Compare commits

..

5 commits

25 changed files with 284 additions and 159 deletions

1
.credentials/SECRET_KEY Normal file
View file

@ -0,0 +1 @@
insecure-secret_key

1
.envrc Normal file
View file

@ -0,0 +1 @@
use nix

1
.gitignore vendored
View file

@ -3,3 +3,4 @@ venv
.*.swp
*.pyc
*.sqlite3
.direnv

1
WikiENS/.gitignore vendored
View file

@ -1 +0,0 @@
settings.py

View file

@ -1 +0,0 @@
secret.py

View file

@ -1,16 +0,0 @@
import os
from .common import * # noqa
from .common import BASE_DIR
EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
DEBUG = True
DATABASES = {
"default": {
"ENGINE": "django.db.backends.sqlite3",
"NAME": os.path.join(BASE_DIR, "db.sqlite3"),
}
}

View file

@ -1,11 +0,0 @@
import os
from .common import * # noqa
from .common import BASE_DIR
DEBUG = False
ALLOWED_HOSTS = ["www.eleves.ens.fr", "wiki.eleves.ens.fr"]
STATIC_ROOT = os.path.join(BASE_DIR, "..", "static")
MEDIA_ROOT = os.path.join(BASE_DIR, "..", "media")

View file

@ -1,7 +0,0 @@
SECRET_KEY = "_u5q4-^1qgkqg=i5o5ha*xkd@82#l$e+%m)$v+4y#t-5!g-%g2"
ADMINS = None
EMAIL_HOST = "localhost"
DBNAME = "wiki"
DBUSER = "wiki"
DBPASSWD = "dummy"

View file

@ -1,22 +0,0 @@
from django.conf.urls import include
from django.urls import re_path
from django.contrib import admin
from allauth_ens.views import capture_login, capture_logout
allauth_urls = [
# Catch login/logout views of admin site.
re_path(r'^_admin/login/$', capture_login),
re_path(r'^_admin/logout/$', capture_logout),
# Allauth urls.
re_path(r'^_profil/', include('allauth.urls')),
]
urlpatterns = allauth_urls + [
re_path(r'^_admin/', admin.site.urls),
re_path(r'^notifications/', include('django_nyt.urls')),
re_path(r'^_groups/', include("wiki_groups.urls")),
re_path(r'', include('wiki.urls')),
]
# TODO add MEDIA_ROOT

