2020-06-27 02:37:49 +02:00
|
|
|
import os
|
2024-07-12 02:30:25 +02:00
|
|
|
from collections.abc import Callable
|
2022-07-27 23:33:49 +02:00
|
|
|
from email.headerregistry import Address
|
2024-07-12 02:30:25 +02:00
|
|
|
from typing import TYPE_CHECKING, Any, Literal, Optional
|
2019-11-13 01:22:15 +01:00
|
|
|
|
2023-07-15 22:25:36 +02:00
|
|
|
from django_auth_ldap.config import GroupOfUniqueNamesType, LDAPGroupType
|
|
|
|
|
|
2020-06-27 02:37:49 +02:00
|
|
|
from scripts.lib.zulip_tools import deport
|
2022-09-24 06:44:08 +02:00
|
|
|
from zproject.settings_types import JwtAuthKey, OIDCIdPConfigDict, SAMLIdPConfigDict
|
2020-06-27 02:37:49 +02:00
|
|
|
|
2024-04-19 19:25:15 +02:00
|
|
|
from .config import DEVELOPMENT, PRODUCTION, get_config, get_secret
|
2020-06-27 02:37:49 +02:00
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
if TYPE_CHECKING:
|
|
|
|
|
from django_auth_ldap.config import LDAPSearch
|
|
|
|
|
|
2023-05-30 00:01:44 +02:00
|
|
|
if PRODUCTION: # nocoverage
|
2019-11-13 01:22:15 +01:00
|
|
|
from .prod_settings import EXTERNAL_HOST, ZULIP_ADMINISTRATOR
|
|
|
|
|
else:
|
|
|
|
|
from .dev_settings import EXTERNAL_HOST, ZULIP_ADMINISTRATOR
|
|
|
|
|
|
2020-06-08 06:58:51 +02:00
|
|
|
DEBUG = DEVELOPMENT
|
|
|
|
|
|
2020-06-27 02:37:49 +02:00
|
|
|
EXTERNAL_HOST_WITHOUT_PORT = deport(EXTERNAL_HOST)
|
|
|
|
|
|
2024-07-12 02:30:23 +02:00
|
|
|
STATIC_URL: str | None = None
|
2023-01-24 23:44:06 +01:00
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# These settings are intended for the server admin to set. We document them in
|
|
|
|
|
# prod_settings_template.py, and in the initial /etc/zulip/settings.py on a new
|
|
|
|
|
# install of the Zulip server.
|
|
|
|
|
|
2020-06-27 02:37:49 +02:00
|
|
|
# Extra HTTP "Host" values to allow (standard ones added in computed_settings.py)
|
2024-07-12 02:30:17 +02:00
|
|
|
ALLOWED_HOSTS: list[str] = []
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# Basic email settings
|
2022-07-27 23:33:49 +02:00
|
|
|
NOREPLY_EMAIL_ADDRESS = Address(username="noreply", domain=EXTERNAL_HOST_WITHOUT_PORT).addr_spec
|
2019-11-13 01:22:15 +01:00
|
|
|
ADD_TOKENS_TO_NOREPLY_ADDRESS = True
|
2022-07-27 23:33:49 +02:00
|
|
|
TOKENIZED_NOREPLY_EMAIL_ADDRESS = Address(
|
|
|
|
|
username="noreply-{token}", domain=EXTERNAL_HOST_WITHOUT_PORT
|
|
|
|
|
).addr_spec
|
2021-02-12 08:20:45 +01:00
|
|
|
PHYSICAL_ADDRESS = ""
|
2020-06-27 02:37:49 +02:00
|
|
|
FAKE_EMAIL_DOMAIN = EXTERNAL_HOST_WITHOUT_PORT
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# SMTP settings
|
2024-07-12 02:30:23 +02:00
|
|
|
EMAIL_HOST: str | None = None
|
2019-11-13 01:22:15 +01:00
|
|
|
# Other settings, like EMAIL_HOST_USER, EMAIL_PORT, and EMAIL_USE_TLS,
|
|
|
|
|
# we leave up to Django's defaults.
|
|
|
|
|
|
|
|
|
|
# LDAP auth
|
|
|
|
|
AUTH_LDAP_SERVER_URI = ""
|
2021-01-13 02:05:30 +01:00
|
|
|
AUTH_LDAP_BIND_DN = ""
|
|
|
|
|
AUTH_LDAP_USER_SEARCH: Optional["LDAPSearch"] = None
|
2024-07-12 02:30:23 +02:00
|
|
|
LDAP_APPEND_DOMAIN: str | None = None
|
|
|
|
|
LDAP_EMAIL_ATTR: str | None = None
|
python: Convert assignment type annotations to Python 3.6 style.
This commit was split by tabbott; this piece covers the vast majority
of files in Zulip, but excludes scripts/, tools/, and puppet/ to help
ensure we at least show the right error messages for Xenial systems.
We can likely further refine the remaining pieces with some testing.
Generated by com2ann, with whitespace fixes and various manual fixes
for runtime issues:
- invoiced_through: Optional[LicenseLedger] = models.ForeignKey(
+ invoiced_through: Optional["LicenseLedger"] = models.ForeignKey(
-_apns_client: Optional[APNsClient] = None
+_apns_client: Optional["APNsClient"] = None
- notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE)
- signup_notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE)
+ notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE)
+ signup_notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE)
- author: Optional[UserProfile] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE)
+ author: Optional["UserProfile"] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE)
- bot_owner: Optional[UserProfile] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL)
+ bot_owner: Optional["UserProfile"] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL)
- default_sending_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE)
- default_events_register_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE)
+ default_sending_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE)
+ default_events_register_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE)
