website: updating settings file

[OchiengPaul442]

Description

• Updated Settings file

Summary by CodeRabbit

• New Features

  • Introduced enhanced configuration management for file uploads, SSL settings, and logging.
  • Added new settings for maximum memory sizes for uploads and secure proxy configurations.

• Bug Fixes

  • Modified CORS handling to ensure proper management of origins.

• Chores

  • Updated Gunicorn server startup command to use a fixed number of workers.

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

The pull request introduces significant updates to the settings.py file in a Django project, enhancing configuration management. Key changes include the renaming of the "Applications" section to "Installed Apps," modifications to CORS settings, and the addition of new variables for file upload and SSL settings. A comprehensive logging configuration is also established, directing logs to both console and file outputs. Additionally, the entrypoint.sh script is modified to set a fixed number of Gunicorn workers, simplifying server startup.

Changes

File Path	Change Summary
src/website/core/settings.py	- Renamed "Applications" to "Installed Apps". - Modified CORS settings to remove trailing slashes. - Added FILE_UPLOAD_MAX_MEMORY_SIZE, DATA_UPLOAD_MAX_MEMORY_SIZE, SECURE_PROXY_SSL_HEADER, USE_X_FORWARDED_HOST, LOG_DIR, and LOGGING configurations for file uploads and logging management.
src/website/entrypoint.sh	- Changed Gunicorn startup command to use a fixed value of 3 workers instead of a variable.

Possibly related PRs

• website-backend: update static files url #3906: Modifies the STATIC_URL variable in src/website/core/settings.py, related to overall configuration management enhancements.
• website-backend: Authenticaton added for staff and non AirQo members (API docs) #3908: Updates the STATIC_URL and introduces new settings for media files, connecting to configuration management changes.
• website: Allowed CSRF Update #4029: Updates DATA_UPLOAD_MAX_MEMORY_SIZE and FILE_UPLOAD_MAX_MEMORY_SIZE, directly relating to new file upload settings.
• website: updates to settings and events model #4033: Enhances environment variable handling and application settings, aligning with configuration management improvements.

Suggested reviewers

• Baalmart

🌟 In the realm of code, where settings align,
New uploads and logs, all neatly defined.
With workers set firm, and CORS now refined,
A Django delight, in structure we find!
Cheers to the changes, let’s celebrate this time! 🎉

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between ef2bcce and fff0667.

📒 Files selected for processing (2)

• src/website/core/settings.py (3 hunks)
• src/website/entrypoint.sh (1 hunks)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Experiment)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 11.73%. Comparing base (18f06ad) to head (fff0667).
Report is 38 commits behind head on staging.

Additional details and impacted files

@@           Coverage Diff            @@
##           staging    #4035   +/-   ##
========================================
  Coverage    11.73%   11.73%           
========================================
  Files          114      114           
  Lines        15331    15372   +41     
  Branches       319      319           
========================================
+ Hits          1799     1804    +5     
- Misses       13532    13568   +36     

see 1 file with indirect coverage changes

[coderabbitai]

Actionable comments posted: 6

🧹 Outside diff range and nitpick comments (1)

src/website/core/settings.py (1)

275-280: Adding file upload size limits enhances security

Setting FILE_UPLOAD_MAX_MEMORY_SIZE and DATA_UPLOAD_MAX_MEMORY_SIZE to 10 MB imposes reasonable limits on upload sizes, which helps prevent potential denial-of-service attacks from excessively large uploads.

Consider making upload size limits configurable

For greater flexibility across different environments, consider sourcing these upload size limits from environment variables. This allows for easy adjustments without modifying the codebase.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 6dbfb84 and a0e0c4c.

📒 Files selected for processing (2)

• src/website/core/settings.py (3 hunks)
• src/website/entrypoint.sh (1 hunks)

🧰 Additional context used

🪛 Shellcheck (0.10.0)

src/website/entrypoint.sh

[warning] 9-9: child is referenced but not assigned.

(SC2154)

---

[warning] 13-13: In POSIX sh, prefixing signal names with 'SIG' is undefined.

(SC3048)

🔇 Additional comments (2)

src/website/core/settings.py (2)

58-58: Clearer section heading for installed apps

Renaming the comment to Installed Apps improves clarity and aligns with Django's standard terminology.

---

118-122: Consistent handling of trailing slashes in origins

The addition of code to strip trailing slashes from CORS_ALLOWED_ORIGINS, CORS_ALLOWED_ORIGIN_REGEXES, and CSRF_TRUSTED_ORIGINS ensures consistency and prevents potential issues caused by mismatched URLs due to trailing slashes. This is a thoughtful improvement.

