mirror of
https://github.com/eitchtee/WYGIWYH.git
synced 2026-07-04 20:11:45 +02:00
4273c541c5
- Personal API tokens (model, user-settings UI, admin, management command, DRF auth class) for non-interactive API access from automations like n8n. Raw token shown once; only a SHA-256 hash is stored; last_used_at writes are throttled. - OAuth2 authorization server via django-oauth-toolkit with authorization server metadata and optional, off-by-default Dynamic Client Registration (RFC 7591), so remote OAuth/MCP clients can authenticate and self-register. - Tests for token auth, DCR gating and the management commands, plus .env.example and README documentation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
59 lines
2.2 KiB
Bash
59 lines
2.2 KiB
Bash
SERVER_NAME=wygiwyh_server
|
|
DB_NAME=wygiwyh_pg
|
|
|
|
TZ=UTC # Change to your timezone. This only affects some async tasks.
|
|
|
|
DEBUG=false
|
|
URL = https://...
|
|
HTTPS_ENABLED=true
|
|
SECRET_KEY=<GENERATE A SAFE SECRET KEY AND PLACE IT HERE>
|
|
DJANGO_ALLOWED_HOSTS=localhost 127.0.0.1 [::1]
|
|
OUTBOUND_PORT=9005
|
|
|
|
# Uncomment these variables to automatically create an admin account using these credentials on startup.
|
|
# After your first successfull login you can remove these variables from your file for safety reasons.
|
|
#ADMIN_EMAIL=<ENTER YOUR EMAIL>
|
|
#ADMIN_PASSWORD=<YOUR SAFE PASSWORD>
|
|
|
|
SQL_DATABASE=wygiwyh
|
|
SQL_USER=wygiwyh
|
|
SQL_PASSWORD=<INSERT A SAFE PASSWORD HERE>
|
|
SQL_HOST=${DB_NAME}
|
|
SQL_PORT=5432
|
|
|
|
# Gunicorn
|
|
WEB_CONCURRENCY=4
|
|
|
|
# App Configs
|
|
# Enable this if you want to keep deleted transactions in the database
|
|
ENABLE_SOFT_DELETE=false
|
|
# If ENABLE_SOFT_DELETE is true, transactions deleted for more than KEEP_DELETED_TRANSACTIONS_FOR days will be truly deleted. Set to 0 to keep all.
|
|
KEEP_DELETED_TRANSACTIONS_FOR=365
|
|
|
|
TASK_WORKERS=1 # This only work if you're using the single container option. Increase to have more open queues via procrastinate, you probably don't need to increase this.
|
|
|
|
# OIDC Configuration. Uncomment the lines below if you want to add OIDC login to your instance
|
|
#OIDC_CLIENT_NAME=""
|
|
#OIDC_CLIENT_ID=""
|
|
#OIDC_CLIENT_SECRET=""
|
|
#OIDC_SERVER_URL=""
|
|
#OIDC_ALLOW_SIGNUP=true
|
|
|
|
# Personal access tokens. How often (seconds) a token's last_used_at is rewritten.
|
|
#API_TOKEN_LAST_USED_UPDATE_INTERVAL=600
|
|
|
|
# MCP OAuth Application. Uncomment to auto-create/update the OAuth client
|
|
# used by remote MCP integrations after migrations complete.
|
|
#MCP_OAUTH_CLIENT_NAME="WYGIWYH MCP"
|
|
#MCP_OAUTH_CLIENT_ID="mcp-wygiwyh"
|
|
#MCP_OAUTH_CLIENT_SECRET="<INSERT A SAFE SECRET HERE>"
|
|
#MCP_OAUTH_REDIRECT_URIS="http://127.0.0.1:8765/callback"
|
|
#MCP_OAUTH_SKIP_AUTHORIZATION=false
|
|
|
|
# Dynamic Client Registration (RFC 7591). Disabled by default because an open
|
|
# registration endpoint lets anyone create OAuth applications. Enable only if
|
|
# remote MCP clients must self-register, and optionally require an initial
|
|
# access token (sent as "Authorization: Bearer <token>" on /oauth/register/).
|
|
#OAUTH2_DCR_ENABLED=false
|
|
#OAUTH2_DCR_INITIAL_ACCESS_TOKEN=""
|