-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathconfig.toml
More file actions
306 lines (272 loc) · 10.3 KB
/
config.toml
File metadata and controls
306 lines (272 loc) · 10.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
# Python Development Server Configuration
#
# This file is checked into the repo and is used to configure the development
# server, in addition to documenting common config options.
#
# Not every config option is listed here. For a full list of options, see the
# `pingpong/config.py` file in the server code.
# Server logging level. In production this should be higher to reduce noise.
# The default is `INFO`.
log_level = "DEBUG"
# Realtime features logging level.
realtime_log_level = "INFO"
# Prompt randomizer features logging level.
prompt_randomizer_log_level = "INFO"
# The URL where the application can be accessed. This is used to generate
# absolute URLs in emails and other places.
# In development, this is the UI dev server (`pnpm dev`). In production it
# should be the public URL of the server, like `https://pingpong.app/`.
public_url = "http://localhost:5173"
# Whether the server is running in development mode. Should be `false` in prod.
development = true
[artifact_store]
# Store for temporarily storing thread exports for download
# accepts `s3` and `local`
type = "s3"
# IF `s3`, set the s3 bucket to save exports to
# e.g. save_target = "your-bucket-here"
# IF `local`, set the directory to save exports to
save_target = "/your/path/here"
# Time (in seconds) that the export download link we send to users
# requesting the data export should be valid for.
# Defaults to 1 hour. Maximum value is 86400 seconds, or 24 hours.
download_link_expiration = 86400
[file_store]
# Store for storing all file uploads, like images, documents, etc.
# accepts `s3` and `local`
type = "s3"
# IF `s3`, set the s3 bucket to save exports to
# e.g. save_target = "your-bucket-here"
# IF `local`, set the directory to save exports to
save_target = "/your/path/here"
# Time (in seconds) that the export download link we send to users
# requesting the data export should be valid for.
# Defaults to 1 hour. Maximum value is 86400 seconds, or 24 hours.
download_link_expiration = 86400
[audio_store]
# Store for storing Voice mode recordings
# accepts `s3` and `local`
type = "s3"
# IF `s3`, set the s3 bucket to save exports to
# e.g. save_target = "your-bucket-here"
# IF `local`, set the directory to save exports to
save_target = "/your/path/here"
[db]
# Database backends. Both `sqlite` and `postgres` are supported. Prefer to use
# `postgres` since `sqlite` is too limited for production use.
engine = "postgres"
# Host for the postgres server.
host = "localhost"
# Port for the postgres server. Default is 5432; uncomment and change if using
# a different port.
# port = 5432
# Username for the postgres user.
user = "pingpong"
# Password for the postgres user.
password = "pingpong"
# Name of the database to use.
database = "pingpong"
# Maintenance database to use when creating the main database. This is only
# used when the database doesn't exist yet.
# maintenance_db = "postgres"
[auth]
# Secrets used to secure the app.
[[auth.authn_methods]]
# Supported authentication methods.
# Configs for magic links and SSO go here.
method = "magic_link"
name = "Other"
expiry = 86400
[[auth.secret_keys]]
# List of secret keys used to sign JWTs. The first key is used to sign new
# tokens, and the rest are used to verify tokens that may be old. When
# rotating keys, add the new key to the top of the list and remove the oldest
# key from the bottom after a reasonable amount of time has passed to let the
# old tokens expire.
key = "not actually a secret!"
[authz]
# Authorization service configuration (roles and permissions).
type = "openfga"
scheme = "https"
host = "localhost"
store = "pingpong"
cfg = "./pingpong/authz/authz.fga.json"
key = "devkey"
[email]
# Email configuration. This is used to send emails from the server, for login
# via magic link and for app invite notifications.
#
# In development the `mock` server prints emails to the console.
# In production we generally will use `smtp`. See the `pingpong/config.py`
# file for more details about backends.
type = "mock"
[[lms.lms_instances]]
# Supported LMS Instances
# Configs for Canvas, and future LMSs go here
# Every institution should have a different config
#
# Type of LMS. We currently only support Canvas.
type = "canvas"
# Institution associated with LMS instance
tenant = "demo-institution"
# Institution name to display in the UI
tenant_friendly_name = "Demo Institution"
# The associated SSO to compare against for identifying existing accounts
# Optional.
sso_tenant = "demo-sso"
# The attribute to get from Canvas for identifying duplicate accounts and
# merging them when logging in through SSO. Optional.
sso_target = "key"
