Renew with 2FA and Podman

2025-02-07 21:53:52 +00:00
parent 906f34f3a2
commit 83a3761d17
59 changed files with 1001 additions and 861 deletions
--- a/app/settings.py
+++ b/app/settings.py
@@ -30,6 +30,7 @@ ALLOWED_HOSTS = []
 INSTALLED_APPS = [
    "core",
    "django.contrib.admin",
+    # 'core.apps.LibraryAdminConfig', # our custom OTP'ed admin
    "django.contrib.auth",
    "django.contrib.contenttypes",
    "django.contrib.sessions",
@@ -42,7 +43,39 @@ INSTALLED_APPS = [
    "crispy_bulma",
    # "django_tables2",
    # "django_tables2_bulma_template",
+    "django_otp",
+    "django_otp.plugins.otp_totp",
+    # "django_otp.plugins.otp_email",
+    # 'django_otp.plugins.otp_hotp',
+    "django_otp.plugins.otp_static",
+    "two_factor",
+    # "two_factor.plugins.phonenumber",
+    # "two_factor.plugins.email",
+    # "two_factor.plugins.yubikey",
+    # "otp_yubikey",
+    "mixins",
+    "cachalot",
 ]
+
+# Performance optimisations
+CACHES = {
+    "default": {
+        "BACKEND": "django_redis.cache.RedisCache",
+        # "LOCATION": "unix:///var/run/socks/redis.sock",
+        # "LOCATION": f"redis://{REDIS_HOST}:{REDIS_PORT}",
+        "LOCATION": "unix:///var/run/envelope-redis.sock",
+        "OPTIONS": {
+            "db": 10,
+            # "parser_class": "django_redis.cache.RedisCache",
+            # "PASSWORD": REDIS_PASSWORD,
+            "pool_class": "redis.BlockingConnectionPool",
+        },
+    }
+}
+# CACHE_MIDDLEWARE_ALIAS = 'default'
+# CACHE_MIDDLEWARE_SECONDS = '600'
+# CACHE_MIDDLEWARE_KEY_PREFIX = ''
+
 CRISPY_TEMPLATE_PACK = "bulma"
 CRISPY_ALLOWED_TEMPLATE_PACKS = ("bulma",)
 DJANGO_TABLES2_TEMPLATE = "django-tables2/bulma.html"
@@ -51,9 +84,12 @@ MIDDLEWARE = [
    "debug_toolbar.middleware.DebugToolbarMiddleware",
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
+    # 'django.middleware.cache.UpdateCacheMiddleware',
    "django.middleware.common.CommonMiddleware",
+    # 'django.middleware.cache.FetchFromCacheMiddleware',
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django_otp.middleware.OTPMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "django_htmx.middleware.HtmxMiddleware",
@@ -132,7 +168,9 @@ AUTH_USER_MODEL = "core.User"

 LOGIN_REDIRECT_URL = "home"
 LOGOUT_REDIRECT_URL = "home"
-LOGIN_URL = "/accounts/login/"
+# 2FA
+LOGIN_URL = "two_factor:login"
+# LOGIN_REDIRECT_URL = 'two_factor:profile'

 # ALLOWED_PAYMENT_METHODS = ["bacs_debit", "card"]
 ALLOWED_PAYMENT_METHODS = ["card"]
@@ -164,6 +202,7 @@ DEBUG_TOOLBAR_PANELS = [
    "debug_toolbar.panels.logging.LoggingPanel",
    "debug_toolbar.panels.redirects.RedirectsPanel",
    "debug_toolbar.panels.profiling.ProfilingPanel",
+    "cachalot.panels.CachalotPanel",
 ]

 from app.local_settings import *  # noqa
@@ -179,3 +218,12 @@ if PROFILER:  # noqa - trust me its there
        #     "region":   f'{os.getenv("REGION")}',
        # }
    )
+
+
+def show_toolbar(request):
+    return DEBUG  # noqa: from local imports
+
+
+DEBUG_TOOLBAR_CONFIG = {
+    "SHOW_TOOLBAR_CALLBACK": show_toolbar,
+}