mirror of https://github.com/zulip/zulip.git
980 lines
35 KiB
Python
980 lines
35 KiB
Python
from __future__ import absolute_import
|
|
# Django settings for zulip project.
|
|
########################################################################
|
|
# Here's how settings for the Zulip project work:
|
|
#
|
|
# * settings.py contains non-site-specific and settings configuration
|
|
# for the Zulip Django app.
|
|
# * settings.py imports local_settings.py, and any site-specific configuration
|
|
# belongs there. The template for local_settings.py is local_settings_template.py
|
|
#
|
|
# See http://zulip.readthedocs.io/en/latest/settings.html for more information
|
|
#
|
|
########################################################################
|
|
import os
|
|
import platform
|
|
import time
|
|
import sys
|
|
import six.moves.configparser
|
|
|
|
from zerver.lib.db import TimeTrackingConnection
|
|
import six
|
|
|
|
########################################################################
|
|
# INITIAL SETTINGS
|
|
########################################################################
|
|
|
|
config_file = six.moves.configparser.RawConfigParser()
|
|
config_file.read("/etc/zulip/zulip.conf")
|
|
|
|
# Whether this instance of Zulip is running in a production environment.
|
|
PRODUCTION = config_file.has_option('machine', 'deploy_type')
|
|
DEVELOPMENT = not PRODUCTION
|
|
|
|
secrets_file = six.moves.configparser.RawConfigParser()
|
|
if PRODUCTION:
|
|
secrets_file.read("/etc/zulip/zulip-secrets.conf")
|
|
else:
|
|
secrets_file.read("zproject/dev-secrets.conf")
|
|
|
|
def get_secret(key):
|
|
if secrets_file.has_option('secrets', key):
|
|
return secrets_file.get('secrets', key)
|
|
return None
|
|
|
|
# Make this unique, and don't share it with anybody.
|
|
SECRET_KEY = get_secret("secret_key")
|
|
|
|
# A shared secret, used to authenticate different parts of the app to each other.
|
|
SHARED_SECRET = get_secret("shared_secret")
|
|
|
|
# We use this salt to hash a user's email into a filename for their user-uploaded
|
|
# avatar. If this salt is discovered, attackers will only be able to determine
|
|
# that the owner of an email account has uploaded an avatar to Zulip, which isn't
|
|
# the end of the world. Don't use the salt where there is more security exposure.
|
|
AVATAR_SALT = get_secret("avatar_salt")
|
|
|
|
# SERVER_GENERATION is used to track whether the server has been
|
|
# restarted for triggering browser clients to reload.
|
|
SERVER_GENERATION = int(time.time())
|
|
|
|
if 'DEBUG' not in globals():
|
|
# Uncomment end of next line to test JS/CSS minification.
|
|
DEBUG = DEVELOPMENT # and platform.node() != 'your-machine'
|
|
|
|
if DEBUG:
|
|
INTERNAL_IPS = ('127.0.0.1',)
|
|
|
|
# Detect whether we're running as a queue worker; this impacts the logging configuration.
|
|
if len(sys.argv) > 2 and sys.argv[0].endswith('manage.py') and sys.argv[1] == 'process_queue':
|
|
IS_WORKER = True
|
|
else:
|
|
IS_WORKER = False
|
|
|
|
|
|
# This is overridden in test_settings.py for the test suites
|
|
TEST_SUITE = False
|
|
# The new user tutorial is enabled by default, but disabled for client tests.
|
|
TUTORIAL_ENABLED = True
|
|
|
|
# Import variables like secrets from the local_settings file
|
|
# Import local_settings after determining the deployment/machine type
|
|
if PRODUCTION:
|
|
from .local_settings import *
|
|
else:
|
|
from .dev_settings import *
|
|
|
|
########################################################################
|
|
# DEFAULT VALUES FOR SETTINGS
|
|
########################################################################
|
|
|
|
# For any settings that are not defined in local_settings.py,
|
|
# we want to initialize them to sane default
|
|
DEFAULT_SETTINGS = {'TWITTER_CONSUMER_KEY': '',
|
|
'TWITTER_CONSUMER_SECRET': '',
|
|
'TWITTER_ACCESS_TOKEN_KEY': '',
|
|
'TWITTER_ACCESS_TOKEN_SECRET': '',
|
|
'EMAIL_GATEWAY_PATTERN': '',
|
|
'EMAIL_GATEWAY_EXAMPLE': '',
|
|
'EMAIL_GATEWAY_BOT': None,
|
|
'EMAIL_GATEWAY_LOGIN': None,
|
|
'EMAIL_GATEWAY_PASSWORD': None,
|
|
'EMAIL_GATEWAY_IMAP_SERVER': None,
|
|
'EMAIL_GATEWAY_IMAP_PORT': None,
|
|
'EMAIL_GATEWAY_IMAP_FOLDER': None,
|
|
'MANDRILL_API_KEY': '',
|
|
'S3_KEY': '',
|
|
'S3_SECRET_KEY': '',
|
|
'S3_BUCKET': '',
|
|
'S3_AVATAR_BUCKET': '',
|
