Merge pull request #1 from hiiro-app/enable_api

enable api and disable csrf
2025-06-20 09:37:48 +02:00 · 2025-02-14 13:57:50 +03:00 · 2025-02-14 13:57:50 +03:00 · cc329358fe
commit cc329358fe
parent 43a71e89f7 690ab3213d
4 changed files with 135 additions and 94 deletions
--- a/requirements.txt
+++ b/requirements.txt
@ -1,4 +1,4 @@
-Django>=3.2
+Django==5.*
 django-bootstrap4-form
 celery
 email-reply-parser
--- a/standalone/Dockerfile
+++ b/standalone/Dockerfile
@ -8,6 +8,7 @@ RUN apt-get install -yqq \
   git
 COPY requirements.txt /opt/django-helpdesk/requirements.txt
 COPY standalone/extra-requirements.txt /opt/django-helpdesk/standalone/extra-requirements.txt
 RUN pip3 install packaging
 RUN pip3 install -r /opt/django-helpdesk/requirements.txt
 RUN pip3 install -r /opt/django-helpdesk/standalone/extra-requirements.txt
 COPY . /opt/django-helpdesk
--- a/standalone/config/local_settings.py
+++ b/standalone/config/local_settings.py
@ -1 +1,21 @@
 from .settings import *
 REST_FRAMEWORK = {
    "DEFAULT_AUTHENTICATION_CLASSES": [
        "rest_framework.authentication.BasicAuthentication",
    ]
 }
 HELPDESK_ACTIVATE_API_ENDPOINT = True
 DATABASES = {
    # Setup postgress db with postgres as host and db name and read password from env var
    "default": {
        "ENGINE": "django.db.backends.postgresql",
        "NAME": os.environ.get("POSTGRES_DB", "postgres"),
        "USER": os.environ.get("POSTGRES_USER", "postgres"),
        "PASSWORD": os.environ.get("POSTGRES_PASSWORD", "postgres"),
        "HOST": os.environ.get("POSTGRES_HOST", "postgres"),
        "PORT": os.environ.get("POSTGRES_PORT", "5432"),
    }
 }
--- a/standalone/config/settings.py
+++ b/standalone/config/settings.py
@ -8,7 +8,6 @@ For the full list of settings and their values, see
 https://docs.djangoproject.com/en/1.11/ref/settings/
 """
 import os
@ -21,70 +20,72 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # Read SECRET_KEY from DJANGO_HELPDESK_SECRET_KEY env var
 try:
-    SECRET_KEY = os.environ['DJANGO_HELPDESK_SECRET_KEY']
+    SECRET_KEY = os.environ["DJANGO_HELPDESK_SECRET_KEY"]
 except KeyError:
    raise Exception("DJANGO_HELPDESK_SECRET_KEY environment variable is not set")
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False
-ALLOWED_HOSTS = os.environ.get("DJANGO_HELPDESK_ALLOWED_HOSTS", "*, localhost, 0.0.0.0").split(",")
+ALLOWED_HOSTS = os.environ.get(
    "DJANGO_HELPDESK_ALLOWED_HOSTS", "*, localhost, 0.0.0.0"
 ).split(",")
-SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "http")
-SESSION_COOKIE_SECURE = True
+SESSION_COOKIE_SECURE = False
-CSRF_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = False
 # Application definition
 INSTALLED_APPS = [
-    'django.contrib.admin',
+    "django.contrib.admin",
-    'django.contrib.auth',
+    "django.contrib.auth",
-    'django.contrib.contenttypes',
+    "django.contrib.contenttypes",
-    'django.contrib.sessions',
+    "django.contrib.sessions",
-    'django.contrib.messages',
+    "django.contrib.messages",
-    'django.contrib.staticfiles',
+    "django.contrib.staticfiles",
-    'django.contrib.sites',
+    "django.contrib.sites",
-    'django.contrib.humanize',
+    "django.contrib.humanize",
-    'bootstrap4form',
+    "bootstrap4form",
-    'account',  # Required by pinax-teams
+    "account",  # Required by pinax-teams
-    'pinax.invitations',  # required by pinax-teams
+    "pinax.invitations",  # required by pinax-teams
-    'pinax.teams',  # team support
+    "pinax.teams",  # team support
-    'reversion',  # required by pinax-teams
+    "reversion",  # required by pinax-teams
-    'helpdesk',  # This is us!