[coderabbitai]

🛠️ Refactor suggestion

Ensure SSL and proxy settings align with deployment environment

Enabling SECURE_PROXY_SSL_HEADER and USE_X_FORWARDED_HOST is appropriate when the application is behind a reverse proxy that sets the X-Forwarded-Proto header, such as Nginx. If this isn't always the case, consider making these settings conditional based on an environment variable to prevent potential misconfigurations in other environments.

[coderabbitai]

🛠️ Refactor suggestion

Avoid side effects in settings.py by removing directory creation

Creating directories within settings.py can lead to unintended side effects since settings are imported at various points during the application's lifecycle. It's recommended to avoid I/O operations in settings files. Consider removing LOG_DIR.mkdir(exist_ok=True) and ensuring that the log directory is created during the application's startup sequence or via deployment scripts.

[coderabbitai]

🛠️ Refactor suggestion

Ensure consistent log directory paths across the application

The logs directory is being created at /app/logs, whereas in settings.py, it is defined as BASE_DIR / 'logs'. Depending on how BASE_DIR is resolved, these might point to different locations, potentially causing confusion or missing logs. Verify that both paths refer to the same directory, and consider centralizing the log directory path definition.

[coderabbitai]

⚠️ Potential issue

Correct signal name in trap command for POSIX compliance

In POSIX sh, signal names should not include the SIG prefix. Update the trap command to use TERM instead of SIGTERM to ensure proper signal trapping.

Apply this change:

-trap _term SIGTERM
+trap _term TERM

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	trap _term SIGTERM
	trap _term TERM

🧰 Tools

🪛 Shellcheck (0.10.0)

[warning] 13-13: In POSIX sh, prefixing signal names with 'SIG' is undefined.

(SC3048)

[coderabbitai]

⚠️ Potential issue

Assign the child process ID to enable graceful shutdown

The variable $child is referenced in the _term function but hasn't been assigned. Without capturing the Gunicorn process ID, the script cannot gracefully terminate Gunicorn upon receiving a SIGTERM signal. Assign the PID of the Gunicorn process to $child when starting it.

Suggested fix:

Start Gunicorn in the background and capture its PID:

-exec gunicorn core.wsgi:application \
+gunicorn core.wsgi:application \
  --bind 0.0.0.0:8000 \
  --timeout 600 \
  --log-level info \
  --workers "${GUNICORN_WORKERS:-3}" \
  --access-logfile '-' \
  --error-logfile '-' &

child=$!
wait "$child"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	kill -TERM "$child" 2>/dev/null
	gunicorn core.wsgi:application \
	--bind 0.0.0.0:8000 \
	--timeout 600 \
	--log-level info \
	--workers "${GUNICORN_WORKERS:-3}" \
	--access-logfile '-' \
	--error-logfile '-' &
	child=$!
	wait "$child"

🧰 Tools

🪛 Shellcheck (0.10.0)

[warning] 9-9: child is referenced but not assigned.

(SC2154)

[coderabbitai]

🛠️ Refactor suggestion

Adjust Gunicorn execution to respect signal handling

Using exec replaces the current shell with the Gunicorn process, which prevents the trap for TERM from working correctly. By starting Gunicorn without exec and capturing its PID, the script can handle signals properly and ensure a graceful shutdown.

Suggested change:

-exec gunicorn core.wsgi:application \
+gunicorn core.wsgi:application \

This aligns with the earlier suggestion to assign the Gunicorn process ID to $child.

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

src/website/core/settings.py (2)

118-122: Consider using list comprehension for CORS settings

The current implementation can be more concise using list comprehension.

-CORS_ALLOWED_ORIGINS = [origin.rstrip('/') for origin in CORS_ALLOWED_ORIGINS]
-CORS_ALLOWED_ORIGIN_REGEXES = [regex.rstrip(
-    '/') for regex in CORS_ALLOWED_ORIGIN_REGEXES]
-CSRF_TRUSTED_ORIGINS = [origin.rstrip('/') for origin in CSRF_TRUSTED_ORIGINS]
+CORS_ALLOWED_ORIGINS = [origin.rstrip('/') for origin in CORS_ALLOWED_ORIGINS]
+CORS_ALLOWED_ORIGIN_REGEXES = [regex.rstrip('/') for regex in CORS_ALLOWED_ORIGIN_REGEXES]
+CSRF_TRUSTED_ORIGINS = [origin.rstrip('/') for origin in CSRF_TRUSTED_ORIGINS]

---

279-280: Consider environment variables for upload size limits

Hard-coded upload size limits might need to be adjusted for different environments.

-FILE_UPLOAD_MAX_MEMORY_SIZE = 10485760  # 10 MB
-DATA_UPLOAD_MAX_MEMORY_SIZE = 10485760  # 10 MB
+FILE_UPLOAD_MAX_MEMORY_SIZE = int(os.getenv('FILE_UPLOAD_MAX_SIZE', 10485760))  # Default: 10 MB
+DATA_UPLOAD_MAX_MEMORY_SIZE = int(os.getenv('DATA_UPLOAD_MAX_SIZE', 10485760))  # Default: 10 MB

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between a0e0c4c and ef2bcce.