|
'LOCAL_UPLOADS_DIR': None,
|
|
'MAX_FILE_UPLOAD_SIZE': 25,
|
|
'DROPBOX_APP_KEY': '',
|
|
'ERROR_REPORTING': True,
|
|
'JWT_AUTH_KEYS': {},
|
|
'NAME_CHANGES_DISABLED': False,
|
|
'DEPLOYMENT_ROLE_NAME': "",
|
|
'RABBITMQ_HOST': 'localhost',
|
|
'RABBITMQ_USERNAME': 'zulip',
|
|
'MEMCACHED_LOCATION': '127.0.0.1:11211',
|
|
'RATE_LIMITING': True,
|
|
'REDIS_HOST': '127.0.0.1',
|
|
'REDIS_PORT': 6379,
|
|
# The following bots only exist in non-VOYAGER installs
|
|
'ERROR_BOT': None,
|
|
'NEW_USER_BOT': None,
|
|
'NAGIOS_STAGING_SEND_BOT': None,
|
|
'NAGIOS_STAGING_RECEIVE_BOT': None,
|
|
'APNS_CERT_FILE': None,
|
|
'ANDROID_GCM_API_KEY': None,
|
|
'INITIAL_PASSWORD_SALT': None,
|
|
'FEEDBACK_BOT': 'feedback@zulip.com',
|
|
'FEEDBACK_BOT_NAME': 'Zulip Feedback Bot',
|
|
'ADMINS': '',
|
|
'INLINE_IMAGE_PREVIEW': True,
|
|
'CAMO_URI': '',
|
|
'ENABLE_FEEDBACK': PRODUCTION,
|
|
'FEEDBACK_EMAIL': None,
|
|
'ENABLE_GRAVATAR': True,
|
|
'DEFAULT_AVATAR_URI': '/static/images/default-avatar.png',
|
|
'AUTH_LDAP_SERVER_URI': "",
|
|
'EXTERNAL_URI_SCHEME': "https://",
|
|
'ZULIP_COM': False,
|
|
'ZULIP_COM_STAGING': False,
|
|
'STATSD_HOST': '',
|
|
'OPEN_REALM_CREATION': False,
|
|
'REMOTE_POSTGRES_HOST': '',
|
|
'REMOTE_POSTGRES_SSLMODE': '',
|
|
'GOOGLE_CLIENT_ID': '',
|
|
'DBX_APNS_CERT_FILE': None,
|
|
'EXTRA_INSTALLED_APPS': [],
|
|
'DEFAULT_NEW_REALM_STREAMS': ["social", "general", "zulip"],
|
|
'REALM_CREATION_LINK_VALIDITY_DAYS': 7,
|
|
}
|
|
|
|
for setting_name, setting_val in six.iteritems(DEFAULT_SETTINGS):
|
|
if setting_name not in vars():
|
|
vars()[setting_name] = setting_val
|
|
|
|
# These are the settings that we will check that the user has filled in for
|
|
# production deployments before starting the app. It consists of a series
|
|
# of pairs of (setting name, default value that it must be changed from)
|
|
REQUIRED_SETTINGS = [("EXTERNAL_HOST", "zulip.example.com"),
|
|
("ZULIP_ADMINISTRATOR", "zulip-admin@example.com"),
|
|
("ADMIN_DOMAIN", "example.com"),
|
|
# SECRET_KEY doesn't really need to be here, in
|
|
# that we set it automatically, but just in
|
|
# case, it seems worth having in this list
|
|
("SECRET_KEY", ""),
|
|
("AUTHENTICATION_BACKENDS", ()),
|
|
("NOREPLY_EMAIL_ADDRESS", "noreply@example.com"),
|
|
("DEFAULT_FROM_EMAIL", "Zulip <zulip@example.com>"),
|
|
("ALLOWED_HOSTS", "*"),
|
|
]
|
|
|
|
if ADMINS == "":
|
|
ADMINS = (("Zulip Administrator", ZULIP_ADMINISTRATOR),)
|
|
MANAGERS = ADMINS
|
|
|
|
# Voyager is a production zulip server that is not zulip.com or
|
|
# staging.zulip.com VOYAGER is the standalone all-on-one-server
|
|
# production deployment model for based on the original Zulip
|
|
# ENTERPRISE implementation. We expect most users of the open source
|
|
# project will be using VOYAGER=True in production.
|
|
VOYAGER = PRODUCTION and not ZULIP_COM
|
|
|
|
########################################################################
|
|
# STANDARD DJANGO SETTINGS
|
|
########################################################################
|
|
|
|
# Local time zone for this installation. Choices can be found here:
|
|
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
|
|
# although not all choices may be available on all operating systems.
|
|
# In a Windows environment this must be set to your system time zone.
|
|
TIME_ZONE = 'America/New_York'
|
|
|
|
# Language code for this installation. All choices can be found here:
|
|
# http://www.i18nguy.com/unicode/language-identifiers.html
|
|
LANGUAGE_CODE = 'en-us'
|
|
|
|
# The ID, as an integer, of the current site in the django_site database table.
|
|
# This is used so that application data can hook into specific site(s) and a
|
|
# single database can manage content for multiple sites.
|
|
#
|
|
# We set this site's domain to 'zulip.com' in populate_db.
|
|
SITE_ID = 1
|
|
|
|
# If you set this to False, Django will make some optimizations so as not
|
|
# to load the internationalization machinery.
|
|
USE_I18N = True
|
|
|
|
# If you set this to False, Django will not format dates, numbers and
|
|
# calendars according to the current locale.
|
|
USE_L10N = True
|
|
|
|
# If you set this to False, Django will not use timezone-aware datetimes.
|
|
USE_TZ = True
|
|
|
|
DEPLOY_ROOT = os.path.join(os.path.realpath(os.path.dirname(__file__)), '..')
