addons-server/settings.py

"""This is the standard development settings file.

If you need to overload settings, please do so in a local_settings.py file (it
won't be tracked in git).

"""
import os
import re

from olympia.lib.settings_base import *  # noqa

WSGI_APPLICATION = 'olympia.wsgi.application'

DEBUG = True
TEMPLATE_DEBUG = DEBUG
DEBUG_PROPAGATE_EXCEPTIONS = False

# These apps are great during development.
INSTALLED_APPS += (
    'olympia.landfill',
)

# Using locmem deadlocks in certain scenarios. This should all be fixed,
# hopefully, in Django1.7. At that point, we may try again, and remove this to
# not require memcache installation for newcomers.
# A failing scenario is:
# 1/ log in
# 2/ click on "Submit a new addon"
# 3/ click on "I accept this Agreement" => request never ends
#
# If this is changed back to locmem, make sure to use it from "caching" (by
# default in Django for locmem, a timeout of "0" means "don't cache it", while
# on other backends it means "cache forever"):
#      'BACKEND': 'caching.backends.locmem.LocMemCache'
CACHES = {
    'default': {
        'BACKEND': 'caching.backends.memcached.MemcachedCache',
        'LOCATION': os.environ.get('MEMCACHE_LOCATION', 'localhost:11211'),
    }
}

HAS_SYSLOG = False  # syslog is used if HAS_SYSLOG and NOT DEBUG.

# If you're not running on SSL you'll want this to be False.
SESSION_COOKIE_SECURE = False
SESSION_COOKIE_DOMAIN = None

CELERY_ALWAYS_EAGER = False
CELERY_ROUTES = {}

# If you want to allow self-reviews for add-ons/apps, then enable this.
# In production we do not want to allow this.
ALLOW_SELF_REVIEWS = True

# Assuming you did `npm install` (and not `-g`) like you were supposed to, this
# will be the path to the `stylus` and `lessc` executables.
STYLUS_BIN = os.getenv('STYLUS_BIN', path('node_modules/stylus/bin/stylus'))
LESS_BIN = os.getenv('LESS_BIN', path('node_modules/less/bin/lessc'))
CLEANCSS_BIN = os.getenv(
    'CLEANCSS_BIN',
    path('node_modules/clean-css/bin/cleancss'))
UGLIFY_BIN = os.getenv(
    'UGLIFY_BIN',
    path('node_modules/uglify-js/bin/uglifyjs'))
ADDONS_LINTER_BIN = os.getenv(
    'ADDONS_LINTER_BIN',
    path('node_modules/addons-linter/bin/addons-linter'))

# Locally we typically don't run more than 1 elasticsearch node. So we set
# replicas to zero.
ES_DEFAULT_NUM_REPLICAS = 0

SITE_URL = os.environ.get('OLYMPIA_SITE_URL') or 'http://localhost:8000'
SERVICES_DOMAIN = re.sub(r'^https?:\/\/', '', SITE_URL)
SERVICES_URL = SITE_URL

ADDON_COLLECTOR_ID = 1

# Default AMO user id to use for tasks (from users.json fixture in zadmin).
TASK_USER_ID = 10968

# Set to True if we're allowed to use X-SENDFILE.
XSENDFILE = False


AES_KEYS = {
    'api_key:secret': os.path.join(
        ROOT, 'src', 'olympia', 'api', 'tests', 'assets', 'test-api-key.txt'),
}

