Prepare app for working behind a proxy (nginx).

Adapt user form
2024-05-30 07:39:05 +02:00
parent ce91323dc9
commit e5a36798bf
1083 changed files with 326 additions and 331832 deletions
--- a/config/config.py
+++ b/config/config.py
@@ -9,12 +9,24 @@ class Config(object):
    DEBUG = False
    DEVELOPMENT = False
    SECRET_KEY = '97867c1491bea5ee6a8e8436eb11bf2ba6a69ff53ab1b17ecba450d0f2e572e1'
-    SESSION_COOKIE_SECURE = True
+    SESSION_COOKIE_SECURE = False
    SESSION_COOKIE_HTTPONLY = True

-    # WTF_CSRF_ENABLED = True
+    WTF_CSRF_ENABLED = True

    # flask-security-too settings
+    # SECURITY_URL_PREFIX = '/admin'
+    SECURITY_LOGIN_URL = '/admin/login'
+    SECURITY_LOGOUT_URL = '/admin/logout'
+    # SECURITY_REGISTER_URL = '/admin/register'
+    # SECURITY_RESET_URL = '/admin/reset'
+    # SECURITY_CHANGE_URL = '/admin/change'
+    # SECURITY_POST_LOGIN_VIEW = '/admin/user/tenant_overview'
+    # SECURITY_POST_LOGOUT_VIEW = '/admin'
+    # SECURITY_POST_REGISTER_VIEW = '/admin/user/tenant_overview'
+    # SECURITY_POST_RESET_VIEW = '/admin/login'
+    # SECURITY_POST_CHANGE_VIEW = '/admin/login'
+    # SECURITY_BLUEPRINT_NAME = 'security_bp'
    SECURITY_PASSWORD_SALT = '228614859439123264035565568761433607235'
    REMEMBER_COOKIE_SAMESITE = 'strict'
    SESSION_COOKIE_SAMESITE = 'strict'
@@ -27,6 +39,12 @@ class Config(object):
    PERMANENT_SESSION_LIFETIME = timedelta(minutes=60)
    SESSION_REFRESH_EACH_REQUEST = True

+    # Ensure Flask-Security-Too is handling CSRF tokens when behind a proxy
+    SECURITY_CSRF_PROTECT_MECHANISMS = ['session']
+    SECURITY_CSRF_COOKIE_NAME = 'XSRF-TOKEN'
+    SECURITY_CSRF_HEADER = 'X-XSRF-TOKEN'
+    WTF_CSRF_CHECK_DEFAULT = False
+
    # flask-mailman settings
    MAIL_SERVER = 'mail.flow-it.net'
    MAIL_PORT = 587
@@ -98,6 +116,10 @@ class DevConfig(Config):
    SQLALCHEMY_BINDS = {'public': 'postgresql+pg8000://josako@localhost:5432/eveAI'}
    EXPLAIN_TEMPLATE_LOADING = False

+    # Define the nginx prefix used for the specific apps
+    EVEAI_APP_LOCATION_PREFIX = '/admin'
+    EVEAI_CHAT_LOCATION_PREFIX = '/chat'
+
    # flask-mailman settings
    MAIL_USERNAME = 'eveai_super@flow-it.net'
    MAIL_PASSWORD = '$6xsWGbNtx$CFMQZqc*'
@@ -113,7 +135,6 @@ class DevConfig(Config):
    CELERY_BROKER_URL_CHAT = 'redis://localhost:6379/3'
    CELERY_RESULT_BACKEND_CHAT = 'redis://localhost:6379/3'

-
    # OpenAI API Keys
    OPENAI_API_KEY = 'sk-proj-8R0jWzwjL7PeoPyMhJTZT3BlbkFJLb6HfRB2Hr9cEVFWEhU7'