import osfrom corsheaders.defaults import default_headers# Build paths i

1. import os
2.  
3. from corsheaders.defaults import default_headers
4.  
5. # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
6. BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
7.  
8. # Quick-start development settings - unsuitable for production
9. # See https://docs.djangoproject.com/en/2.0/howto/deployment/checklist/
10.  
11. # SECURITY WARNING: keep the secret key used in production secret!
12. SECRET_KEY = '+vh@!2sdmh70%6y@)yjo62rv3j#)k4p6#50#bzp-)to#%a)!68'
13.  
14. # SECURITY WARNING: don't run with debug turned on in production!
15. DEBUG = True
16.  
17. # SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
18. # CSRF_COOKIE_SECURE = True
19. # SESSION_COOKIE_SECURE = True
20. # Look into http strict transport security, django to avoid MITM attacks
21.  
22. ALLOWED_HOSTS = ['localhost', 'localtunnel.me', 'lvh.me']
23.  
24. # Application definition
25.  
26. INSTALLED_APPS = [
27. 'adaptilab.apps.AdaptilabConfig',
28. 'rest_framework',
29. 'rest_framework_api_key',
30. 'django.contrib.admin',
31. 'django.contrib.auth',
32. 'django.contrib.contenttypes',
33. 'django.contrib.sessions',
34. 'django.contrib.messages',
35. 'django.contrib.staticfiles',
36. 'social_django',
37. 'corsheaders',
38. ]
39.  
40. MIDDLEWARE = [
41. 'django.middleware.security.SecurityMiddleware',
42. 'corsheaders.middleware.CorsMiddleware',
43. # 'django.contrib.sessions.middleware.SessionMiddleware',
44. 'django_session_header.middleware.SessionMiddleware',
45. 'django.middleware.common.CommonMiddleware',
46. 'django.middleware.csrf.CsrfViewMiddleware',
47. 'django.contrib.auth.middleware.AuthenticationMiddleware',
48. 'django.contrib.messages.middleware.MessageMiddleware',
49. 'django.middleware.clickjacking.XFrameOptionsMiddleware',
50. 'social_django.middleware.SocialAuthExceptionMiddleware',
51. ]
52.  
53. CORS_ORIGIN_REGEX_WHITELIST = [
54. r"(http(s)?://)?localhost:\d+",
55. r"(http(s)?://)?lvh.me:\d+",
56. r"(^.)*.localtunnel.me",
57. ]
58. #
59. # CSRF_TRUSTED_ORIGINS = [
60. # 'localhost:3000',
61. # 'lvh.me',
62. # 'localtunnel.me',
63. # ]
64.  
65. CORS_ALLOW_CREDENTIALS = True
66.  
67. CORS_ALLOW_HEADERS = list(default_headers) + [
68. 'x-csrftoken',
69. 'x-csrf-token',
70. 'content-type',
71. 'x-session-id',
72. 'x-sessionid',
73. 'X-SessionID'
74. ]
75.  
76. CORS_EXPOSE_HEADERS = [
77. 'x-sessionid',
78. 'x-csrftoken',
79. 'x-csrf-token',
80.  
81.  
82. ]
83.  
84. CSRF_USE_SESSIONS = True
85.  
86. SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
87.  
88. ROOT_URLCONF = 'mysite.urls'
89.  
90. TEMPLATES = [
91. {
92. 'BACKEND': 'django.template.backends.django.DjangoTemplates',
93. 'DIRS': [
94. # os.path.join(BASE_DIR, 'adaptilab/client', 'build'),
95. os.path.join(BASE_DIR, 'adaptilab/web', 'build'),
96. BASE_DIR + '/adaptilab/web/build',
97. # BASE_DIR + '/adaptilab/client/build',
98. os.path.join(BASE_DIR, 'adaptilab/templates'),
99. BASE_DIR + '/adaptilab/templates',
100. ],
101. 'APP_DIRS': True,
102. 'OPTIONS': {
103. 'context_processors': [
104. 'django.template.context_processors.debug',
105. 'django.template.context_processors.request',
106. 'django.contrib.auth.context_processors.auth',
107. 'django.contrib.messages.context_processors.messages',
108. 'social_django.context_processors.backends',
109. 'social_django.context_processors.login_redirect',
110. ],
111. },
112. },
113. ]
114.  
