From 409037bdf34742a1eee9b77cc50c5670035d6163 Mon Sep 17 00:00:00 2001 From: Philip Sargent Date: Mon, 5 Apr 2021 14:01:15 +0100 Subject: [PATCH] tiny tidyings --- core/models.py | 7 ++- core/views/other.py | 6 +-- core/views/statistics.py | 2 +- debian/wookey-exposerver-recipe.txt | 84 +++++++++++++++++++++++++++++ docker/README.md | 3 ++ parsers/caves.py | 2 +- security-warnings.txt | 8 +-- settings.py | 4 +- urls.py | 1 + 9 files changed, 105 insertions(+), 12 deletions(-) create mode 100644 debian/wookey-exposerver-recipe.txt diff --git a/core/models.py b/core/models.py index 9fa7cec..8082d6e 100644 --- a/core/models.py +++ b/core/models.py @@ -25,10 +25,15 @@ import troggle.core.models_survex """This file declares TroggleModel which inherits from django.db.models.Model All TroggleModel subclasses inherit persistence in the django relational database. This is known as -the django Object Relkational Mapping (ORM). +the django Object Relational Mapping (ORM). There are more subclasses define in models_caves.py models_survex.py etc. """ +# This variable is a dictionary holding gloablly visible indexes and cache functions. +# It is a Global Object, see https://python-patterns.guide/python/module-globals/ +# troggle.models.TROG +TROG = {} + def get_process_memory(): usage=resource.getrusage(resource.RUSAGE_SELF) return usage[2]/1024.0 diff --git a/core/views/other.py b/core/views/other.py index 1985096..4f53ead 100644 --- a/core/views/other.py +++ b/core/views/other.py @@ -14,7 +14,7 @@ from troggle.core.models_caves import LogbookEntry, QM, Cave, PersonTrip from .login import login_required_if_public from troggle.core.forms import UploadFileForm -print("** importing troggle/core/views.other.py") +print("** importing troggle/core/views/other.py") """Utility functions and code to serve the control panel and individual user's progress and task list (deprecated as we do not have individual user login). @@ -140,7 +140,7 @@ def ajax_QM_number(request): return HttpResponse(res) -print(" - newFile() is next in troggle/core/views.other.py") +#print(" - newFile() is next in troggle/core/views/other.py") @login_required_if_public def newFile(request, pslug = None): @@ -194,4 +194,4 @@ def delFile(f): lbe.delete() os.remove(lbe.filename) -print("** Finished importing troggle/core/views.other.py") \ No newline at end of file +print("** Finished importing troggle/core/views/other.py") \ No newline at end of file diff --git a/core/views/statistics.py b/core/views/statistics.py index 9d5cd16..1f11bed 100644 --- a/core/views/statistics.py +++ b/core/views/statistics.py @@ -61,7 +61,7 @@ def pathsreport(request): pathstype = { # "BOGUS" : type(settings.BOGUS), "JSLIB_URL" : type(settings.JSLIB_URL), - "JSLIB_ROOT" : str( settings.JSLIB_ROOT), + "JSLIB_ROOT" : type( settings.JSLIB_ROOT), # "CSSLIB_URL" : type(settings.CSSLIB_URL), "CAVEDESCRIPTIONS" : type(settings.CAVEDESCRIPTIONS), "DIR_ROOT" : type(settings.DIR_ROOT), diff --git a/debian/wookey-exposerver-recipe.txt b/debian/wookey-exposerver-recipe.txt new file mode 100644 index 0000000..f548060 --- /dev/null +++ b/debian/wookey-exposerver-recipe.txt @@ -0,0 +1,84 @@ +adduser expo +apt install openssh-server mosh tmux mc zile emacs-nox mc most ncdu +apt install python-django apache2 mysql-server survex make rsync +apt install libjs-openlayers make +apt install git mercurial mercurial-server? + +for boe: +apt install libcgi-session-perl libcrypt-passwdmd5-perl libfile-slurp-perl libgit-wrapper-perl libhtml-template-perl libhtml-template-pro-perl libmime-lite-perl libtext-password-pronounceable-perl libtime-parsedate-perl libuuid-tiny-perl libcrypt-cracklib-perl + +apt install ufraw for PEF image decoding. +sudo apt install python-django python-django-registration e fonts-freefont-ttf libapache2-mod-wsgi python3-gdbm +# sudo apt install python-django-imagekit python-django-tinymc + +obsolete-packages: bins (move to jigl?) + older python-django? +backports: survex therion +not-packaged: caveview + + +make these dirs available at top documentroot: +cuccfiles +expofiles +loser +tunneldata +troggle +expoweb +boc/boe + +config +containing: + +setup apache configs for cucc and expo +#disable default website +a2dissite 000-default +a2ensite cucc +a2ensite expo +a2enmod cgid + + +Boe config: +Alias /boe /home/expo/boe/boc/boc.pl + + AddHandler cgi-script .pl + SetHandler cgi-script + Options +ExecCGI + Require all granted + +And remember to set both program and data dir to be +www-data:www-data +(optionally make file group read/write by treasurer account) +create empty repo by clicking create in boe interface +then set names in 'settings' + +Set up mysql (as root) +mysql -p +CREATE DATABASE troggle; +GRANT ALL PRIVILEGES ON troggle.