|
|
LOCALE_PATHS = (os.path.join(DEPLOY_ROOT, 'locale'),)
|
|
|
|
# Make redirects work properly behind a reverse proxy
|
|
USE_X_FORWARDED_HOST = True
|
|
|
|
# List of callables that know how to import templates from various sources.
|
|
LOADERS = [
|
|
'django.template.loaders.filesystem.Loader',
|
|
'django.template.loaders.app_directories.Loader',
|
|
]
|
|
if PRODUCTION:
|
|
# Template caching is a significant performance win in production.
|
|
LOADERS = [('django.template.loaders.cached.Loader', LOADERS)]
|
|
|
|
TEMPLATES = [
|
|
{
|
|
'BACKEND': 'zproject.jinja2.backends.Jinja2',
|
|
'DIRS': [
|
|
os.path.join(DEPLOY_ROOT, 'templates'),
|
|
],
|
|
'APP_DIRS': True,
|
|
'OPTIONS': {
|
|
'debug': DEBUG,
|
|
'environment': 'zproject.jinja2.environment',
|
|
'extensions': [
|
|
'jinja2.ext.i18n',
|
|
'jinja2.ext.autoescape',
|
|
'pipeline.jinja2.PipelineExtension',
|
|
],
|
|
'context_processors': [
|
|
'zerver.context_processors.add_settings',
|
|
'zerver.context_processors.add_metrics',
|
|
'django.core.context_processors.i18n',
|
|
],
|
|
},
|
|
},
|
|
{
|
|
'BACKEND': 'django.template.backends.django.DjangoTemplates',
|
|
'DIRS': [
|
|
os.path.join(DEPLOY_ROOT, 'django_templates'),
|
|
],
|
|
'APP_DIRS': False,
|
|
'OPTIONS': {
|
|
'debug': DEBUG,
|
|
'loaders': LOADERS,
|
|
'context_processors': [
|
|
'zerver.context_processors.add_settings',
|
|
'zerver.context_processors.add_metrics',
|
|
],
|
|
},
|
|
},
|
|
]
|
|
|
|
MIDDLEWARE_CLASSES = (
|
|
# Our logging middleware should be the first middleware item.
|
|
'zerver.middleware.TagRequests',
|
|
'zerver.middleware.LogRequests',
|
|
'zerver.middleware.JsonErrorHandler',
|
|
'zerver.middleware.RateLimitMiddleware',
|
|
'zerver.middleware.FlushDisplayRecipientCache',
|
|
'django.middleware.common.CommonMiddleware',
|
|
'zerver.middleware.SessionHostDomainMiddleware',
|
|
'django.middleware.locale.LocaleMiddleware',
|
|
'django.middleware.csrf.CsrfViewMiddleware',
|
|
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
|
)
|
|
|
|
ANONYMOUS_USER_ID = None
|
|
|
|
AUTH_USER_MODEL = "zerver.UserProfile"
|
|
|
|
TEST_RUNNER = 'zerver.lib.test_runner.Runner'
|
|
|
|
ROOT_URLCONF = 'zproject.urls'
|
|
|
|
# Python dotted path to the WSGI application used by Django's runserver.
|
|
WSGI_APPLICATION = 'zproject.wsgi.application'
|
|
|
|
# A site can include additional installed apps via the
|
|
# EXTRA_INSTALLED_APPS setting
|
|
INSTALLED_APPS = [
|
|
'django.contrib.auth',
|
|
'django.contrib.contenttypes',
|
|
'django.contrib.sessions',
|
|
'django.contrib.sites',
|
|
'django.contrib.staticfiles',
|
|
'confirmation',
|
|
'guardian',
|
|
'pipeline',
|
|
'zerver',
|
|
] + EXTRA_INSTALLED_APPS
|
|
|
|
# Base URL of the Tornado server
|
|
# We set it to None when running backend tests or populate_db.
|
|
# We override the port number when running frontend tests.
|
|
TORNADO_SERVER = 'http://127.0.0.1:9993'
|
|
RUNNING_INSIDE_TORNADO = False
|
|
|
|
########################################################################
|
|
# DATABASE CONFIGURATION
|
|
########################################################################
|
|
|
|
DATABASES = {"default": {
|
|
'ENGINE': 'django.db.backends.postgresql_psycopg2',
|
|
'NAME': 'zulip',
|
|
'USER': 'zulip',
|
|
'PASSWORD': '', # Authentication done via certificates
|
|
'HOST': '', # Host = '' => connect through a local socket
|
|
'SCHEMA': 'zulip',
|
|
'CONN_MAX_AGE': 600,
|
|
'OPTIONS': {
|
|
'connection_factory': TimeTrackingConnection
|
|
},
|
|
},
|
|
}
|
|
|
|
if DEVELOPMENT:
|
|
LOCAL_DATABASE_PASSWORD = get_secret("local_database_password")
|
|
DATABASES["default"].update({
|
|
'PASSWORD': LOCAL_DATABASE_PASSWORD,
|
|
'HOST': 'localhost'
|
|
})
|
|
elif REMOTE_POSTGRES_HOST != '':
|
|
DATABASES['default'].update({
|
|
'HOST': REMOTE_POSTGRES_HOST,
|
|
})
|
|
if get_secret("postgres_password") is not None:
|
|
DATABASES['default'].update({
|
|
'PASSWORD': get_secret("postgres_password"),
|
|
})
|
|
if REMOTE_POSTGRES_SSLMODE != '':
|
|
DATABASES['default']['OPTIONS']['sslmode'] = REMOTE_POSTGRES_SSLMODE
|
|
else:
|
|
DATABASES['default']['OPTIONS']['sslmode'] = 'verify-full'
|
|
|
|
########################################################################
|
|
# RABBITMQ CONFIGURATION
|
|
########################################################################
|
|
|
|
USING_RABBITMQ = True
|
|
RABBITMQ_PASSWORD = get_secret("rabbitmq_password")
|
|
|
|
########################################################################
|
|
# CACHING CONFIGURATION
|
|
########################################################################
|
|
|
|
SESSION_ENGINE = "django.contrib.sessions.backends.cached_db"
|
|
|
|
CACHES = {
|
|
'default': {
|
|
'BACKEND': 'django.core.cache.backends.memcached.PyLibMCCache',
|
|
'LOCATION': MEMCACHED_LOCATION,
|
|
'TIMEOUT': 3600
|
|
},
|
|
'database': {
|
|
'BACKEND': 'django.core.cache.backends.db.DatabaseCache',
|
|
'LOCATION': 'third_party_api_results',
|
|
# Basically never timeout. Setting to 0 isn't guaranteed
|
|
# to work, see https://code.djangoproject.com/ticket/9595
|
|
'TIMEOUT': 2000000000,
|
|
'OPTIONS': {
|
|
'MAX_ENTRIES': 100000000,
|
|
'CULL_FREQUENCY': 10,
|
|
}
|
|
},
|
|
}
|
|
|
|
########################################################################
|
|
# REDIS-BASED RATE LIMITING CONFIGURATION
|
|
########################################################################
|
|
|
|
RATE_LIMITING_RULES = [
|
|
(60, 100), # 100 requests max every minute
|
|
]