# FxA config for local development only.
FXA_CONFIG = {
    'default': {
        'client_id': 'cd5a21fafacc4744',
        'client_secret':
            '4db6f78940c6653d5b0d2adced8caf6c6fd8fd4f2a3a448da927a54daba7d401',
        'content_host': 'https://stable.dev.lcip.org',
        'oauth_host': 'https://oauth-stable.dev.lcip.org/v1',
        'profile_host': 'https://stable.dev.lcip.org/profile/v1',
        'redirect_url': 'http://olympia.dev/api/v3/accounts/authorize/',
        'scope': 'profile',
    },
    'internal': {
        'client_id': '0f95f6474c24c1dc',
        'client_secret':
            'ca45e503a1b4ec9e2a3d4855d79849e098da18b7dfe42b6bc76dfed420fc1d38',
        'content_host': 'https://stable.dev.lcip.org',
        'oauth_host': 'https://oauth-stable.dev.lcip.org/v1',
        'profile_host': 'https://stable.dev.lcip.org/profile/v1',
        'redirect_url': 'http://localhost:3000/fxa-authenticate',
        'scope': 'profile',
    },
}

# CSP report endpoint which returns a 204 from addons-nginx in local dev.
CSP_REPORT_URI = '/csp-report'

# Allow GA over http + www subdomain in local development.
HTTP_GA_SRC = 'http://www.google-analytics.com'
CSP_FRAME_SRC += ('https://www.sandbox.paypal.com',)
CSP_IMG_SRC += (HTTP_GA_SRC,)
CSP_SCRIPT_SRC += (HTTP_GA_SRC, "'self'")

# If you have settings you want to overload, put them in a local_settings.py.
try:
    from local_settings import *  # noqa
except ImportError:
    pass
Remove the need for a settings_local.py (bug 1050155) 2014-08-08 16:08:46 +04:00			`"""This is the standard development settings file.`

			`If you need to overload settings, please do so in a local_settings.py file (it`
			`won't be tracked in git).`

			`"""`
Use docker (bug 1075456) 2014-10-01 15:44:44 +04:00			`import os`
Set SERVICES_DOMAIN and SERVICES_URL correctly for local development 2016-07-20 12:05:29 +03:00			`import re`
Use docker (bug 1075456) 2014-10-01 15:44:44 +04:00
Update setup.cfg, fix package imports, syntax errors, various cleanups. * Update installed apps, fix grouping and naming. * Fix app-names in settings * re-add startup import to manage.py for now Various more import fixes, all import rewrites are now done. This unfortunately still failes because of some circular imports depending on django not being setup early enough. 2015-12-16 11:46:10 +03:00			`from olympia.lib.settings_base import * # noqa`
Remove the need for a settings_local.py (bug 1050155) 2014-08-08 16:08:46 +04:00
Allow setting the recursion limit with RECURSION_LIMIT (fixes #1911) 2016-03-15 17:22:16 +03:00			`WSGI_APPLICATION = 'olympia.wsgi.application'`

Remove the need for a settings_local.py (bug 1050155) 2014-08-08 16:08:46 +04:00			`DEBUG = True`
			`TEMPLATE_DEBUG = DEBUG`
better experience for local dev: display 500 django page 2015-03-16 12:50:22 +03:00			`DEBUG_PROPAGATE_EXCEPTIONS = False`
Remove the need for a settings_local.py (bug 1050155) 2014-08-08 16:08:46 +04:00
			`# These apps are great during development.`
			`INSTALLED_APPS += (`
Update setup.cfg, fix package imports, syntax errors, various cleanups. * Update installed apps, fix grouping and naming. * Fix app-names in settings * re-add startup import to manage.py for now Various more import fixes, all import rewrites are now done. This unfortunately still failes because of some circular imports depending on django not being setup early enough. 2015-12-16 11:46:10 +03:00			`'olympia.landfill',`
Remove the need for a settings_local.py (bug 1050155) 2014-08-08 16:08:46 +04:00			`)`

