Source code for config
"""Admin configuration handling.
Keep in sync with `examples/config.toml`!
"""
from typed_settings.exceptions import TsError
import attrs
import typed_settings as ts
[docs]
@attrs.frozen
class JWTSettings:
secret: str = "secretfortesting"
"""
A long secret string, e.g. generated by `pwgen 128 1`.
"""
validity_duration_hours: int = 7 * 24 # 1 week
"""
How many hours a user session should remain valid.
After that period of time, users automatically get logged out.
"""
[docs]
@attrs.frozen
class TwoFaSettings:
app_name: str = "OKR Tool"
"""
Name of the app. Used for registering Webauthn and TOTP tokens.
"""
app_url: str = "localhost"
"""
URL to the frontend of the app. This must not contain any protocol scheme or port!
Example values:
- "localhost" if the frontend is running on "http://localhost:5173"
- "foobar.example.com" if the frontend is running on "https://foobar.example.com"
"""
totp_valid_window: int = 1
"""
How many TOTP cycles a one-time password remains valid.
For example, if this is set to 3, every one-time token is still valid until 3 * 30s = 90s after it was created.
"""
[docs]
@attrs.frozen
class Admin:
username: str = "admin"
"""
The username of the admin account, e.g. 'admin'.
"""
email: str = "admin@okr.local"
"""
The email of the admin account, e.g. 'admin@okr.local'.
"""
password_hash: str = "$argon2id$v=19$m=65536,t=3,p=4$qP4cvuNyXxtoou7Hl7FcTA$4zJxdTYlLJDOuKlyPTep/I1RZQi2ZHS/99YprG5Rp+8"
"""
The hash of the admin password. The example hash was generated with the password 'password'.
To generate, execute the following command:
`./maintenance_script.py hash-password "<your-password-here>"`
Then, set the `password_hash` configuration value to the output from the above command (without the surrounding quotation marks!).
"""
[docs]
@attrs.frozen
class Settings:
jwt_config: JWTSettings = JWTSettings()
"""
The JSON web token configuration.
JWT tokens secure user sessions and manages how long a login session remains valid.
"""
twofa_config: TwoFaSettings = TwoFaSettings()
"""
The Webauthn configuration.
This mostly defines information about the "relying party" (i.e. the app itself), e.g. it's web URL and name.
"""
admin: Admin = Admin()
"""
The admin account credentials for the app.
The admin user has full control over the app, including managing users, creating projects, ...
"""
database_url: str = "sqlite+aiosqlite:///:memory:"
"""
Example setting:
- 'sqlite+aiosqlite:///okr.sqlite'
- here, all data will be stored in the 'okr.sqlite' file
"""
cors_allow_origins: list[str] = attrs.field(
factory=lambda: [
"http://127.0.0.1:4173",
"http://127.0.0.1:5173",
"http://localhost:4173",
"http://localhost:5173",
]
)
"""
List of allowed CORS origins.
Required when using cookie-based authentication (allow_credentials=True).
Example:
- ["http://localhost:5173"]
- ["https://app.example.com"]
"""
config: Settings
"""
The settings configured by the app's admin.
These are read at every app startup from `config.toml` and environment variables, where environment variables have greater importance than the configuration file.
Environment variable names are following the pattern `OKR_<section>_<option_name>`, e.g. the jwt secret can be changed by setting the `OKR_ADMIN_USERNAME` environment variable.
An example TOML config can be found at `examples/config.toml`.
"""
try:
config = ts.load(cls=Settings, appname="OKR", config_files=["config.toml"])
except TsError as e:
print(f"Failed to parse config file: {e}")
# exit/crash program if config can't be parsed
exit(1)