Minor config fixes and enhancements (#805)

While reconfiguring my local Hyperion, a couple difficulties arose...

Author: Marc-Andrieu

.env.template

@@ -6,10 +6,9 @@
 POSTGRES_HOST="hyperion-db"
 POSTGRES_USER=""
 POSTGRES_PASSWORD=""
-POSTGRES_DB=""
+POSTGRES_DB="hyperion"
 POSTGRES_TZ="Etc/UTC"
 
-
 ########################
 # Redis configuration #
 ########################

.gitignore

@@ -11,7 +11,6 @@ data/
 
 # Dotenv file
 .env
-.env.yaml
 config.yaml
 
 

app/core/utils/config.py

@@ -141,7 +141,7 @@ def settings_customise_sources(
     # Configure AuthClients, to allow services to authenticate users using OAuth2 or Openid connect
     # The following format should be used in yaml config files:
     # ```yml
-    # AUTH_CLIENTS_DICT:
+    # AUTH_CLIENTS:
     #   <ClientId>:
     #     secret: <ClientSecret>
     #     redirect_uri:

config.template.yaml

@@ -4,13 +4,40 @@
 # ACCESS_TOKEN_SECRET_KEY should contain a random string with enough entropy (at least 32 bytes long) to securely sign all access_tokens for OAuth and Openid connect
 ACCESS_TOKEN_SECRET_KEY: ""
 # RSA_PRIVATE_PEM_STRING should be a string containing the PEM certificate of a private RSA key. It will be used to sign id_tokens for Openid connect authentication
-# In the pem certificates newlines can be replaced by `\n`
-RSA_PRIVATE_PEM_STRING: ""
+# The example below was generated using a 2048-bit RSA key generator
+RSA_PRIVATE_PEM_STRING: |
+  #-----BEGIN RSA PRIVATE KEY-----
+  #MIIEpQIBAAKCAQEA1tpj3TZDkJakp2RygsM392pQbcmNBOGFT8FlETcRG/JVFT7k
+  #iClJu+CVOJSVD0epfpYp93cYepfw74SezYnBCyuoLJ2yg5Qh4KlCrWmvwM7vhFIN
+  #x0xddIQi+Gm0T3dxGtv4Ga50TYX4SV4FE3ctJG9m3pyNF6POODp5tMJvShQWYTto
+  #W9qNhltZ8Z+14bq2INV/efpT47WuMT+VD/fa9/WwopAtgBcQOvq57fv5+DaPOIVR
+  #9BiP7F+pv+v6wQ373hI22QzCMsA4Whl+BmWFKcFoBDOBRjlW5VqhJWJkWZIRP0q+
+  #VAZHk2xJK+0YFc9jmaC+ExMtuyHYK0RnQK/8LQIDAQABAoIBABxJ8v4sZ+cAvrs/
+  #kYhAFf1gpShfck7jNr9SknEa1Aje9m7usf5vmULAhkVF4v55DAsb0HjB2JpDqTiQ
+  #OKyNZ7qFzAXb2aZTecZv4tScZsS3OngsqZ3FI0T1JPmaSWBxNJY5wkf3XV7btd5L
+  #H9X5ShtTA7Np33XuXneu01mGhEq3boLro+vfXMHV5QHyle1F4LUFWEqtP0UmZ5wA
+  #rro0Y7pA8R88tu5X4iWEjQPnAsbRixwFQ9LNMD8+40e1UIguobRySnP5umErHaIh
+  #Kui7ZijLjbZh/dPS0IfpgahL1K6s9XhT3mD9WMvAvMkNtLewHIZZukG45mOQBrjF
+  #vvyYxoECgYEA+EY6YimGw0IKnUuf+5uZRXST7kDMENz1Flkcj8oZvo47hdX8/lDN
+  #i0y7gm3VNfHAK2R2KZPmSbtXA0DvS7kmx1/CFcmwkaakhuU5dyCHldWwSaTME3IE
+  #xjSZfTvlAiq9i6nUflgfkKo3Bdsiq8TYOUAv25S2SwYDH9Tx0fQwwGECgYEA3Ynt
+  #CHc8e4YRlGT65UQmEZ8cptmqVRyY4ClMU1xht7Pn0G1JwKRraiEL5/LndwscWf3h
+  #DygQuArJ28pp4d22FEW1LeXozXYUjJoz3anIA45IZ1OihS7Cx7tJB51/QNJeFdF4
+  #EX/XHaVukHyYSsAxkwCUYOw3cSgZOSEddL5Wf00CgYEA7JlIlDmMwtFR+jqSmJ3c
+  #//Kr8zZvAnb/Xa/IZ0MrK4yyLsYR1m48o06Ztx9iO4lKIFAZx1+563QL5P7hzOEC
+  #kqev90GA8hzD2AXksKEgdOrymAvjq3hSEm0YBN+qS1ldzxYmec0TL7L2wq7lqJnr
+  #kQuZUAG1g2OUYKZ3WSUDvKECgYEAv24NSkFuG/avfiD7w9xtYNCye2KekskROLG2
+  #6FltfsWQTEQDdNkekChaF2WHqRAKwaBlNymRuNZpsuhnMerZCQ9rDWwbDF86RnyA
+  #0MuCr7/kxJQ6XQcY/GnTIydu7F5bOlM0gzqKcW2f6m4fUohczf+0N0QmbDsQAJOi
+  #1lwadgkCgYEA3tkCBJIPTQecfjWiLqSocS6SrwXU+r3Jw6kI3/IB6ban/nsFdHSb
+  #nADST7f2zZatN6XALwsLU7f2R09R39ub0AJPyfToxo7MngR1rvaUYooF3rLlaU32
+  #8DqGvGpLkZkwbtcDmcX1zQoHjUo7RvoShZoapr59ihfrkiiEsXOkuGw=
+  #-----END RSA PRIVATE KEY-----
 
