-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinvenio.cfg
More file actions
449 lines (352 loc) · 14.1 KB
/
invenio.cfg
File metadata and controls
449 lines (352 loc) · 14.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
from datetime import datetime
from flask.config import Config
import os
from dotenv import dotenv_values
import json
from flask_babel import lazy_gettext as _
from marshmallow_i18n_messages import add_i18n_to_marshmallow
add_i18n_to_marshmallow(_)
# Import the configuration from the local .env if it exists
# and overwrite it with environment variables
# Loading it this way so could interpolate values
def transform_value(x):
if not isinstance(x, str):
return x
if x == 'False':
return False
if x == 'True':
return True
try:
return json.loads(x)
except:
return x
env = Config(os.path.dirname(__file__))
bundled_env = os.path.join(os.path.dirname(__file__), 'variables')
if os.path.exists(bundled_env):
vals = dotenv_values(bundled_env)
env.from_mapping(vals)
if os.path.exists('.env'):
vals = dotenv_values('.env')
env.from_mapping(vals)
env.from_mapping({
k:v for k, v in os.environ.items() if k.startswith('INVENIO_')
})
for k, v in env.items():
setattr(env, k, transform_value(v))
# def _(x): # needed to avoid start time failure with lazy strings
# return x
# Flask
# =====
# See https://flask.palletsprojects.com/en/1.1.x/config/
# Define the value of the cache control header `max-age` returned by the server when serving
# public files. Files will be cached by the browser for the provided number of seconds.
# See flask documentation for more information:
# https://flask.palletsprojects.com/en/2.1.x/config/#SEND_FILE_MAX_AGE_DEFAULT
SEND_FILE_MAX_AGE_DEFAULT = 300
MAX_CONTENT_LENGTH = 10 * 1024 * 1024 * 1024 # 10 GB
# Since HAProxy and Nginx route all requests no matter the host header
# provided, the allowed hosts variable is set to localhost. In production it
# should be set to the correct host and it is strongly recommended to only
# route correct hosts to the application.
APP_ALLOWED_HOSTS = ['0.0.0.0', 'localhost', '127.0.0.1', 'mdrepo.eu']
# Flask-SQLAlchemy
# ================
# See https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/
SQLALCHEMY_DATABASE_URI=(
"postgresql+psycopg2://"
f"{env.INVENIO_DATABASE_USER}:{env.INVENIO_DATABASE_PASSWORD}"
f"@{env.INVENIO_DATABASE_HOST}:{env.INVENIO_DATABASE_PORT}"
f"/{env.INVENIO_DATABASE_DBNAME}"
)
# Invenio-App
# ===========
# See https://invenio-app.readthedocs.io/en/latest/configuration.html
APP_DEFAULT_SECURE_HEADERS = {
'content_security_policy': {
'default-src': [
"'self'",
"data:", # for fonts
"'unsafe-inline'", # for inline scripts and styles
"blob:", # for pdf preview
"https://cdn.jsdelivr.net",
# Add your own policies here (e.g. analytics)
],
'script-src': [
"'self'",
"'unsafe-inline'",
"'unsafe-eval'",
"https://cdn.jsdelivr.net",
"https://cdn.jsdelivr.net/npm/molstar",
],
'style-src': [
"'self'",
"'unsafe-inline'",
"https://cdn.jsdelivr.net",
],
'connect-src': [
"'self'",
"data:",
"https://cdn.jsdelivr.net",
"https://molstarvolseg.ncbr.muni.cz",
"https://alphafold.ebi.ac.uk",
"https://www.alphafold.ebi.ac.uk",
"https://gmxmetadump.biodata.ceitec.cz",
"https://s3.mdrepo.eu",
"http://localhost:5000",
"http://localhost:8062"
],
},
'content_security_policy_report_only': False,
'content_security_policy_report_uri': None,
'force_file_save': False,
'force_https': True,
'force_https_permanent': False,
'frame_options': 'sameorigin',
'frame_options_allow_from': None,
'session_cookie_http_only': True,
'session_cookie_secure': True,
'strict_transport_security': True,
'strict_transport_security_include_subdomains': True,
'strict_transport_security_max_age': 31556926, # One year in seconds
'strict_transport_security_preload': False,
}
# Flask-Babel
# ===========
# See https://python-babel.github.io/flask-babel/#configuration
# Default locale (language)
BABEL_DEFAULT_LOCALE = 'en'
# Default time zone
BABEL_DEFAULT_TIMEZONE = 'Europe/Prague'
