import json import os from app.cloudfoundry_config import cloud_config class Config(object): NOTIFY_APP_NAME = 'admin' NOTIFY_ENVIRONMENT = os.environ.get('NOTIFY_ENVIRONMENT', 'development') API_HOST_NAME = os.environ.get('API_HOST_NAME', 'localhost') ADMIN_BASE_URL = os.environ.get('ADMIN_BASE_URL', 'http://localhost:6012') HEADER_COLOUR = '#81878b' # mix(govuk-colour("dark-grey"), govuk-colour("mid-grey")) LOGO_CDN_DOMAIN = 'static-logos.notifications.service.gov.uk' # TODO use our own CDN ASSETS_DEBUG = False # Credentials ADMIN_CLIENT_SECRET = os.environ.get('ADMIN_CLIENT_SECRET') ADMIN_CLIENT_USER_NAME = os.environ.get('ADMIN_CLIENT_USERNAME') SECRET_KEY = os.environ.get('SECRET_KEY') DANGEROUS_SALT = os.environ.get('DANGEROUS_SALT') # ZENDESK_API_KEY = os.environ.get('ZENDESK_API_KEY') ROUTE_SECRET_KEY_1 = os.environ.get('ROUTE_SECRET_KEY_1', 'dev-route-secret-key-1') ROUTE_SECRET_KEY_2 = os.environ.get('ROUTE_SECRET_KEY_2', 'dev-route-secret-key-2') BASIC_AUTH_USERNAME = os.environ.get('BASIC_AUTH_USERNAME') BASIC_AUTH_PASSWORD = os.environ.get('BASIC_AUTH_PASSWORD') TEMPLATE_PREVIEW_API_HOST = os.environ.get('TEMPLATE_PREVIEW_API_HOST', 'http://localhost:9999') TEMPLATE_PREVIEW_API_KEY = os.environ.get('TEMPLATE_PREVIEW_API_KEY', 'my-secret-key') ANTIVIRUS_API_HOST = os.environ.get('ANTIVIRUS_API_HOST', 'http://localhost:6016') ANTIVIRUS_API_KEY = os.environ.get('ANTIVIRUS_API_KEY', 'test-key') # Logging NOTIFY_LOG_LEVEL = os.environ.get('NOTIFY_LOG_LEVEL', 'INFO') NOTIFY_LOG_PATH = os.environ.get('NOTIFY_LOG_PATH', 'application.log') DEFAULT_SERVICE_LIMIT = 50 EMAIL_EXPIRY_SECONDS = 3600 # 1 hour INVITATION_EXPIRY_SECONDS = 3600 * 24 * 2 # 2 days - also set on api EMAIL_2FA_EXPIRY_SECONDS = 1800 # 30 Minutes PERMANENT_SESSION_LIFETIME = 20 * 60 * 60 # 20 hours SEND_FILE_MAX_AGE_DEFAULT = 365 * 24 * 60 * 60 # 1 year REPLY_TO_EMAIL_ADDRESS_VALIDATION_TIMEOUT = 45 ACTIVITY_STATS_LIMIT_DAYS = 7 SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_NAME = 'notify_admin_session' SESSION_COOKIE_SECURE = True # don't send back the cookie if it hasn't been modified by the request. this means that the expiry time won't be # updated unless the session is changed - but it's generally refreshed by `save_service_or_org_after_request` # every time anyway, except for specific endpoints (png/pdfs generally) where we've disabled that handler. SESSION_REFRESH_EACH_REQUEST = False WTF_CSRF_ENABLED = True WTF_CSRF_TIME_LIMIT = None CHECK_PROXY_HEADER = False ANTIVIRUS_ENABLED = os.environ.get('ANTIVIRUS_ENABLED') == '1' AWS_REGION = os.environ.get('AWS_REGION') REDIS_URL = cloud_config.redis_url REDIS_ENABLED = os.environ.get('REDIS_ENABLED', '1') == '1' # TODO: reassign this NOTIFY_SERVICE_ID = 'd6aa2c68-a2d9-4437-ab19-3ae8eb202553' NOTIFY_BILLING_DETAILS = json.loads( os.environ.get('NOTIFY_BILLING_DETAILS') or 'null' ) or { 'account_number': '98765432', 'sort_code': '01-23-45', 'IBAN': 'GB33BUKB20201555555555', 'swift': 'ABCDEF12', 