View file

@ -1,45 +1,34 @@
import os
"""
Django settings for the wiki_ens project
"""
from django.urls import reverse_lazy
from pathlib import Path
from django.contrib.messages import constants as messages
from django.urls import reverse_lazy
from django.utils.translation import gettext_lazy as _
from loadcredential import Credentials
try:
from . import secret
except ImportError:
import pathlib
dir_path = pathlib.Path(__file__).parent.resolve().as_posix()
raise ImportError(
"The secret.py file is missing.\n"
"For a development environment, simply copy secret_example.py:\n"
f" $ cp {dir_path}/{{secret_example,secret}}.py"
)
credentials = Credentials(env_prefix="WIKIENS_")
# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent
# WARNING: keep the secret key used in production secret!
SECRET_KEY = credentials["SECRET_KEY"]
# WARNING: don't run with debug turned on in production!
DEBUG = credentials.get_json("DEBUG", False)
ALLOWED_HOSTS = credentials.get_json("ALLOWED_HOSTS", [])
ADMINS = credentials.get_json("ADMINS", [])
SITE_ID = 1
def import_secret(name):
"""
Shorthand for importing a value from the secret module and raising an
informative exception if a secret is missing.
"""
try:
return getattr(secret, name)
except AttributeError:
raise RuntimeError("Secret missing: {}".format(name))
SECRET_KEY = import_secret("SECRET_KEY")
ADMINS = import_secret("ADMINS")
MANAGERS = ADMINS
EMAIL_HOST = import_secret("EMAIL_HOST")
DBNAME = import_secret("DBNAME")
DBUSER = import_secret("DBUSER")
DBPASSWD = import_secret("DBPASSWD")
SERVER_EMAIL = "wiki@www.eleves.ens.fr"
BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
###
# List the installed applications
INSTALLED_APPS = [
"django.contrib.admin",
@ -69,6 +58,10 @@ INSTALLED_APPS = [
"allauth_ens.providers.clipper",
]
###
# List the installed middlewares
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
@ -77,9 +70,21 @@ MIDDLEWARE = [
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
"allauth.account.middleware.AccountMiddleware",
]
ROOT_URLCONF = "WikiENS.urls"
###
# The main url configuration
ROOT_URLCONF = "app.urls"
###
# Template configuration:
# - Django Templating Language is used
# - Application directories can be used
TEMPLATES = [
{
@ -93,66 +98,72 @@ TEMPLATES = [
"django.contrib.auth.context_processors.auth",
"django.contrib.messages.context_processors.messages",
"sekizai.context_processors.sekizai",
]
],
},
},
}
]
WSGI_APPLICATION = "WikiENS.wsgi.application"
SITE_ID = 1
# Database
# https://docs.djangoproject.com/en/1.11/ref/settings/#databases
DATABASES = {
"default": {
"ENGINE": "django.db.backends.postgresql",
"NAME": DBNAME,
"USER": DBUSER,
"PASSWORD": DBPASSWD,
"HOST": "",
}
}
###
# Database configuration
# -> https://docs.djangoproject.com/en/4.2/ref/settings/#databases
DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
# Password validation
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
DATABASES = credentials.get_json(
"DATABASES",
{
"NAME": (
# XXX. Cette chaîne est très longue… Je la coupe en deux sinon
# black ne me fiche pas la paix (mais c'est vraiment nul)
"django.contrib.auth.password_validation."
"UserAttributeSimilarityValidator"
)
"default": {
"ENGINE": "django.db.backends.sqlite3",
"NAME": BASE_DIR / "db.sqlite3",
}
},
{"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
{"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
{"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
]
)
CACHES = credentials.get_json(
"CACHES",
default={
"default": {
"BACKEND": "django.core.cache.backends.locmem.LocMemCache",
},
},
)
# Internationalization
# https://docs.djangoproject.com/en/1.11/topics/i18n/
###
# WSGI application configuration
WSGI_APPLICATION = "app.wsgi.application"
###
# Staticfiles configuration
STATIC_ROOT = credentials["STATIC_ROOT"]
STATIC_URL = "/static/"
MEDIA_ROOT = credentials.get("MEDIA_ROOT", BASE_DIR / "media")
MEDIA_URL = "/media/"
###
# Internationalization configuration
# -> https://docs.djangoproject.com/en/4.2/topics/i18n/
LANGUAGE_CODE = "fr-fr"
TIME_ZONE = "Europe/Paris"
USE_I18N = True
USE_L10N = True
USE_TZ = True
LANGUAGES = [
("fr", _("Français")),
]
# Authentication
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth
# https://django-allauth.readthedocs.io/en/latest/index.html
###
# Authentication configuration
AUTHENTICATION_BACKENDS = [
"allauth.account.auth_backends.AuthenticationBackend",
@ -179,19 +190,25 @@ ACCOUNT_USER_DISPLAY = _user_display
SOCIALACCOUNT_PROVIDERS = {
"clipper": {
"APP": {
"MESSAGE_SUGGEST_LOGOUT_ON_LOGOUT": True,
"MESSAGE_SUGGEST_LOGOUT_ON_LOGOUT_LEVEL": messages.INFO,
},
}
}
AUTH_PASSWORD_VALIDATORS = [
{"NAME": f"django.contrib.auth.password_validation.{v}"}
for v in [
"UserAttributeSimilarityValidator",
"MinimumLengthValidator",
"CommonPasswordValidator",
"NumericPasswordValidator",
]
]
# Static / media contents
STATIC_URL = "/_static/"
MEDIA_URL = "/_media/"
# WIKI SETTINGS
###
# Wiki configuration
WIKI_ATTACHMENTS_EXTENSIONS = [
"pdf",
@ -213,12 +230,6 @@ WIKI_ATTACHMENTS_EXTENSIONS = [
WIKI_REVISIONS_PER_HOUR = 180
WIKI_REVISIONS_PER_MINUTES = 180
# Dark magic - tell django to use X-Forwarded-*
# This is needed for django-allauth-cas, see
# https://blog.ubuntu.com/2015/08/18/django-behind-a-proxy-fixing-absolute-urls
USE_X_FORWARDED_HOST = True
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
# Use sign up, login, logout, profile settings views of allauth.
WIKI_ACCOUNT_HANDLING = False
@ -230,3 +241,10 @@ WIKI_ACCOUNT_SIGNUP_ALLOWED = True
# will be treated as the others_write boolean field on models.Article.
WIKI_ANONYMOUS_WRITE = False
WIKI_ANONYMOUS = False
# FIXME: Add correct email settings
# Development settings
if DEBUG:
EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"

