initial commit

github-stars/server/settings/environments/__init__.py

@@ -0,0 +1,2 @@
+
+"""Overriding settings based on the environment."""

github-stars/server/settings/environments/development.py

@@ -0,0 +1,150 @@
+"""
+This file contains all the settings that defines the development server.
+
+SECURITY WARNING: don't run with debug turned on in production!
+"""
+
+import logging
+from typing import List
+
+from server.settings.components import config
+from server.settings.components.common import (
+    DATABASES,
+    INSTALLED_APPS,
+    MIDDLEWARE,
+)
+
+# Setting the development status:
+
+DEBUG = True
+
+ALLOWED_HOSTS = [
+    config('DOMAIN_NAME'),
+    'localhost',
+    '0.0.0.0',  # noqa: S104
+    '127.0.0.1',
+    '[::1]',
+]
+
+
+# Installed apps for development only:
+
+INSTALLED_APPS += (
+    # Better debug:
+    'debug_toolbar',
+    'nplusone.ext.django',
+
+    # Linting migrations:
+    'django_migration_linter',
+
+    # django-test-migrations:
+    'django_test_migrations.contrib.django_checks.AutoNames',
+    # This check might be useful in production as well,
+    # so it might be a good idea to move `django-test-migrations`
+    # to prod dependencies and use this check in the main `settings.py`.
+    # This will check that your database is configured properly,
+    # when you run `python manage.py check` before deploy.
+    'django_test_migrations.contrib.django_checks.DatabaseConfiguration',
+
+    # django-extra-checks:
+    'extra_checks',
+)
+
+
+# Static files:
+# https://docs.djangoproject.com/en/2.2/ref/settings/#std:setting-STATICFILES_DIRS
+
+# STATICFILES_DIRS: List[str] = []
+
+
+# Django debug toolbar:
+# https://django-debug-toolbar.readthedocs.io
+
+MIDDLEWARE += (
+    'debug_toolbar.middleware.DebugToolbarMiddleware',
+
+    # https://github.com/bradmontgomery/django-querycount
+    # Prints how many queries were executed, useful for the APIs.
+    'querycount.middleware.QueryCountMiddleware',
+)
+
+
+def _custom_show_toolbar(request):
+    """Only show the debug toolbar to users with the superuser flag."""
+    return DEBUG and request.user.is_superuser
+
+
+DEBUG_TOOLBAR_CONFIG = {
+    'SHOW_TOOLBAR_CALLBACK':
+        'server.settings.environments.development._custom_show_toolbar',
+}
+
+# This will make debug toolbar to work with django-csp,
+# since `ddt` loads some scripts from `ajax.googleapis.com`:
+CSP_SCRIPT_SRC = ("'self'", 'ajax.googleapis.com')
+CSP_IMG_SRC = ("'self'", 'data:')
+CSP_CONNECT_SRC = ("'self'",)
+
+
+# nplusone
+# https://github.com/jmcarp/nplusone
+
+# Should be the first in line:
+MIDDLEWARE = (  # noqa: WPS440
+    'nplusone.ext.django.NPlusOneMiddleware',
+) + MIDDLEWARE
+
+# Logging N+1 requests:
+NPLUSONE_RAISE = True  # comment out if you want to allow N+1 requests
+NPLUSONE_LOGGER = logging.getLogger('django')
+NPLUSONE_LOG_LEVEL = logging.WARN
+NPLUSONE_WHITELIST = [
+    {'model': 'admin.*'},
+]
+
+
+# django-test-migrations
+# https://github.com/wemake-services/django-test-migrations
+
+# Set of badly named migrations to ignore:
+DTM_IGNORED_MIGRATIONS = frozenset((
+    ('axes', '*'),
+))
+
+
+# django-extra-checks
+# https://github.com/kalekseev/django-extra-checks
+
+EXTRA_CHECKS = {
+    'checks': [
+        # Forbid `unique_together`:
+        'no-unique-together',
+        # Require non empty `upload_to` argument:
+        'field-file-upload-to',
+        # Use the indexes option instead:
+        'no-index-together',
+        # Each model must be registered in admin:
+        'model-admin',
+        # FileField/ImageField must have non empty `upload_to` argument:
+        'field-file-upload-to',
+        # Text fields shouldn't use `null=True`:
+        'field-text-null',
+        # Prefer using BooleanField(null=True) instead of NullBooleanField:
+        'field-boolean-null',
+        # Don't pass `null=False` to model fields (this is django default)
+        'field-null',
+        # ForeignKey fields must specify db_index explicitly if used in
+        # other indexes:
+        {'id': 'field-foreign-key-db-index', 'when': 'indexes'},
+        # If field nullable `(null=True)`,
+        # then default=None argument is redundant and should be removed:
+        'field-default-null',
+        # Fields with choices must have companion CheckConstraint
+        # to enforce choices on database level
+        'field-choices-constraint',
+    ],
+}
+
+# Disable persistent DB connections
+# https://docs.djangoproject.com/en/2.2/ref/databases/#caveats
+DATABASES['default']['CONN_MAX_AGE'] = 0

github-stars/server/settings/environments/local.py.template

@@ -0,0 +1 @@
+"""Override any custom settings here."""

github-stars/server/settings/environments/production.py

@@ -0,0 +1,75 @@
+"""
+This file contains all the settings used in production.
+
+This file is required and if development.py is present these
+values are overridden.
+"""
+
+from server.settings.components import config
+
+# Production flags:
+# https://docs.djangoproject.com/en/2.2/howto/deployment/
+
+DEBUG = False
+
+ALLOWED_HOSTS = [
+    # TODO: check production hosts
+    config('DOMAIN_NAME'),
+
+    # We need this value for `healthcheck` to work:
+    'localhost',
+]
+
+
+# Staticfiles
+# https://docs.djangoproject.com/en/2.2/ref/contrib/staticfiles/
+
+# This is a hack to allow a special flag to be used with `--dry-run`
+# to test things locally.
+_COLLECTSTATIC_DRYRUN = config(
+    'DJANGO_COLLECTSTATIC_DRYRUN', cast=bool, default=False,
+)
+# Adding STATIC_ROOT to collect static files via 'collectstatic':
+STATIC_ROOT = '.static' if _COLLECTSTATIC_DRYRUN else '/var/www/django/static'
+
+STATICFILES_STORAGE = (
+    # This is a string, not a tuple,
+    # but it does not fit into 80 characters rule.
+    'django.contrib.staticfiles.storage.ManifestStaticFilesStorage'
+)
+
+
+# Media files
+# https://docs.djangoproject.com/en/2.2/topics/files/
+
+MEDIA_ROOT = '/var/www/django/media'
+
+
+# Password validation
+# https://docs.djangoproject.com/en/2.2/ref/settings/#auth-password-validators
+
+_PASS = 'django.contrib.auth.password_validation'  # noqa: S105
+AUTH_PASSWORD_VALIDATORS = [
+    {'NAME': '{0}.UserAttributeSimilarityValidator'.format(_PASS)},
+    {'NAME': '{0}.MinimumLengthValidator'.format(_PASS)},
+    {'NAME': '{0}.CommonPasswordValidator'.format(_PASS)},
+    {'NAME': '{0}.NumericPasswordValidator'.format(_PASS)},
+]
+
+
+# Security
+# https://docs.djangoproject.com/en/2.2/topics/security/
+
+SECURE_HSTS_SECONDS = 31536000  # the same as Caddy has
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+SECURE_SSL_REDIRECT = True
+SECURE_REDIRECT_EXEMPT = [
+    # This is required for healthcheck to work:
+    '^health/',
+]
+
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True