fix(app): Use correct settings and urls

.credentials/SECRET_KEY

@@ -0,0 +1 @@
+insecure-secret_key

.envrc

@@ -0,0 +1 @@
+use nix

.gitignore

@@ -3,3 +3,4 @@ venv
 .*.swp
 *.pyc
 *.sqlite3
+.direnv

WikiENS/.gitignore

@@ -1 +0,0 @@
-settings.py

WikiENS/settings/.gitignore

@@ -1 +0,0 @@
-secret.py

WikiENS/settings/local.py

@@ -1,16 +0,0 @@
-import os
-
-
-from .common import *  # noqa
-from .common import BASE_DIR
-
-
-EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
-DEBUG = True
-
-DATABASES = {
-    "default": {
-        "ENGINE": "django.db.backends.sqlite3",
-        "NAME": os.path.join(BASE_DIR, "db.sqlite3"),
-    }
-}

WikiENS/settings/prod.py

@@ -1,11 +0,0 @@
-import os
-
-from .common import *  # noqa
-from .common import BASE_DIR
-
-
-DEBUG = False
-ALLOWED_HOSTS = ["www.eleves.ens.fr", "wiki.eleves.ens.fr"]
-
-STATIC_ROOT = os.path.join(BASE_DIR, "..", "static")
-MEDIA_ROOT = os.path.join(BASE_DIR, "..", "media")

WikiENS/settings/secret_example.py

@@ -1,7 +0,0 @@
-SECRET_KEY = "_u5q4-^1qgkqg=i5o5ha*xkd@82#l$e+%m)$v+4y#t-5!g-%g2"
-ADMINS = None
-EMAIL_HOST = "localhost"
-
-DBNAME = "wiki"
-DBUSER = "wiki"
-DBPASSWD = "dummy"

WikiENS/urls.py

@@ -1,23 +0,0 @@
-from django.conf.urls import url, include
-from django.contrib import admin
-
-from allauth_ens.views import capture_login, capture_logout
-from wiki.urls import get_pattern as get_wiki_pattern
-from django_nyt.urls import get_pattern as get_nyt_pattern
-
-allauth_urls = [
-    # Catch login/logout views of admin site.
-    url(r'^_admin/login/$', capture_login),
-    url(r'^_admin/logout/$', capture_logout),
-    # Allauth urls.
-    url(r'^_profil/', include('allauth.urls')),
-]
-
-urlpatterns = allauth_urls + [
-    url(r'^_admin/', admin.site.urls),
-    url(r'^notifications/', get_nyt_pattern()),
-    url(r'^_groups/', include("wiki_groups.urls")),
-    url(r'', get_wiki_pattern()),
-]
-
-# TODO add MEDIA_ROOT

app/settings.py

@@ -1,42 +1,34 @@
-import os
+"""
+Django settings for the wiki_ens project
+"""
 
-from django.urls import reverse_lazy
+from pathlib import Path
 
 from django.contrib.messages import constants as messages
+from django.urls import reverse_lazy
+from django.utils.translation import gettext_lazy as _
+from loadcredential import Credentials
 
-try:
+credentials = Credentials(env_prefix="WIKIENS_")
-    from . import secret
+
-except ImportError:
+# Build paths inside the project like this: BASE_DIR / 'subdir'.
-    raise ImportError(
+BASE_DIR = Path(__file__).resolve().parent.parent
-        "The secret.py file is missing.\n"
+
-        "For a development environment, simply copy secret_example.py"
+# WARNING: keep the secret key used in production secret!
-    )
+SECRET_KEY = credentials["SECRET_KEY"]
+
+# WARNING: don't run with debug turned on in production!
+DEBUG = credentials.get_json("DEBUG", False)
+
+ALLOWED_HOSTS = credentials.get_json("ALLOWED_HOSTS", [])
+
+ADMINS = credentials.get_json("ADMINS", [])
+
+SITE_ID = 1
 