📒 Files selected for processing (3)

• src/website/Dockerfile (1 hunks)
• src/website/core/settings.py (3 hunks)
• src/website/entrypoint.sh (1 hunks)

🧰 Additional context used

🪛 Shellcheck (0.10.0)

src/website/entrypoint.sh

[warning] 9-9: child is referenced but not assigned.

(SC2154)

---

[warning] 13-13: In POSIX sh, prefixing signal names with 'SIG' is undefined.

(SC3048)

🔇 Additional comments (6)

src/website/Dockerfile (1)

25-25: Verify PORT environment variable configuration

The change from port 8000 to 8080 requires the PORT environment variable to be properly set, as it's referenced in entrypoint.sh. Ensure this change is coordinated with your deployment configurations.

✅ Verification successful

Let me analyze the PORT configuration more thoroughly by checking configuration files, entrypoint scripts, and Dockerfiles for any PORT-related settings. This will help us verify if the port change is properly configured across the codebase.

---

I noticed the PORT is used in the entrypoint.sh and docker-compose.yaml. Let's examine these configurations more closely to ensure the port change is properly coordinated across the environment settings.

---

Port change is properly configured

The port change from 8000 to 8080 is correctly implemented as the PORT environment variable is properly handled in the entrypoint.sh script, which uses it to configure Gunicorn's binding (--bind 0.0.0.0:$PORT). This change aligns with the standard practices observed in the codebase where environment variables are used for port configuration.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if PORT is defined in any environment files
fd -t f ".*env.*" -x grep -l "PORT="

Length of output: 36

---

Script:

#!/bin/bash
# Let's check for PORT configuration in various configuration files and scripts
rg -l "PORT" --type-add 'config:*.{yaml,yml,json,conf,env}' -t config

# Check entrypoint.sh and similar files for PORT usage
fd "entrypoint" -x cat {}

# Check Dockerfile for PORT-related configurations
fd "Dockerfile" -x cat {}

Length of output: 18446

---

Script:

#!/bin/bash
# Let's check docker-compose.yaml for PORT configuration
cat src/workflows/docker-compose.yaml

# Let's also check for any environment variable defaults in the codebase
rg "PORT.*=" -g "!*.{md,txt}"

Length of output: 8458

src/website/entrypoint.sh (3)

13-13: ⚠️ Potential issue

Update signal name for POSIX compliance

The signal name should not include the 'SIG' prefix for POSIX compliance.

-trap _term SIGTERM
+trap _term TERM

Likely invalid or redundant comment.

🧰 Tools

🪛 Shellcheck (0.10.0)

[warning] 13-13: In POSIX sh, prefixing signal names with 'SIG' is undefined.

(SC3048)

---

29-35: ⚠️ Potential issue

Implement proper process management for Gunicorn

The current implementation using exec prevents proper signal handling.

-exec gunicorn core.wsgi:application \
+gunicorn core.wsgi:application \
   --bind 0.0.0.0:$PORT \
   --timeout 600 \
   --log-level info \
   --workers "${GUNICORN_WORKERS:-3}" \
   --access-logfile '-' \
   --error-logfile '-' &
+
+child=$!
+wait "$child"

Likely invalid or redundant comment.

---

7-10: ⚠️ Potential issue

Fix signal handling implementation

The signal handling implementation has a critical issue where $child is referenced but not assigned.

Apply this fix:

-_term() {
-  echo "Caught SIGTERM signal! Shutting down Gunicorn..."
-  kill -TERM "$child" 2>/dev/null
-}
+_term() {
+  echo "Caught SIGTERM signal! Shutting down Gunicorn..."
+  if [ -n "$child" ]; then
+    kill -TERM "$child" 2>/dev/null
+  fi
+}

Likely invalid or redundant comment.

🧰 Tools

🪛 Shellcheck (0.10.0)

[warning] 9-9: child is referenced but not assigned.

(SC2154)

src/website/core/settings.py (2)

294-349: LGTM: Well-structured logging configuration

The logging configuration is comprehensive and well-organized, with appropriate handlers and formatters for different components.

---

291-292: ⚠️ Potential issue

Move directory creation to application startup

Creating directories in settings.py can lead to side effects.

Remove the directory creation from settings.py and move it to the application's startup sequence (e.g., in entrypoint.sh where other directories are created).

-LOG_DIR = BASE_DIR / 'logs'
-LOG_DIR.mkdir(exist_ok=True)  # Ensure log directory exists
+LOG_DIR = BASE_DIR / 'logs'

Likely invalid or redundant comment.

[github-actions]

website changes in this PR available for preview here

[github-actions]

website changes in this PR available for preview here