# Invenio-I18N
# ============
# See https://invenio-i18n.readthedocs.io/en/latest/configuration.html
# Other supported languages (do not include BABEL_DEFAULT_LOCALE in list).
I18N_LANGUAGES = [
# ('cs', _('Czech')),
# ('de', _('German')),
# ('tr', _('Turkish')),
]
# Invenio-Theme
# =============
# See https://invenio-theme.readthedocs.io/en/latest/configuration.html
APP_THEME = ["oarepo", "semantic-ui"]
INSTANCE_THEME_FILE = './less/theme.less'
# Invenio-Files-Rest
# ==================
FILES_REST_STORAGE_FACTORY='invenio_s3.s3fs_storage_factory'
# Invenio-S3
# ==========
S3_ENDPOINT_URL=f"{env.INVENIO_S3_PROTOCOL}://{env.INVENIO_S3_HOST}:{env.INVENIO_S3_PORT}/"
# S3_ENDPOINT_URL=f"https://s3.mdrepo.eu:443" # If you leave out the port minio crashes! (honestly WHAT THE FUCK?!?)
S3_ACCESS_KEY_ID=env.INVENIO_S3_ACCESS_KEY
S3_SECRET_ACCESS_KEY=env.INVENIO_S3_SECRET_KEY
S3_BUCKET_NAME = "experiments_bucket"
# Allow S3 endpoint in the CSP rules
APP_DEFAULT_SECURE_HEADERS['content_security_policy']['default-src'].append(
S3_ENDPOINT_URL
)
APP_DEFAULT_SECURE_HEADERS['content_security_policy']['default-src'].append(
#hack for displaying images from another source (this one is for licenses specifically)
"https://licensebuttons.net/"
)
APP_DEFAULT_SECURE_HEADERS['content_security_policy']['default-src'].append(
"http://localhost:5000/"
)
APP_DEFAULT_SECURE_HEADERS['content_security_policy']['default-src'].append(
"http://localhost:8062/"
)
# Invenio-Records-Resources
# =========================
# See https://github.com/inveniosoftware/invenio-records-resources/blob/master/invenio_records_resources/config.py
# SITE_UI_URL = f"https://mdrepo.eu"
SITE_UI_URL = f"https://{env.INVENIO_UI_HOST}:{env.INVENIO_UI_PORT}"
# SITE_API_URL = f"https://mdrepo.eu/api"
SITE_API_URL = f"https://{env.INVENIO_API_HOST}:{env.INVENIO_API_PORT}/api"
# SITE_HOSTNAME = "mdrepo.eu"
# Authentication - Invenio-Accounts and Invenio-OAuthclient
# =========================================================
# See: https://inveniordm.docs.cern.ch/customize/authentication/
# Invenio-Accounts
# ----------------
# See https://github.com/inveniosoftware/invenio-accounts/blob/master/invenio_accounts/config.py
ACCOUNTS_LOCAL_LOGIN_ENABLED = env.INVENIO_ACCOUNTS_LOCAL_LOGIN_ENABLED # enable local login
SECURITY_REGISTERABLE = env.INVENIO_SECURITY_REGISTERABLE # local login: allow users to register
SECURITY_RECOVERABLE = env.INVENIO_SECURITY_RECOVERABLE # local login: allow users to reset the password
SECURITY_CHANGEABLE = env.INVENIO_SECURITY_CHANGEABLE # local login: allow users to change psw
SECURITY_CONFIRMABLE = env.INVENIO_SECURITY_CONFIRMABLE # local login: users can confirm e-mail address
SECURITY_LOGIN_WITHOUT_CONFIRMATION = env.INVENIO_SECURITY_LOGIN_WITHOUT_CONFIRMATION # require users to confirm email before being able to login
# Invenio-OAuthclient
# -------------------
# See https://github.com/inveniosoftware/invenio-oauthclient/blob/master/invenio_oauthclient/config.py
# TODO: configure login through e-infra
OAUTHCLIENT_REMOTE_APPS = {} # configure external login providers
from invenio_oauthclient.views.client import auto_redirect_login
ACCOUNTS_LOGIN_VIEW_FUNCTION = auto_redirect_login # autoredirect to external login if enabled
OAUTHCLIENT_AUTO_REDIRECT_TO_EXTERNAL_LOGIN = True # autoredirect to external login
# Invenio-UserProfiles
# --------------------
USERPROFILES_READ_ONLY = False # allow users to change profile info (name, email, etc...)
