3.3. config module

Admin configuration handling.

Keep in sync with examples/config.toml!

class config.Admin(username: str = 'admin', email: str = 'admin@okr.local', password_hash: str = '$argon2id$v=19$m=65536,t=3,p=4$qP4cvuNyXxtoou7Hl7FcTA$4zJxdTYlLJDOuKlyPTep/I1RZQi2ZHS/99YprG5Rp+8')

Bases: object

email: str

The email of the admin account, e.g. ‘admin@okr.local’.

password_hash: str

The hash of the admin password. The example hash was generated with the password ‘password’.

To generate, execute the following command: ./maintenance_script.py hash-password “<your-password-here>”

Then, set the password_hash configuration value to the output from the above command (without the surrounding quotation marks!).

username: str

The username of the admin account, e.g. ‘admin’.

class config.JWTSettings(secret: str = 'secretfortesting', validity_duration_hours: int = 168)

Bases: object

secret: str

A long secret string, e.g. generated by pwgen 128 1.

validity_duration_hours: int

How many hours a user session should remain valid.

After that period of time, users automatically get logged out.

class config.Settings(jwt_config: JWTSettings = JWTSettings(secret='secretfortesting', validity_duration_hours=168), twofa_config: TwoFaSettings = TwoFaSettings(app_name='OKR Tool', app_url='localhost', totp_valid_window=1), admin: Admin = Admin(username='admin', email='admin@okr.local', password_hash='$argon2id$v=19$m=65536,t=3,p=4$qP4cvuNyXxtoou7Hl7FcTA$4zJxdTYlLJDOuKlyPTep/I1RZQi2ZHS/99YprG5Rp+8'), database_url: str = 'sqlite+aiosqlite:///:memory:', cors_allow_origins: list[str] = NOTHING)

Bases: object

admin: Admin

The admin account credentials for the app.

The admin user has full control over the app, including managing users, creating projects, …

cors_allow_origins: list[str]

List of allowed CORS origins.

Required when using cookie-based authentication (allow_credentials=True). Example: - [”http://localhost:5173”] - [”https://app.example.com”]

database_url: str

Example setting: - ‘sqlite+aiosqlite:///okr.sqlite’ - here, all data will be stored in the ‘okr.sqlite’ file

jwt_config: JWTSettings

The JSON web token configuration.

JWT tokens secure user sessions and manages how long a login session remains valid.

twofa_config: TwoFaSettings

The Webauthn configuration.

This mostly defines information about the “relying party” (i.e. the app itself), e.g. it’s web URL and name.

class config.TwoFaSettings(app_name: str = 'OKR Tool', app_url: str = 'localhost', totp_valid_window: int = 1)

Bases: object

app_name: str

Name of the app. Used for registering Webauthn and TOTP tokens.

app_url: str

URL to the frontend of the app. This must not contain any protocol scheme or port!

Example values: - “localhost” if the frontend is running on “http://localhost:5173” - “foobar.example.com” if the frontend is running on “https://foobar.example.com”

totp_valid_window: int

How many TOTP cycles a one-time password remains valid.

For example, if this is set to 3, every one-time token is still valid until 3 * 30s = 90s after it was created.

config.config: Settings = Settings(jwt_config=JWTSettings(secret='secretfortesting', validity_duration_hours=168), twofa_config=TwoFaSettings(app_name='OKR Tool', app_url='localhost', totp_valid_window=1), admin=Admin(username='admin', email='admin@okr.local', password_hash='$argon2id$v=19$m=65536,t=3,p=4$qP4cvuNyXxtoou7Hl7FcTA$4zJxdTYlLJDOuKlyPTep/I1RZQi2ZHS/99YprG5Rp+8'), database_url='sqlite+aiosqlite:///:memory:', cors_allow_origins=['http://127.0.0.1:4173', 'http://127.0.0.1:5173', 'http://localhost:4173', 'http://localhost:5173'])

The settings configured by the app’s admin.

These are read at every app startup from config.toml and environment variables, where environment variables have greater importance than the configuration file.

Environment variable names are following the pattern OKR_<section>_<option_name>, e.g. the jwt secret can be changed by setting the OKR_ADMIN_USERNAME environment variable.

An example TOML config can be found at examples/config.toml.