-descriptors_by_handler_id: Dict[int, ClientDescriptor] = {}
+descriptors_by_handler_id: Dict[int, "ClientDescriptor"] = {}
-worker_classes: Dict[str, Type[QueueProcessingWorker]] = {}
-queues: Dict[str, Dict[str, Type[QueueProcessingWorker]]] = {}
+worker_classes: Dict[str, Type["QueueProcessingWorker"]] = {}
+queues: Dict[str, Dict[str, Type["QueueProcessingWorker"]]] = {}
-AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional[LDAPSearch] = None
+AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 01:09:50 +02:00
|
|
|
AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None
|
2024-07-12 02:30:23 +02:00
|
|
|
AUTH_LDAP_USERNAME_ATTR: str | None = None
|
2021-01-13 02:05:30 +01:00
|
|
|
# AUTH_LDAP_USER_ATTR_MAP is uncommented in prod_settings_template.py,
|
|
|
|
|
# so the value here mainly serves to help document the default.
|
2024-07-12 02:30:17 +02:00
|
|
|
AUTH_LDAP_USER_ATTR_MAP: dict[str, str] = {
|
2021-01-13 02:05:30 +01:00
|
|
|
"full_name": "cn",
|
|
|
|
|
}
|
|
|
|
|
# Automatically deactivate users not found by the AUTH_LDAP_USER_SEARCH query.
|
2024-07-12 02:30:23 +02:00
|
|
|
LDAP_DEACTIVATE_NON_MATCHING_USERS: bool | None = None
|
2020-01-03 07:07:51 +01:00
|
|
|
# AUTH_LDAP_CONNECTION_OPTIONS: we set ldap.OPT_REFERRALS in settings.py if unset.
|
2024-07-12 02:30:17 +02:00
|
|
|
AUTH_LDAP_CONNECTION_OPTIONS: dict[int, object] = {}
|
2019-11-13 01:22:15 +01:00
|
|
|
# Disable django-auth-ldap caching, to prevent problems with OU changes.
|
|
|
|
|
AUTH_LDAP_CACHE_TIMEOUT = 0
|
|
|
|
|
# Disable syncing user on each login; Using sync_ldap_user_data cron is recommended.
|
|
|
|
|
AUTH_LDAP_ALWAYS_UPDATE_USER = False
|
|
|
|
|
# Development-only settings for fake LDAP authentication; used to
|
|
|
|
|
# support local development of LDAP auth without an LDAP server.
|
|
|
|
|
# Detailed docs in zproject/dev_settings.py.
|
2024-07-12 02:30:23 +02:00
|
|
|
FAKE_LDAP_MODE: str | None = None
|
2019-11-13 01:22:15 +01:00
|
|
|
FAKE_LDAP_NUM_USERS = 8
|
2024-07-12 02:30:23 +02:00
|
|
|
AUTH_LDAP_ADVANCED_REALM_ACCESS_CONTROL: dict[str, Any] | None = None
|
2024-07-12 02:30:17 +02:00
|
|
|
LDAP_SYNCHRONIZED_GROUPS_BY_REALM: dict[str, list[str]] = {}
|
2023-07-15 22:25:36 +02:00
|
|
|
AUTH_LDAP_GROUP_TYPE: LDAPGroupType = GroupOfUniqueNamesType()
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# Social auth; we support providing values for some of these
|
|
|
|
|
# settings in zulip-secrets.conf instead of settings.py in development.
|
2021-02-12 08:20:45 +01:00
|
|
|
SOCIAL_AUTH_GITHUB_KEY = get_secret("social_auth_github_key", development_only=True)
|
2024-07-12 02:30:23 +02:00
|
|
|
SOCIAL_AUTH_GITHUB_ORG_NAME: str | None = None
|
|
|
|
|
SOCIAL_AUTH_GITHUB_TEAM_ID: str | None = None
|
2021-02-12 08:20:45 +01:00
|
|
|
SOCIAL_AUTH_GITLAB_KEY = get_secret("social_auth_gitlab_key", development_only=True)
|
2024-07-12 02:30:23 +02:00
|
|
|
SOCIAL_AUTH_SUBDOMAIN: str | None = None
|
2022-09-05 13:30:17 +02:00
|
|
|
SOCIAL_AUTH_AZUREAD_OAUTH2_KEY = get_secret("social_auth_azuread_oauth2_key", development_only=True)
|
2021-02-12 08:20:45 +01:00
|
|
|
SOCIAL_AUTH_GOOGLE_KEY = get_secret("social_auth_google_key", development_only=True)
|
2019-11-13 01:22:15 +01:00
|
|
|
# SAML:
|
2024-07-12 02:30:23 +02:00
|
|
|
SOCIAL_AUTH_SAML_SP_ENTITY_ID: str | None = None
|
2021-02-12 08:20:45 +01:00
|
|
|
SOCIAL_AUTH_SAML_SP_PUBLIC_CERT = ""
|
|
|
|
|
SOCIAL_AUTH_SAML_SP_PRIVATE_KEY = ""
|
2024-07-12 02:30:23 +02:00
|
|
|
SOCIAL_AUTH_SAML_ORG_INFO: dict[str, dict[str, str]] | None = None
|
|
|
|
|
SOCIAL_AUTH_SAML_TECHNICAL_CONTACT: dict[str, str] | None = None
|
|
|
|
|
SOCIAL_AUTH_SAML_SUPPORT_CONTACT: dict[str, str] | None = None
|
2024-07-12 02:30:17 +02:00
|
|
|
SOCIAL_AUTH_SAML_ENABLED_IDPS: dict[str, SAMLIdPConfigDict] = {}
|
|
|
|
|
SOCIAL_AUTH_SAML_SECURITY_CONFIG: dict[str, Any] = {}
|
2020-04-16 12:05:26 +02:00
|
|
|
# Set this to True to enforce that any configured IdP needs to specify
|
|
|
|
|
# the limit_to_subdomains setting to be considered valid:
|
|
|
|
|
SAML_REQUIRE_LIMIT_TO_SUBDOMAINS = False
|
2021-11-01 20:08:20 +01:00
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# Historical name for SOCIAL_AUTH_GITHUB_KEY; still allowed in production.
|
2024-07-12 02:30:23 +02:00
|
|
|
GOOGLE_OAUTH2_CLIENT_ID: str | None = None
|
2019-11-13 01:22:15 +01:00
|
|
|
|
2020-06-09 12:04:21 +02:00
|
|
|
# Apple:
|
2021-02-12 08:20:45 +01:00
|
|
|
SOCIAL_AUTH_APPLE_SERVICES_ID = get_secret("social_auth_apple_services_id", development_only=True)
|
|
|
|
|
SOCIAL_AUTH_APPLE_APP_ID = get_secret("social_auth_apple_app_id", development_only=True)
|
|
|
|
|
SOCIAL_AUTH_APPLE_KEY = get_secret("social_auth_apple_key", development_only=True)
|
|
|
|
|
SOCIAL_AUTH_APPLE_TEAM = get_secret("social_auth_apple_team", development_only=True)
|
|
|
|
|
SOCIAL_AUTH_APPLE_SCOPE = ["name", "email"]
|
2020-06-09 12:04:21 +02:00
|
|
|
SOCIAL_AUTH_APPLE_EMAIL_AS_USERNAME = True
|
|
|
|
|
|
2021-05-21 16:45:43 +02:00
|
|
|
# Generic OpenID Connect:
|
2024-07-12 02:30:17 +02:00
|
|
|
SOCIAL_AUTH_OIDC_ENABLED_IDPS: dict[str, OIDCIdPConfigDict] = {}
|
2021-05-23 12:00:20 +02:00
|
|
|
SOCIAL_AUTH_OIDC_FULL_NAME_VALIDATED = False
|
2021-05-21 16:45:43 +02:00
|
|
|
|
2024-07-12 02:30:17 +02:00
|
|
|
SOCIAL_AUTH_SYNC_CUSTOM_ATTRS_DICT: dict[str, dict[str, dict[str, str]]] = {}
|
2024-08-04 01:32:32 +02:00
|
|
|
SOCIAL_AUTH_SYNC_ATTRS_DICT: dict[str, dict[str, dict[str, str]]] = {}
|
2021-05-31 14:48:12 +02:00
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# Other auth
|
2024-07-12 02:30:23 +02:00
|
|
|
SSO_APPEND_DOMAIN: str | None = None
|
|
|
|
|
CUSTOM_HOME_NOT_LOGGED_IN: str | None = None
|
2019-11-13 01:22:15 +01:00
|
|
|
|
2021-02-12 08:20:45 +01:00
|
|
|
VIDEO_ZOOM_CLIENT_ID = get_secret("video_zoom_client_id", development_only=True)
|
|
|
|
|
VIDEO_ZOOM_CLIENT_SECRET = get_secret("video_zoom_client_secret")
|
2019-11-16 09:26:28 +01:00
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# Email gateway
|
2021-02-12 08:20:45 +01:00
|
|
|
EMAIL_GATEWAY_PATTERN = ""
|
2024-07-12 02:30:23 +02:00
|
|
|
EMAIL_GATEWAY_LOGIN: str | None = None
|
|
|
|
|
EMAIL_GATEWAY_IMAP_SERVER: str | None = None
|
|
|
|
|
EMAIL_GATEWAY_IMAP_PORT: int | None = None
|
|
|
|
|
EMAIL_GATEWAY_IMAP_FOLDER: str | None = None
|
2019-11-13 01:22:15 +01:00
|
|
|
# Not documented for in /etc/zulip/settings.py, since it's rarely needed.
|
2024-07-12 02:30:23 +02:00
|
|
|
EMAIL_GATEWAY_EXTRA_PATTERN_HACK: str | None = None
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# Error reporting
|
|
|
|
|
ERROR_REPORTING = True
|
|
|
|
|
LOGGING_SHOW_MODULE = False
|
|
|
|
|
LOGGING_SHOW_PID = False
|
|
|
|
|
|
2020-07-02 02:20:55 +02:00
|
|
|
# Sentry.io error defaults to off
|
2024-07-12 02:30:23 +02:00
|
|
|
SENTRY_DSN: str | None = get_config("sentry", "project_dsn", None)
|
|
|
|
|
SENTRY_TRACE_WORKER_RATE: float | dict[str, float] = 0.0
|
2024-02-15 18:15:30 +01:00
|
|
|
SENTRY_TRACE_RATE: float = 0.0
|
|
|
|
|
SENTRY_PROFILE_RATE: float = 0.1
|
2024-07-12 02:30:23 +02:00
|
|
|
SENTRY_FRONTEND_DSN: str | None = get_config("sentry", "frontend_project_dsn", None)
|
sentry: Add frontend event monitoring.
