cattle_grid.config

Implements loading the configuration

auth

AuthConfig

Bases: BaseModel

Configures the Authorization layer

Parameters:

Name	Type	Default
`actor_id`	`str`	required
`actor_acct_id`	`str`	required
`public_key`	`str`	required
`private_key`	`str`	required
`domain_blocks`	`Set[str]`	required
`require_signature_for_activity_pub`	`bool`	`True`

Source code in cattle_grid/config/auth.py

class AuthConfig(BaseModel):
    """Configures the Authorization layer"""

    actor_id: str
    """actor_id for the Application actor used to fetch public keys"""
    actor_acct_id: str
    """acct uri of the Application Actor used to fetch public keys"""
    public_key: str
    """Public key of the Application actor"""
    private_key: str
    """Private key of the Application actor"""

    domain_blocks: Set[str]
    """Set of blocked domains"""

    require_signature_for_activity_pub: bool = True
    """If set to true, all requests with accept type that match activitypub must be signed"""

    @field_serializer("domain_blocks")
    def serialize_domain_blocks(self, domain_blocks: Set[str], _info):
        return list(domain_blocks)

actor_acct_id `instance-attribute`

actor_acct_id: str

acct uri of the Application Actor used to fetch public keys

actor_id `instance-attribute`

actor_id: str

actor_id for the Application actor used to fetch public keys

domain_blocks `instance-attribute`

domain_blocks: Set[str]

Set of blocked domains

private_key `instance-attribute`

private_key: str

Private key of the Application actor

public_key `instance-attribute`

public_key: str

Public key of the Application actor

require_signature_for_activity_pub `class-attribute` `instance-attribute`

require_signature_for_activity_pub: bool = True

If set to true, all requests with accept type that match activitypub must be signed

get_auth_config `cached`

get_auth_config(
    settings: Dynaconf = get_settings(),
) -> AuthConfig

Returns the configuration for authorization

Returns:

Type	Description
`AuthConfig`

Source code in cattle_grid/config/auth.py

@lru_cache
def get_auth_config(settings: Dynaconf = get_settings()) -> AuthConfig:
    """Returns the configuration for authorization

    :returns:
    """
    try:
        auth = settings.get("auth")  # type:ignore
        if not auth:
            raise AuthNotConfigured("No authorization configuration found")

        data = {
            "actor_id": auth.actor_id,
            "actor_acct_id": auth.actor_acct_id,
            "public_key": auth.public_key,
            "private_key": auth.private_key,
            "domain_blocks": auth.get("domain_blocks", []),
            "require_signature_for_activity_pub": auth.get(
                "require_signature_for_activity_pub", True
            ),
        }
        return AuthConfig.model_validate(data)

    except ValidationError:
        raise AuthNotConfigured(
            "Authorization not configured or configured incorrectly"
        )

new_auth_config

new_auth_config(
    actor_id: str, username: str | None = None
) -> AuthConfig

Creates a new authorization configuration

Source code in cattle_grid/config/auth.py

def new_auth_config(actor_id: str, username: str | None = None) -> AuthConfig:
    """Creates a new authorization configuration"""
    if not username:
        username = secrets.token_urlsafe(12)

    domain = urlparse(actor_id).netloc
    acct_uri = f"acct:{username}@{domain}"

    public_key, private_key = generate_rsa_public_private_key()

    auth_config = AuthConfig(
        actor_id=actor_id,
        actor_acct_id=acct_uri,
        public_key=public_key,
        private_key=private_key,
        domain_blocks=set(),
    )

    return auth_config

save_auth_config

save_auth_config(filename: str, config: AuthConfig) -> None

Saves the authorization configuration to a file

Source code in cattle_grid/config/auth.py

def save_auth_config(filename: str, config: AuthConfig) -> None:
    """Saves the authorization configuration to a file"""
    with open(filename, "wb") as fp:
        tomli_w.dump({"auth": config.model_dump()}, fp, multiline_strings=True)

validators

account_validations `module-attribute`

account_validations = [
    Validator(
        "account.forbidden_names",
        default=lambda a, b: list(
            ["bovine", "cattle_grid", "admin", "guest"]
        ),
        cast=list,
    ),
    Validator(
        "account.allowed_name_regex",
        cast=str,
        default="^[a-zA-Z0-9_]{1,16}$",
    ),
]

Validators for the account

activity_pub_validators `module-attribute`

activity_pub_validators = [
    Validator(
        "activity_pub.internal_exchange",
        default="cattle_grid_internal",
    ),
    Validator(
        "activity_pub.exchange", default="cattle_grid"
    ),
    Validator(
        "activity_pub.account_exchange", default="amq.topic"
    ),
]

Validators for ActivityPub

auth_validators `module-attribute`

auth_validators = [
    Validator(
        "auth.require_signature_for_activity_pub",
        default=True,
    )
]

Validates the authentication configuration

base_validators `module-attribute`

base_validators = [
    Validator("amqp_uri", default="amqp://localhost"),
    Validator("db_uri", default="sqlite://cattle_grid.db"),
    Validator("enable_reporting", cast=bool, default=False),
    Validator("processor_in_app", cast=bool, default=False),
    Validator("permissions", default={}),
]

Validates the basic configuration

extensions_validations `module-attribute`

extensions_validations = [
    Validator(
        "extensions",
        default=lambda a, b: list([]),
        cast=list,
    )
]

Validators for the plugins

frontend_validations `module-attribute`

frontend_validations = [
    Validator(
        "frontend.base_urls",
        default=lambda a, b: list([]),
        cast=lambda x: [str(y) for y in x],
        condition=lambda items: all(
            startswith("http://") or startswith("https://")
            for x in items
        ),
    )
]

Validators for the frontend

gateway_admin_validations `module-attribute`

gateway_admin_validations = [
    Validator(
        "gateway.admin.enable", cast=bool, default=False
    ),
    Validator(
        "gateway.admin.enable_reset",
        cast=bool,
        default=False,
    ),
]

Validators for the gateway

plugins_validations `module-attribute`

plugins_validations = [
    Validator(
        "plugins", default=lambda a, b: list([]), cast=list
    )
]

Validators for the plugins

testing_validators `module-attribute`

testing_validators = [
    Validator("testing.enable", cast=bool, default=False),
    Validator(
        "testing.accounts",
        default=lambda a, b: list([]),
        cast=list,
    ),
]

Validators for testing

cattle_grid.config