20
app/urls.py Normal file
View file

@ -0,0 +1,20 @@
from allauth_ens.views import capture_login, capture_logout
from django.contrib import admin
from django.urls import include, path
allauth_urls = [
# Catch login/logout views of admin site.
path("_admin/login/", capture_login),
path("_admin/logout/", capture_logout),
# Allauth urls.
path("_profil/", include("allauth.urls")),
]
urlpatterns = allauth_urls + [
path("_admin/", admin.site.urls),
path("notifications/", include("django_nyt.urls")),
path("_groups/", include("wiki_groups.urls")),
path("", include("wiki.urls")),
]
# TODO add MEDIA_ROOT

View file

@ -11,6 +11,6 @@ import os
from django.core.wsgi import get_wsgi_application
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "WikiENS.settings")
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "app.settings")
application = get_wsgi_application()

45
default.nix Normal file
View file

@ -0,0 +1,45 @@
{
sources ? import ./npins,
pkgs ? import sources.nixpkgs { },
}:
let
nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
python3 = pkgs.python3.override {
packageOverrides = _: _: {
inherit (nix-pkgs) django-allauth-ens django-wiki loadcredential;
};
};
in
{
devShell = pkgs.mkShell {
name = "annuaire.dev";
packages = [
(python3.withPackages (ps: [
ps.django
ps.django-allauth-ens
ps.django-wiki
ps.loadcredential
ps.tinycss2
]))
];
env = {
DJANGO_SETTINGS_MODULE = "app.settings";
CREDENTIALS_DIRECTORY = builtins.toString ./.credentials;
WIKIENS_DEBUG = builtins.toJSON true;
WIKIENS_STATIC_ROOT = builtins.toString ./.static;
};
shellHook = ''
if [ ! -d .static ]; then
mkdir .static
fi
'';
};
}

View file

@ -3,7 +3,7 @@ import os
import sys
if __name__ == "__main__":
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "WikiENS.settings.local")
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "app.settings")
try:
from django.core.management import execute_from_command_line
except ImportError:

80
npins/default.nix Normal file
View file

@ -0,0 +1,80 @@
# Generated by npins. Do not modify; will be overwritten regularly
let
data = builtins.fromJSON (builtins.readFile ./sources.json);
version = data.version;
mkSource =
spec:
assert spec ? type;
let
path =
if spec.type == "Git" then
mkGitSource spec
else if spec.type == "GitRelease" then
mkGitSource spec
else if spec.type == "PyPi" then
mkPyPiSource spec
else if spec.type == "Channel" then
mkChannelSource spec
else
builtins.throw "Unknown source type ${spec.type}";
in
spec // { outPath = path; };
mkGitSource =
{
repository,
revision,
url ? null,
hash,
branch ? null,
...
}:
assert repository ? type;
# At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
# In the latter case, there we will always be an url to the tarball
if url != null then
(builtins.fetchTarball {
inherit url;
sha256 = hash; # FIXME: check nix version & use SRI hashes
})
else
assert repository.type == "Git";
let
urlToName =
url: rev:
let
matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
short = builtins.substring 0 7 rev;
appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
in
"${if matched == null then "source" else builtins.head matched}${appendShort}";
name = urlToName repository.url revision;
in
builtins.fetchGit {
url = repository.url;
rev = revision;
inherit name;
# hash = hash;
};
mkPyPiSource =
{ url, hash, ... }:
builtins.fetchurl {
inherit url;
sha256 = hash;
};
mkChannelSource =
{ url, hash, ... }:
builtins.fetchTarball {
inherit url;
sha256 = hash;
};
in
if version == 3 then
builtins.mapAttrs (_: mkSource) data.pins
else
throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"

22
npins/sources.json Normal file
View file

@ -0,0 +1,22 @@
{
"pins": {
"nix-pkgs": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
},
"branch": "main",
"revision": "6f56463c0034d4162dabb98ee8e70d6c43214ac0",
"url": null,
"hash": "0dqm2n88f0yl63wacizwpjrcv51arz5z31nhwbjcbyjxrwiwxamq"
},
"nixpkgs": {
"type": "Channel",
"name": "nixpkgs-unstable",
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre694416.ccc0c2126893/nixexprs.tar.xz",
"hash": "0cn1z4wzps8nfqxzr6l5mbn81adcqy2cy2ic70z13fhzicmxfsbx"
}
},
"version": 3
}

View file

@ -1,3 +0,0 @@
Django==3.2.*
git+https://git.eleves.ens.fr/klub-dev-ens/django-allauth-ens.git@1.1.3
wiki==0.7.*

View file

@ -1,3 +0,0 @@
-r requirements.txt
psycopg2
gunicorn

1
shell.nix Normal file
View file

@ -0,0 +1 @@
(import ./. { }).devShell