|
|
|
|
########################################################################
|
|
# SECURITY SETTINGS
|
|
########################################################################
|
|
|
|
# Tell the browser to never send our cookies without encryption, e.g.
|
|
# when executing the initial http -> https redirect.
|
|
#
|
|
# Turn it off for local testing because we don't have SSL.
|
|
if PRODUCTION:
|
|
SESSION_COOKIE_SECURE = True
|
|
CSRF_COOKIE_SECURE = True
|
|
|
|
try:
|
|
# For get_updates hostname sharding.
|
|
domain = config_file.get('django', 'cookie_domain')
|
|
SESSION_COOKIE_DOMAIN = '.' + domain
|
|
CSRF_COOKIE_DOMAIN = '.' + domain
|
|
except six.moves.configparser.Error:
|
|
# Failing here is OK
|
|
pass
|
|
|
|
# Prevent Javascript from reading the CSRF token from cookies. Our code gets
|
|
# the token from the DOM, which means malicious code could too. But hiding the
|
|
# cookie will slow down some attackers.
|
|
CSRF_COOKIE_PATH = '/;HttpOnly'
|
|
CSRF_FAILURE_VIEW = 'zerver.middleware.csrf_failure'
|
|
|
|
if DEVELOPMENT:
|
|
# Use fast password hashing for creating testing users when not
|
|
# PRODUCTION. Saves a bunch of time.
|
|
PASSWORD_HASHERS = (
|
|
'django.contrib.auth.hashers.SHA1PasswordHasher',
|
|
'django.contrib.auth.hashers.PBKDF2PasswordHasher'
|
|
)
|
|
# Also we auto-generate passwords for the default users which you
|
|
# can query using ./manage.py print_initial_password
|
|
INITIAL_PASSWORD_SALT = get_secret("initial_password_salt")
|
|
|
|
########################################################################
|
|
# API/BOT SETTINGS
|
|
########################################################################
|
|
|
|
if "EXTERNAL_API_PATH" not in vars():
|
|
EXTERNAL_API_PATH = EXTERNAL_HOST + "/api"
|
|
EXTERNAL_API_URI = EXTERNAL_URI_SCHEME + EXTERNAL_API_PATH
|
|
|
|
S3_KEY = get_secret("s3_key")
|
|
S3_SECRET_KEY = get_secret("s3_secret_key")
|
|
|
|
# GCM tokens are IP-whitelisted; if we deploy to additional
|
|
# servers you will need to explicitly add their IPs here:
|
|
# https://cloud.google.com/console/project/apps~zulip-android/apiui/credential
|
|
ANDROID_GCM_API_KEY = get_secret("android_gcm_api_key")
|
|
|
|
GOOGLE_OAUTH2_CLIENT_SECRET = get_secret('google_oauth2_client_secret')
|
|
|
|
DROPBOX_APP_KEY = get_secret("dropbox_app_key")
|
|
|
|
MAILCHIMP_API_KEY = get_secret("mailchimp_api_key")
|
|
|
|
# This comes from our mandrill accounts page
|
|
MANDRILL_API_KEY = get_secret("mandrill_api_key")
|
|
|
|
# Twitter API credentials
|
|
# Secrecy not required because its only used for R/O requests.
|
|
# Please don't make us go over our rate limit.
|
|
TWITTER_CONSUMER_KEY = get_secret("twitter_consumer_key")
|
|
TWITTER_CONSUMER_SECRET = get_secret("twitter_consumer_secret")
|
|
TWITTER_ACCESS_TOKEN_KEY = get_secret("twitter_access_token_key")
|
|
TWITTER_ACCESS_TOKEN_SECRET = get_secret("twitter_access_token_secret")
