-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Olivier Léobal <olivier.leobal@owkin.com>
- Loading branch information
Showing
20 changed files
with
217 additions
and
150 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
""" | ||
self-contained categorized settings | ||
""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
""" | ||
Task broker settings | ||
""" | ||
|
||
import os | ||
|
||
from substrapp.compute_tasks.errors import CeleryRetryError | ||
|
||
from .org import ORG_NAME | ||
|
||
|
||
def build_broker_url(user: str, password: str, host: str, port: str) -> str: | ||
"""Builds a redis connection string | ||
Args: | ||
user (str): redis user | ||
password (str): redis password | ||
host (str): redis hostname | ||
port (str): redis port | ||
Returns: | ||
str: a connection string of the form "redis://user:password@hostname:port//" | ||
""" | ||
conn_info = "" | ||
conn_port = "" | ||
if user and password: | ||
conn_info = f"{user}:{password}@" | ||
if port: | ||
conn_port = f":{port}" | ||
return f"redis://{conn_info}{host}{conn_port}//" | ||
|
||
|
||
CELERY_BROKER_USER = os.environ.get("CELERY_BROKER_USER") | ||
CELERY_BROKER_PASSWORD = os.environ.get("CELERY_BROKER_PASSWORD") | ||
CELERY_BROKER_HOST = os.environ.get("CELERY_BROKER_HOST", "localhost") | ||
CELERY_BROKER_PORT = os.environ.get("CELERY_BROKER_PORT", "5672") | ||
CELERY_BROKER_URL = build_broker_url(CELERY_BROKER_USER, CELERY_BROKER_PASSWORD, CELERY_BROKER_HOST, CELERY_BROKER_PORT) | ||
|
||
CELERY_ACCEPT_CONTENT = ["application/json"] | ||
CELERY_RESULT_SERIALIZER = "json" | ||
CELERY_TASK_SERIALIZER = "json" | ||
CELERY_TASK_TRACK_STARTED = True # since 4.0 | ||
|
||
# With these settings, tasks will be retried for up to a maximum of 127 minutes. | ||
# | ||
# max_wait = CELERY_TASK_RETRY_BACKOFF * sum(2 ** n for n in range(CELERY_TASK_MAX_RETRIES)) | ||
# = 60 * (1 + 2 + 4 + 8 + 16 + 32 + 64) | ||
# = 127 minutes | ||
# | ||
# Since jitter is enabled, the actual cumulative wait can be much less than max_wait. From the doc | ||
# (https://docs.celeryproject.org/en/stable/userguide/tasks.html#Task.retry_jitter): | ||
# | ||
# > If this option is set to True, the delay value calculated by retry_backoff is treated as a maximum, and the actual | ||
# > delay value will be a random number between zero and that maximum. | ||
CELERY_TASK_AUTORETRY_FOR = (CeleryRetryError,) | ||
CELERY_TASK_MAX_RETRIES = int(os.environ.get("CELERY_TASK_MAX_RETRIES", 7)) | ||
CELERY_TASK_RETRY_BACKOFF = int(os.environ.get("CELERY_TASK_RETRY_BACKOFF", 60)) # time in seconds | ||
CELERY_TASK_RETRY_BACKOFF_MAX = int(os.environ.get("CELERY_TASK_RETRY_BACKOFF_MAX", 64 * 60)) | ||
CELERY_TASK_RETRY_JITTER = True | ||
|
||
CELERY_WORKER_CONCURRENCY = int(os.environ.get("CELERY_WORKER_CONCURRENCY", 1)) | ||
CELERY_BROADCAST = f"{ORG_NAME}.broadcast" | ||
|
||
CELERYBEAT_MAXIMUM_IMAGES_TTL = os.environ.get("CELERYBEAT_MAXIMUM_IMAGES_TTL", 7 * 24 * 3600) | ||
CELERYBEAT_FLUSH_EXPIRED_TOKENS_TASK_PERIOD = os.environ.get("CELERYBEAT_FLUSH_EXPIRED_TOKENS_TASK_PERIOD", 24 * 3600) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,17 @@ | ||
import os | ||
import pathlib | ||
import secrets | ||
""" | ||
JSON web tokens | ||
""" | ||
|
||
from .. import common | ||
import os | ||
from datetime import timedelta | ||