Zulip already has integrations for server-side Sentry integration;
however, it has historically used the Zulip-specific `blueslip`
library for monitoring browser-side errors. However, the latter sends
errors to email, as well optionally to an internal `#errors` stream.
While this is sufficient for low volumes of users, and useful in that
it does not rely on outside services, at higher volumes it is very
difficult to do any analysis or filtering of the errors. Client-side
errors are exceptionally noisy, with many false positives due to
browser extensions or similar, so determining real real errors from a
stream of un-grouped emails or messages in a stream is quite
difficult.
Add a client-side Javascript sentry integration. To provide useful
backtraces, this requires extending the pre-deploy hooks to upload the
source-maps to Sentry. Additional keys are added to the non-public
API of `page_params` to control the DSN, realm identifier, and sample
rates.
2023-02-13 20:50:57 +01:00
|
|
|
SENTRY_FRONTEND_SAMPLE_RATE: float = 1.0
|
|
|
|
|
SENTRY_FRONTEND_TRACE_RATE: float = 0.1
|
2020-07-02 02:20:55 +02:00
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# File uploads and avatars
|
2021-05-29 09:04:19 +02:00
|
|
|
# TODO: Rename MAX_FILE_UPLOAD_SIZE to have unit in name.
|
2024-07-12 02:30:23 +02:00
|
|
|
DEFAULT_AVATAR_URI: str | None = None
|
|
|
|
|
DEFAULT_LOGO_URI: str | None = None
|
2021-02-12 08:20:45 +01:00
|
|
|
S3_AVATAR_BUCKET = ""
|
|
|
|
|
S3_AUTH_UPLOADS_BUCKET = ""
|
2022-04-07 00:46:13 +02:00
|
|
|
S3_EXPORT_BUCKET = ""
|
2024-07-12 02:30:23 +02:00
|
|
|
S3_REGION: str | None = None
|
|
|
|
|
S3_ENDPOINT_URL: str | None = None
|
2024-01-03 21:27:53 +01:00
|
|
|
S3_ADDRESSING_STYLE: Literal["auto", "virtual", "path"] = "auto"
|
2022-03-23 21:47:53 +01:00
|
|
|
S3_SKIP_PROXY = True
|
2023-07-19 04:27:03 +02:00
|
|
|
S3_UPLOADS_STORAGE_CLASS: Literal[
|
|
|
|
|
"GLACIER_IR",
|
|
|
|
|
"INTELLIGENT_TIERING",
|
|
|
|
|
"ONEZONE_IA",
|
|
|
|
|
"REDUCED_REDUNDANCY",
|
|
|
|
|
"STANDARD",
|
|
|
|
|
"STANDARD_IA",
|
|
|
|
|
] = "STANDARD"
|
2024-07-12 02:30:23 +02:00
|
|
|
S3_AVATAR_PUBLIC_URL_PREFIX: str | None = None
|
|
|
|
|
LOCAL_UPLOADS_DIR: str | None = None
|
|
|
|
|
LOCAL_AVATARS_DIR: str | None = None
|
|
|
|
|
LOCAL_FILES_DIR: str | None = None
|
2024-09-16 21:14:52 +02:00
|
|
|
MAX_FILE_UPLOAD_SIZE = 100
|
2024-03-13 00:09:01 +01:00
|
|
|
# How many GB an organization on a paid plan can upload per user,
|
|
|
|
|
# on zulipchat.com.
|
|
|
|
|
UPLOAD_QUOTA_PER_USER_GB = 5
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# Jitsi Meet video call integration; set to None to disable integration.
|
2024-07-12 02:30:23 +02:00
|
|
|
JITSI_SERVER_URL: str | None = "https://meet.jit.si"
|
2019-11-13 01:22:15 +01:00
|
|
|
|
2021-03-19 13:21:18 +01:00
|
|
|
# GIPHY API key.
|
|
|
|
|
GIPHY_API_KEY = get_secret("giphy_api_key")
|
|
|
|
|
|
2020-04-27 22:41:31 +02:00
|
|
|
# Allow setting BigBlueButton settings in zulip-secrets.conf in
|
|
|
|
|
# development; this is useful since there are no public BigBlueButton servers.
|
2021-02-12 08:20:45 +01:00
|
|
|
BIG_BLUE_BUTTON_URL = get_secret("big_blue_button_url", development_only=True)
|
2020-04-27 22:41:31 +02:00
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# Max state storage per user
|
|
|
|
|
# TODO: Add this to zproject/prod_settings_template.py once stateful bots are fully functional.
|
|
|
|
|
USER_STATE_SIZE_LIMIT = 10000000
|
|
|
|
|
# Max size of a single configuration entry of an embedded bot.
|
|
|
|
|
BOT_CONFIG_SIZE_LIMIT = 10000
|
|
|
|
|
|
|
|
|
|
# External service configuration
|
2021-02-12 08:20:45 +01:00
|
|
|
CAMO_URI = ""
|
2024-07-18 02:32:27 +02:00
|
|
|
KATEX_SERVER = get_config("application_server", "katex_server", True)
|
|
|
|
|
KATEX_SERVER_PORT = get_config("application_server", "katex_server_port", "9700")
|
2021-02-12 08:20:45 +01:00
|
|
|
MEMCACHED_LOCATION = "127.0.0.1:11211"
|
2020-06-19 04:12:53 +02:00
|
|
|
MEMCACHED_USERNAME = None if get_secret("memcached_password") is None else "zulip@localhost"
|
2021-02-12 08:20:45 +01:00
|
|
|
RABBITMQ_HOST = "127.0.0.1"
|
2023-02-16 17:19:57 +01:00
|
|
|
RABBITMQ_PORT = 5672
|
2024-05-31 17:47:15 +02:00
|
|
|
RABBITMQ_VHOST = "/"
|
2021-02-12 08:20:45 +01:00
|
|
|
RABBITMQ_USERNAME = "zulip"
|
2023-03-23 20:04:19 +01:00
|
|
|
RABBITMQ_USE_TLS = False
|
2021-02-12 08:20:45 +01:00
|
|
|
REDIS_HOST = "127.0.0.1"
|
2019-11-13 01:22:15 +01:00
|
|
|
REDIS_PORT = 6379
|
2021-02-12 08:20:45 +01:00
|
|
|
REMOTE_POSTGRES_HOST = ""
|
|
|
|
|
REMOTE_POSTGRES_PORT = ""
|
|
|
|
|
REMOTE_POSTGRES_SSLMODE = ""
|
2019-11-13 01:22:15 +01:00
|
|
|
|
2024-07-12 02:30:17 +02:00
|
|
|
TORNADO_PORTS: list[int] = []
|
2020-09-17 00:30:45 +02:00
|
|
|
USING_TORNADO = True
|
2020-09-15 01:35:44 +02:00
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# ToS/Privacy templates
|
2021-11-03 21:36:54 +01:00
|
|
|
POLICIES_DIRECTORY: str = "zerver/policies_absent"
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# Security
|
|
|
|
|
ENABLE_FILE_LINKS = False
|
|
|
|
|
ENABLE_GRAVATAR = True
|
|
|
|
|
INLINE_IMAGE_PREVIEW = True
|
|
|
|
|
INLINE_URL_EMBED_PREVIEW = True
|
|
|
|
|
NAME_CHANGES_DISABLED = False
|
|
|
|
|
AVATAR_CHANGES_DISABLED = False
|
|
|
|
|
PASSWORD_MIN_LENGTH = 6
|
|
|
|
|
PASSWORD_MIN_GUESSES = 10000
|
2024-07-16 22:52:01 +02:00
|
|
|
|
2024-11-05 02:07:56 +01:00
|
|
|
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
|
|
|
|
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # 2 weeks
|
|
|
|
|
|
2024-07-16 22:52:01 +02:00
|
|
|
ZULIP_SERVICES_URL = "https://push.zulipchat.com"