|
|
|
|
# These are the bots that Zulip sends automated messages as.
|
|
INTERNAL_BOTS = [{'var_name': 'NOTIFICATION_BOT',
|
|
'email_template': 'notification-bot@%s',
|
|
'name': 'Notification Bot'},
|
|
{'var_name': 'EMAIL_GATEWAY_BOT',
|
|
'email_template': 'emailgateway@%s',
|
|
'name': 'Email Gateway'},
|
|
{'var_name': 'NAGIOS_SEND_BOT',
|
|
'email_template': 'nagios-send-bot@%s',
|
|
'name': 'Nagios Send Bot'},
|
|
{'var_name': 'NAGIOS_RECEIVE_BOT',
|
|
'email_template': 'nagios-receive-bot@%s',
|
|
'name': 'Nagios Receive Bot'},
|
|
{'var_name': 'WELCOME_BOT',
|
|
'email_template': 'welcome-bot@%s',
|
|
'name': 'Welcome Bot'}]
|
|
|
|
INTERNAL_BOT_DOMAIN = "zulip.com"
|
|
|
|
# Set the realm-specific bot names
|
|
for bot in INTERNAL_BOTS:
|
|
if vars().get(bot['var_name']) is None:
|
|
bot_email = bot['email_template'] % (INTERNAL_BOT_DOMAIN,)
|
|
vars()[bot['var_name']] = bot_email
|
|
|
|
if EMAIL_GATEWAY_PATTERN != "":
|
|
EMAIL_GATEWAY_EXAMPLE = EMAIL_GATEWAY_PATTERN % ("support+abcdefg",)
|
|
|
|
DEPLOYMENT_ROLE_KEY = get_secret("deployment_role_key")
|
|
|
|
if PRODUCTION:
|
|
FEEDBACK_TARGET = "https://zulip.com/api"
|
|
else:
|
|
FEEDBACK_TARGET = "http://localhost:9991/api"
|
|
|
|
########################################################################
|
|
# STATSD CONFIGURATION
|
|
########################################################################
|
|
|
|
# Statsd is not super well supported; if you want to use it you'll need
|
|
# to set STATSD_HOST and STATSD_PREFIX.
|
|
if STATSD_HOST != '':
|
|
INSTALLED_APPS += ['django_statsd']
|
|
STATSD_PORT = 8125
|
|
STATSD_CLIENT = 'django_statsd.clients.normal'
|
|
|
|
########################################################################
|
|
# CAMO HTTPS CACHE CONFIGURATION
|
|
########################################################################
|
|
|
|
if CAMO_URI != '':
|
|
# This needs to be synced with the Camo installation
|
|
CAMO_KEY = get_secret("camo_key")
|
|
|
|
########################################################################
|
|
# STATIC CONTENT AND MINIFICATION SETTINGS
|
|
########################################################################
|
|
|
|
STATIC_URL = '/static/'
|
|
|
|
# ZulipStorage is a modified version of PipelineCachedStorage,
|
|
# and, like that class, it inserts a file hash into filenames
|
|
# to prevent the browser from using stale files from cache.
|
|
#
|
|
# Unlike PipelineStorage, it requires the files to exist in
|
|
# STATIC_ROOT even for dev servers. So we only use
|
|
# ZulipStorage when not DEBUG.
|
|
|
|
# This is the default behavior from Pipeline, but we set it
|
|
# here so that urls.py can read it.
|
|
PIPELINE_ENABLED = not DEBUG
|
|
|
|
if DEBUG:
|
|
STATICFILES_STORAGE = 'pipeline.storage.PipelineStorage'
|
|
STATICFILES_FINDERS = (
|
|
'django.contrib.staticfiles.finders.AppDirectoriesFinder',
|
|
'pipeline.finders.PipelineFinder',
|
|
)
|
|
if PIPELINE_ENABLED:
|
|
STATIC_ROOT = os.path.abspath('prod-static/serve')
|
|
else:
|
|
STATIC_ROOT = os.path.abspath('static/')
|
|
else:
|
|
STATICFILES_STORAGE = 'zerver.storage.ZulipStorage'
|
|
STATICFILES_FINDERS = (
|
|
'django.contrib.staticfiles.finders.FileSystemFinder',
|
|
'pipeline.finders.PipelineFinder',
|
|
)
|
|
if PRODUCTION:
|
|
STATIC_ROOT = '/home/zulip/prod-static'
|
|
else:
|
|
STATIC_ROOT = os.path.abspath('prod-static/serve')
|
|
|
|
# We want all temporary uploaded files to be stored on disk.
|
|
FILE_UPLOAD_MAX_MEMORY_SIZE = 0
|
|
|
|
STATICFILES_DIRS = ['static/']
|
|
STATIC_HEADER_FILE = 'zerver/static_header.txt'