 
-def import_secret(name):
+###
-    """
+# List the installed applications
-    Shorthand for importing a value from the secret module and raising an
-    informative exception if a secret is missing.
-    """
-    try:
-        return getattr(secret, name)
-    except AttributeError:
-        raise RuntimeError("Secret missing: {}".format(name))
-
-
-SECRET_KEY = import_secret("SECRET_KEY")
-ADMINS = import_secret("ADMINS")
-MANAGERS = ADMINS
-EMAIL_HOST = import_secret("EMAIL_HOST")
-
-DBNAME = import_secret("DBNAME")
-DBUSER = import_secret("DBUSER")
-DBPASSWD = import_secret("DBPASSWD")
-
-SERVER_EMAIL = "wiki@www.eleves.ens.fr"
-
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
-
 
 INSTALLED_APPS = [
     "django.contrib.admin",
@@ -66,6 +58,10 @@ INSTALLED_APPS = [
     "allauth_ens.providers.clipper",
 ]
 
+
+###
+# List the installed middlewares
+
 MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
@@ -74,9 +70,21 @@ MIDDLEWARE = [
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "allauth.account.middleware.AccountMiddleware",
 ]
 
-ROOT_URLCONF = "WikiENS.urls"
+
+###
+# The main url configuration
+
+ROOT_URLCONF = "app.urls"
+
+
+###
+# Template configuration:
+#   - Django Templating Language is used
+#   - Application directories can be used
+
 
 TEMPLATES = [
     {
@@ -90,66 +98,72 @@ TEMPLATES = [
                 "django.contrib.auth.context_processors.auth",
                 "django.contrib.messages.context_processors.messages",
                 "sekizai.context_processors.sekizai",
-            ]
+            ],
         },
-    }
+    },
 ]
 
-WSGI_APPLICATION = "WikiENS.wsgi.application"
 
-SITE_ID = 1
+###
-
+# Database configuration
-
+#   -> https://docs.djangoproject.com/en/4.2/ref/settings/#databases
-# Database
-# https://docs.djangoproject.com/en/1.11/ref/settings/#databases
-
-DATABASES = {
-    "default": {
-        "ENGINE": "django.db.backends.postgresql",
-        "NAME": DBNAME,
-        "USER": DBUSER,
-        "PASSWORD": DBPASSWD,
-        "HOST": "",
-    }
-}
 
 DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
 
-# Password validation
+DATABASES = credentials.get_json(
-# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
+    "DATABASES",
-
-AUTH_PASSWORD_VALIDATORS = [
     {
-        "NAME": (
+        "default": {
-            # XXX. Cette chaîne est très longue… Je la coupe en deux sinon
+            "ENGINE": "django.db.backends.sqlite3",
-            # black ne me fiche pas la paix (mais c'est vraiment nul)
+            "NAME": BASE_DIR / "db.sqlite3",
-            "django.contrib.auth.password_validation."
+        }
-            "UserAttributeSimilarityValidator"
-        )
     },
-    {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
+)
-    {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
+
-    {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
+CACHES = credentials.get_json(
-]
+    "CACHES",
+    default={
+        "default": {
+            "BACKEND": "django.core.cache.backends.locmem.LocMemCache",
+        },
+    },
+)
 
 
-# Internationalization
+###
-# https://docs.djangoproject.com/en/1.11/topics/i18n/
+# WSGI application configuration
+
+WSGI_APPLICATION = "app.wsgi.application"
+
+
+###
+# Staticfiles configuration
+
+STATIC_ROOT = credentials["STATIC_ROOT"]
+STATIC_URL = "/static/"
+
+MEDIA_ROOT = credentials.get("MEDIA_ROOT", BASE_DIR / "media")
+MEDIA_URL = "/media/"
+
+
+###
+# Internationalization configuration
+#   -> https://docs.djangoproject.com/en/4.2/topics/i18n/
 
 LANGUAGE_CODE = "fr-fr"
-
 TIME_ZONE = "Europe/Paris"
 
 USE_I18N = True
-
 USE_L10N = True
-
 USE_TZ = True
 
+LANGUAGES = [
+    ("fr", _("Français")),
+]
 
-# Authentication
+
-# https://docs.djangoproject.com/en/1.11/ref/settings/#auth
+###
-# https://django-allauth.readthedocs.io/en/latest/index.html
+# Authentication configuration
 