|
|
|
|
|
ZULIP_SERVICE_PUSH_NOTIFICATIONS = False
|
|
|
|
|
|
|
|
|
|
# For this setting, we need to have None as the default value, so
|
|
|
|
|
# that we can distinguish between the case of the setting not being
|
|
|
|
|
# set at all and being disabled (set to False).
|
|
|
|
|
# That's because unless the setting is explicitly configured, we want to
|
|
|
|
|
# enable it in computed_settings when ZULIP_SERVICE_PUSH_NOTIFICATIONS
|
|
|
|
|
# is enabled.
|
|
|
|
|
ZULIP_SERVICE_SUBMIT_USAGE_STATISTICS: bool | None = None
|
|
|
|
|
ZULIP_SERVICE_SECURITY_ALERTS = False
|
|
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
PUSH_NOTIFICATION_REDACT_CONTENT = False
|
2024-07-16 22:52:01 +02:00
|
|
|
|
|
|
|
|
# Old setting kept around for backwards compatibility. Some old servers
|
|
|
|
|
# may have it in their settings.py.
|
|
|
|
|
PUSH_NOTIFICATION_BOUNCER_URL: str | None = None
|
|
|
|
|
# Keep this default True, so that legacy deployments that configured PUSH_NOTIFICATION_BOUNCER_URL
|
|
|
|
|
# without overriding SUBMIT_USAGE_STATISTICS get the original behavior. If a server configures
|
|
|
|
|
# the modern ZULIP_SERVICES setting, all this will be ignored.
|
2019-11-13 01:22:15 +01:00
|
|
|
SUBMIT_USAGE_STATISTICS = True
|
2024-07-16 22:52:01 +02:00
|
|
|
|
2021-03-05 18:39:02 +01:00
|
|
|
PROMOTE_SPONSORING_ZULIP = True
|
2019-11-13 01:22:15 +01:00
|
|
|
RATE_LIMITING = True
|
2019-08-01 15:09:27 +02:00
|
|
|
RATE_LIMITING_AUTHENTICATE = True
|
rate_limit: Add a flag to lump all TOR exit node IPs together.
TOR users are legitimate users of the system; however, that system can
also be used for abuse -- specifically, by evading IP-based
rate-limiting.
For the purposes of IP-based rate-limiting, add a
RATE_LIMIT_TOR_TOGETHER flag, defaulting to false, which lumps all
requests from TOR exit nodes into the same bucket. This may allow a
TOR user to deny other TOR users access to the find-my-account and
new-realm endpoints, but this is a low cost for cutting off a
significant potential abuse vector.
If enabled, the list of TOR exit nodes is fetched from their public
endpoint once per hour, via a cron job, and cached on disk. Django
processes load this data from disk, and cache it in memcached.
Requests are spared from the burden of checking disk on failure via a
circuitbreaker, which trips of there are two failures in a row, and
only begins trying again after 10 minutes.