+    "helpdesk",  # This is us!
-    'rest_framework',  # required for the API
+    "rest_framework",  # required for the API
 ]
 MIDDLEWARE = [
-    'django.middleware.security.SecurityMiddleware',
+    "django.middleware.security.SecurityMiddleware",
-    'django.contrib.sessions.middleware.SessionMiddleware',
+    "django.contrib.sessions.middleware.SessionMiddleware",
-    'django.middleware.common.CommonMiddleware',
+    "django.middleware.common.CommonMiddleware",
-    'django.middleware.csrf.CsrfViewMiddleware',
+    # "django.middleware.csrf.CsrfViewMiddleware",
-    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
-    'django.contrib.messages.middleware.MessageMiddleware',
+    "django.contrib.messages.middleware.MessageMiddleware",
-    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "whitenoise.middleware.WhiteNoiseMiddleware",
 ]
-ROOT_URLCONF = 'standalone.config.urls'
+ROOT_URLCONF = "standalone.config.urls"
 TEMPLATES = [
    {
-        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        "BACKEND": "django.template.backends.django.DjangoTemplates",
-        'DIRS': [],
+        "DIRS": [],
-        'APP_DIRS': True,
+        "APP_DIRS": True,
-        'OPTIONS': {
+        "OPTIONS": {
-            'debug': True,
+            "debug": True,
-            'context_processors': [
+            "context_processors": [
-                'django.template.context_processors.debug',
+                "django.template.context_processors.debug",
-                'django.template.context_processors.request',
+                "django.template.context_processors.request",
-                'django.contrib.auth.context_processors.auth',
+                "django.contrib.auth.context_processors.auth",
-                'django.contrib.messages.context_processors.messages',
+                "django.contrib.messages.context_processors.messages",
            ],
        },
    },
 ]
-WSGI_APPLICATION = 'standalone.config.wsgi.application'
+WSGI_APPLICATION = "standalone.config.wsgi.application"
 # django-helpdesk configuration settings
@ -94,44 +95,61 @@ WSGI_APPLICATION = 'standalone.config.wsgi.application'
 # Some common settings are below.
 HELPDESK_DEFAULT_SETTINGS = {
-    'use_email_as_submitter': os.environ.get('HELPDESK_USE_EMAIL_AS_SUBMITTER', 'True') == 'True',
+    "use_email_as_submitter": os.environ.get("HELPDESK_USE_EMAIL_AS_SUBMITTER", "True")
-    'email_on_ticket_assign': os.environ.get('HELPDESK_EMAIL_ON_TICKET_ASSIGN', 'True') == 'True',
+    == "True",
-    'email_on_ticket_change': os.environ.get('HELPDESK_EMAIL_ON_TICKET_CHANGE', 'True') == 'True',
+    "email_on_ticket_assign": os.environ.get("HELPDESK_EMAIL_ON_TICKET_ASSIGN", "True")
-    'login_view_ticketlist': os.environ.get('HELPDESK_LOGIN_VIEW_TICKETLIST', 'True') == 'True',
+    == "True",
-    'email_on_ticket_apichange': os.environ.get('HELPDESK_EMAIL_ON_TICKET_APICHANGE', 'True') == 'True',
+    "email_on_ticket_change": os.environ.get("HELPDESK_EMAIL_ON_TICKET_CHANGE", "True")
-    'preset_replies': os.environ.get('HELPDESK_PRESET_REPLIES', 'True') == 'True',
+    == "True",
-    'tickets_per_page': os.environ.get('HELPDESK_TICKETS_PER_PAGE', '25'),
+    "login_view_ticketlist": os.environ.get("HELPDESK_LOGIN_VIEW_TICKETLIST", "True")
    == "True",
    "email_on_ticket_apichange": os.environ.get(
        "HELPDESK_EMAIL_ON_TICKET_APICHANGE", "True"
    )
