-
Notifications
You must be signed in to change notification settings - Fork 0
/
bepasty.conf
127 lines (113 loc) · 4.91 KB
/
bepasty.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
## /home/bepasty/bepasty.conf
#: name of this site (put YOUR bepasty fqdn here)
SITENAME = 'bepasty.example.org'
#: base URL path of app (if not served on root URL, but e.g. on http://example.org/bepasty ).
#: setting this to a non-None value will activate the PrefixMiddleware that splits PATH_INFO
#: into SCRIPT_NAME (== APP_BASE_PATH) and the rest of PATH_INFO.
APP_BASE_PATH = None # '/bepasty'
#: Whether files are automatically locked after upload.
#:
#: If you want to require admin approval and manual unlocking for each
#: uploaded file, set this to True.
UPLOAD_LOCKED = False
#: The asciinema player theme (one of asciinema, tango, solarized-dark,
#: solarized-light, monokai)
ASCIINEMA_THEME = 'asciinema'
#: The site admin can set some maximum allowed file size he wants to
#: accept here. This is the maximum size an uploaded file may have.
MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000 * 1000
#: The maximum http request body size.
#: This is an information given to rest api clients so they can adjust
#: their chunk size accordingly.
#:
#: This needs to be in sync with (or at least not beyond) the web server
#: settings:
#: apache: LimitRequestBody 1048576 # apache default is 0 (unlimited)
#: nginx: client_max_body_size 1m; # nginx default (== 1048576)
MAX_BODY_SIZE = 1 * 1024 * 1024 - 8192 # 8kiB safety margin, issue #155
#: Setup maximum file sizes for specific content-types. If an item is
#: beyond the limit set for its type, it will not be rendered, but just
#: offered for download. Lookup within MAX_RENDER_SIZE is done by
#: first-match and it is automatically sorted for longer content-type-
#: prefixes first.
#:
#: Format of entries: content-type-prefix: max_size
MAX_RENDER_SIZE = {
# each list entry has 38 bytes, do not render > 1000 items
'text/x-bepasty-list': 1000 * 38,
# stuff rendered with syntax highlighting (expensive for server and
# client) and also used for other text/* types as we use same code to
# get a (non-highlighted) display with line numbers:
'HIGHLIGHT_TYPES': 100 * 1000,
# the in-browser pdf reader is sometimes rather slow and should
# rather not be used for big PDFs:
'application/pdf': 10 * 1000 * 1000,
'application/x-pdf': 10 * 1000 * 1000,
# images / audio / video can be rather big, we do not process them:
'image/': 10 * 1000 * 1000,
'audio/': 1 * 1000 * 1000 * 1000,
'video/': 5 * 1000 * 1000 * 1000,
# DEFAULT - matches everything not matched otherwise.
# As we have catched everything we are able to render already,
# this maybe should be a medium size, just for the case we forget
# something:
'': 1 * 1000 * 1000,
}
# Whether to use the python-magic module to guess a file's mime
# type by looking into its content (if the mime type can not be
# determined from the filename extension).
# NOTE:
# libmagic may have security issues, so maybe you should only use
# it if you trust all users with upload permissions ('create').
USE_PYTHON_MAGIC = False
#: Define storage backend, choose from:
#:
#: - 'filesystem'
#:
STORAGE = 'filesystem'
#: Filesystem storage path
STORAGE_FILESYSTEM_DIRECTORY = '/srv/bepasty/storage/'
#: server secret key needed for safe session cookies.
#: you must set a very long, very random, very secret string here,
#: otherwise bepasty will not work (and crash when trying to log in)!
SECRET_KEY = ''
#: transmit cookie only over https (if you use http, set this to False)
SESSION_COOKIE_SECURE = False
#: use a permanent session (True, cookie will expire after the given
#: time, see below) or not (False, cookie will get removed when browser
#: is closed)
PERMANENT_SESSION = False
#: lifetime of the permanent session (in seconds)
PERMANENT_SESSION_LIFETIME = 31 * 24 * 3600
#: Bepasty does **not** use the usual user/password scheme, but **only**
#: uses passwords (or passphrases - we'll call both "a secret" below) as
#: log-in credentials - there are no separate user names.
#:
#: People who log-in using such a secret may get more permissions than
#: those who do not log-in (who just get DEFAULT_PERMISSIONS).
#:
#: Depending on the secret used to log-in, they will get the permissions
#: configured here, see below.
#:
#: You can use same secret / same permissions for all privileged users or
#: set up different secrets / different permissions for each user.
#:
#: If you want to be able to revoke permissions for some user / some group
#: of users, it might be a good idea to remember to whom you gave which
#: secret (and also handle it in a rather fine-grained way).
#:
#: PERMISSIONS is a dict that maps secrets to permissions, use it like:
#:
#: ::
#:
#: PERMISSIONS = {
#: 'myadminsecret_1.21d-3!wdar34': 'admin,list,create,modify,read,delete',
#: 'uploadersecret_rtghtrbrrrfsd': 'create,read',
#: 'joe_doe_89359299887711335537': 'create,read,delete',
#: }
PERMISSIONS = {
# 'foo': 'admin,list,create,modify,read,delete',
}
#: not-logged-in users get these permissions -
#: usually they are either no permissions ('') or read-only ('read').
DEFAULT_PERMISSIONS = 'admin,list,create,modify,read,delete'