2021-11-03 21:43:02 +01:00
|
|
|
RATE_LIMIT_TOR_TOGETHER = False
|
2019-11-13 01:22:15 +01:00
|
|
|
SEND_LOGIN_EMAILS = True
|
|
|
|
|
EMBEDDED_BOTS_ENABLED = False
|
|
|
|
|
|
2022-11-05 23:55:11 +01:00
|
|
|
DEFAULT_RATE_LIMITING_RULES = {
|
2022-12-06 21:09:58 +01:00
|
|
|
# Limits total number of API requests per unit time by each user.
|
|
|
|
|
# Rate limiting general API access protects the server against
|
|
|
|
|
# clients causing unreasonable server load.
|
2022-11-05 23:55:11 +01:00
|
|
|
"api_by_user": [
|
2024-04-30 17:54:48 +02:00
|
|
|
# 200 requests per minute
|
2022-12-06 21:09:58 +01:00
|
|
|
(60, 200),
|
2022-11-05 23:55:11 +01:00
|
|
|
],
|
2022-12-06 21:09:58 +01:00
|
|
|
# Limits total number of unauthenticated API requests (primarily
|
|
|
|
|
# used by the public access option). Since these are
|
|
|
|
|
# unauthenticated requests, each IP address is a separate bucket.
|
2022-11-05 23:55:11 +01:00
|
|
|
"api_by_ip": [
|
|
|
|
|
(60, 100),
|
|
|
|
|
],
|
2022-12-06 21:09:58 +01:00
|
|
|
# Limits total requests to the Mobile Push Notifications Service
|
|
|
|
|
# by each individual Zulip server that is using the service. This
|
|
|
|
|
# is a Zulip Cloud setting that has no effect on self-hosted Zulip
|
|
|
|
|
# servers that are not hosting their own copy of the push
|
|
|
|
|
# notifications service.
|
2022-11-05 23:55:11 +01:00
|
|
|
"api_by_remote_server": [
|
|
|
|
|
(60, 1000),
|
|
|
|
|
],
|
2022-12-06 21:09:58 +01:00
|
|
|
# Limits how many authentication attempts with login+password can
|
|
|
|
|
# be made to a single username. This applies to the authentication
|
|
|
|
|
# backends such as LDAP or email+password where a login+password
|
|
|
|
|
# gets submitted to the Zulip server. No limit is applied for
|
|
|
|
|
# external authentication methods (like GitHub SSO), since with
|
|
|
|
|
# those authentication backends, we only receive a username if
|
|
|
|
|
# authentication is successful.
|
2022-11-05 23:55:11 +01:00
|
|
|
"authenticate_by_username": [
|
2022-12-06 21:09:58 +01:00
|
|
|
# 5 failed login attempts within 30 minutes
|
|
|
|
|
(1800, 5),
|
2022-11-05 23:55:11 +01:00
|
|
|
],
|
2022-12-06 21:09:58 +01:00
|
|
|
# Limits how many requests a user can make to change their email
|
|
|
|
|
# address. A low/strict limit is recommended here, since there is
|
|
|
|
|
# not real use case for triggering several of these from a single
|
|
|
|
|
# user account, and by definition, the emails are sent to an email
|
|
|
|
|
# address that does not already have a relationship with Zulip, so
|
|
|
|
|
# this feature can be abused to attack the server's spam
|
|
|
|
|
# reputation. Applies in addition to sends_email_by_ip.
|
2022-11-05 23:55:11 +01:00
|
|
|
"email_change_by_user": [
|
2022-12-06 21:09:58 +01:00
|
|
|
# 2 emails per hour, and up to 5 per day.
|
|
|
|
|
(3600, 2),
|
|
|
|
|
(86400, 5),
|
2022-11-05 23:55:11 +01:00
|
|
|
],
|
2022-12-06 21:09:58 +01:00
|
|
|
# Limits how many requests to send password reset emails can be
|
|
|
|
|
# made for a single email address. A low/strict limit is
|
|
|
|
|
# desirable, since this feature could be used to spam users with
|
|
|
|
|
# password reset emails, given their email address. Applies in
|
|
|
|
|
# addition to sends_email_by_ip, below.
|
2022-11-05 23:55:11 +01:00
|
|
|
"password_reset_form_by_email": [
|
2022-12-06 21:09:58 +01:00
|
|
|
# 2 emails per hour, and up to 5 per day.
|
|
|
|
|
(3600, 2),
|
|
|
|
|
(86400, 5),
|
2022-11-05 23:55:11 +01:00
|
|
|
],
|
2022-12-06 21:09:58 +01:00
|
|
|
# This limit applies to all requests which directly trigger the
|
|
|
|
|
# sending of an email, restricting the number per IP address. This
|
|
|
|
|
# is a general anti-spam measure.
|
2022-11-05 23:55:11 +01:00
|
|
|
"sends_email_by_ip": [
|
|
|
|
|
(86400, 5),
|
|
|
|
|
],
|
2022-12-06 21:09:58 +01:00
|
|
|
# Limits access to uploaded files, in web-public contexts, done by
|
|
|
|
|
# unauthenticated users. Each file gets its own bucket, and every
|
|
|
|
|
# access to the file by an unauthenticated user counts towards the
|
|
|
|
|
# limit. This is important to prevent abuse of Zulip's file
|
|
|
|
|
# uploads feature for file distribution.
|
2022-11-05 23:55:11 +01:00
|
|
|
"spectator_attachment_access_by_file": [
|
2022-12-06 21:09:58 +01:00
|
|
|
# 1000 per day per file
|
|
|
|
|
(86400, 1000),
|
2022-11-05 23:55:11 +01:00
|
|
|
],
|
2024-01-17 23:47:15 +01:00
|
|
|
# A zilencer-only limit that applies to requests to the
|
|
|
|
|
# remote billing system that trigger the sending of an email.
|
|
|
|
|
"sends_email_by_remote_server": [
|
|
|
|
|
# 10 emails per day
|
|
|
|
|
(86400, 10),
|
|
|
|
|
],
|
2022-11-05 23:55:11 +01:00
|
|
|
}
|
|
|
|
|
# Rate limiting defaults can be individually overridden by adding
|
|
|
|
|
# entries in this object, which is merged with
|
|
|
|
|
# DEFAULT_RATE_LIMITING_RULES.
|
2024-07-12 02:30:17 +02:00
|
|
|
RATE_LIMITING_RULES: dict[str, list[tuple[int, int]]] = {}
|
2022-11-05 23:55:11 +01:00
|
|
|
|
2020-10-23 02:43:28 +02:00
|
|
|
# Two factor authentication is not yet implementation-complete
|
2019-11-13 01:22:15 +01:00
|
|
|
TWO_FACTOR_AUTHENTICATION_ENABLED = False
|
|
|
|
|
|
2024-05-10 15:37:43 +02:00
|
|
|
# The new user tutorial can be disabled for self-hosters who want to
|
|
|
|
|
# disable the tutorial entirely on their system. Primarily useful for
|
|
|
|
|
# products embedding Zulip as their chat feature.
|
2021-03-11 17:19:49 +01:00
|
|
|
TUTORIAL_ENABLED = True
|
|
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# We log emails in development environment for accessing
|
|
|
|
|
# them easily through /emails page
|
|
|
|
|
DEVELOPMENT_LOG_EMAILS = DEVELOPMENT
|
|
|
|
|
|
2023-10-02 01:52:22 +02:00
|
|
|
# The push bouncer expects to get its requests on the root subdomain,
|
|
|
|
|
# but that makes it more of a hassle to test bouncer endpoints in
|
|
|
|
|
# the development environment - so this setting allows us to disable
|
|
|
|
|
# that check.
|
|
|
|
|
DEVELOPMENT_DISABLE_PUSH_BOUNCER_DOMAIN_CHECK = False
|
|
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# These settings are not documented in prod_settings_template.py.
|
|
|
|
|
# They should either be documented here, or documented there.
|
|
|
|
|
#
|
|
|
|
|
# Settings that it makes sense to document here instead of in
|
|
|
|
|
# prod_settings_template.py are those that
|
|
|
|
|
# * don't make sense to change in production, but rather are intended
|
|
|
|
|
# for dev and test environments; or
|
|
|
|
|
# * don't make sense to change on a typical production server with
|
|
|
|
|
# one or a handful of realms, though they might on an installation
|
2020-06-09 00:58:42 +02:00
|
|
|
# like Zulip Cloud or to work around a problem on another server.
|
2019-11-13 01:22:15 +01:00
|
|
|
|
2021-02-12 08:20:45 +01:00
|
|
|
NOTIFICATION_BOT = "notification-bot@zulip.com"
|
|
|
|
|
EMAIL_GATEWAY_BOT = "emailgateway@zulip.com"
|
|
|
|
|
NAGIOS_SEND_BOT = "nagios-send-bot@zulip.com"
|
|
|
|
|
NAGIOS_RECEIVE_BOT = "nagios-receive-bot@zulip.com"
|
|
|
|
|
WELCOME_BOT = "welcome-bot@zulip.com"
|
|
|
|
|
REMINDER_BOT = "reminder-bot@zulip.com"
|
2020-06-10 05:55:57 +02:00
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# The following bots are optional system bots not enabled by
|
2020-01-03 07:07:51 +01:00
|
|
|
# default. The default ones are defined in INTERNAL_BOTS, in settings.py.
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# These are extra bot users for our end-to-end Nagios message
|
|
|
|
|
# sending tests.
|
2021-02-12 08:20:45 +01:00
|
|
|
NAGIOS_STAGING_SEND_BOT = "nagios-staging-send-bot@zulip.com" if PRODUCTION else None
|
|
|
|
|
NAGIOS_STAGING_RECEIVE_BOT = "nagios-staging-receive-bot@zulip.com" if PRODUCTION else None
|
2019-11-13 01:22:15 +01:00
|
|
|
# SYSTEM_BOT_REALM would be a constant always set to 'zulip',
|
2020-06-09 00:58:42 +02:00
|
|
|
# except that it isn't that on Zulip Cloud. We will likely do a
|
2019-11-13 01:22:15 +01:00
|
|
|
# migration and eliminate this parameter in the future.
|
2021-02-12 08:20:45 +01:00
|
|
|
SYSTEM_BOT_REALM = "zulipinternal"
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# Structurally, we will probably eventually merge
|
|
|
|
|
# analytics into part of the main server, rather
|
|
|
|
|
# than a separate app.
|
2021-02-12 08:20:45 +01:00
|
|
|
EXTRA_INSTALLED_APPS = ["analytics"]
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# Used to construct URLs to point to the Zulip server. Since we
|
|
|
|
|
# only support HTTPS in production, this is just for development.
|
|
|
|
|
EXTERNAL_URI_SCHEME = "https://"
|
|
|
|
|
|
|
|
|
|
# Whether anyone can create a new organization on the Zulip server.
|
|
|
|
|
OPEN_REALM_CREATION = False
|
|
|
|
|
|
2021-09-21 19:49:12 +02:00
|
|
|
# Whether it's possible to create web-public streams on this server.
|
|
|
|
|
WEB_PUBLIC_STREAMS_ENABLED = False
|
|
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# Setting for where the system bot users are. Likely has no
|
|
|
|
|
# purpose now that the REALMS_HAVE_SUBDOMAINS migration is finished.
|
|
|
|
|
SYSTEM_ONLY_REALMS = {"zulip"}
|
|
|
|
|
|
2021-09-02 01:05:30 +02:00
|
|
|
# Default deadline for demo organizations
|
|
|
|
|
DEMO_ORG_DEADLINE_DAYS = 30
|
|
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# Alternate hostnames to serve particular realms on, in addition to
|
|
|
|
|
# their usual subdomains. Keys are realm string_ids (aka subdomains),
|
|
|
|
|
# and values are alternate hosts.
|
|
|
|
|
# The values will also be added to ALLOWED_HOSTS.
|
2024-07-12 02:30:17 +02:00
|
|
|
REALM_HOSTS: dict[str, str] = {}
|
2019-11-13 01:22:15 +01:00
|
|
|
|
2020-06-25 20:43:48 +02:00
|
|
|
# Map used to rewrite the URIs for certain realms during mobile
|
|
|
|
|
# authentication. This, combined with adding the relevant hosts to
|
|
|
|
|
# ALLOWED_HOSTS, can be used for environments where security policies
|
|
|
|
|
# mean that a different hostname must be used for mobile access.
|
2024-07-12 02:30:17 +02:00
|
|
|
REALM_MOBILE_REMAP_URIS: dict[str, str] = {}
|
2020-06-25 20:43:48 +02:00
|
|
|
|
2020-10-23 02:43:28 +02:00
|
|
|
# Whether the server is using the PGroonga full-text search
|
2019-11-13 01:22:15 +01:00
|
|
|
# backend. Plan is to turn this on for everyone after further
|
|
|
|
|
# testing.
|
|
|
|
|
USING_PGROONGA = False
|
|
|
|
|
|
2020-01-03 07:07:51 +01:00
|
|
|
# How Django should send emails. Set for most contexts in settings.py, but
|
2019-11-13 01:22:15 +01:00
|
|
|
# available for sysadmin override in unusual cases.
|
2024-07-12 02:30:23 +02:00
|
|
|
EMAIL_BACKEND: str | None = None
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# Whether to give admins a warning in the web app that email isn't set up.
