RISCI_ATOM
/
pagure
同期ミラー https://pagure.io/pagure.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203
							import os
from datetime import timedelta

from pagure.mail_logging import ContextInjector


### Set the time after which the admin session expires
# There are two sessions on pagure, login that holds for 31 days and
# the session defined here after which an user has to log in again.
# This session is used when accessing all administrative parts of pagure
# (ie: changing a project's or a user's settings)
ADMIN_SESSION_LIFETIME = timedelta(minutes=20000000)

# Enable tickets and docs for all repos
ENABLE_TICKETS = True
ENABLE_DOCS = True

### Secret key for the Flask application
SECRET_KEY='<The web application secret key>'

### url to the database server:
#DB_URL=mysql://user:pass@host/db_name
#DB_URL=postgresql://user:pass@host/db_name
DB_URL = 'sqlite:////srv/git/pagure_dev.sqlite'

### The FAS group in which the admin of pagure are
ADMIN_GROUP = ['sysadmin-main']

### Hard-coded list of global admins
PAGURE_ADMIN_USERS = []

### The URL at which the project is available.
APP_URL = 'http://127.0.0.1:5000'
### The URL at which the documentation of projects will be available
## This should be in a different domain to avoid XSS issues since we want
## to allow raw html to be displayed (different domain, ie not a sub-domain).
DOC_APP_URL = '*'

# Avoid sending emails while developing by default
EMAIL_SEND = False
EMAIL_ERROR = 'vagrant@localhost'

### The URL to use to clone git repositories.
GIT_URL_SSH = 'ssh://git@pagure-dev.example.com/'
GIT_URL_GIT = 'http://pagure-dev.example.com:5000/'

### Folder containing to the git repos
STORAGE_ROOT = '/srv/git/'

GIT_FOLDER = os.path.join(STORAGE_ROOT, 'repositories')

### Folder containing the clones for the remote pull-requests
REMOTE_GIT_FOLDER = os.path.join(STORAGE_ROOT, 'remotes')

### Whether to enable scanning for viruses in attachments
VIRUS_SCAN_ATTACHMENTS = False

SSH_FOLDER = "/srv/git/.ssh/"

GIT_AUTH_BACKEND = "pagure_authorized_keys"

SSH_KEYS_OPTIONS = (
    'restrict,command="/usr/bin/python3 /srv/pagure/files/aclchecker.py %(username)s"'
)

SSH_COMMAND = ([
    "/usr/bin/%(cmd)s",
    "/srv/git/repositories/%(reponame)s",
], {"GL_USER": "%(username)s"})


# SSH Information

### The ssh certificates of the git server to be provided to the user
### /!\ format is important
# SSH_KEYS = {'RSA': {'fingerprint': '<foo>', 'pubkey': '<bar>'}}


# Optional configuration


### Maximum size of the uploaded content
# Used to limit the size of file attached to a ticket for example
MAX_CONTENT_LENGTH = 4 * 1024 * 1024  # 4 megabytes

### Lenght for short commits ids or file hex
SHORT_LENGTH = 7

### IP addresses allowed to access the internal endpoints
### These endpoints are used by the milter and are security sensitive, thus
### the IP filter
IP_ALLOWED_INTERNAL = ['127.0.0.1', 'localhost', '::1',]

### EventSource/Web-Hook/Redis configuration
# The eventsource integration is what allows pagure to refresh the content
# on your page when someone else comments on the ticket (and this without
# asking you to reload the page.
# By default it is off, ie: EVENTSOURCE_SOURCE is None, to turn it on, specify
# here what the URL of the eventsource server is, for example:
# https://ev.pagure.io or https://pagure.io:8080 or whatever you are using
# (Note: the urls sent to it start with a '/' so no need to add one yourself)
EVENTSOURCE_SOURCE = 'http://localhost:8080'
# Port where the event source server is running (maybe be the same port
# as the one specified in EVENTSOURCE_SOURCE or a different one if you
# have something running in front of the server such as apache or stunnel).
EVENTSOURCE_PORT = 8080
# If this port is specified, the event source server will run another server
# at this port and will provide information about the number of active
# connections running on the first (main) event source server
#EV_STATS_PORT = 8888
# Web-hook can be turned on or off allowing using them for notifications, or
# not.
WEBHOOK = True

### Redis configuration
# A redis server is required for both the Event-Source server or the web-hook
# server.
REDIS_HOST = '127.0.0.1'
REDIS_PORT = 6379
REDIS_DB = 0

# Authentication related configuration option

### Switch the authentication method
# Specify which authentication method to use, defaults to `fas` can be or
# `local`
# Default: ``fas``.
PAGURE_AUTH = 'local'

# When this is set to True, the session cookie will only be returned to the
# server via ssl (https). If you connect to the server via plain http, the
# cookie will not be sent. This prevents sniffing of the cookie contents.
# This may be set to False when testing your application but should always
# be set to True in production.
# Default: ``True``.
SESSION_COOKIE_SECURE = False

# The name of the cookie used to store the session id.
# Default: ``.pagure``.
SESSION_COOKIE_NAME = 'pagure'

# Boolean specifying whether to check the user's IP address when retrieving
# its session. This make things more secure (thus is on by default) but
# under certain setup it might not work (for example is there are proxies
# in front of the application).
CHECK_SESSION_IP = True

# Used by SESSION_COOKIE_PATH
APPLICATION_ROOT = '/'

# Allow the backward compatiblity endpoints for the old URLs schema to
# see the commits of a repo. This is only interesting if you pagure instance
# was running since before version 1.3 and if you care about backward
# compatibility in your URLs.
OLD_VIEW_COMMIT_ENABLED = False


LOGGING = {
    "version": 1,
    "disable_existing_loggers": False,
    "formatters": {
        "standard": {
            "format": "%(asctime)s [%(levelname)s] %(name)s: %(message)s"
        },
    },
    "filters": {"myfilter": {"()": ContextInjector}},
    "handlers": {
        "console": {
            "formatter": "standard",
            "class": "logging.StreamHandler",
            "stream": "ext://sys.stdout",
        },
    },
    # The root logger configuration; this is a catch-all configuration
    # that applies to all log messages not handled by a different logger
    "root": {"handlers": ["console"]},
    "loggers": {
        "pagure": {
            "handlers": ["console"],
            "level": "DEBUG",
            "propagate": True,
        },
        "flask": {
            "handlers": ["console"],
            "level": "INFO",
            "propagate": False,
        },
        "sqlalchemy": {
            "handlers": ["console"],
            "level": "WARN",
            "propagate": False,
        },
        "pagure.lib.encoding_utils": {
            "handlers": ["console"],
            "level": "WARN",
            "propagate": False,
        },
    },
}

SSH_KEYS_USERNAME_EXPECT = "git"
ALLOW_HTTP_PUSH = True