|
|
|
|
# To use minified files in dev, set PIPELINE_ENABLED = True. For the full
|
|
# cache-busting behavior, you must also set DEBUG = False.
|
|
#
|
|
# You will need to run update-prod-static after changing
|
|
# static files.
|
|
|
|
PIPELINE = {
|
|
'PIPELINE_ENABLED': PIPELINE_ENABLED,
|
|
'CSS_COMPRESSOR': 'pipeline.compressors.yui.YUICompressor',
|
|
'YUI_BINARY': '/usr/bin/env yui-compressor',
|
|
'STYLESHEETS': {
|
|
'activity': {
|
|
'source_filenames': ('styles/activity.css',),
|
|
'output_filename': 'min/activity.css'
|
|
},
|
|
'portico': {
|
|
'source_filenames': (
|
|
'third/zocial/zocial.css',
|
|
'styles/portico.css',
|
|
'styles/pygments.css',
|
|
'styles/thirdparty-fonts.css',
|
|
'styles/fonts.css',
|
|
),
|
|
'output_filename': 'min/portico.css'
|
|
},
|
|
# Two versions of the app CSS exist because of QTBUG-3467
|
|
'app-fontcompat': {
|
|
'source_filenames': (
|
|
'third/bootstrap-notify/css/bootstrap-notify.css',
|
|
'third/spectrum/spectrum.css',
|
|
'styles/zulip.css',
|
|
'styles/settings.css',
|
|
'styles/pygments.css',
|
|
'styles/thirdparty-fonts.css',
|
|
# We don't want fonts.css on QtWebKit, so its omitted here
|
|
),
|
|
'output_filename': 'min/app-fontcompat.css'
|
|
},
|
|
'app': {
|
|
'source_filenames': (
|
|
'third/bootstrap-notify/css/bootstrap-notify.css',
|
|
'third/spectrum/spectrum.css',
|
|
'third/jquery-perfect-scrollbar/css/perfect-scrollbar.css',
|
|
'styles/zulip.css',
|
|
'styles/settings.css',
|
|
'styles/pygments.css',
|
|
'styles/thirdparty-fonts.css',
|
|
'styles/fonts.css',
|
|
),
|
|
'output_filename': 'min/app.css'
|
|
},
|
|
'common': {
|
|
'source_filenames': (
|
|
'third/bootstrap/css/bootstrap.css',
|
|
'third/bootstrap/css/bootstrap-btn.css',
|
|
'third/bootstrap/css/bootstrap-responsive.css',
|
|
),
|
|
'output_filename': 'min/common.css'
|
|
},
|
|
},
|
|
'JAVASCRIPT': {},
|
|
}
|
|
|
|
JS_SPECS = {
|
|
'common': {
|
|
'source_filenames': (
|
|
'third/jquery/jquery-1.8.3.js',
|
|
'third/underscore/underscore.js',
|
|
'js/blueslip.js',
|
|
'third/bootstrap/js/bootstrap.js',
|
|
'js/common.js',
|
|
),
|
|
'output_filename': 'min/common.js'
|
|
},
|
|
'signup': {
|
|
'source_filenames': (
|
|
'js/signup.js',
|
|
'third/jquery-validate/jquery.validate.js',
|
|
),
|
|
'output_filename': 'min/signup.js'
|
|
},
|
|
'initial_invite': {
|
|
'source_filenames': (
|
|
'third/jquery-validate/jquery.validate.js',
|
|
'js/initial_invite.js',
|
|
),
|
|
'output_filename': 'min/initial_invite.js'
|
|
},
|
|
'api': {
|
|
'source_filenames': ('js/api.js',),
|
|
'output_filename': 'min/api.js'
|
|
},
|
|
'app_debug': {
|
|
'source_filenames': ('js/debug.js',),
|
|
'output_filename': 'min/app_debug.js'
|
|
},
|
|
'app': {
|
|
'source_filenames': [
|
|
'third/bootstrap-notify/js/bootstrap-notify.js',
|
|
'third/html5-formdata/formdata.js',
|
|
'third/jquery-validate/jquery.validate.js',
|
|
'third/jquery-form/jquery.form.js',
|
|
'third/jquery-filedrop/jquery.filedrop.js',
|
|
'third/jquery-caret/jquery.caret.1.5.2.js',
|
|
'third/xdate/xdate.dev.js',
|
|
'third/spin/spin.js',
|
|
'third/jquery-mousewheel/jquery.mousewheel.js',
|
|
'third/jquery-throttle-debounce/jquery.ba-throttle-debounce.js',
|
|
'third/jquery-idle/jquery.idle.js',
|
|
'third/jquery-autosize/jquery.autosize.js',
|
|
'third/jquery-perfect-scrollbar/js/perfect-scrollbar.js',
|
|
'third/lazyload/lazyload.js',
|
|
'third/spectrum/spectrum.js',
|
|
'third/string-prototype-codepointat/codepointat.js',
|
|
'third/winchan/winchan.js',
|
|
'third/sockjs/sockjs-0.3.4.js',
|
|
'third/handlebars/handlebars.runtime.js',
|
|
'third/marked/lib/marked.js',
|
|
'templates/compiled.js',
|
|
'js/feature_flags.js',
|
|
'js/loading.js',
|
|
'js/util.js',
|
|
'js/dict.js',
|
|
'js/localstorage.js',
|
|
'js/channel.js',
|
|
'js/setup.js',
|
|
'js/muting.js',
|
|
'js/muting_ui.js',
|
|
'js/viewport.js',
|
|
'js/rows.js',
|
|
'js/unread.js',
|
|
'js/stream_list.js',
|
|
'js/filter.js',
|
|
'js/message_list_view.js',
|
|
'js/message_list.js',
|
|
'js/narrow.js',
|
|
'js/reload.js',
|
|
'js/compose_fade.js',
|
|
'js/fenced_code.js',
|
|
'js/echo.js',
|
|
'js/socket.js',
|
|
'js/compose.js',
|
|
'js/stream_color.js',
|
|
'js/admin.js',
|
|
'js/stream_data.js',
|
|
'js/subs.js',
|
|
'js/message_edit.js',
|
|
'js/condense.js',
|
|
'js/resize.js',
|
|
'js/floating_recipient_bar.js',
|
|
'js/ui.js',
|
|
'js/pointer.js',
|
|
'js/click_handlers.js',
|
|
'js/scroll_bar.js',
|
|
'js/gear_menu.js',
|
|
'js/copy_and_paste.js',
|
|
'js/popovers.js',
|
|
'js/typeahead_helper.js',
|
|
'js/search_suggestion.js',
|
|
'js/search.js',
|
|
'js/composebox_typeahead.js',
|
|
'js/navigate.js',
|
|
'js/hotkey.js',
|
|
'js/favicon.js',
|
|
'js/notifications.js',
|
|
'js/hashchange.js',
|
|
'js/invite.js',
|
|
'js/message_flags.js',
|
|
'js/alert_words.js',
|
|
'js/alert_words_ui.js',
|
|
'js/people.js',
|
|
'js/message_store.js',
|
|
'js/server_events.js',
|
|
'js/zulip.js',
|
|
'js/activity.js',
|
|
'js/colorspace.js',
|
|
'js/timerender.js',
|
|
'js/tutorial.js',
|
|
'js/templates.js',
|
|
'js/avatar.js',
|
|
'js/settings.js',
|
|
'js/tab_bar.js',
|
|
'js/emoji.js',
|
|
'js/referral.js',
|
|
'js/custom_markdown.js',
|
|
'js/bot_data.js',
|
|
# JS bundled by webpack is also included here if PIPELINE_ENABLED setting is true
|
|
],
|
|
'output_filename': 'min/app.js'
|
|
},
|
|
'activity': {
|
|
'source_filenames': (
|
|
'third/sorttable/sorttable.js',
|
|
),
|
|
'output_filename': 'min/activity.js'
|
|
},
|
|
# We also want to minify sockjs separately for the sockjs iframe transport
|
|
'sockjs': {
|
|
'source_filenames': ('third/sockjs/sockjs-0.3.4.js',),
|
|
'output_filename': 'min/sockjs-0.3.4.min.js'
|
|
},
|
|
}
|
|
|
|
if PIPELINE_ENABLED:
|
|
# This is also done in test_settings.py, see comment there..
|
|
JS_SPECS['app']['source_filenames'].append('js/bundle.js')
|
|
|
|
app_srcs = JS_SPECS['app']['source_filenames']
|
|
|
|
########################################################################
|
|
# LOGGING SETTINGS
|
|
########################################################################
|
|
|
|
ZULIP_PATHS = [
|
|
("SERVER_LOG_PATH", "/var/log/zulip/server.log"),
|
|
("ERROR_FILE_LOG_PATH", "/var/log/zulip/errors.log"),
|
|
("MANAGEMENT_LOG_PATH", "/var/log/zulip/manage.log"),
|
|
("WORKER_LOG_PATH", "/var/log/zulip/workers.log"),
|
|
("PERSISTENT_QUEUE_FILENAME", "/home/zulip/tornado/event_queues.pickle"),
|
|
("JSON_PERSISTENT_QUEUE_FILENAME", "/home/zulip/tornado/event_queues.json"),
|
|
("EMAIL_MIRROR_LOG_PATH", "/var/log/zulip/email-mirror.log"),
|
|
("EMAIL_DELIVERER_LOG_PATH", "/var/log/zulip/email-deliverer.log"),
|
|
("LDAP_SYNC_LOG_PATH", "/var/log/zulip/sync_ldap_user_data.log"),
|
|
("QUEUE_ERROR_DIR", "/var/log/zulip/queue_error"),
|
|
("STATS_DIR", "/home/zulip/stats"),
|
|
("DIGEST_LOG_PATH", "/var/log/zulip/digest.log"),
|
|
]
|
|
|
|
# The Event log basically logs most significant database changes,
|
|
# which can be useful for debugging.
|
|
if VOYAGER:
|
|
EVENT_LOG_DIR = None
|
|
else:
|
|
ZULIP_PATHS.append(("EVENT_LOG_DIR", "/home/zulip/logs/event_log"))
|
|
|
|
for (var, path) in ZULIP_PATHS:
|
|
if DEVELOPMENT:
|
|
# if DEVELOPMENT, store these files in the Zulip checkout
|
|
path = os.path.basename(path)
|
|
vars()[var] = path
|
|
|
|
ZULIP_WORKER_TEST_FILE = '/tmp/zulip-worker-test-file'
|
|
|
|
|
|
if IS_WORKER:
|
|
FILE_LOG_PATH = WORKER_LOG_PATH
|
|
else:
|
|
FILE_LOG_PATH = SERVER_LOG_PATH
|
|
|
|
LOGGING = {
|
|
'version': 1,
|
|
'disable_existing_loggers': True,
|
|
'formatters': {
|
|
'default': {
|
|
'format': '%(asctime)s %(levelname)-8s %(message)s'
|
|
}
|
|
},
|
|
'filters': {
|
|
'ZulipLimiter': {
|
|
'()': 'zerver.lib.logging_util.ZulipLimiter',
|
|
},
|
|
'EmailLimiter': {
|
|
'()': 'zerver.lib.logging_util.EmailLimiter',
|
|
},
|
|
'require_debug_false': {
|
|
'()': 'django.utils.log.RequireDebugFalse',
|
|
},
|
|
'nop': {
|
|
'()': 'zerver.lib.logging_util.ReturnTrue',
|
|
},
|
|
'require_really_deployed': {
|
|
'()': 'zerver.lib.logging_util.RequireReallyDeployed',
|
|
},
|
|
},
|
|
'handlers': {
|
|
'zulip_admins': {
|
|
'level': 'ERROR',
|
|
'class': 'zerver.logging_handlers.AdminZulipHandler',
|
|
# For testing the handler delete the next line
|
|
'filters': ['ZulipLimiter', 'require_debug_false', 'require_really_deployed'],
|
|
'formatter': 'default'
|
|
},
|
|
'console': {
|
|
'level': 'DEBUG',
|
|
'class': 'logging.StreamHandler',
|
|
'formatter': 'default'
|
|
},
|
|
'file': {
|
|
'level': 'DEBUG',
|
|
'class': 'logging.handlers.TimedRotatingFileHandler',
|
|
'formatter': 'default',
|
|
'filename': FILE_LOG_PATH,
|
|
'when': 'D',
|
|
'interval': 7,
|
|
'backupCount': 100000000,
|
|
},
|
|
'errors_file': {
|
|
'level': 'WARNING',
|
|
'class': 'logging.handlers.TimedRotatingFileHandler',
|
|
'formatter': 'default',
|
|
'filename': ERROR_FILE_LOG_PATH,
|
|
'when': 'D',
|
|
'interval': 7,
|
|
'backupCount': 100000000,
|
|
},
|
|
},
|
|
'loggers': {
|
|
'': {
|
|
'handlers': ['console', 'file', 'errors_file'],
|
|
'level': 'INFO',
|
|
'propagate': False,
|
|
},
|
|
'django': {
|
|
'handlers': (['zulip_admins'] if ERROR_REPORTING else [])
|
|
+ ['console', 'file', 'errors_file'],
|
|
'level': 'INFO',
|
|
'propagate': False,
|
|
},
|
|
'zulip.requests': {
|
|