* TO 'expo'@'localhost' IDENTIFIED BY 'somepassword'; + +install django: +sudo apt install python-django python-django-registration python-django-imagekit python-django-tinymce fonts-freefont-ttf libapache2-mod-wsgi + +python-django-imagekit comes from https://salsa.debian.org/python-team/modules/python-django-imagekit +python-django-tinymce comes from https://salsa.debian.org/python-team/modules/python-django-tinymce + +need fonts-freefont-ttf (to have truetype freesans available for troggle via PIL) +need libapache2-mod-wsgi for apache wsgi support. + +On stretch the django 1.10 is no use so get rid of that: +apt remove python3-django python-django python-django-common python-django-doc + +Then replace with django 1.7 (Needs to be built for stretch) +apt install python-django python-django-common python-django-doc +apt install python-django-registration python-django-imagekit python-django-tinymce + +then hold them to stop them being upgraded by unattended upgrades: +echo "python-django hold" | sudo dpkg --set-selections +echo "python-django-common hold" | sudo dpkg --set-selections +echo "python-django-doc hold" | sudo dpkg --set-selections + +Optimizing server +I've tweaked the apache and mysql settings to make them a bit more suitable for a small machine. Seems to have shaved 200MB or so off the idling footprint. +https://www.narga.net/optimizing-apachephpmysql-low-memory-server/ + +(just discovered 'ab' for running apache performance tests - handy). diff --git a/docker/README.md b/docker/README.md index 86028fd..25ce966 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,5 +1,8 @@ # Running troggle on Docker +These notes written by Sam Wenham in Feb., 2019. +These all pre-date the move to python3, later versions of Django (1.11.+) and debian. + ## Install First you need to install - [docker-ce](https://docs.docker.com/install/) diff --git a/parsers/caves.py b/parsers/caves.py index ced0aea..bfb51d6 100644 --- a/parsers/caves.py +++ b/parsers/caves.py @@ -48,7 +48,7 @@ def readcaves(): try: # Now create a slug ID cs = models_caves.CaveSlug.objects.update_or_create(cave = cave, - slug = "PENDING-" + k, + slug = "TEMP-" + k, primary = False) except: message = " ! {:11s} {} PENDING cave slug create failure".format(k) diff --git a/security-warnings.txt b/security-warnings.txt index 4b489c0..6c90561 100644 --- a/security-warnings.txt +++ b/security-warnings.txt @@ -1,10 +1,10 @@ System check identified some issues: WARNINGS: -?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE_CLASSES so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect. -?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. -?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE_CLASSES, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token. +?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect. +?: (security.W002) You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks. +?: (security.W003) You don't appear to be using Django's built-in cross-site request forgery protection via the middleware ('django.middleware.csrf.CsrfViewMiddleware' is not in your MIDDLEWARE). Enabling the middleware is the safest approach to ensure you don't leave any holes. +?: (security.W010) You have 'django.contrib.sessions' in your INSTALLED_APPS, but you have not set SESSION_COOKIE_SECURE to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. ?: (security.W018) You should not have DEBUG set to True in deployment. -?: (security.W019) You have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE_CLASSES, but X_FRAME_OPTIONS is not set to 'DENY'. The default is 'SAMEORIGIN', but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'. System check identified 5 issues (0 silenced). diff --git a/settings.py b/settings.py index f42e8eb..8c27be8 100644 --- a/settings.py +++ b/settings.py @@ -2,10 +2,10 @@ Django settings for troggle project. For more information on this file, see -https://docs.djangoproject.com/en/1.7/topics/settings/ +https://docs.djangoproject.com/en/dev/topics/settings/ For the full list of settings and their values, see -https://docs.djangoproject.com/en/1.7/ref/settings/ +https://docs.djangoproject.com/en/dev/ref/settings/ """ #Imports should be grouped in the following order: diff --git a/urls.py b/urls.py index d274bb1..505fa5d 100644 --- a/urls.py +++ b/urls.py @@ -120,6 +120,7 @@ trogglepatterns = [ url(r'^survexfile/(?P.*?)\.err$', survex.err), url(r'^survexfile/caves/$', survex.survexcaveslist, name="survexcaveslist"), + url(r'^survexfile/caves$', survex.survexcaveslist, name="survexcaveslist"), # auto slash not working url(r'^survexfile/(?P.*)$', survex.survexcavesingle, name="survexcavessingle"), url(r'^survey_scans/$', surveys.surveyscansfolders, name="surveyscansfolders"),