|
||
# SECURITY WARNING: keep the secret key used in production secret! | ||
JWT_SECRET_PATH = os.environ.get("JWT_SECRET_PATH", os.path.normpath(os.path.join(common.PROJECT_ROOT, "SECRET"))) | ||
SIMPLE_JWT = { | ||
"ACCESS_TOKEN_LIFETIME": timedelta(minutes=int(os.environ.get("ACCESS_TOKEN_LIFETIME", 24 * 60))), | ||
"REFRESH_TOKEN_LIFETIME": timedelta(minutes=int(os.environ.get("REFRESH_TOKEN_LIFETIME", 24 * 60 * 7))), | ||
"ROTATE_REFRESH_TOKENS": True, | ||
"AUTH_HEADER_TYPES": ("JWT",), | ||
"BLACKLIST_AFTER_ROTATION": True, | ||
} | ||
|
||
# Key configuration for JSON web tokens (JWT) authentication | ||
if common.to_bool(os.environ.get("JWT_SECRET_NEEDED", "False")): | ||
try: | ||
JWT_SECRET_KEY = pathlib.Path(JWT_SECRET_PATH).read_text().strip() | ||
except IOError: | ||
try: | ||
JWT_SECRET_KEY = secrets.token_urlsafe() # uses a "reasonable default" length | ||
with open(JWT_SECRET_PATH, "w") as fp: | ||
fp.write(JWT_SECRET_KEY) | ||
except IOError: | ||
raise Exception(f"Cannot open file `{JWT_SECRET_PATH}` for writing.") | ||
else: | ||
JWT_SECRET_KEY = "unused default value " + secrets.token_urlsafe() | ||
# To encode unique jwt token generated with reset password request | ||
RESET_JWT_SIGNATURE_ALGORITHM = "HS256" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
import os | ||
import sys | ||
|
||
# Build paths inside the project like this: os.path.join(BASE_DIR, ...) | ||
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) | ||
PROJECT_ROOT = os.path.dirname(BASE_DIR) | ||
|
||
sys.path.append(PROJECT_ROOT) | ||
sys.path.append(os.path.normpath(os.path.join(PROJECT_ROOT, "libs"))) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
""" | ||
SECRET_KEY is built in Django, but also used for signing JWTs | ||
""" | ||
|
||
import os | ||
import pathlib | ||
import secrets | ||
|
||
from . import path | ||
from .utils import to_bool | ||
|
||
SECRET_KEY_PATH = os.environ.get("SECRET_KEY_PATH", os.path.normpath(os.path.join(path.PROJECT_ROOT, "SECRET"))) | ||
|
||
|
||
def _generate_secret_key(): | ||
return secrets.token_urlsafe() # uses a "reasonable default" length | ||
|
||
|
||
_SECRET_KEY_LOAD_AND_STORE = to_bool( | ||
os.environ.get("SECRET_KEY_LOAD_AND_STORE", "False") | ||
) # Whether to load the secret key from file (and write it there if it doesn't exist) | ||
|
||
if _SECRET_KEY_LOAD_AND_STORE: | ||
try: | ||
SECRET_KEY = pathlib.Path(SECRET_KEY_PATH).read_text().strip() | ||
except IOError: | ||
try: | ||
SECRET_KEY = _generate_secret_key() | ||
with open(SECRET_KEY_PATH, "w") as fp: | ||
fp.write(SECRET_KEY) | ||
except IOError: | ||
raise Exception(f"Cannot open file `{SECRET_KEY_PATH}` for writing.") | ||
else: | ||
SECRET_KEY = _generate_secret_key() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
TRUE_VALUES = {"t", "T", "y", "Y", "yes", "YES", "true", "True", "TRUE", "on", "On", "ON", "1", 1, True} | ||
|
||
|
||
def to_bool(value): | ||
return value in TRUE_VALUES |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
from .deps.oidc import * | ||
from .mods.oidc import * | ||
from .test import * | ||
|
||
# Enable Browsable API | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
""" | ||
settings that modify common settings | ||
""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.