    == "True",
    "preset_replies": os.environ.get("HELPDESK_PRESET_REPLIES", "True") == "True",
    "tickets_per_page": os.environ.get("HELPDESK_TICKETS_PER_PAGE", "25"),
 }
 # Should the public web portal be enabled?
-HELPDESK_PUBLIC_ENABLED = os.environ.get('HELPDESK_PUBLIC_ENABLED', 'True') == 'True'
+HELPDESK_PUBLIC_ENABLED = os.environ.get("HELPDESK_PUBLIC_ENABLED", "True") == "True"
-HELPDESK_VIEW_A_TICKET_PUBLIC = os.environ.get('HELPDESK_VIEW_A_TICKET_PUBLIC', 'True') == 'True'
+HELPDESK_VIEW_A_TICKET_PUBLIC = (
-HELPDESK_SUBMIT_A_TICKET_PUBLIC = os.environ.get('HELPDESK_SUBMIT_A_TICKET_PUBLIC', 'True') == 'True'
+    os.environ.get("HELPDESK_VIEW_A_TICKET_PUBLIC", "True") == "True"
 )
 HELPDESK_SUBMIT_A_TICKET_PUBLIC = (
    os.environ.get("HELPDESK_SUBMIT_A_TICKET_PUBLIC", "True") == "True"
 )
 # Should the Knowledgebase be enabled?
-HELPDESK_KB_ENABLED = os.environ.get('HELPDESK_KB_ENABLED', 'True') == 'True'
+HELPDESK_KB_ENABLED = os.environ.get("HELPDESK_KB_ENABLED", "True") == "True"
-HELPDESK_TICKETS_TIMELINE_ENABLED = os.environ.get('HELPDESK_TICKETS_TIMELINE_ENABLED', 'True') == 'True'
+HELPDESK_TICKETS_TIMELINE_ENABLED = (
    os.environ.get("HELPDESK_TICKETS_TIMELINE_ENABLED", "True") == "True"
 )
 # Allow users to change their passwords
-HELPDESK_SHOW_CHANGE_PASSWORD = os.environ.get('HELPDESK_SHOW_CHANGE_PASSWORD', 'True') == 'True'
+HELPDESK_SHOW_CHANGE_PASSWORD = (
    os.environ.get("HELPDESK_SHOW_CHANGE_PASSWORD", "True") == "True"
 )
 # Instead of showing the public web portal first,
 # we can instead redirect users straight to the login page.
-HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT = os.environ.get('HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT', 'False') == 'True'
+HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT = (
-LOGIN_URL = 'helpdesk:login'
+    os.environ.get("HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT", "False") == "True"
-LOGIN_REDIRECT_URL = 'helpdesk:home'
+)
 LOGIN_URL = "helpdesk:login"
 LOGIN_REDIRECT_URL = "helpdesk:home"
 DATABASES = {
    # Setup postgress db with postgres as host and db name and read password from env var
-    'default': {
+    "default": {
-        'ENGINE': 'django.db.backends.postgresql',
+        "ENGINE": "django.db.backends.postgresql",
-        'NAME': os.environ.get('POSTGRES_DB', 'postgres'),
+        "NAME": os.environ.get("POSTGRES_DB", "postgres"),
-        'USER': os.environ.get('POSTGRES_USER', 'postgres'),
+        "USER": os.environ.get("POSTGRES_USER", "postgres"),
-        'PASSWORD': os.environ.get('POSTGRES_PASSWORD', 'postgres'),
+        "PASSWORD": os.environ.get("POSTGRES_PASSWORD", "postgres"),
-        'HOST': os.environ.get('POSTGRES_HOST', 'postgres'),
+        "HOST": os.environ.get("POSTGRES_HOST", "postgres"),
-        'PORT': os.environ.get('POSTGRES_PORT', '5432'),
+        "PORT": os.environ.get("POSTGRES_PORT", "5432"),
    }
 }
@ -155,16 +173,16 @@ SESSION_COOKIE_AGE = 86400  # = 1 day
 AUTH_PASSWORD_VALIDATORS = [
    {
-        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
    },
    {
-        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
    },
    {
-        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
    },
    {
-        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
    },
 ]