use memcache, locmem doesn't work (bug 1050155) 2014-09-02 20:03:20 +04:00			`# Using locmem deadlocks in certain scenarios. This should all be fixed,`
			`# hopefully, in Django1.7. At that point, we may try again, and remove this to`
			`# not require memcache installation for newcomers.`
			`# A failing scenario is:`
			`# 1/ log in`
			`# 2/ click on "Submit a new addon"`
			`# 3/ click on "I accept this Agreement" => request never ends`
			`#`
			`# If this is changed back to locmem, make sure to use it from "caching" (by`
			`# default in Django for locmem, a timeout of "0" means "don't cache it", while`
			`# on other backends it means "cache forever"):`
			`# 'BACKEND': 'caching.backends.locmem.LocMemCache'`
Remove the need for a settings_local.py (bug 1050155) 2014-08-08 16:08:46 +04:00			`CACHES = {`
			`'default': {`
use memcache, locmem doesn't work (bug 1050155) 2014-09-02 20:03:20 +04:00			`'BACKEND': 'caching.backends.memcached.MemcachedCache',`
Use docker (bug 1075456) 2014-10-01 15:44:44 +04:00			`'LOCATION': os.environ.get('MEMCACHE_LOCATION', 'localhost:11211'),`
Remove the need for a settings_local.py (bug 1050155) 2014-08-08 16:08:46 +04:00			`}`
			`}`

			`HAS_SYSLOG = False # syslog is used if HAS_SYSLOG and NOT DEBUG.`

			`# If you're not running on SSL you'll want this to be False.`
			`SESSION_COOKIE_SECURE = False`
			`SESSION_COOKIE_DOMAIN = None`

Use celery and validate add-ons by default 2015-10-20 17:41:52 +03:00			`CELERY_ALWAYS_EAGER = False`
Remove the need for a settings_local.py (bug 1050155) 2014-08-08 16:08:46 +04:00			`CELERY_ROUTES = {}`

			`# If you want to allow self-reviews for add-ons/apps, then enable this.`
			`# In production we do not want to allow this.`
			`ALLOW_SELF_REVIEWS = True`

			# Assuming you did `npm install` (and not `-g`) like you were supposed to, this
			# will be the path to the `stylus` and `lessc` executables.
Move npm installation to Dockerfile 2015-09-29 11:38:50 +03:00			`STYLUS_BIN = os.getenv('STYLUS_BIN', path('node_modules/stylus/bin/stylus'))`
			`LESS_BIN = os.getenv('LESS_BIN', path('node_modules/less/bin/lessc'))`
Install addons-validator and configure it's path. Fixes #881 2015-11-20 11:08:15 +03:00			`CLEANCSS_BIN = os.getenv(`
			`'CLEANCSS_BIN',`
			`path('node_modules/clean-css/bin/cleancss'))`
			`UGLIFY_BIN = os.getenv(`
			`'UGLIFY_BIN',`
			`path('node_modules/uglify-js/bin/uglifyjs'))`
Rename addons-validator to addons-linter and update to latest release. Fixes #1742 2016-02-24 12:53:26 +03:00			`ADDONS_LINTER_BIN = os.getenv(`
			`'ADDONS_LINTER_BIN',`
			`path('node_modules/addons-linter/bin/addons-linter'))`
Remove the need for a settings_local.py (bug 1050155) 2014-08-08 16:08:46 +04:00
			`# Locally we typically don't run more than 1 elasticsearch node. So we set`
			`# replicas to zero.`
			`ES_DEFAULT_NUM_REPLICAS = 0`

Add SITE_URL to local server from environ variable 2015-10-30 20:21:04 +03:00			`SITE_URL = os.environ.get('OLYMPIA_SITE_URL') or 'http://localhost:8000'`
Set SERVICES_DOMAIN and SERVICES_URL correctly for local development 2016-07-20 12:05:29 +03:00			`SERVICES_DOMAIN = re.sub(r'^https?:\/\/', '', SITE_URL)`
			`SERVICES_URL = SITE_URL`
Remove the need for a settings_local.py (bug 1050155) 2014-08-08 16:08:46 +04:00
			`ADDON_COLLECTOR_ID = 1`

TASK_USER_ID setting uses an existing fixture for local dev 2015-03-07 18:22:21 +03:00			`# Default AMO user id to use for tasks (from users.json fixture in zadmin).`
			`TASK_USER_ID = 10968`