|
2020-01-03 07:07:51 +01:00
|
|
|
# Set in settings.py when email isn't configured.
|
2019-11-13 01:22:15 +01:00
|
|
|
WARN_NO_EMAIL = False
|
|
|
|
|
|
|
|
|
|
# If True, disable rate-limiting and other filters on sending error messages
|
|
|
|
|
# to admins, and enable logging on the error-reporting itself. Useful
|
|
|
|
|
# mainly in development.
|
|
|
|
|
DEBUG_ERROR_REPORTING = False
|
|
|
|
|
|
|
|
|
|
# Whether to flush memcached after data migrations. Because of
|
|
|
|
|
# how we do deployments in a way that avoids reusing memcached,
|
|
|
|
|
# this is disabled in production, but we need it in development.
|
|
|
|
|
POST_MIGRATION_CACHE_FLUSHING = False
|
|
|
|
|
|
|
|
|
|
# Settings for APNS. Only needed on push.zulipchat.com or if
|
|
|
|
|
# rebuilding the mobile app with a different push notifications
|
|
|
|
|
# server.
|
2024-07-12 02:30:23 +02:00
|
|
|
APNS_CERT_FILE: str | None = None
|
|
|
|
|
APNS_TOKEN_KEY_FILE: str | None = None
|
2023-11-08 01:37:08 +01:00
|
|
|
APNS_TOKEN_KEY_ID = get_secret("apns_token_key_id", development_only=True)
|
|
|
|
|
APNS_TEAM_ID = get_secret("apns_team_id", development_only=True)
|
2019-11-13 01:22:15 +01:00
|
|
|
APNS_SANDBOX = True
|
2023-11-06 20:25:28 +01:00
|
|
|
# APNS_TOPIC is obsolete. Clients now pass the APNs topic to use.
|
|
|
|
|
# ZULIP_IOS_APP_ID is obsolete. Clients now pass the iOS app ID to use for APNs.
|
2024-07-12 02:30:23 +02:00
|
|
|
ANDROID_FCM_CREDENTIALS_PATH: str | None = None
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# Limits related to the size of file uploads; last few in MB.
|
|
|
|
|
DATA_UPLOAD_MAX_MEMORY_SIZE = 25 * 1024 * 1024
|
2021-05-29 08:51:07 +02:00
|
|
|
MAX_AVATAR_FILE_SIZE_MIB = 5
|
2021-05-29 08:55:34 +02:00
|
|
|
MAX_ICON_FILE_SIZE_MIB = 5
|
2021-05-29 08:59:21 +02:00
|
|
|
MAX_LOGO_FILE_SIZE_MIB = 5
|
2021-05-29 09:04:19 +02:00
|
|
|
MAX_EMOJI_FILE_SIZE_MIB = 5
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# Limits to help prevent spam, in particular by sending invitations.
|
|
|
|
|
#
|
|
|
|
|
# A non-admin user who's joined an open realm this recently can't invite at all.
|
|
|
|
|
INVITES_MIN_USER_AGE_DAYS = 3
|
|
|
|
|
# Default for a realm's `max_invites`; which applies per day,
|
|
|
|
|
# and only applies if OPEN_REALM_CREATION is true.
|
|
|
|
|
INVITES_DEFAULT_REALM_DAILY_MAX = 100
|
|
|
|
|
# Global rate-limit (list of pairs (days, max)) on invites from new realms.
|
|
|
|
|
# Only applies if OPEN_REALM_CREATION is true.
|
|
|
|
|
INVITES_NEW_REALM_LIMIT_DAYS = [(1, 100)]
|
|
|
|
|
# Definition of a new realm for INVITES_NEW_REALM_LIMIT.
|
|
|
|
|
INVITES_NEW_REALM_DAYS = 7
|
|
|
|
|
|
|
|
|
|
# Controls for which links are published in portico footers/headers/etc.
|
2024-07-12 02:30:23 +02:00
|
|
|
REGISTER_LINK_DISABLED: bool | None = None
|
2019-11-13 01:22:15 +01:00
|
|
|
LOGIN_LINK_DISABLED = False
|
|
|
|
|
FIND_TEAM_LINK_DISABLED = True
|
|
|
|
|
|
|
|
|
|
# What domains to treat like the root domain
|
2021-08-23 15:14:05 +02:00
|
|
|
ROOT_SUBDOMAIN_ALIASES = ["www"]
|
2019-11-13 01:22:15 +01:00
|
|
|
# Whether the root domain is a landing page or can host a realm.
|
|
|
|
|
ROOT_DOMAIN_LANDING_PAGE = False
|
|
|
|
|
|
2023-11-20 20:16:03 +01:00
|
|
|
# Subdomain for serving endpoints to users from self-hosted deployments.
|
2024-07-12 02:30:23 +02:00
|
|
|
SELF_HOSTING_MANAGEMENT_SUBDOMAIN: str | None = None
|
2023-11-20 20:16:03 +01:00
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# If using the Zephyr mirroring supervisord configuration, the
|
|
|
|
|
# hostname to connect to in order to transfer credentials from webathena.
|
2024-07-12 02:30:23 +02:00
|
|
|
PERSONAL_ZMIRROR_SERVER: str | None = None
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# When security-relevant links in emails expire.
|
|
|
|
|
CONFIRMATION_LINK_DEFAULT_VALIDITY_DAYS = 1
|
|
|
|
|
INVITATION_LINK_VALIDITY_DAYS = 10
|
|
|
|
|
REALM_CREATION_LINK_VALIDITY_DAYS = 7
|
|
|
|
|
|
|
|
|
|
# Version number for ToS. Change this if you want to force every
|
|
|
|
|
# user to click through to re-accept terms of service before using
|
|
|
|
|
# Zulip again on the web.
|
2024-07-12 02:30:23 +02:00
|
|
|
TERMS_OF_SERVICE_VERSION: str | None = None
|
2021-12-19 15:24:47 +01:00
|
|
|
# HTML template path (e.g. "corporate/zulipchat_migration_tos.html")
|
|
|
|
|
# displayed to users when increasing TERMS_OF_SERVICE_VERSION when a
|
|
|
|
|
# user is to accept the terms of service for the first time, but
|
|
|
|
|
# already has an account. This primarily comes up when doing a data
|
|
|
|
|
# import.
|
2024-07-12 02:30:23 +02:00
|
|
|
FIRST_TIME_TERMS_OF_SERVICE_TEMPLATE: str | None = None
|
2021-12-19 15:24:47 +01:00
|
|
|
# Custom message (HTML allowed) to be displayed to explain why users
|
|
|
|
|
# need to re-accept the terms of service when a new major version is
|
|
|
|
|
# written.
|
2024-07-12 02:30:23 +02:00
|
|
|
TERMS_OF_SERVICE_MESSAGE: str | None = None
|
2019-11-13 01:22:15 +01:00
|
|
|
|
2022-09-13 17:39:18 +02:00
|
|
|
# Configuration for JWT auth (sign in and API key fetch)
|
2024-07-12 02:30:17 +02:00
|
|
|
JWT_AUTH_KEYS: dict[str, JwtAuthKey] = {}
|
2019-11-13 01:22:15 +01:00
|
|
|
|
2024-05-24 16:57:31 +02:00
|
|
|
# https://docs.djangoproject.com/en/5.0/ref/settings/#std:setting-SERVER_EMAIL
|
2019-11-13 01:22:15 +01:00
|
|
|
# Django setting for what from address to use in error emails.
|
|
|
|
|
SERVER_EMAIL = ZULIP_ADMINISTRATOR
|
|
|
|
|
# Django setting for who receives error emails.
|
|
|
|
|
ADMINS = (("Zulip Administrator", ZULIP_ADMINISTRATOR),)
|
|
|
|
|
|
|
|
|
|
# From address for welcome emails.
|
2024-07-12 02:30:23 +02:00
|
|
|
WELCOME_EMAIL_SENDER: dict[str, str] | None = None
|
2023-10-21 01:38:43 +02:00
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# Whether to send periodic digests of activity.