# OAI-PMH
# =======
# See https://github.com/inveniosoftware/invenio-oaiserver/blob/master/invenio_oaiserver/config.py
OAISERVER_ID_PREFIX = SITE_UI_URL
"""The prefix that will be applied to the generated OAI-PMH ids."""
# Invenio-Search
# --------------
SEARCH_INDEX_PREFIX = env.INVENIO_SEARCH_INDEX_PREFIX
SEARCH_HOSTS = [
dict(host=env.INVENIO_OPENSEARCH_HOST,
port=env.INVENIO_OPENSEARCH_PORT),
]
SEARCH_CLIENT_CONFIG = dict(
use_ssl = env.INVENIO_OPENSEARCH_USE_SSL,
verify_certs = env.INVENIO_OPENSEARCH_VERIFY_CERTS,
ssl_assert_hostname = env.INVENIO_OPENSEARCH_ASSERT_HOSTNAME,
ssl_show_warn = env.INVENIO_OPENSEARCH_SHOW_WARN,
ca_certs = env.get('INVENIO_OPENSEARCH_CA_CERTS_PATH', None)
)
SEARCH_UI_SEARCH_TEMPLATE = "invenio_search_ui/search.html"
# from oarepo_global_search.proxies import global_search_view_function
# SEARCH_UI_SEARCH_VIEW = global_search_view_function
# Cache
# --------------
INVENIO_CACHE_TYPE="redis"
CACHE_REDIS_URL = (
f'redis://{env.INVENIO_REDIS_HOST}:{env.INVENIO_REDIS_PORT}'
f'/{env.INVENIO_REDIS_CACHE_DB}'
)
ACCOUNTS_SESSION_REDIS_URL = (
f'redis://{env.INVENIO_REDIS_HOST}:{env.INVENIO_REDIS_PORT}'
f'/{env.INVENIO_REDIS_SESSION_DB}'
)
COMMUNITIES_IDENTITIES_CACHE_REDIS_URL = (
f'redis://{env.INVENIO_REDIS_HOST}:{env.INVENIO_REDIS_PORT}'
f'/{env.INVENIO_REDIS_COMMUNITIES_CACHE_DB}'
)
# Local schema
# --------------
RECORDS_REFRESOLVER_CLS = 'invenio_records.resolver.InvenioRefResolver'
RECORDS_REFRESOLVER_STORE = "invenio_jsonschemas.proxies.current_refresolver_store"
JSONSCHEMAS_HOST = SITE_UI_URL
# Extended vocabularies
# ---------------------
from oarepo_vocabularies.services.config import VocabulariesConfig
from oarepo_vocabularies.resources.config import VocabulariesResourceConfig
VOCABULARIES_SERVICE_CONFIG = VocabulariesConfig
VOCABULARIES_RESOURCE_CONFIG = VocabulariesResourceConfig
# Files storage location
# ---------------
FILES_REST_STORAGE_CLASS_LIST = {
"L": "Local",
"F": "Fetch",
"R": "Remote",
}
FILES_REST_DEFAULT_STORAGE_CLASS = "L"
# Redis port redirection
# ---------------------
CELERY_BROKER_URL = (
f"amqp://{env.INVENIO_RABBIT_USER}:{env.INVENIO_RABBIT_PASSWORD}"
f"@{env.INVENIO_RABBIT_HOST}:{env.INVENIO_RABBIT_PORT}/"
)
BROKER_URL = CELERY_BROKER_URL
CELERY_RESULT_BACKEND = (
f'redis://{env.INVENIO_REDIS_HOST}:{env.INVENIO_REDIS_PORT}'
f'/{env.INVENIO_REDIS_CELERY_RESULT_DB}'
)
