Merge branch 'main' into truncated

OWASP-BLT · Jan 1, 2025 · cb3a131 · cb3a131
2 parents 999fa9f + ed04cb4
commit cb3a131
Show file tree

Hide file tree

Showing 19 changed files with 2,558 additions and 483 deletions.
diff --git a/blt/settings.py b/blt/settings.py
@@ -1,13 +1,3 @@
-"""
-Django settings for gettingstarted project, on Heroku. For more info, see:
-https://github.com/heroku/heroku-django-template
-For more information on this file, see
-https://docs.djangoproject.com/en/1.8/topics/settings/
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/1.8/ref/settings/
-"""
-
-# from google.oauth2 import service_account
 import json
 import os
 import sys
@@ -17,15 +7,16 @@
 from django.utils.translation import gettext_lazy as _
 from google.oauth2 import service_account
 
-# reading .env file
 environ.Env.read_env()
 
-# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(__file__))
 env = environ.Env()
 env_file = os.path.join(BASE_DIR, ".env")
 environ.Env.read_env(env_file)
 
+print(f"Reading .env file from {env_file}")
+print(f"DATABASE_URL: {os.environ.get('DATABASE_URL', 'not set')}")
+
 PROJECT_ROOT = os.path.dirname(os.path.abspath(__file__))
 GITHUB_TOKEN = os.environ.get("GITHUB_TOKEN", "blank")
 
@@ -34,42 +25,31 @@
 DOMAIN_NAME = "blt.owasp.org"
 FQDN = "blt.owasp.org"
 DOMAIN_NAME_PREVIOUS = os.environ.get("DOMAIN_NAME_PREVIOUS", "BLT")
-# else:
-#     # Default values if hostname does not match
-#     PROJECT_NAME = os.environ.get("PROJECT_NAME", "BLT")
-#     DOMAIN_NAME = os.environ.get("DOMAIN_NAME", "127.0.0.1")
-#     FQDN = "www." + DOMAIN_NAME
 
 PROJECT_NAME_LOWER = PROJECT_NAME.lower()
 PROJECT_NAME_UPPER = PROJECT_NAME.upper()
 
 ADMIN_URL = os.environ.get("ADMIN_URL", "admin")
 PORT = os.environ.get("PORT", "8000")
-DEFAULT_FROM_EMAIL = os.environ.get("FROM_EMAIL", "test@localhost")
-SERVER_EMAIL = os.environ.get("FROM_EMAIL", "test@localhost")
+DEFAULT_FROM_EMAIL = os.environ.get("FROM_EMAIL", "[email protected]")
+SERVER_EMAIL = os.environ.get("FROM_EMAIL", "[email protected]")
 
 
 EMAIL_TO_STRING = PROJECT_NAME + " <" + SERVER_EMAIL + ">"
-BLOG_URL = os.environ.get("BLOG_URL", "https://owasp.org/www-project-bug-logging-tool/")
+BLOG_URL = os.environ.get("BLOG_URL", FQDN + "/blog/")
 FACEBOOK_URL = os.environ.get("FACEBOOK_URL", "https://www.facebook.com/groups/owaspfoundation/")
-TWITTER_URL = os.environ.get("TWITTER_URL", "https://twitter.com/owasp")
+TWITTER_URL = os.environ.get("TWITTER_URL", "https://twitter.com/owasp_blt")
 GITHUB_URL = os.environ.get("GITHUB_URL", "https://github.com/OWASP/BLT")
-EXTENSION_URL = os.environ.get("EXTENSION_URL", "https://github.com/OWASP/BLT")
+EXTENSION_URL = os.environ.get("EXTENSION_URL", "https://github.com/OWASP/BLT-Extension")
 
 ADMINS = (("Admin", DEFAULT_FROM_EMAIL),)
 
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/
-
-# SECURITY WARNING: change this before deploying to production!
 SECRET_KEY = "i+acxn5(akgsn!sr4^qgf(^m&*@+g1@u^t@=8s@axc41ml*f=s"
 
-# SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False
 TESTING = sys.argv[1:2] == ["test"]
 
 SITE_ID = 1
-# Application definition
 
 INSTALLED_APPS = (
     "django.contrib.admin",
@@ -95,11 +75,8 @@
     "rest_framework",
     "django_filters",
     "rest_framework.authtoken",
-    # "django_cron",
     "mdeditor",
-    # "bootstrap_datepicker_plus",
     "tz_detect",
-    # "tellme",
     "star_ratings",
     "drf_yasg",
     "captcha",
@@ -187,34 +164,12 @@
     "allauth.account.auth_backends.AuthenticationBackend",
 )
 
-# SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
-
-# CACHES = {
-#    'default': {
-#        'BACKEND': 'django.core.cache.backends.db.DatabaseCache',
-#        'LOCATION': 'cache_table',
-#    }
-# }
-
 
 REST_AUTH = {"SESSION_LOGIN": False}
 CONN_MAX_AGE = None
 
 WSGI_APPLICATION = "blt.wsgi.application"
 
-# Database
-# https://docs.djangoproject.com/en/1.9/ref/settings/#databases
-
-DATABASES = {
-    "default": {
-        "ENGINE": "django.db.backends.sqlite3",
-        "NAME": os.path.join(BASE_DIR, "db.sqlite3"),
-    }
-}
-
-# Password validation
-# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
-
 AUTH_PASSWORD_VALIDATORS = [
     {
         "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
@@ -230,8 +185,6 @@
     },
 ]
 
-# Internationalization
-# https://docs.djangoproject.com/en/1.8/topics/i18n/
 
 LANGUAGE_CODE = "en-us"
 TIME_ZONE = "UTC"
@@ -253,22 +206,17 @@
 
 MEDIA_ROOT = "media"
 MEDIA_URL = "/media/"
-# Update database configuration with $DATABASE_URL.
 db_from_env = dj_database_url.config(conn_max_age=500)
-DATABASES["default"].update(db_from_env)
+
 
 EMAIL_HOST = "localhost"
 EMAIL_PORT = 1025
-# python -m smtpd -n -c DebuggingServer localhost:1025
-# if DEBUG:
-#    EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+
 
 REPORT_EMAIL = os.environ.get("REPORT_EMAIL", "blank")
 REPORT_EMAIL_PASSWORD = os.environ.get("REPORT_PASSWORD", "blank")
 
-# these settings are only for production / Heroku
-if "DYNO" in os.environ:
-    print("database url detected in settings")
+if "DYNO" in os.environ:  # for Heroku
     DEBUG = False
     EMAIL_HOST = "smtp.sendgrid.net"
     EMAIL_HOST_USER = os.environ.get("SENDGRID_USERNAME", "blank")
@@ -278,26 +226,11 @@
     if not TESTING:
         SECURE_SSL_REDIRECT = True
 
-    import logging
+    # import logging
 
-    logging.basicConfig(level=logging.DEBUG)
-    # GS_ACCESS_KEY_ID = os.environ.get("GS_ACCESS_KEY_ID", "blank")
-    # GS_SECRET_ACCESS_KEY = os.environ.get("GS_SECRET_ACCESS_KEY", "blank")
-    # GOOGLE_APPLICATION_CREDENTIALS = "/app/google-credentials.json"
+    # logging.basicConfig(level=logging.DEBUG)
 
     GS_BUCKET_NAME = "bhfiles"
-    # DEFAULT_FILE_STORAGE = "storages.backends.gcloud.GoogleCloudStorage"
-
-    # GS_CREDENTIALS = None
-
-    # # Ensure credentials file is valid
-    # try:
-    #     GS_CREDENTIALS = service_account.Credentials.from_service_account_file(
-    #         GOOGLE_APPLICATION_CREDENTIALS
-    #     )
-    #     print("Google Cloud Storage credentials loaded successfully.")
-    # except Exception as e:
-    #     print(f"Error loading Google Cloud Storage credentials: {e}")
 
     GOOGLE_CREDENTIALS = os.getenv("GOOGLE_CREDENTIALS")
 
@@ -325,7 +258,6 @@
     GS_QUERYSTRING_AUTH = False
     GS_DEFAULT_ACL = None
     MEDIA_URL = "https://bhfiles.storage.googleapis.com/"
-    # add debugging info for google storage
 
     import sentry_sdk
     from sentry_sdk.integrations.django import DjangoIntegration
@@ -349,24 +281,34 @@
         },
     }
     DEFAULT_FILE_STORAGE = "storages.backends.gcloud.GoogleCloudStorage"
-    # DEFAULT_FILE_STORAGE = "django.core.files.storage.FileSystemStorage"
-    print("no database url detected in settings, using sqlite")
     if not TESTING:
         DEBUG = True
 
-# local dev needs to set SMTP backend or fail at startup
-if DEBUG:
-    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
+    # use this to debug emails locally
+    # python -m smtpd -n -c DebuggingServer localhost:1025
+    if DEBUG:
+        EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
+
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.sqlite3",
+        "NAME": os.path.join(BASE_DIR, "db.sqlite3"),
+    }
+}
+
+if not db_from_env:
+    print("no database url detected in settings, using sqlite")
+else:
+    print("using database url: ", db_from_env)
+    DATABASES["default"].update(db_from_env)
+
 