 AUTHENTICATION_BACKENDS = [
     "allauth.account.auth_backends.AuthenticationBackend",
@@ -176,19 +190,25 @@ ACCOUNT_USER_DISPLAY = _user_display
 
 SOCIALACCOUNT_PROVIDERS = {
     "clipper": {
-        "MESSAGE_SUGGEST_LOGOUT_ON_LOGOUT": True,
+        "APP": {
-        "MESSAGE_SUGGEST_LOGOUT_ON_LOGOUT_LEVEL": messages.INFO,
+            "MESSAGE_SUGGEST_LOGOUT_ON_LOGOUT": True,
-    },
+            "MESSAGE_SUGGEST_LOGOUT_ON_LOGOUT_LEVEL": messages.INFO,
+        },
+    }
 }
 
+AUTH_PASSWORD_VALIDATORS = [
+    {"NAME": f"django.contrib.auth.password_validation.{v}"}
+    for v in [
+        "UserAttributeSimilarityValidator",
+        "MinimumLengthValidator",
+        "CommonPasswordValidator",
+        "NumericPasswordValidator",
+    ]
+]
 
-# Static / media contents
+###
-
+# Wiki configuration
-STATIC_URL = "/_static/"
-MEDIA_URL = "/_media/"
-
-
-# WIKI SETTINGS
 
 WIKI_ATTACHMENTS_EXTENSIONS = [
     "pdf",
@@ -210,12 +230,6 @@ WIKI_ATTACHMENTS_EXTENSIONS = [
 WIKI_REVISIONS_PER_HOUR = 180
 WIKI_REVISIONS_PER_MINUTES = 180
 
-# Dark magic - tell django to use X-Forwarded-*
-# This is needed for django-allauth-cas, see
-# https://blog.ubuntu.com/2015/08/18/django-behind-a-proxy-fixing-absolute-urls
-USE_X_FORWARDED_HOST = True
-SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
-
 # Use sign up, login, logout, profile settings views of allauth.
 WIKI_ACCOUNT_HANDLING = False
 
@@ -227,3 +241,10 @@ WIKI_ACCOUNT_SIGNUP_ALLOWED = True
 # will be treated as the others_write boolean field on models.Article.
 WIKI_ANONYMOUS_WRITE = False
 WIKI_ANONYMOUS = False
+
+
+# FIXME: Add correct email settings
+
+# Development settings
+if DEBUG:
+    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"

app/urls.py

@@ -0,0 +1,20 @@
+from allauth_ens.views import capture_login, capture_logout
+from django.contrib import admin
+from django.urls import include, path
+
+allauth_urls = [
+    # Catch login/logout views of admin site.
+    path("_admin/login/", capture_login),
+    path("_admin/logout/", capture_logout),
+    # Allauth urls.
+    path("_profil/", include("allauth.urls")),
+]
+
+urlpatterns = allauth_urls + [
+    path("_admin/", admin.site.urls),
+    path("notifications/", include("django_nyt.urls")),
+    path("_groups/", include("wiki_groups.urls")),
+    path("", include("wiki.urls")),
+]
+
+# TODO add MEDIA_ROOT

app/wsgi.py

@@ -11,6 +11,6 @@ import os
 
 from django.core.wsgi import get_wsgi_application
 
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "WikiENS.settings")
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "app.settings")
 
 application = get_wsgi_application()

default.nix

@@ -0,0 +1,45 @@
+{
+  sources ? import ./npins,
+  pkgs ? import sources.nixpkgs { },
+}:
+
+let
+  nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
+
+  python3 = pkgs.python3.override {
+    packageOverrides = _: _: {
+      inherit (nix-pkgs) django-allauth-ens django-wiki loadcredential;
+    };
+  };
+in
+
+{
+  devShell = pkgs.mkShell {
+    name = "annuaire.dev";
+
+    packages = [
+      (python3.withPackages (ps: [
+        ps.django
+        ps.django-allauth-ens
+        ps.django-wiki
+        ps.loadcredential
+        ps.tinycss2
+      ]))
+    ];
+
+    env = {
+      DJANGO_SETTINGS_MODULE = "app.settings";
+
+      CREDENTIALS_DIRECTORY = builtins.toString ./.credentials;
+
+      WIKIENS_DEBUG = builtins.toJSON true;
+      WIKIENS_STATIC_ROOT = builtins.toString ./.static;
+    };
+
+    shellHook = ''
+      if [ ! -d .static ]; then
+        mkdir .static
+      fi
+    '';
+  };
+}