@ -173,21 +191,21 @@ AUTH_PASSWORD_VALIDATORS = [
 # This demo uses the console backend, which simply prints emails to the console
 # rather than actually sending them out.
-DEFAULT_FROM_EMAIL = os.environ.get('DEFAULT_FROM_EMAIL', 'example@example.com')
+DEFAULT_FROM_EMAIL = os.environ.get("DEFAULT_FROM_EMAIL", "example@example.com")
-SERVER_EMAIL = os.environ.get('SERVER_EMAIL', 'example@example.com')
+SERVER_EMAIL = os.environ.get("SERVER_EMAIL", "example@example.com")
-if os.environ.get('EMAIL_HOST', None):
+if os.environ.get("EMAIL_HOST", None):
-    EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+    EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
    try:
-        EMAIL_HOST = os.environ['EMAIL_HOST']
+        EMAIL_HOST = os.environ["EMAIL_HOST"]
    except KeyError:
-        raise ImproperlyConfigured('Please set the EMAIL_HOST environment variable.')
+        raise ImproperlyConfigured("Please set the EMAIL_HOST environment variable.")
    try:
-        EMAIL_PORT = os.environ['EMAIL_PORT']
+        EMAIL_PORT = os.environ["EMAIL_PORT"]
    except KeyError:
-        raise ImproperlyConfigured('Please set the EMAIL_PORT environment variable.')
+        raise ImproperlyConfigured("Please set the EMAIL_PORT environment variable.")
 else:
-    EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
 # Internationalization
 # https://docs.djangoproject.com/en/1.11/topics/i18n/
@ -196,9 +214,9 @@ else:
 # The most complete translations are: es-MX, ru, zh-Hans
 # Contribute to our translations via Transifex if you can!
 # See CONTRIBUTING.rst for more info.
-LANGUAGE_CODE = 'en-US'
+LANGUAGE_CODE = "en-US"
-TIME_ZONE = 'UTC'
+TIME_ZONE = "UTC"
 USE_I18N = True
@ -214,32 +232,34 @@ def normpath(*args):
 PROJECT_ROOT = normpath(__file__, "..", "..")
-STATIC_ROOT = os.environ.get("DJANGO_HELPDESK_STATIC_ROOT", normpath(PROJECT_ROOT, "static"))
+STATIC_ROOT = os.environ.get(
    "DJANGO_HELPDESK_STATIC_ROOT", normpath(PROJECT_ROOT, "static")
 )
 STATIC_URL = os.environ.get("DJANGO_HELPDESK_STATIC_URL", "/static/")
 # MEDIA_ROOT is where media uploads are stored.
 # We set this to a directory to host file attachments created
 # with tickets.
-MEDIA_URL = '/media/'
+MEDIA_URL = "/media/"
-MEDIA_ROOT = '/data/media'
+MEDIA_ROOT = "/data/media"
 # for Django 3.2+, set default for autofields:
-DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
+DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
 LOGGING = {
-    'version': 1,
+    "version": 1,
-    'disable_existing_loggers': False,
+    "disable_existing_loggers": False,
-    'handlers': {
+    "handlers": {
-        'console': {
+        "console": {
-            'class': 'logging.StreamHandler',
+            "class": "logging.StreamHandler",
        },
    },
-    'loggers': {
+    "loggers": {
-        'django': {
+        "django": {
-            'handlers': ['console'],
+            "handlers": ["console"],
-            'level': 'ERROR',  # Change to 'DEBUG' if you want to print all debug messages as well
+            "level": "ERROR",  # Change to 'DEBUG' if you want to print all debug messages as well
-            'propagate': True,
+            "propagate": True,
        },
    },
 }