 ACCOUNT_EMAIL_REQUIRED = True
 ACCOUNT_USERNAME_REQUIRED = True
 ACCOUNT_EMAIL_VERIFICATION = "optional"
 
-# Honor the 'X-Forwarded-Proto' header for request.is_secure()
-
 SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 
-# Allow all host headers
 ALLOWED_HOSTS = [
     "." + DOMAIN_NAME,
     "127.0.0.1",
@@ -376,43 +318,57 @@
     "." + DOMAIN_NAME_PREVIOUS,
 ]
 
-# Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/1.8/howto/static-files/
 
 STATIC_ROOT = os.path.join(PROJECT_ROOT, "staticfiles")
 STATIC_URL = "/static/"
 
-# Extra places for collectstatic to find static files.
 STATICFILES_DIRS = (os.path.join(BASE_DIR, "website", "static"),)
 
 ABSOLUTE_URL_OVERRIDES = {
     "auth.user": lambda u: "/profile/%s/" % u.username,
 }
 
-# Simplified static file serving.
-# https://warehouse.python.org/project/whitenoise/
-# STATICFILES_STORAGE = "whitenoise.storage.CompressedStaticFilesStorage"
-
 LOGIN_REDIRECT_URL = "/"
 
+# LOGGING = {
+#     "version": 1,
+#     "disable_existing_loggers": False,
+#     "handlers": {
+#         "console": {
+#             "class": "logging.StreamHandler",
+#         },
+#         "mail_admins": {
+#             "class": "django.utils.log.AdminEmailHandler",
+#         },
+#     },
+#     "loggers": {
+#         "": {
+#             "handlers": ["console"],
+#             "level": "DEBUG",
+#         },
+#     },
+# }
+# disable logging unless critical
+
 LOGGING = {
     "version": 1,
-    "disable_existing_loggers": False,
-    "handlers": {
-        "console": {
-            "class": "logging.StreamHandler",
-        },
-        "mail_admins": {
-            "class": "django.utils.log.AdminEmailHandler",
-        },
-    },
+    "disable_existing_loggers": True,
+    "handlers": {},  # No handlers are defined
     "loggers": {
         "": {
-            "handlers": ["console"],
-            "level": "DEBUG",
+            "handlers": [],  # No handlers attached
+            "level": "CRITICAL",  # Minimal logging level
+            "propagate": False,  # Prevent propagation to parent loggers
+        },
+        "django.request": {
+            "handlers": [],  # Disable request logging
+            "level": "CRITICAL",  # Only log critical errors
+            "propagate": False,  # Prevent propagation to parent loggers
         },
     },
 }
+
+
 USERS_AVATAR_PATH = "avatars"
 AVATAR_PATH = os.path.join(MEDIA_ROOT, USERS_AVATAR_PATH)
 
@@ -579,37 +535,22 @@
     "STRIPE_TEST_SECRET_KEY",
     "sk_test_12345",
 )
-STRIPE_LIVE_MODE = False  # Change to True in production
 
+STRIPE_LIVE_MODE = False  # TODO: remove stripe
 DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
 
-# CALLBACK_URL_FOR_GITHUB = os.environ.get(
-#     "CALLBACK_URL_FOR_GITHUB", default="https://www." + DOMAIN_NAME +"/")
-
-# CALLBACK_URL_FOR_GOOGLE = os.environ.get(
-#     "CALLBACK_URL_FOR_GOOGLE", default="https://www." + DOMAIN_NAME +"/")
-
-# CALLBACK_URL_FOR_FACEBOOK = os.environ.get(
-#     "CALLBACK_URL_FOR_FACEBOOK", default="https://www." + DOMAIN_NAME +"/")
-
-
-# allow captcha bypass during test
 IS_TEST = False
 if "test" in sys.argv:
     CAPTCHA_TEST_MODE = True
     IS_TEST = True
 
-
-# Twitter
-
+# Twitter API - we can remove these - update names to have twitter_x or bluesky_x
 BEARER_TOKEN = os.environ.get("BEARER_TOKEN")
 APP_KEY = os.environ.get("APP_KEY")
 APP_KEY_SECRET = os.environ.get("APP_KEY_SECRET")
 ACCESS_TOKEN = os.environ.get("ACCESS_TOKEN")
 ACCESS_TOKEN_SECRET = os.environ.get("ACCESS_TOKEN_SECRET")
 
-# USPTO
-
 USPTO_API = os.environ.get("USPTO_API")
 
 
@@ -625,6 +566,7 @@
         "BACKEND": "channels_redis.core.RedisChannelLayer",
         "CONFIG": {
             "hosts": [os.environ.get("REDISCLOUD_URL")],
+            # "hosts": [("127.0.0.1", 6379)],
         },
     },
 }