Skip to content

Commit

Permalink
make code prettier and apply timons oppinions
Browse files Browse the repository at this point in the history
  • Loading branch information
@lilioid
lilioid committed Feb 8, 2024
1 parent d916fd7 commit 9ee3a44
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 17 deletions.
24 changes: 12 additions & 12 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,15 +57,15 @@ pipenv shell

The application is configured at runtime via the following environment variables:

| Name | Default | Description | Notes |
|-------------------------|------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| VW_DB | *required* | Url that specifies the complete database connection. [Documentation](https://pypi.org/project/dj-database-url/) | In container based deployments this preconfigured to point to `/app/data/db.sqlite` |
| VW_SECRET_KEY | *required* | Django secret key. **Keep this secret!** | |
| VW_ALLOWED_HOSTS | *required* | List of hostnames which may be used when accessing the application. | |
| VW_SERVED_OVER_HTTPS | `false` | Whether the application is served over HTTPS. If enabled, automatic redirects and additional security measures are activated. | |
| VW_HSTS_SECONDS | `63072000` | If larger than 0 and `BL_SERVED_OVER_HTTPS` is true, HSTS is enabled with this configured value. | |
| VW_TRUST_REVERSE_PROXY | `false` | If true, headers set by a reverse proxy (i.e. `X-Forwarded-Proto`) are trusted. | |
| VW_ENABLE_METRICS | `false` | If true, enable metric exporting via OpenTelemetry. | See the [Opentelemetry Docs](https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/) on how to configure the exporter i.e. to which collector it exports. |
| VW_OPENID_CLIENT_ID | *required* | Mafiasi-Identity client ID. Used for authentication | |
| VW_OPENID_CLIENT_SECRET | *required* | Mafiasi-Identity client secret. Used for authentication | |
| VW_ALLOWED_METRICS_IPS | `127.0.0.0/8`, `::/64` | List of IP networks which are allowed to access the /metrics endpoint | |
| Name | Default | Description | Notes |
|--------------------------|------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| VW_DB | *required* | Url that specifies the complete database connection. [Documentation](https://pypi.org/project/dj-database-url/) | In container based deployments this preconfigured to point to `/app/data/db.sqlite` |
| VW_SECRET_KEY | *required* | Django secret key. **Keep this secret!** | |
| VW_ALLOWED_HOSTS | *required* | List of hostnames which may be used when accessing the application. | |
| VW_SERVED_OVER_HTTPS | `false` | Whether the application is served over HTTPS. If enabled, automatic redirects and additional security measures are activated. | |
| VW_HSTS_SECONDS | `63072000` | If larger than 0 and `BL_SERVED_OVER_HTTPS` is true, HSTS is enabled with this configured value. | |
| VW_TRUST_REVERSE_PROXY | `false` | If true, headers set by a reverse proxy (i.e. `X-Forwarded-Proto`) are trusted. | |
| VW_ENABLE_METRICS | `false` | If true, enable metric exporting via OpenTelemetry. | See the [Opentelemetry Docs](https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/) on how to configure the exporter i.e. to which collector it exports. |
| VW_OPENID_CLIENT_ID | *required* | Mafiasi-Identity client ID. Used for authentication | |
| VW_OPENID_CLIENT_SECRET | *required* | Mafiasi-Identity client secret. Used for authentication | |
| VW_ALLOWED_METRICS_NETS | `127.0.0.0/8`, `::/64` | List of IP networks which are allowed to access the /metrics endpoint | |
6 changes: 3 additions & 3 deletions src/vinywaji/metrics/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,17 @@ class PrometheusMetricsView(View):
def is_allowed(self, request: HttpRequest) -> bool:
"""Whether the requestor is allowed to access this view"""
if settings.TRUST_REVERSE_PROXY and "HTTP_X_FORWARDED_FOR" in request.META.keys():
x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
x_forwarded_for = request.META["HTTP_X_FORWARDED_FOR"]
remote_ip = ip_address(x_forwarded_for.split(",")[0])
else:
remote_ip = ip_address(request.META["REMOTE_ADDR"])

return any(remote_ip in net for net in settings.ALLOWED_METRICS_IPS)
return any(remote_ip in net for net in settings.ALLOWED_METRICS_NETS)

def get(self, request: HttpRequest) -> HttpResponse:
if not self.is_allowed(request):
return HttpResponse(status=HTTPStatus.FORBIDDEN)

(encode, content_type) = prometheus_client.exposition.choose_encoder(request.META["HTTP_ACCEPT"])
encode, content_type = prometheus_client.exposition.choose_encoder(request.META["HTTP_ACCEPT"])
content = encode(REGISTRY)
return HttpResponse(status=HTTPStatus.OK, content=content, content_type=content_type)
4 changes: 2 additions & 2 deletions src/vinywaji/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@
TRUST_REVERSE_PROXY = env.bool("VW_TRUST_REVERSE_PROXY", default=False)
SECRET_KEY = env.str("VW_SECRET_KEY")
ALLOWED_HOSTS = env.list("VW_ALLOWED_HOSTS")
ALLOWED_METRICS_IPS = [
ip_network(i) for i in env.list("VW_ALLOWED_METRICS_IPS", default=["127.0.0.0/8", "::/64"])
ALLOWED_METRICS_NETS = [
ip_network(i) for i in env.list("VW_ALLOWED_METRICS_NETS", default=["127.0.0.0/8", "::/64"])
]

DATABASES = {"default": env.dj_db_url("VW_DB")}
Expand Down

0 comments on commit 9ee3a44

Please sign in to comment.