'notify_billing_email_addresses': [ 'generic@digital.cabinet-office.gov.uk', 'first.last@digital.cabinet-office.gov.uk', ] } def _default_s3_credentials(bucket_name): return { 'bucket': bucket_name, 'access_key_id': os.environ.get('AWS_ACCESS_KEY_ID'), 'secret_access_key': os.environ.get('AWS_SECRET_ACCESS_KEY'), 'region': os.environ.get('AWS_REGION') } class Development(Config): BASIC_AUTH_FORCE = False DEBUG = True SESSION_COOKIE_SECURE = False SESSION_PROTECTION = None HTTP_PROTOCOL = 'http' ASSET_DOMAIN = '' ASSET_PATH = '/static/' # Buckets CSV_UPLOAD_BUCKET = _default_s3_credentials('local-notifications-csv-upload') CONTACT_LIST_BUCKET = _default_s3_credentials('local-contact-list') LOGO_UPLOAD_BUCKET = _default_s3_credentials('local-public-logos-tools') # credential overrides DANGEROUS_SALT = 'dev-notify-salt' SECRET_KEY = 'dev-notify-secret-key' # nosec B105 - only used in development # ADMIN_CLIENT_USER_NAME is called ADMIN_CLIENT_ID in api repo, they should match ADMIN_CLIENT_USER_NAME = 'notify-admin' ADMIN_CLIENT_SECRET = 'dev-notify-secret-key' # nosec B105 - only used in development class Test(Development): TESTING = True WTF_CSRF_ENABLED = False ASSET_DOMAIN = 'static.example.com' ASSET_PATH = 'https://static.example.com/' API_HOST_NAME = 'http://you-forgot-to-mock-an-api-call-to' REDIS_URL = 'redis://you-forgot-to-mock-a-redis-call-to' ANTIVIRUS_API_HOST = 'https://test-antivirus' ANTIVIRUS_API_KEY = 'test-antivirus-secret' ANTIVIRUS_ENABLED = True LOGO_CDN_DOMAIN = 'static-logos.test.com' # Buckets CSV_UPLOAD_BUCKET = _default_s3_credentials('test-csv-upload') CONTACT_LIST_BUCKET = _default_s3_credentials('test-contact-list') LOGO_UPLOAD_BUCKET = _default_s3_credentials('test-logo-upload') class Production(Config): HEADER_COLOUR = '#005EA5' # $govuk-blue HTTP_PROTOCOL = 'https' BASIC_AUTH_FORCE = True ASSET_DOMAIN = '' # TODO use a CDN ASSET_PATH = '/static/' # TODO use a CDN DEBUG = False # buckets CSV_UPLOAD_BUCKET = cloud_config.s3_credentials( f"notify-api-csv-upload-bucket-{os.environ['NOTIFY_ENVIRONMENT']}") CONTACT_LIST_BUCKET = cloud_config.s3_credentials( f"notify-api-contact-list-bucket-{os.environ['NOTIFY_ENVIRONMENT']}") LOGO_UPLOAD_BUCKET = cloud_config.s3_credentials( f"notify-admin-logo-upload-bucket-{os.environ['NOTIFY_ENVIRONMENT']}") class Staging(Production): BASIC_AUTH_FORCE = True HEADER_COLOUR = '#00ff00' # $green class Demo(Staging): HEADER_COLOUR = '#6F72AF' # $mauve class Sandbox(Staging): HEADER_COLOUR = '#ff0000' # $red class Scanning(Production): BASIC_AUTH_FORCE = False HTTP_PROTOCOL = 'http' API_HOST_NAME = 'https://notify-api-demo.app.cloud.gov/' SECRET_KEY = 'dev-notify-secret-key' # nosec B105 - only used in development ADMIN_CLIENT_USER_NAME = 'notify-admin' ADMIN_CLIENT_SECRET = 'dev-notify-secret-key' # nosec B105 - only used in development configs = { 'development': Development, 'test': Test, 'scanning': Scanning, 'staging': Staging, 'demo': Demo, 'sandbox': Sandbox, 'production': Production }