115. WSGI_APPLICATION = 'mysite.wsgi.application'
116.  
117. # For migration, do python manage.py migrate --database=db_name
118. # To use non-default database is shell, use 'using' function: e.g. MyModel.objects.using('production').all()
119. # Use the 'db_manager' function for create_user, e.g. Candidate.objects.db_manager(db).create_user(...)
120. DATABASES = {
121. # https://docs.djangoproject.com/en/2.2/topics/db/multi-db/
122. 'default': {
123. 'ENGINE': 'django.db.backends.sqlite3',
124. 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
125. },
126. 'production': {
127. 'ENGINE': 'django.db.backends.postgresql',
128. 'NAME': 'userdb',
129. 'USER': 'adaptilabdb',
130. 'PASSWORD': 'Newport123!', # Move to different file
131. 'HOST': 'userdbinstance.cve6j5b9okqz.us-west-2.rds.amazonaws.com', # Store as environment variable
132. 'PORT': '5432',
133. },
134. 'qa': {
135. 'ENGINE': 'django.db.backends.postgresql',
136. 'NAME': 'qadb',
137. 'USER': 'qauser',
138. 'PASSWORD': 'IndianapolisColts12!', # Move to different file
139. 'HOST': 'adaptilabdb-qa.cve6j5b9okqz.us-west-2.rds.amazonaws.com', # Store as environment variable
140. 'PORT': '5432',
141. }
142. }
143.  
144. # https://docs.djangoproject.com/en/2.2/topics/auth/customizing/#changing-to-a-custom-user-model-mid-project
145. AUTH_USER_MODEL = 'adaptilab.AdaptiLabUser'
146.  
147. # List of Authentication Backends for authenticating user
148. AUTHENTICATION_BACKENDS = [
149. 'social_core.backends.linkedin.LinkedinOAuth2',
150. 'social_core.backends.google.GoogleOAuth2',
151. 'social_core.backends.facebook.FacebookOAuth2',
152. 'social_core.backends.github.GithubOAuth2',
153. 'django.contrib.auth.backends.ModelBackend',
154. ]
155.  
156. # Social Auth Pipeline
157. SOCIAL_AUTH_PIPELINE = (
158. 'social_core.pipeline.social_auth.social_details',
159. 'social_core.pipeline.social_auth.social_uid',
160. 'social_core.pipeline.social_auth.auth_allowed',
161. 'social_core.pipeline.social_auth.social_user',
162. 'social_core.pipeline.user.get_username',
163. 'social_core.pipeline.social_auth.associate_by_email', # Merge duplicate emails
164. 'social_core.pipeline.user.create_user',
165. 'social_core.pipeline.social_auth.associate_user',
166. 'social_core.pipeline.social_auth.load_extra_data',
167. 'social_core.pipeline.user.user_details',
168. )
169.  
170. # Social Auth Config
171. SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL = True
172. SOCIAL_AUTH_LOGIN_REDIRECT_URL = 'adaptilab:candidate_oauth'
173. SOCIAL_AUTH_LOGIN_URL = 'adaptilab:candidate_signin'
174. SOCIAL_AUTH_LOGIN_ERROR_URL = '/candidate/signin/?error=oauth-login'
175. SOCIAL_AUTH_POSTGRES_JSONFIELD = True
176. SOCIAL_AUTH_URL_NAMESPACE = 'social'
177. SOCIAL_AUTH_USER_MODEL = 'adaptilab.Candidate'
178.  
179. # LinkedIn OAuth2.0
180. SOCIAL_AUTH_LINKEDIN_OAUTH2_KEY = '78bgbpvwv2rbvs'
181. SOCIAL_AUTH_LINKEDIN_OAUTH2_SECRET = 'wl0CP8CxMKA8mhxG'
182. SOCIAL_AUTH_LINKEDIN_OAUTH2_SCOPE = ['r_basicprofile', 'r_emailaddress']
183. SOCIAL_AUTH_LINKEDIN_OAUTH2_FIELD_SELECTORS = ['emailAddress', 'formattedName', 'publicProfileUrl', 'pictureUrl']
184. SOCIAL_AUTH_LINKEDIN_OAUTH2_EXTRA_DATA = [
185. ('id', 'id'),
186. ('formattedName', 'name'),
187. ('emailAddress', 'email_address'),
188. ('pictureUrl', 'picture_url'),
189. ('publicProfileUrl', 'profile_url'),
190. ]
191.  