 # Host or url of the instance of Hyperion
 # This url will be especially used for oidc/oauth2 discovery endpoint and links send by email
 # NOTE: A trailing / is required
-CLIENT_URL: "http://127.0.0.1:8000/"
+CLIENT_URL: http://127.0.0.1:8000/
 
 # Sometimes, when running third services with oidc inside Docker containers, and running Hyperion on your local device
 # you may need to use a different url for call made from docker and call made from your device
@@ -23,7 +50,7 @@ CLIENT_URL: "http://127.0.0.1:8000/"
 # Configure AuthClients, to allow services to authenticate users using OAuth2 or Openid connect
 # The following format should be used in yaml config files:
 # ```yml
-# AUTH_CLIENTS_DICT:
+# AUTH_CLIENTS:
 #   <ClientId>:
 #     secret: <ClientSecret>
 #     redirect_uri:
@@ -34,22 +61,41 @@ CLIENT_URL: "http://127.0.0.1:8000/"
 # `AuthClientClassName` should be a class from `app.utils.auth.providers`
 # `secret` may be omitted to use PKCE instead of a client secret
 AUTH_CLIENTS:
+  Titan:
+    secret:
+    redirect_uri:
+      - http://localhost:3000/static.html
+      - http://127.0.0.1:3000/static.html
+    auth_client: AppAuthClient
+  Postman:
+    secret: PostmanSecret
+    redirect_uri:
+      - https://oauth.pstmn.io/v1/callback
+      - http://postman
+      - http://localhost:8000/docs/oauth2-redirect
+      - http://127.0.0.1:8000/docs/oauth2-redirect
+    auth_client: APIToolAuthClient
 
 #####################
 # Hyperion settings #
 #####################
 
-LOG_DEBUG_MESSAGES: true
+LOG_DEBUG_MESSAGES: True
 
 # Origins for the CORS middleware. `["http://localhost"]` can be used for development.
 # See https://fastapi.tiangolo.com/tutorial/cors/
 # It should begin with 'http://' or 'https:// and should never end with a '/'
-CORS_ORIGINS: ["http://localhost"]
+CORS_ORIGINS:
+  - http://localhost:3000
+  - http://127.0.0.1:3000
+#  - *
 
 # If set, the application use a SQLite database instead of PostgreSQL, for testing or development purposes (if possible Postgresql should be used instead)
-SQLITE_DB: "app.db"
+SQLITE_DB: app.db
 # If True, will print all SQL queries in the console
 DATABASE_DEBUG: False
+# if True and the database is empty, it will be seeded with mocked data
+USE_FACTORIES: True
 
 #####################################
 # SMTP configuration using starttls #