Don't use X-SENDFILE for local dev 2015-03-07 21:23:18 +03:00			`# Set to True if we're allowed to use X-SENDFILE.`
			`XSENDFILE = False`
Remove the need for a settings_local.py (bug 1050155) 2014-08-08 16:08:46 +04:00
Add tip on how to display the Django Debug Toolbar to the docs 2015-09-22 14:29:46 +03:00
JWT token auth for signing API (bug 1210889) 2015-10-08 22:45:44 +03:00			`AES_KEYS = {`
Update gitignore, updates to mock/patch import paths, minor fixes along the way. 2015-12-28 22:08:27 +03:00			`'api_key:secret': os.path.join(`
			`ROOT, 'src', 'olympia', 'api', 'tests', 'assets', 'test-api-key.txt'),`
JWT token auth for signing API (bug 1210889) 2015-10-08 22:45:44 +03:00			`}`

Initial Firefox Accounts login Fixes #863, fixes #864 2015-11-10 02:19:15 +03:00			`# FxA config for local development only.`
			`FXA_CONFIG = {`
Internal login JSON API (fixes #2425) 2016-04-21 23:31:31 +03:00			`'default': {`
			`'client_id': 'cd5a21fafacc4744',`
			`'client_secret':`
			`'4db6f78940c6653d5b0d2adced8caf6c6fd8fd4f2a3a448da927a54daba7d401',`
			`'content_host': 'https://stable.dev.lcip.org',`
			`'oauth_host': 'https://oauth-stable.dev.lcip.org/v1',`
			`'profile_host': 'https://stable.dev.lcip.org/profile/v1',`
			`'redirect_url': 'http://olympia.dev/api/v3/accounts/authorize/',`
			`'scope': 'profile',`
			`},`
			`'internal': {`
			`'client_id': '0f95f6474c24c1dc',`
			`'client_secret':`
			`'ca45e503a1b4ec9e2a3d4855d79849e098da18b7dfe42b6bc76dfed420fc1d38',`
			`'content_host': 'https://stable.dev.lcip.org',`
			`'oauth_host': 'https://oauth-stable.dev.lcip.org/v1',`
			`'profile_host': 'https://stable.dev.lcip.org/profile/v1',`
Use redirect_url not redirect_uri in internal auth (#2511) 2016-04-27 17:54:15 +03:00			`'redirect_url': 'http://localhost:3000/fxa-authenticate',`
Internal login JSON API (fixes #2425) 2016-04-21 23:31:31 +03:00			`'scope': 'profile',`
			`},`
Internal login start endpoint (fixes #2424) 2016-04-20 01:24:45 +03:00			`}`
JWT token auth for signing API (bug 1210889) 2015-10-08 22:45:44 +03:00
Use the csp-report endpoint in addons-nginx 2016-01-11 20:30:32 +03:00			`# CSP report endpoint which returns a 204 from addons-nginx in local dev.`
			`CSP_REPORT_URI = '/csp-report'`

CSP: Allow GA on www subdomain over http for local dev 2016-01-12 00:00:25 +03:00			`# Allow GA over http + www subdomain in local development.`
			`HTTP_GA_SRC = 'http://www.google-analytics.com'`
Add font-src and fix default-src 2016-01-14 16:45:35 +03:00			`CSP_FRAME_SRC += ('https://www.sandbox.paypal.com',)`
CSP: Allow GA on www subdomain over http for local dev 2016-01-12 00:00:25 +03:00			`CSP_IMG_SRC += (HTTP_GA_SRC,)`
Remove 'self' and https://addons.mozilla.org from script-src 2016-09-09 17:01:25 +03:00			`CSP_SCRIPT_SRC += (HTTP_GA_SRC, "'self'")`
CSP: Allow GA on www subdomain over http for local dev 2016-01-12 00:00:25 +03:00
Remove the need for a settings_local.py (bug 1050155) 2014-08-08 16:08:46 +04:00			`# If you have settings you want to overload, put them in a local_settings.py.`
			`try:`
			`from local_settings import * # noqa`
			`except ImportError:`
			`pass`