192. # Facebook OAuth2.0
193. SOCIAL_AUTH_FACEBOOK_KEY = '1242811182568511'
194. SOCIAL_AUTH_FACEBOOK_SECRET = 'b7b2ed3bca67e54d9471d7da7ad7bc88'
195. SOCIAL_AUTH_FACEBOOK_API_VERSION = '4.0'
196. SOCIAL_AUTH_FACEBOOK_SCOPE = ['email']
197. SOCIAL_AUTH_FACEBOOK_PROFILE_EXTRA_PARAMS = {
198. 'fields': 'id, name, email'
199. }
200.  
201. # Google OAuth2.0
202. SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = '580400534713-dhu025b8srieueh93emvglpgl9ng4dnd.apps.googleusercontent.com'
203. SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = 'woEL_kMrdxqJvV7K3zMdtrpu'
204. SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = ['email']
205.  
206. # GitHub OAuth2.0
207. SOCIAL_AUTH_GITHUB_KEY = 'b794b5cbc8edb33792b3'
208. SOCIAL_AUTH_GITHUB_SECRET = 'fa5f384a59d5b2e1df23648d3c006b642360c75c'
209. SOCIAL_AUTH_GITHUB_SCOPE = ['user']
210.  
211. # Password validation
212. # https://docs.djangoproject.com/en/2.0/ref/settings/#auth-password-validators
213.  
214. AUTH_PASSWORD_VALIDATORS = [
215. {
216. 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
217. },
218. {
219. 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
220. },
221. {
222. 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
223. },
224. {
225. 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
226. },
227. ]
228.  
229. # Sending confirmation and password emails
230.  
231. EMAIL_HOST = 'email-smtp.us-west-2.amazonaws.com'
232. EMAIL_PORT = 587
233. EMAIL_HOST_USER = 'AKIAIKLTUJRROVZYCDXA' # Move the strings to environment variables
234. EMAIL_HOST_PASSWORD = 'At2m5eIuCMDY59PCmuCLe2I21bQkyCGTY3LBviCg/7VC'
235. EMAIL_USE_TLS = True
236. DEFAULT_FROM_EMAIL = 'AdaptiLab <do-not-reply@adaptilab.com>'
237.  
238. # AWS credentials for web app
239. AWS_ACCESS_KEY_ID = 'AKIAUKC6I3KAGNXJ6MOQ'
240. AWS_SECRET_ACCESS_KEY = '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'
241.  
242. # Stripe API keys
243.  
244. STRIPE_PUBLISHABLE_KEY = 'pk_test_s8dGcN2X0iCgtjZSxXm9mXRo'
245. STRIPE_SECRET_KEY = 'sk_test_tJbJpkF1wtff0LjgpwjZ85l6'
246.  
247. # REST API settings
248. REST_FRAMEWORK = {
249. 'DEFAULT_AUTHENTICATION_CLASSES': [],
250. 'DEFAULT_PERMISSION_CLASSES': [
251. 'adaptilab.api_permissions.HasBasicAuthenticationAPIKey',
252. ],
253. 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
254. 'PAGE_SIZE': 10,
255. }
256.  
257. # Mixpanel token
258.  
259. MIXPANEL_TOKEN = 'd113ca12d25df81ce9e906562c3313da'
260.  
261. # Internationalization
262. # https://docs.djangoproject.com/en/2.0/topics/i18n/
263.  
264. LANGUAGE_CODE = 'en-us'
265.  
266. TIME_ZONE = 'America/Los_Angeles'
267.  
268. USE_I18N = True
269.  
270. USE_L10N = True
271.  
272. USE_TZ = True
273.  
274. # Static files (CSS, JavaScript, Images)
275. # https://docs.djangoproject.com/en/2.0/howto/static-files/
276.  
277. STATIC_URL = '/static/'
278. STATICFILES_DIRS = [
279. os.path.join(BASE_DIR, 'static'),
280. os.path.join(BASE_DIR, 'adaptilab', 'web', 'build', 'static'),
281. ]