'handlers': ['console', 'file', 'errors_file'],
|
|
'level': 'INFO',
|
|
'propagate': False,
|
|
},
|
|
'zulip.queue': {
|
|
'handlers': ['console', 'file', 'errors_file'],
|
|
'level': 'WARNING',
|
|
'propagate': False,
|
|
},
|
|
'zulip.management': {
|
|
'handlers': ['file', 'errors_file'],
|
|
'level': 'INFO',
|
|
'propagate': False,
|
|
},
|
|
'requests': {
|
|
'handlers': ['console', 'file', 'errors_file'],
|
|
'level': 'WARNING',
|
|
'propagate': False,
|
|
},
|
|
## Uncomment the following to get all database queries logged to the console
|
|
# 'django.db': {
|
|
# 'handlers': ['console'],
|
|
# 'level': 'DEBUG',
|
|
# 'propagate': False,
|
|
# },
|
|
}
|
|
}
|
|
|
|
ACCOUNT_ACTIVATION_DAYS = 7
|
|
|
|
LOGIN_REDIRECT_URL = '/'
|
|
|
|
# Client-side polling timeout for get_events, in milliseconds.
|
|
# We configure this here so that the client test suite can override it.
|
|
# We already kill the connection server-side with heartbeat events,
|
|
# but it's good to have a safety. This value should be greater than
|
|
# (HEARTBEAT_MIN_FREQ_SECS + 10)
|
|
POLL_TIMEOUT = 90 * 1000
|
|
|
|
# iOS App IDs
|
|
ZULIP_IOS_APP_ID = 'com.zulip.Zulip'
|
|
DBX_IOS_APP_ID = 'com.dropbox.Zulip'
|
|
|
|
########################################################################
|
|
# SSO AND LDAP SETTINGS
|
|
########################################################################
|
|
|
|
USING_APACHE_SSO = ('zproject.backends.ZulipRemoteUserBackend' in AUTHENTICATION_BACKENDS)
|
|
|
|
if (len(AUTHENTICATION_BACKENDS) == 1 and
|
|
AUTHENTICATION_BACKENDS[0] == "zproject.backends.ZulipRemoteUserBackend"):
|
|
HOME_NOT_LOGGED_IN = "/accounts/login/sso"
|
|
ONLY_SSO = True
|
|
else:
|
|
HOME_NOT_LOGGED_IN = '/login'
|
|
ONLY_SSO = False
|
|
AUTHENTICATION_BACKENDS += ('zproject.backends.ZulipDummyBackend',)
|
|
|
|
POPULATE_PROFILE_VIA_LDAP = bool(AUTH_LDAP_SERVER_URI)
|
|
|
|
if POPULATE_PROFILE_VIA_LDAP and \
|
|
'zproject.backends.ZulipLDAPAuthBackend' not in AUTHENTICATION_BACKENDS:
|
|
AUTHENTICATION_BACKENDS += ('zproject.backends.ZulipLDAPUserPopulator',)
|
|
else:
|
|
POPULATE_PROFILE_VIA_LDAP = 'zproject.backends.ZulipLDAPAuthBackend' in AUTHENTICATION_BACKENDS or POPULATE_PROFILE_VIA_LDAP
|
|
|
|
########################################################################
|
|
# EMAIL SETTINGS
|
|
########################################################################
|
|
|
|
# If an email host is not specified, fail silently and gracefully
|
|
if not EMAIL_HOST and PRODUCTION:
|
|
EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
|
|
elif DEVELOPMENT:
|
|
# In the dev environment, emails are printed to the run-dev.py console.
|
|
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
|
|
else:
|
|
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
|
|
|
|
EMAIL_HOST_PASSWORD = get_secret('email_password')
|
|
if EMAIL_GATEWAY_PASSWORD is None:
|
|
EMAIL_GATEWAY_PASSWORD = get_secret('email_gateway_password')
|
|
if vars().get("AUTH_LDAP_BIND_PASSWORD") is None:
|
|
AUTH_LDAP_BIND_PASSWORD = get_secret('auth_ldap_bind_password')
|
|
|
|
########################################################################
|
|
# MISC SETTINGS
|
|
########################################################################
|
|
|
|
if PRODUCTION:
|
|
# Filter out user data
|
|
DEFAULT_EXCEPTION_REPORTER_FILTER = 'zerver.filters.ZulipExceptionReporterFilter'
|
|
|
|
# This is a debugging option only
|
|
PROFILE_ALL_REQUESTS = False
|
|
|
|
CROSS_REALM_BOT_EMAILS = set(('feedback@zulip.com', 'notification-bot@zulip.com'))
|