# Instance secret key, used to encrypt stuff (for example, access tokens) inside database
SECRET_KEY = env.INVENIO_SECRET_KEY
# Invenio hacks
# -------------
# Invenio has problems with order of loading templates. If invenio-userprofiles is loaded
# before invenio-theme, the userprofile page will not work because base settings page
# will be taken from userprofiles/semantic-ui/userprofiles/settings/base.html which is faulty.
# If invenio-theme is loaded first, SETTINGS_TEMPLATE is filled, then userprofiles will use
# it and the UI loads correctly.
#
# This line just makes sure that SETTINGS_TEMPLATE is always set up.
SETTINGS_TEMPLATE='invenio_theme/page_settings.html'
# UI
# ---
THEME_HEADER_TEMPLATE = "header.html"
THEME_FOOTER_TEMPLATE = "footer.html"
THEME_JAVASCRIPT_TEMPLATE = "base/javascript.html"
THEME_TRACKINGCODE_TEMPLATE = "oarepo_ui/trackingcode.html"
THEME_CSS_TEMPLATE = "base/css.html"
# remove when you create your own title page
THEME_FRONTPAGE = False
# Header logo
THEME_LOGO = 'images/logo-invenio-white.svg'
THEME_SITENAME = _("Repository of Computational Chemistry Experiments")
THEME_FRONTPAGE_TITLE = "Repository of Computational Chemistry Experiments"
THEME_FRONTPAGE_TEMPLATE = "frontpage.html"
THEME_FRONTPAGE_LOGO = None
REPOSITORY_NAME = "Repository of Computational Chemistry Experiments"
REPOSITORY_DESCRIPTION = "Uprav REPOSITORY_DESCRIPTION v invenio.cfg"
# We set this to avoid bug: https://github.com/inveniosoftware/invenio-administration/issues/180
THEME_HEADER_LOGIN_TEMPLATE = "header_login.html"
BASE_TEMPLATE = "oarepo_ui/base_page.html"
RATELIMIT_GUEST_USER = "5000 per hour;500 per minute"
RATELIMIT_AUTHENTICATED_USER = "20000 per hour;2000 per minute"
GLOBAL_SEARCH_MODELS = [{
"model_service": "experiments.services.records.service.ExperimentsService",
"service_config": "experiments.services.records.config.ExperimentsServiceConfig",
"ui_resource_config": "ui.experiments.ExperimentsResourceConfig",
"api_resource_config": "experiments.resources.records.config.ExperimentsResourceConfig",
}]
DASHBOARD_RECORD_CREATE_URL="/experiments/_new"
COMMUNITIES_CUSTOM_FIELDS = []
COMMUNITIES_CUSTOM_FIELDS_UI = []
# Workflows
# -------------
COMMUNITIES_ROLES = [
dict(
name="submitter",
title=_("Submitter"),
description=_("Can submit records."),
),
dict(
name="curator",
title=_("Curator"),
description=_("Can curate records."),
can_manage=True,
can_manage_roles=["submitter", "member"],
),
dict(
name="member",
title=_("Member"),
description=_("Community member with read permissions."),
),
dict(
name="owner",
title=_("Community owner"),
description=_("Can manage community."),
is_owner=True,
can_manage=True,
can_manage_roles=["owner", "curator", "submitter"],
)
]
# record states:
# - draft
# - published
# - retracting
from oarepo_workflows import Workflow
from shared.workflows import DefaultWorkflowRequests, DefaultWorkflowPermissions
from oarepo_requests.services.permissions.workflow_policies import CreatorsFromWorkflowRequestsPermissionPolicy
WORKFLOWS = {
"default": Workflow(
label=_("Default workflow"),
permission_policy_cls=DefaultWorkflowPermissions,
request_policy_cls=DefaultWorkflowRequests,
)
}
REQUESTS_PERMISSION_POLICY = CreatorsFromWorkflowRequestsPermissionPolicy
RECORD_ROUTES = {"new": "/experiments/_new?community={community_slug}"}
# temporary solution for getting invalid type for delete_request (I just wanted to edit a record, like why the fuck did it crash for not having a delete request type????)
from invenio_requests.customizations.request_types import RequestType
class DeleteRequestType(RequestType):
type_id = 'delete_request'
name = 'Delete Request'
description = 'A request to delete a record.'
REQUESTS_REGISTERED_TYPES = [DeleteRequestType]
ARGO_WORKFLOWS_URL = "https://localhost:2746"
FILEPROCESSOR_URL = "http://localhost:8062/api"