This lets us have a slightly cleaner interface for cases where we need
a custom default value than an `or None` in the definition (which
might cause issues with other falsey values).
This is the typical configuration in /etc/zulip/settings.py for a site
using S3, since there's no obligation to set the setting to None
directly, and we're not importing the main `settings.py` (and thus not
getting DEFAULT_SETTINGS applied).
Various pieces of our thumbor-based thumbnailing system were already
merged; this adds the remaining pieces required for it to work:
* a THUMBOR_URL Django setting that controls whether thumbor is
enabled on the Zulip server (and if so, where thumbor is hosted).
* Replaces the overly complicated prototype cryptography logic
* Adds a /thumbnail endpoint (supported both on web and mobile) for
accessing thumbnails in messages, designed to support hosting both
external URLs as well as uploaded files (and applying Zulip's
security model for access to thumbnails of uploaded files).
* Modifies bugdown to, when THUMBOR_URL is set, render images with the
`src` attribute pointing /thumbnail (to provide a small thumbnail
for the image), along with adding a "data-original" attribute that
can be used to access the "original/full" size version of the image.
There are a few things that don't work quite yet:
* The S3 backend support is incomplete and doesn't work yet.
* The error pages for unauthorized access are ugly.
* We might want to rename data-original and /thumbnail?size=original
to use some other name, like "full", that better reflects the fact
that we're potentially not serving the original image URL.
Previously, thumbor.conf read LOCAL_UPLOADS_DIR from
zproject/settings.py by calling get-django-setting, which ends up
importing Django (taking 250ms, and requiring a full Zulip virtualenv
to be installed on the system).
The new system (in production) just imports prod_settings.py, which
has a lot fewer dependencies and is also a lot faster.
We need to use the value of SECURITY_KEY read from
/etc/zulip/zulip-secrets.conf (using get_secret), and also we disable
a few Thumbor features that we're not using. We also fix access to
secret keys by getting their values using get_secret.
For now, this does nothing in a production environment, but it should
simplify the process of doing testing on the Thumbor implementation,
by integrating a lot of dependency management logic.