-
Notifications
You must be signed in to change notification settings - Fork 21
/
config.py
executable file
·102 lines (86 loc) · 4.3 KB
/
config.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
"""This module contains the configuration class for Taranis-NG."""
import os
from dotenv import load_dotenv
load_dotenv()
class Config(object):
"""Configuration class for Taranis-NG.
This class holds the configuration settings for the Taranis-NG application.
It provides access to environment variables and other configuration options.
Attributes:
REDIS_URL (str): The URL of the Redis server.
DB_URL (str): The URL of the database server.
DB_DATABASE (str): The name of the database.
DB_USER (str): The username for the database connection.
DB_PASSWORD (str): The password for the database connection.
SQLALCHEMY_DATABASE_URI (str): The SQLAlchemy database URI.
SQLALCHEMY_TRACK_MODIFICATIONS (bool): Whether to track modifications in SQLAlchemy.
SQLALCHEMY_ECHO (bool): Whether to echo SQL queries in SQLAlchemy.
DB_POOL_SIZE (int): The size of the database connection pool.
DB_POOL_RECYCLE (int): The time in seconds before a connection is recycled.
DB_POOL_TIMEOUT (int): The maximum time in seconds to wait for a connection from the pool.
JWT_SECRET_KEY (str): The secret key for JWT token generation.
JWT_IDENTITY_CLAIM (str): The claim name for the JWT identity.
JWT_ACCESS_TOKEN_EXPIRES (int): The expiration time in seconds for JWT access tokens.
DEBUG (bool): Whether to enable debug mode.
SECRET_KEY (str): The secret key for the application.
OIDC_CLIENT_SECRETS (str): The path to the OIDC client secrets file.
OIDC_ID_TOKEN_COOKIE_SECURE (bool): Whether to secure the OIDC ID token cookie.
OIDC_REQUIRE_VERIFIED_EMAIL (bool): Whether to require verified email for OIDC.
OIDC_USER_INFO_ENABLED (bool): Whether to enable OIDC user info endpoint.
OIDC_OPENID_REALM (str): The OIDC realm.
OIDC_SCOPES (list): The list of OIDC scopes.
OIDC_INTROSPECTION_AUTH_METHOD (str): The OIDC introspection authentication method.
OIDC_TOKEN_TYPE_HINT (str): The OIDC token type hint.
OIDC_RESOURCE_CHECK_AUD (bool): Whether to check the audience of OIDC resource.
OIDC_CLOCK_SKEW (int): The clock skew in seconds for OIDC.
OPENID_LOGOUT_URL (str): The URL for OIDC logout.
"""
def read_secret(secret_name):
"""Read a secret from a Docker secret file.
Args:
secret_name (str): The name of the secret to read.
Returns:
str: The content of the secret file.
Raises:
RuntimeError: If the secret file is not found.
"""
file_path = f"/run/secrets/{secret_name}"
try:
with open(file_path, "r") as secret_file:
return secret_file.read().strip()
except FileNotFoundError:
raise RuntimeError(f"Secret '{secret_name}' not found.")
REDIS_URL = os.getenv("REDIS_URL")
DB_URL = os.getenv("DB_URL")
DB_DATABASE = os.getenv("DB_DATABASE")
DB_USER = os.getenv("DB_USER")
DB_PASSWORD = read_secret("postgres_password")
SQLALCHEMY_DATABASE_URI = f"postgresql+psycopg2://{DB_USER}:{DB_PASSWORD}@{DB_URL}/{DB_DATABASE}"
SQLALCHEMY_TRACK_MODIFICATIONS = False
SQLALCHEMY_ECHO = os.getenv("DEBUG_SQL", "false").lower() == "true" # DEBUG SQL Queries
if "DB_POOL_SIZE" in os.environ:
DB_POOL_SIZE = os.getenv("DB_POOL_SIZE")
DB_POOL_RECYCLE = os.getenv("DB_POOL_RECYCLE")
DB_POOL_TIMEOUT = os.getenv("DB_POOL_TIMEOUT")
SQLALCHEMY_ENGINE_OPTIONS = {
"pool_size": int(DB_POOL_SIZE),
"pool_recycle": int(DB_POOL_RECYCLE),
"pool_pre_ping": True,
"pool_timeout": int(DB_POOL_TIMEOUT),
}
JWT_SECRET_KEY = read_secret("jwt_secret_key")
JWT_IDENTITY_CLAIM = "sub"
JWT_ACCESS_TOKEN_EXPIRES = 14400
DEBUG = True
SECRET_KEY = "OKdbmczZKFiteHVgKXiwFXZxKsLyRNvt"
OIDC_CLIENT_SECRETS = "client_secrets.json"
OIDC_ID_TOKEN_COOKIE_SECURE = False
OIDC_REQUIRE_VERIFIED_EMAIL = False
OIDC_USER_INFO_ENABLED = True
OIDC_OPENID_REALM = "taranis-ng"
OIDC_SCOPES = ["openid"]
OIDC_INTROSPECTION_AUTH_METHOD = "client_secret_post"
OIDC_TOKEN_TYPE_HINT = "access_token"
OIDC_RESOURCE_CHECK_AUD = True
OIDC_CLOCK_SKEW = 560
OPENID_LOGOUT_URL = os.getenv("OPENID_LOGOUT_URL")