# ==============================================================================
# Copyright ©2023 Accenture and/or its affiliates. All Rights Reserved.
#
# Permission to any use, copy, modify, and distribute this software and its
# documentation for any purpose is subject to a licensing agreement duly
# entered into with the copyright owner or its affiliate.
#
# All information contained herein is, and remains the property of Accenture
# and/or its affiliates and its suppliers, if any. The intellectual and
# technical concepts contained herein are proprietary to Accenture and/or
# its affiliates and its suppliers and may be covered by one or more patents
# or pending patent applications in one or more jurisdictions worldwide, and
# are protected by trade secret or copyright law. Dissemination of this
# information or reproduction of this material is strictly forbidden unless
# prior written permission is obtained from Accenture and/or its affiliates.
# ==============================================================================
#
#
import os
from os.path import basename, join, abspath
from models.engines import Authentications, EngineTypes
from models.security import AuthenticationType
from utils.constants import DEFAULT_ENGINE_NAME
from utils.str import DEFAULT_ENCODING
os.environ['PORT'] = os.getenv('PORT', default='8085')
os.environ['HOST'] = os.getenv('HOST', default='0.0.0.0')
os.environ['DOMAIN_NAME'] = os.getenv('DOMAIN_NAME', default='localhost')
os.environ['ENGINE_URL'] = os.getenv('ENGINE_URL', default='http://localhost:9200')
# *******************************************************************************
# AWS Elasticsearch Credentials
# *******************************************************************************
# Domain. If service is set then the AWS will be used
# os.environ['AWS_SERVICE'] = os.getenv('AWS_SERVICE', default='es')
# os.environ['AWS_REGION'] = os.getenv('AWS_REGION', default='us-east-1')
# ------------------------------------------------------
# Uncomment only if using Access Key and Session Token
# ------------------------------------------------------
# os.environ['AWS_ACCESS_KEY_ID'] = os.getenv('AWS_ACCESS_KEY_ID', default='default-key')
# os.environ['AWS_SECRET_ACCESS_KEY'] = os.getenv('AWS_SECRET_ACCESS_KEY', default='default-secret')
# os.environ['AWS_SESSION_TOKEN'] = os.getenv('AWS_SESSION_TOKEN', default='default-token')
SERVER_PATH = abspath(join(__file__[:-len(basename(__file__))], '', '..'))
CONFIG = {
'host': os.getenv('HOST'),
'port': os.getenv('PORT'),
'workers': 1,
'cors': {
'allow_origins': [
'http://localhost:8085',
'http://localhost:3000',
'https://login.microsoftonline.com'
f'{os.getenv("HOST")}:3000',
f'{os.getenv("HOST")}:{os.getenv("PORT")}'
],
'allow_credentials': True,
'allow_methods': ['*'],
'allow_headers': ['*'],
'expose_headers': ['*'],
'max_age': 600
},
'web_app_config': {
'title': '',
'description': '',
'default_lang': 'en',
'available_langs': ['en'],
'default_webview': 'config',
'web_views': ['config'],
},
'logging': {
'msgFormat': '%(asctime)s\t%(levelname)s\t%(name)s\t%(message)s',
'dateFormat': '%Y-%m-%dT%H:%M:%S%z',
'level': 'INFO',
'handlers': {
'file': {
'enable': True,
'encoding': DEFAULT_ENCODING,
'backupCount': 5,
'maxBytes': 5242880, # 5Mb
},
'console': {
'enable': True
},
'nonSQL': {
'enable': True
}
},
'loggers': {
'werkzeug': 'info',
'django.utils.autoreload': 'warning',
'ldap3': 'info',
'fastapi': 'notset',
'passlib.utils.compat': 'info',
'urllib3.connectionpool': 'info',
'passlib.registry': 'info',
'app.rest': 'info',
'uvicorn.error': 'error'
}
},
# *******************************************************************************
# Engines Configuration for ES features
# *******************************************************************************
'engines': [
{
'name': DEFAULT_ENGINE_NAME, # Name of the connection
'type': EngineTypes.ELASTIC, # EngineType is an enum with the available engine types
