Spaces:
Paused
Paused
Upload core/config.py with huggingface_hub
Browse files- core/config.py +21 -8
core/config.py
CHANGED
|
@@ -20,8 +20,8 @@ class Settings(BaseSettings):
|
|
| 20 |
|
| 21 |
# Security
|
| 22 |
# Secrets must be provided via environment variables in production
|
| 23 |
-
SECRET_KEY: str
|
| 24 |
-
JWT_SECRET_KEY: str
|
| 25 |
JWT_ALGORITHM: str = "HS256"
|
| 26 |
JWT_ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
|
| 27 |
FIELD_ENCRYPTION_KEY: Optional[str] = None
|
|
@@ -38,6 +38,12 @@ class Settings(BaseSettings):
|
|
| 38 |
prometheus_url: Optional[str] = None
|
| 39 |
mcp_profile: str = "development"
|
| 40 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41 |
# AI Configuration
|
| 42 |
AI_MODEL_PATH: str = "models/isolation_forest.pkl"
|
| 43 |
AI_TRAINING_INTERVAL_HOURS: int = 24
|
|
@@ -45,7 +51,9 @@ class Settings(BaseSettings):
|
|
| 45 |
HF_TOKEN: Optional[str] = None
|
| 46 |
|
| 47 |
# Security - Certificate Pinning
|
| 48 |
-
TRUSTED_PUBLIC_KEY_HASHES: list[str] = [
|
|
|
|
|
|
|
| 49 |
|
| 50 |
# File Upload Configuration
|
| 51 |
MAX_UPLOAD_SIZE: int = 10 * 1024 * 1024 # 10MB
|
|
@@ -67,7 +75,9 @@ class Settings(BaseSettings):
|
|
| 67 |
AWS_SECRET_ACCESS_KEY: Optional[str] = None
|
| 68 |
AWS_REGION: str = "us-east-1"
|
| 69 |
|
| 70 |
-
model_config = SettingsConfigDict(
|
|
|
|
|
|
|
| 71 |
|
| 72 |
|
| 73 |
# Validate required settings
|
|
@@ -77,11 +87,14 @@ settings = Settings()
|
|
| 77 |
# Manual validation for encryption key to ensure secure startup
|
| 78 |
def get_encryption_key() -> str:
|
| 79 |
"""Retrieves the encryption key from environment variables, raising an error if not found."""
|
| 80 |
-
key =
|
|
|
|
|
|
|
|
|
|
|
|
|
| 81 |
if not key:
|
| 82 |
-
#
|
| 83 |
-
|
| 84 |
-
return "_aLyTWEFoGSIPaoZAKmA0YRDobiKANPQeH9rCKzxdLw="
|
| 85 |
return key
|
| 86 |
|
| 87 |
|
|
|
|
| 20 |
|
| 21 |
# Security
|
| 22 |
# Secrets must be provided via environment variables in production
|
| 23 |
+
SECRET_KEY: str
|
| 24 |
+
JWT_SECRET_KEY: str
|
| 25 |
JWT_ALGORITHM: str = "HS256"
|
| 26 |
JWT_ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
|
| 27 |
FIELD_ENCRYPTION_KEY: Optional[str] = None
|
|
|
|
| 38 |
prometheus_url: Optional[str] = None
|
| 39 |
mcp_profile: str = "development"
|
| 40 |
|
| 41 |
+
# Auth Hardening
|
| 42 |
+
# When True, allows usage of "mock_" tokens for testing.
|
| 43 |
+
# MUST be False in production.
|
| 44 |
+
ALLOW_MOCK_AUTH: bool = False
|
| 45 |
+
MFA_REQUIRED_FOR_ADMIN: bool = True
|
| 46 |
+
|
| 47 |
# AI Configuration
|
| 48 |
AI_MODEL_PATH: str = "models/isolation_forest.pkl"
|
| 49 |
AI_TRAINING_INTERVAL_HOURS: int = 24
|
|
|
|
| 51 |
HF_TOKEN: Optional[str] = None
|
| 52 |
|
| 53 |
# Security - Certificate Pinning
|
| 54 |
+
TRUSTED_PUBLIC_KEY_HASHES: list[str] = [
|
| 55 |
+
"dummy_hash_for_development"
|
| 56 |
+
] # Replace with actual hashes in production
|
| 57 |
|
| 58 |
# File Upload Configuration
|
| 59 |
MAX_UPLOAD_SIZE: int = 10 * 1024 * 1024 # 10MB
|
|
|
|
| 75 |
AWS_SECRET_ACCESS_KEY: Optional[str] = None
|
| 76 |
AWS_REGION: str = "us-east-1"
|
| 77 |
|
| 78 |
+
model_config = SettingsConfigDict(
|
| 79 |
+
env_file=".env", env_file_encoding="utf-8", extra="ignore"
|
| 80 |
+
)
|
| 81 |
|
| 82 |
|
| 83 |
# Validate required settings
|
|
|
|
| 87 |
# Manual validation for encryption key to ensure secure startup
|
| 88 |
def get_encryption_key() -> str:
|
| 89 |
"""Retrieves the encryption key from environment variables, raising an error if not found."""
|
| 90 |
+
key = (
|
| 91 |
+
os.environ.get("FIELD_ENCRYPTION_KEY")
|
| 92 |
+
or os.environ.get("ENCRYPTION_KEY")
|
| 93 |
+
or os.environ.get("SECRET_KEY")
|
| 94 |
+
)
|
| 95 |
if not key:
|
| 96 |
+
# In production, this must be explicitly set
|
| 97 |
+
raise ValueError("Encryption key configuration is missing. Please set FIELD_ENCRYPTION_KEY, ENCRYPTION_KEY, or SECRET_KEY.")
|
|
|
|
| 98 |
return key
|
| 99 |
|
| 100 |
|