manage.py

@@ -3,7 +3,7 @@ import os
 import sys
 
 if __name__ == "__main__":
-    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "WikiENS.settings.local")
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "app.settings")
     try:
         from django.core.management import execute_from_command_line
     except ImportError:

npins/default.nix

@@ -0,0 +1,80 @@
+# Generated by npins. Do not modify; will be overwritten regularly
+let
+  data = builtins.fromJSON (builtins.readFile ./sources.json);
+  version = data.version;
+
+  mkSource =
+    spec:
+    assert spec ? type;
+    let
+      path =
+        if spec.type == "Git" then
+          mkGitSource spec
+        else if spec.type == "GitRelease" then
+          mkGitSource spec
+        else if spec.type == "PyPi" then
+          mkPyPiSource spec
+        else if spec.type == "Channel" then
+          mkChannelSource spec
+        else
+          builtins.throw "Unknown source type ${spec.type}";
+    in
+    spec // { outPath = path; };
+
+  mkGitSource =
+    {
+      repository,
+      revision,
+      url ? null,
+      hash,
+      branch ? null,
+      ...
+    }:
+    assert repository ? type;
+    # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
+    # In the latter case, there we will always be an url to the tarball
+    if url != null then
+      (builtins.fetchTarball {
+        inherit url;
+        sha256 = hash; # FIXME: check nix version & use SRI hashes
+      })
+    else
+      assert repository.type == "Git";
+      let
+        urlToName =
+          url: rev:
+          let
+            matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
+
+            short = builtins.substring 0 7 rev;
+
+            appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
+          in
+          "${if matched == null then "source" else builtins.head matched}${appendShort}";
+        name = urlToName repository.url revision;
+      in
+      builtins.fetchGit {
+        url = repository.url;
+        rev = revision;
+        inherit name;
+        # hash = hash;
+      };
+
+  mkPyPiSource =
+    { url, hash, ... }:
+    builtins.fetchurl {
+      inherit url;
+      sha256 = hash;
+    };
+
+  mkChannelSource =
+    { url, hash, ... }:
+    builtins.fetchTarball {
+      inherit url;
+      sha256 = hash;
+    };
+in
+if version == 3 then
+  builtins.mapAttrs (_: mkSource) data.pins
+else
+  throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"

npins/sources.json

@@ -0,0 +1,22 @@
+{
+  "pins": {
+    "nix-pkgs": {
+      "type": "Git",
+      "repository": {
+        "type": "Git",
+        "url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
+      },
+      "branch": "main",
+      "revision": "6f56463c0034d4162dabb98ee8e70d6c43214ac0",
+      "url": null,
+      "hash": "0dqm2n88f0yl63wacizwpjrcv51arz5z31nhwbjcbyjxrwiwxamq"
+    },
+    "nixpkgs": {
+      "type": "Channel",
+      "name": "nixpkgs-unstable",
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre694416.ccc0c2126893/nixexprs.tar.xz",
+      "hash": "0cn1z4wzps8nfqxzr6l5mbn81adcqy2cy2ic70z13fhzicmxfsbx"
+    }
+  },
+  "version": 3
+}

requirements.txt

@@ -1,3 +0,0 @@
-Django==3.2.*
-git+https://git.eleves.ens.fr/klub-dev-ens/django-allauth-ens.git@1.1.3
-wiki==0.7.*

requirements_prod.txt

@@ -1,3 +0,0 @@
--r requirements.txt
-psycopg2
-gunicorn

shell.nix

@@ -0,0 +1 @@
+(import ./. { }).devShell

wiki_groups/__init__.py

@@ -1 +0,0 @@
-default_app_config = "wiki_groups.apps.WikiGroupsConfig"