|
|
|
|
|
SEND_DIGEST_EMAILS = True
|
2022-12-24 17:31:48 +01:00
|
|
|
# The variable part of email sender names to be used for outgoing emails.
|
|
|
|
|
INSTALLATION_NAME = EXTERNAL_HOST
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# Used to change the Zulip logo in portico pages.
|
2024-07-12 02:30:23 +02:00
|
|
|
CUSTOM_LOGO_URL: str | None = None
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# Random salt used when deterministically generating passwords in
|
|
|
|
|
# development.
|
2024-07-12 02:30:23 +02:00
|
|
|
INITIAL_PASSWORD_SALT: str | None = None
|
2019-11-13 01:22:15 +01:00
|
|
|
|
2022-02-08 00:13:33 +01:00
|
|
|
# Settings configuring the special instrumentation of the send_event
|
2019-12-11 12:03:20 +01:00
|
|
|
# code path used in generating API documentation for /events.
|
|
|
|
|
LOG_API_EVENT_TYPES = False
|
|
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# Used to control whether certain management commands are run on
|
|
|
|
|
# the server.
|
|
|
|
|
# TODO: Replace this with a smarter "run on only one server" system.
|
|
|
|
|
STAGING = False
|
|
|
|
|
|
presence: Tweak and document presence tuning values.
We're changing the ping interval from 50s to 60s, because that's what
the mobile apps have hardcoded currently, and backwards-compatibility
is more important there than the web app's previously hardcoded 50s.
For PRESENCE_PING_INTERVAL_SECS, the previous value hardcoded in both
clients was 140s, selected as "plenty of network/other latency more
than 2 x ACTIVE_PING_INTERVAL_MS". This is a pretty aggressive value;
even a single request being missed or 500ing can result in a user
appearing offline incorrectly. (There's a lag of up to one full ping
interval between when the other client checks in and when you check
in, and so we'll be at almost 2 ping intervals when you issue your
next request that might get an updated connection time from that
user).
To increase failure tolerance, we want to change the offline
threshhold from 2 x ACTIVE_PING_INTERVAL + 20s to 3 x
ACTIVE_PING_INTERVAL + 20s, aka 140s => 200s, to be more robust to
temporary failures causing us to display other users as offline.
Since the mobile apps currently have 140s and 60s hardcoded, it should
be safe to make this particular change; the mobile apps will just
remain more aggressive than the web app in marking users offline until
it uses the new API parameters.
The end result in that Zulip will be slightly less aggressive at
marking other users as offline if they go off the Internet. We will
likely be able to tune ACTIVE_PING_INTERVAL downwards once #16381 and
its follow-ups are completed, because it'll likely make these requests
much cheaper.
2023-02-21 12:20:41 +01:00
|
|
|
# Presence tuning parameters. These values were hardcoded in clients
|
|
|
|
|
# before Zulip 7.0 (feature level 164); modern clients should get them
|
|
|
|
|
# via the /register API response, making it possible to tune these to
|
|
|
|
|
# adjust the trade-off between freshness and presence-induced load.
|
|
|
|
|
#
|
|
|
|
|
# The default for OFFLINE_THRESHOLD_SECS is chosen as
|
|
|
|
|
# `PRESENCE_PING_INTERVAL_SECS * 3 + 20`, which is designed to allow 2
|
|
|
|
|
# round trips, plus an extra in case an update fails. See
|
|
|
|
|
# https://zulip.readthedocs.io/en/latest/subsystems/presence.html for
|
|
|
|
|
# details on the presence architecture.
|
|
|
|
|
#
|
|
|
|
|
# How long to wait before clients should treat a user as offline.
|
|
|
|
|
OFFLINE_THRESHOLD_SECS = 200
|
2023-02-20 22:39:40 +01:00
|
|
|
# How often a client should ping by asking for presence data of all users.
|
presence: Tweak and document presence tuning values.
We're changing the ping interval from 50s to 60s, because that's what
the mobile apps have hardcoded currently, and backwards-compatibility
is more important there than the web app's previously hardcoded 50s.
For PRESENCE_PING_INTERVAL_SECS, the previous value hardcoded in both
clients was 140s, selected as "plenty of network/other latency more
than 2 x ACTIVE_PING_INTERVAL_MS". This is a pretty aggressive value;
even a single request being missed or 500ing can result in a user
appearing offline incorrectly. (There's a lag of up to one full ping
interval between when the other client checks in and when you check
in, and so we'll be at almost 2 ping intervals when you issue your
next request that might get an updated connection time from that
user).
To increase failure tolerance, we want to change the offline
threshhold from 2 x ACTIVE_PING_INTERVAL + 20s to 3 x
ACTIVE_PING_INTERVAL + 20s, aka 140s => 200s, to be more robust to
temporary failures causing us to display other users as offline.
Since the mobile apps currently have 140s and 60s hardcoded, it should
be safe to make this particular change; the mobile apps will just
remain more aggressive than the web app in marking users offline until
it uses the new API parameters.
The end result in that Zulip will be slightly less aggressive at
marking other users as offline if they go off the Internet. We will
likely be able to tune ACTIVE_PING_INTERVAL downwards once #16381 and
its follow-ups are completed, because it'll likely make these requests
much cheaper.