'default': True,
'headers': {
'Accept-Encoding': 'gzip'
},
'engine_url': os.getenv('ENGINE_URL').split(),
'pool_connections': 10,
'pool_maxsize': 100,
'pool_block': True,
'verify': True,
'max_redirects': 30,
'max_retries': 10,
'retry_wait_time': 10,
'timeout': 60,
'allow_redirects': True,
'trust_env': True,
'use_throttling': True,
'throttling_rate': 5000,
'throttling_connection_rate': 50,
'auth': {
'type': Authentications.NONE,
# With Authentications.BASIC
# #### For Basic Auth ####
# 'username': '',
# 'password': ''
# With Authentications.AWS
# #### For AWS Auth ####
# 'aws_region': '',
# 'aws_service': '',
# 'aws_access_key': '',
# 'aws_secret_key': ''
# With Authentications.AWS
# #### For AWS Auth With Credentials Provider (AWS)####
# 'credentials_provider': True,
# 'aws_region': '',
# 'aws_service': ''
},
'log_requests': False
}
],
# *******************************************************************************
# Security Configuration
# *******************************************************************************
'security': {
# *******************************************************************************
# Authentication
# *******************************************************************************
'authentication': {
'enabled': False,
'type': AuthenticationType.LOCAL,
'secret': '52ecfd60e01b800355a8ce59780f9243b4662c3a236394ee',
'anonymous': {
'id': 'Anonymous',
'account': '[email protected]',
'name': 'Anonymous',
'displayName': 'Anonymous'
},
# *******************************************************************
# Local Authentication based on a CSV implements FORM and BASIC Auth
#
# NOTE: Only recommended for testing
# *******************************************************************
'local': {
'file': join(SERVER_PATH, 'config', 'auth', 'users.csv')
},
# **************************************
# DELEGATED Authentication
# **************************************
'delegated': {
'jwks_url': 'https://f783425db-fdd6-dadaf-8e10-11543f234fads4e7.io/JWKS',
'audience': 'AudienceIDMPrototype',
'attributesMapping': {
# key is the property name stored in the SEIA user profile,
# the value is the user attribute in LDAP
'id': 'email', # _id is required
'account': 'email', # account is for roles and group expansion
}
},
# **************************************
# LDAP Authentication
# **************************************
'ldap': {
'authentication': 'SIMPLE',
'url': 'ldap://localhost:10389',
'bindDN': 'uid=admin,ou=system', # Bind DN or User
'bindCredentials': 'secret', # password
'searchBase': 'ou=users,ou=system',
'searchFilter': '(uid=%s)',
'searchAttributes': ['uid', 'cn', 'sn', 'displayName'],
'attributesMapping': {
# key is the property name stored in the SEIA user profile,
# the value is the user attribute in LDAP
'id': 'uid', # _id is required
'account': 'uid', # account is for roles and group expansion
'email': 'uid',
'firstName': 'cn',
'lastName': 'sn',
'name': 'cn',
'displayName': 'alias',
# if the alias is not given, one is created from the first and last name or roles
'groups': 'ou',
'photo': 'photo'
}
},
# **************************************
# OIDC Authentication
# **************************************
'oidc': {
'client_id': 'd55227c4-8b8d-4801-9dd3-22ad25ebc31e',
# Audience can be omitted in which case the aud value defaults to client_id
'openid_configuration_uri': 'https://login.microsoftonline.com/cc4e4bb7-5cce-4b65-80e1-f282b630ca4b/v2.0/.well-known/openid-configuration',
'attributesMapping': {
'id': 'oid',
'account': 'email'
},
'cookie': {
'path': '/',
'samesite': 'lax',
'httponly': False,
'secure': False
}
},
# **************************************
# SAML2 Authentication
# **************************************
'saml': {
'debug': True,
'entity_id': 'f6d3696a-1780-4614-9792-7744b67ab462',
'single_sign_on_service_url': 'https://login.microsoftonline.com/cc4e4bb7-5cce-4b65-80e1-f282b630ca4b/saml2',
