Hugging Face's logo

Spaces:
teoat
/
zenith-backend
Paused

App Files Community
teoat commited on
Commit
c0d7aba
·
verified ·
1 Parent(s): 790475d

Upload core/config.py with huggingface_hub

Browse files
Files changed (1) hide show
  1. core/config.py +21 -8
core/config.py CHANGED
@@ -20,8 +20,8 @@ class Settings(BaseSettings):
20
 
21
  # Security
22
  # Secrets must be provided via environment variables in production
23
- SECRET_KEY: str = "_aLyTWEFoGSIPaoZAKmA0YRDobiKANPQeH9rCKzxdLw="
24
- JWT_SECRET_KEY: str = "_aLyTWEFoGSIPaoZAKmA0YRDobiKANPQeH9rCKzxdLw="
25
  JWT_ALGORITHM: str = "HS256"
26
  JWT_ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
27
  FIELD_ENCRYPTION_KEY: Optional[str] = None
@@ -38,6 +38,12 @@ class Settings(BaseSettings):
38
  prometheus_url: Optional[str] = None
39
  mcp_profile: str = "development"
40
 
 
 
 
 
 
 
41
  # AI Configuration
42
  AI_MODEL_PATH: str = "models/isolation_forest.pkl"
43
  AI_TRAINING_INTERVAL_HOURS: int = 24
@@ -45,7 +51,9 @@ class Settings(BaseSettings):
45
  HF_TOKEN: Optional[str] = None
46
 
47
  # Security - Certificate Pinning
48
- TRUSTED_PUBLIC_KEY_HASHES: list[str] = ["dummy_hash_for_development"] # Replace with actual hashes in production
 
 
49
 
50
  # File Upload Configuration
51
  MAX_UPLOAD_SIZE: int = 10 * 1024 * 1024 # 10MB
@@ -67,7 +75,9 @@ class Settings(BaseSettings):
67
  AWS_SECRET_ACCESS_KEY: Optional[str] = None
68
  AWS_REGION: str = "us-east-1"
69
 
70
- model_config = SettingsConfigDict(env_file=".env", env_file_encoding="utf-8", extra="ignore")
 
 
71
 
72
 
73
  # Validate required settings
@@ -77,11 +87,14 @@ settings = Settings()
77
  # Manual validation for encryption key to ensure secure startup
78
  def get_encryption_key() -> str:
79
  """Retrieves the encryption key from environment variables, raising an error if not found."""
80
- key = os.environ.get("FIELD_ENCRYPTION_KEY") or os.environ.get("ENCRYPTION_KEY") or os.environ.get("SECRET_KEY")
 
 
 
 
81
  if not key:
82
- # For development/testing, use a fallback if not provided in env
83
- # In production, this should ideally be explicitly set
84
- return "_aLyTWEFoGSIPaoZAKmA0YRDobiKANPQeH9rCKzxdLw="
85
  return key
86
 
87
 
 
20
 
21
  # Security
22
  # Secrets must be provided via environment variables in production
23
+ SECRET_KEY: str
24
+ JWT_SECRET_KEY: str
25
  JWT_ALGORITHM: str = "HS256"
26
  JWT_ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
27
  FIELD_ENCRYPTION_KEY: Optional[str] = None
 
38
  prometheus_url: Optional[str] = None
39
  mcp_profile: str = "development"
40
 
41
+ # Auth Hardening
42
+ # When True, allows usage of "mock_" tokens for testing.
43
+ # MUST be False in production.
44
+ ALLOW_MOCK_AUTH: bool = False
45
+ MFA_REQUIRED_FOR_ADMIN: bool = True
46
+
47
  # AI Configuration
48
  AI_MODEL_PATH: str = "models/isolation_forest.pkl"
49
  AI_TRAINING_INTERVAL_HOURS: int = 24
 
51
  HF_TOKEN: Optional[str] = None
52
 
53
  # Security - Certificate Pinning
54
+ TRUSTED_PUBLIC_KEY_HASHES: list[str] = [
55
+ "dummy_hash_for_development"
56
+ ] # Replace with actual hashes in production
57
 
58
  # File Upload Configuration
59
  MAX_UPLOAD_SIZE: int = 10 * 1024 * 1024 # 10MB
 
75
  AWS_SECRET_ACCESS_KEY: Optional[str] = None
76
  AWS_REGION: str = "us-east-1"
77
 
78
+ model_config = SettingsConfigDict(
79
+ env_file=".env", env_file_encoding="utf-8", extra="ignore"
80
+ )
81
 
82
 
83
  # Validate required settings
 
87
  # Manual validation for encryption key to ensure secure startup
88
  def get_encryption_key() -> str:
89
  """Retrieves the encryption key from environment variables, raising an error if not found."""
90
+ key = (
91
+ os.environ.get("FIELD_ENCRYPTION_KEY")
92
+ or os.environ.get("ENCRYPTION_KEY")
93
+ or os.environ.get("SECRET_KEY")
94
+ )
95
  if not key:
96
+ # In production, this must be explicitly set
97
+ raise ValueError("Encryption key configuration is missing. Please set FIELD_ENCRYPTION_KEY, ENCRYPTION_KEY, or SECRET_KEY.")
 
98
  return key
99
 
100