2025-06-14 13:39:37 +00:00
|
|
|
from datetime import timedelta
|
2026-02-07 20:19:57 +00:00
|
|
|
import logging
|
2026-02-07 00:34:47 +00:00
|
|
|
import os
|
2025-06-14 13:39:37 +00:00
|
|
|
|
|
|
|
|
|
2026-02-07 20:19:57 +00:00
|
|
|
_logger = logging.getLogger(__name__)
|
|
|
|
|
|
2025-06-14 13:39:37 +00:00
|
|
|
# Authentik OIDC Configuration
|
2026-02-07 20:19:57 +00:00
|
|
|
AUTHENTIK_URL = os.getenv("AUTHENTIK_URL", "https://authentik.viktorbarzin.me")
|
|
|
|
|
OIDC_CLIENT_ID = os.getenv("OIDC_CLIENT_ID", "5AJKRgcdgVm1OyApBzFkadDFfStW9a555zwv2MOe")
|
2025-06-14 13:39:37 +00:00
|
|
|
OIDC_METADATA_URL = (
|
|
|
|
|
f"{AUTHENTIK_URL}/application/o/wrongmove/.well-known/openid-configuration"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
OIDC_CACHE_TTL = timedelta(
|
|
|
|
|
hours=1
|
|
|
|
|
).total_seconds() # Cache to avoid spamming authentik with requests
|
|
|
|
|
|
2026-02-06 23:44:50 +00:00
|
|
|
DEV_TIER_ORIGINS = ["https://localhost/"]
|
2025-06-14 13:39:37 +00:00
|
|
|
PROD_TIER_ORIGINS = ["https://wrongmove.viktorbarzin.me/"]
|
2026-02-07 00:34:47 +00:00
|
|
|
|
|
|
|
|
# WebAuthn / Passkey Configuration
|
|
|
|
|
WEBAUTHN_RP_ID = os.getenv("WEBAUTHN_RP_ID", "localhost")
|
|
|
|
|
WEBAUTHN_RP_NAME = os.getenv("WEBAUTHN_RP_NAME", "Wrongmove")
|
|
|
|
|
WEBAUTHN_ORIGIN = os.getenv("WEBAUTHN_ORIGIN", "https://localhost")
|
|
|
|
|
|
|
|
|
|
# JWT Configuration (for passkey-issued tokens)
|
|
|
|
|
JWT_SECRET = os.getenv("JWT_SECRET", "change-me-in-production")
|
2026-02-07 20:19:57 +00:00
|
|
|
if JWT_SECRET == "change-me-in-production":
|
|
|
|
|
_logger.warning("JWT_SECRET is using the default value. Set JWT_SECRET env var in production.")
|
2026-02-07 00:34:47 +00:00
|
|
|
JWT_ALGORITHM = os.getenv("JWT_ALGORITHM", "HS256")
|
|
|
|
|
JWT_EXPIRATION_HOURS = int(os.getenv("JWT_EXPIRATION_HOURS", "24"))
|
|
|
|
|
JWT_ISSUER = os.getenv("JWT_ISSUER", "wrongmove")
|