2023-02-21 12:20:41 +01:00
|
|
|
PRESENCE_PING_INTERVAL_SECS = 60
|
|
|
|
|
# Zulip sends immediate presence updates via the events system when a
|
|
|
|
|
# user joins or becomes online. In larger organizations, this can
|
|
|
|
|
# become prohibitively expensive, so we limit how many active users an
|
|
|
|
|
# organization can have before these presence update events are
|
|
|
|
|
# disabled.
|
2021-05-05 13:15:13 +02:00
|
|
|
USER_LIMIT_FOR_SENDING_PRESENCE_UPDATE_EVENTS = 100
|
|
|
|
|
|
2020-06-11 16:03:47 +02:00
|
|
|
# Controls the how much newer a user presence update needs to be
|
|
|
|
|
# than the currently saved last_active_time or last_connected_time in order for us to
|
|
|
|
|
# update the database state. E.g. If set to 0, we will do
|
|
|
|
|
# a database write each time a client sends a presence update.
|
|
|
|
|
PRESENCE_UPDATE_MIN_FREQ_SECONDS = 55
|
|
|
|
|
|
|
|
|
|
# Controls the timedelta between last_connected_time and last_active_time
|
|
|
|
|
# within which the user should be considered ACTIVE for the purposes of
|
|
|
|
|
# legacy presence events. That is - when sending a presence update about a user to clients,
|
|
|
|
|
# we will specify ACTIVE status as long as the timedelta is within this limit and IDLE otherwise.
|
|
|
|
|
PRESENCE_LEGACY_EVENT_OFFSET_FOR_ACTIVITY_SECONDS = 70
|
|
|
|
|
|
2024-08-30 00:55:09 +02:00
|
|
|
# The web app doesn't pass params to / when initially loading, so it can't directly
|
|
|
|
|
# pick its history_limit_days value. Instead, the server chooses the value and
|
|
|
|
|
# passes it to the web app in page_params.
|
|
|
|
|
PRESENCE_HISTORY_LIMIT_DAYS_FOR_WEB_APP = 365
|
|
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# How many days deleted messages data should be kept before being
|
|
|
|
|
# permanently deleted.
|
2021-11-18 02:24:40 +01:00
|
|
|
ARCHIVED_DATA_VACUUMING_DELAY_DAYS = 30
|
2019-11-13 01:22:15 +01:00
|
|
|
|
|
|
|
|
# Enables billing pages and plan-based feature gates. If False, all features
|
|
|
|
|
# are available to all realms.
|
|
|
|
|
BILLING_ENABLED = False
|
|
|
|
|
|
2024-07-12 02:30:23 +02:00
|
|
|
CLOUD_FREE_TRIAL_DAYS: int | None = int(get_secret("cloud_free_trial_days", "0"))
|
|
|
|
|
SELF_HOSTING_FREE_TRIAL_DAYS: int | None = int(get_secret("self_hosting_free_trial_days", "30"))
|
2020-04-23 20:10:15 +02:00
|
|
|
|
2020-05-21 16:36:14 +02:00
|
|
|
# Custom message (supports HTML) to be shown in the navbar of landing pages. Used mainly for
|
|
|
|
|
# making announcements.
|
2024-07-12 02:30:23 +02:00
|
|
|
LANDING_PAGE_NAVBAR_MESSAGE: str | None = None
|
2020-05-21 16:36:14 +02:00
|
|
|
|
2019-11-13 01:22:15 +01:00
|
|
|
# Automatically catch-up soft deactivated users when running the
|
|
|
|
|
# `soft-deactivate-users` cron. Turn this off if the server has 10Ks of
|
|
|
|
|
# users, and you would like to save some disk space. Soft-deactivated
|
|
|
|
|
# returning users would still be caught-up normally.
|
|
|
|
|
AUTO_CATCH_UP_SOFT_DEACTIVATED_USERS = True
|
2020-05-08 06:37:58 +02:00
|
|
|
|
|
|
|
|
# Enables Google Analytics on selected portico pages.
|
2024-07-12 02:30:23 +02:00
|
|
|
GOOGLE_ANALYTICS_ID: str | None = None
|
2020-06-08 04:08:04 +02:00
|
|
|
|
|
|
|
|
# This is overridden by dev_settings.py for droplets.
|
|
|
|
|
IS_DEV_DROPLET = False
|
2020-06-10 05:36:01 +02:00
|
|
|
|
2024-05-22 06:22:22 +02:00
|
|
|
# Used by the `check_send_receive_time` monitoring tool.
|
2024-05-08 21:29:02 +02:00
|
|
|
NAGIOS_BOT_HOST = SYSTEM_BOT_REALM + "." + EXTERNAL_HOST
|
2020-06-10 06:06:57 +02:00
|
|
|
|
2020-06-21 13:18:08 +02:00
|
|
|
# Use half of the available CPUs for data import purposes.
|
|
|
|
|
DEFAULT_DATA_EXPORT_IMPORT_PARALLELISM = (len(os.sched_getaffinity(0)) // 2) or 1
|
2021-04-24 13:25:20 +02:00
|
|
|
|
2021-04-27 21:45:10 +02:00
|
|
|
# How long after the last upgrade to nag users that the server needs
|
|
|
|
|
# to be upgraded because of likely security releases in the meantime.
|
|
|
|
|
# Default is 18 months, constructed as 12 months before someone should
|
|
|
|
|
# upgrade, plus 6 months for the system administrator to get around to it.
|
2021-04-28 02:15:16 +02:00
|
|
|
SERVER_UPGRADE_NAG_DEADLINE_DAYS = 30 * 18
|
2021-05-05 09:22:41 +02:00
|
|
|
|
|
|
|
|
# How long servers have to respond to outgoing webhook requests
|
|
|
|
|
OUTGOING_WEBHOOK_TIMEOUT_SECONDS = 10
|
2021-06-03 15:04:22 +02:00
|
|
|
|
|
|
|
|
# Maximum length of message content allowed.
|
|
|
|
|
# Any message content exceeding this limit will be truncated.
|
2022-04-14 23:50:10 +02:00
|
|
|
# See: `_internal_prep_message` function in zerver/actions/message_send.py.
|
2021-06-03 15:04:22 +02:00
|
|
|
MAX_MESSAGE_LENGTH = 10000
|
2021-07-24 06:56:56 +02:00
|
|
|
|
|
|
|
|
# The maximum number of drafts to send in the response to /register.
|
|
|
|
|
# More drafts, should they exist for some crazy reason, could be
|
|
|
|
|
# fetched in a separate request.
|
|
|
|
|
MAX_DRAFTS_IN_REGISTER_RESPONSE = 1000
|
2023-08-17 14:42:41 +02:00
|
|
|
|
|
|
|
|
# How long before a client should assume that another client sending
|
|
|
|
|
# typing notifications has gone away and expire the active typing
|
|
|
|
|
# indicator.
|
2023-10-18 03:01:01 +02:00
|
|
|
TYPING_STARTED_EXPIRY_PERIOD_MILLISECONDS = 45000
|
2023-08-17 14:42:41 +02:00
|
|
|
|
|
|
|
|
# How long after a user has stopped interacting with the compose UI
|
|
|
|
|
# that a client should send a stop notification to the server.
|
2023-10-18 03:01:01 +02:00
|
|
|
TYPING_STOPPED_WAIT_PERIOD_MILLISECONDS = 12000
|
2023-08-17 14:42:41 +02:00
|
|
|
|
|
|
|
|
# How often a client should send start notifications to the server to
|
|
|
|
|
# indicate that the user is still interacting with the compose UI.
|
2023-10-18 03:01:01 +02:00
|
|
|
TYPING_STARTED_WAIT_PERIOD_MILLISECONDS = 30000
|
2023-11-14 22:57:16 +01:00
|
|
|
|
|
|
|
|
# The maximum number of subscribers for a stream to have typing
|
|
|
|
|
# notifications enabled. Default is set to avoid excessive Tornado
|
|
|
|
|
# load in large organizations.
|
|
|
|
|
MAX_STREAM_SIZE_FOR_TYPING_NOTIFICATIONS = 100
|
2023-10-17 12:56:39 +02:00
|
|
|
|
2023-12-08 20:53:31 +01:00
|
|
|
# The maximum user-group size value upto which members should
|
|
|
|
|
# be soft-reactivated in the case of user group mention.
|
|
|
|
|
MAX_GROUP_SIZE_FOR_MENTION_REACTIVATION = 11
|
|
|
|
|
|
2023-10-17 12:56:39 +02:00
|
|
|
# Limiting guest access to other users via the
|
|
|
|
|
# can_access_all_users_group setting makes presence queries much more
|
|
|
|
|
# expensive. This can be a significant performance problem for
|
|
|
|
|
# installations with thousands of users with many guests limited in
|
|
|
|
|
# this way, pending further optimization of the relevant code paths.
|
|
|
|
|
CAN_ACCESS_ALL_USERS_GROUP_LIMITS_PRESENCE = False
|
2023-11-21 15:34:07 +01:00
|
|
|
|
|
|
|
|
# General expiry time for signed tokens we may generate
|
|
|
|
|
# in some places through the codebase.
|
|
|
|
|
SIGNED_ACCESS_TOKEN_VALIDITY_IN_SECONDS = 60
|
2024-01-10 21:05:59 +01:00
|
|
|
|
2024-07-12 02:30:23 +02:00
|
|
|
CUSTOM_AUTHENTICATION_WRAPPER_FUNCTION: Callable[..., Any] | None = None
|
2024-05-30 05:45:38 +02:00
|
|
|
|
2024-06-04 22:43:37 +02:00
|
|
|
# Grace period during which we don't send a resolve/unresolve
|
|
|
|
|
# notification to a stream and also delete the previous counter
|
|
|
|
|
# notification.
|
|
|
|
|
RESOLVE_TOPIC_UNDO_GRACE_PERIOD_SECONDS = 60
|