'single_logout_service_url': 'https://login.microsoftonline.com/cc4e4bb7-5cce-4b65-80e1-f282b630ca4b/saml2',
'x509cert': 'MIIDBTCCAe2gAwIBAgIQH4FlYNA+UJlF0G3vy9ZrhTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIyMDUyMjIwMDI0OVoXDTI3MDUyMjIwMDI0OVowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBDDCbY/cjEHfEEulZ5ud/CuRjdT6/yN9fy1JffjgmLvvfw6w7zxo1YkCvZDogowX8qqAC/qQXnJ/fl12kvguMWU59WUcPvhhC2m7qNLvlOq90yo+NsRQxD/v0eUaThrIaAveZayolObXroZ+HwTN130dhgdHVTHKczd4ePtDjLwSv/2a/bZEAlPys102zQo8gO8m7W6/NzRfZNyo6U8jsmNkvqrxW2PgKKjIS/UafK9hwY/767K+kV+hnokscY2xMwxQNlSHEim0h72zQRHltioy15M+kBti4ys+V7GC6epL//pPZT0Acv1ewouGZIQDfuo9UtSnKufGi26dMAzSkCAwEAAaMhMB8wHQYDVR0OBBYEFLFr+sjUQ+IdzGh3eaDkzue2qkTZMA0GCSqGSIb3DQEBCwUAA4IBAQCiVN2A6ErzBinGYafC7vFv5u1QD6nbvY32A8KycJwKWy1sa83CbLFbFi92SGkKyPZqMzVyQcF5aaRZpkPGqjhzM+iEfsR2RIf+/noZBlR/esINfBhk4oBruj7SY+kPjYzV03NeY0cfO4JEf6kXpCqRCgp9VDRM44GD8mUV/ooN+XZVFIWs5Gai8FGZX9H8ZSgkIKbxMbVOhisMqNhhp5U3fT7VPsl94rilJ8gKXP/KBbpldrfmOAdVDgUC+MHw3sSXSt+VnorB4DU4mUQLcMriQmbXdQc8d1HUZYZEkcKaSgbygHLtByOJF44XUsBotsTfZ4i/zVjnYcjgUQmwmAWD',
'attributesMapping': {
'id': 'http://schemas.microsoft.com/identity/claims/objectidentifier',
'account': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
'displayName': 'http://schemas.microsoft.com/identity/claims/displayname'
},
'cookie': {
'path': '/',
'samesite': 'lax',
'httponly': False,
'secure': False
}
}
},
# *******************************************************************************
# Encryption
# *******************************************************************************
'encryption': {
'secret_key': join(SERVER_PATH, 'config', 'auth', 'secret_key')
},
# *******************************************************************************
# Roles
# ******************************************************************************
'roles': {
'file': join(SERVER_PATH, 'config', 'auth', 'roles.csv')
}
},
# *******************************************************************************
# Mailer
# *******************************************************************************
'mailer': {
'enable': False, # Enables an endpoint for direct access through http request
'mailer_config': {
# **********************
# Using Gmail
# **********************
'service': 'gmail',
'auth': {
'user': '[email protected]',
'pass': 'test'
}
# **********************
# Using a Custom SMTP
# **********************
# 'host': os.getenv('SMTP_RELAY', default='localhost'),
# 'port': os.getenv('SMTP_PORT', default=22),
# 'secure': False,
# 'logger': True,
# 'debug': True,
# 'tls': {
# 'ca':[ Path(os.getenv('CERTIFICATES_PATH')).read_text() ],
# 'rejectUnauthorized': False,
# },
},
'from': '[email protected]', # From to display in the email
'test': True, # send the emails to the to_test_email, instead to the actual destiny
'to_test_email': '[email protected]', # Test destination for all email send
'default_subject': 'Email Suibject', # default subject, if none is specified in code
'data': {
# This body will be injected as _data, un the actual, body used to map the email
# templates (e.g {{{_data.url}}})
'url': 'http://example.com/'
},
# **********************
# Templates
# **********************
'plain_template_path': join(SERVER_PATH, 'config', 'templates', 'email_text.tlp'),
'html_template_path': join(SERVER_PATH, 'config', 'templates', 'email_html.tlp')
},
# *****************************************************************************************
# Analytics Logs all activity in the UI, and activity triggered by the user in the Server
# *****************************************************************************************
'analytics': {
'enable': True
},
# *******************************************************************************
# Chat
# *******************************************************************************
'chat_forum': {
'enabled': False,
'history_size': 100, # Amount of messages to store in memory and display
}
}