='https://www.example.com/',
-        SITE_TITLE='LUMI 2',
-        SITE_AUTHOR='LUMI 2 Development Team',
-        SITE_DESCRIPTION='A simple frontend for LDAP account management.',
-        LDAP_HOSTNAME='ldap://openldap',
-        LDAP_BIND_USER_DN='cn=admin,dc=example,dc=com',
-        LDAP_BIND_USER_PASSWORD='admin',
-        LDAP_BASE_DN='dc=example,dc=com',
-        LDAP_USERS_OU='ou=users,dc=example,dc=com',
-        LDAP_GROUPS_OU='ou=groups,dc=example,dc=com',
-        LDAP_USER_OBJECT_CLASS='inetOrgPerson',
-        LDAP_GROUP_OBJECT_CLASS='groupOfUniqueNames',
-        MAX_CONTENT_LENGTH=8_000_000,
-    )
+    app.config.from_object(default_configuration)

    if test_config is None:
        # Load the instance config, if it exists, when not testing
-        app.config.from_pyfile('config.py', silent=True)
+        app.config.from_envvar('LUMI_CONFIG', silent=True)
    else:
        # Load the test config if passed in
        app.config.from_mapping(test_config)
--- a/lumi2/default_configuration.py
+++ b/lumi2/default_configuration.py
@ -0,0 +1,22 @@
+"""Default configuration for lumi2.
+
+The values here should be overridden as necessary prior to deployment.
+"""
+
+SECRET_KEY = 'INSECURE'
+ADMIN_PASSWORD = 'pbkdf2:sha256:260000$J9yKJOAvWfvaO9Op$f959d88402f67a5143808a00e35d17e636546f1caf5a85c1b6ab1165d1780448'
+
+#SERVER_NAME = 'lumi2.example.com:80'
+
+SITE_TITLE = 'LUMI 2'
+SITE_AUTHOR = 'LUMI 2 Development Team'
+SITE_DESCRIPTION = 'A simple frontend for LDAP account management.'
+
+LDAP_HOSTNAME = 'ldap://ldap.example.com'
+LDAP_BIND_USER_DN = 'cn=admin,dc=example,dc=com'
+LDAP_BIND_USER_PASSWORD = 'secret'
+LDAP_BASE_DN = 'dc=example,dc=com'
+LDAP_USERS_OU = 'ou=users,dc=example,dc=com'
+LDAP_GROUPS_OU = 'ou=groups,dc=example,dc=com'
+
+MAX_CONTENT_LENGTH = 8_000_000
--- a/lumi2/ldap.py
+++ b/lumi2/ldap.py
@ -377,8 +377,6 @@ def _assert_app_config_is_valid() -> None:
    - 'LDAP_BASE_DN'
    - 'LDAP_USERS_OU'
    - 'LDAP_GROUPS_OU'
-    - 'LDAP_USER_OBJECT_CLASS'
-    - 'LDAP_GROUP_OBJECT_CLASS'

    Returns
    -------
@ -401,8 +399,6 @@ def _assert_app_config_is_valid() -> None:
        'LDAP_BASE_DN',
        'LDAP_USERS_OU',
        'LDAP_GROUPS_OU',
-        'LDAP_USER_OBJECT_CLASS',
-        'LDAP_GROUP_OBJECT_CLASS',
    ]

    for key in required_keys:
@ -419,8 +415,6 @@ def _assert_app_config_is_valid() -> None:
    _assert_is_valid_bind_user_dn(current_app.config['LDAP_BIND_USER_DN'])
    for base in ['LDAP_USERS_OU', 'LDAP_GROUPS_OU']:
        _assert_is_valid_ou_dn(current_app.config[base])
-    _assert_is_valid_user_object_class(current_app.config['LDAP_USER_OBJECT_CLASS'])
-    _assert_is_valid_group_object_class(current_app.config['LDAP_GROUP_OBJECT_CLASS'])


 def get_connection() -> Connection:
--- a/lumi2/templates/base.html
+++ b/lumi2/templates/base.html
@ -10,7 +10,7 @@

        <meta property="og:title" content="{{ config.SITE_TITLE }}">
        <meta property="og:type" content="website">
-        <meta property="og:url" content="{{ config.SITE_URL }}">
+        <meta property="og:url" content="{{ request.url }}">
        <meta property="og:description" content="{{ config.SITE_DESCRIPTION }}">
        <meta property="og:image" content="{{ url_for('static', filename='images/base/og.png') }}">