# Whether to require that all users synced from this LMS instance
# have a valid SSO attribute returned by the LMS.
# This is useful for ensuring that a user has permissions to view the SSO
# information of users enrolled in the course.
# If you know that an LMS instance will not have SSO attributes for all users,
# you can set this to false.
# Defaults to true.
require_sso = true
# Whether to ignore incomplete profiles (email or enrollment information)
# when syncing users from the LMS.
# This is useful for ensuring that a user has permissions to view the SSO
# information of users enrolled in the course.
# If you know that an LMS instance will not have SSO attributes for all users,
# you can set this to true.
# Defaults to false.
ignore_incomplete_profiles = false
# The URL where the application should send Canvas API requests to.
# For local development, this should be the default localhost Canvas URL
# if you follow their Quick Start guide.
base_url = "http://canvas.docker"
# The Canvas Client ID to use for authentication requests.
client_id = "your client id here"
# The Canvas Client Secret to use when requesting authentication tokens.
client_secret = "your client secret here"
# How often to allow users to request manual roster syncs.
# Defaults to 10 minutes.
sync_wait = 600
# How long the auth token returned as state parameter should be valid for.
# Defaults to 1 hour.
# See: https://canvas.instructure.com/doc/api/file.oauth.html#oauth2-flow-2
auth_token_expiry = 3600
[lti]
# LTI 1.3 integration settings for connecting to learning management systems.
# How often (in seconds) to allow automatic LTI roster syncs.
# Defaults to 10 minutes.
# sync_wait = 600
# Key rotation settings
# Cron schedule for automatic key rotation.
# Defaults to the first day of every month at midnight.
# rotation_schedule = "0 0 1 * *"
# Number of previous keys to retain after rotation. Defaults to 3.
# key_retention_count = 3
# RSA key size in bits. Defaults to 2048.
# key_size = 2048
[lti.key_store]
# Key store backend for LTI RSA keys. Accepts `aws` or `local`.
# Use `local` for development and `aws` (Secrets Manager) for production.
type = "local"
directory = "local_exports/lti_keys"
[lti.security]
# Global defaults for all validated LTI URLs.
# Endpoint-specific blocks below inherit these values unless overridden.
#
# Whether to permit `http://` URLs while `development = true`.
# Defaults to true.
# allow_http_in_development = true
#
# Whether HTTP redirects are allowed when requesting LTI URLs.
# Defaults to true.
# allow_redirects = true
[lti.security.hosts]
# Global host allow/deny patterns applied to all LTI URL validations.
# Supports exact matches and wildcard subdomains (e.g. "*.instructure.com").
#
# Example values:
allow = ["*.instructure.com", "canvas.docker"]
deny = ["evil.instructure.com"]
[lti.security.paths]
# Global path allow/deny patterns applied to all LTI URL validations.
# Supports exact matches and glob patterns (e.g. "/api/lti/*").
# Keep these broad enough to cover every validated LTI endpoint. If a path should
# only apply to OpenID discovery, configure it under
# `[lti.security.openid_configuration.paths]` below instead of relying on the
# global path rules.
#
# Example values:
allow = [
"/.well-known/openid-configuration",
"/.well-known/openid",
"/api/lti/security/openid-configuration",
"/api/lti/*",
"/login/oauth2/*",
]
deny = ["/private/*"]
[lti.security.openid_configuration]
# Optional per-endpoint overrides for OpenID configuration discovery URLs.
# Uncomment to override global defaults above for this endpoint only.
# allow_http_in_development = true
# allow_redirects = false
#
# [lti.security.openid_configuration.hosts]
# allow = ["*.instructure.com", "canvas.docker"]
# deny = []
#
# [lti.security.openid_configuration.paths]
# allow = [
# "/.well-known/openid-configuration",
# "/.well-known/openid",
# "/api/lti/security/openid-configuration",
# ]
# deny = []
[lti.security.authorization_endpoint]
# Optional overrides for OIDC authorization endpoints.
# allow_http_in_development = true
# allow_redirects = true
# [lti.security.authorization_endpoint.hosts]
# allow = ["*.instructure.com", "canvas.docker"]
# deny = []
# [lti.security.authorization_endpoint.paths]
# allow = ["/login/oauth2/*"]
# deny = []
[lti.security.registration_endpoint]
# Optional overrides for dynamic registration endpoints.
# allow_http_in_development = true
# allow_redirects = true
# [lti.security.registration_endpoint.hosts]
# allow = ["*.instructure.com"]
# deny = []
# [lti.security.registration_endpoint.paths]
# allow = ["/api/lti/registrations", "/api/lti/*"]
# deny = []
[lti.security.jwks_uri]
# Optional overrides for platform JWKS URI fetches.
# allow_http_in_development = true
# Redirects are validated hop-by-hop against these same host/path rules.
# allow_redirects = true
# [lti.security.jwks_uri.hosts]
# allow = ["*.instructure.com", "canvas.docker"]
# deny = []
# [lti.security.jwks_uri.paths]
# allow = ["/api/lti/security/jwks", "/jwks", "/*/jwks"]
# deny = []
[lti.security.token_endpoint]
# Optional overrides for OAuth token endpoint requests.
# allow_http_in_development = true
# allow_redirects = true
# [lti.security.token_endpoint.hosts]
# allow = ["*.instructure.com", "canvas.docker"]
# deny = []
# [lti.security.token_endpoint.paths]
# allow = ["/login/oauth2/token", "/oauth2/token", "/api/lti/*"]
# deny = []
[lti.security.names_and_role_endpoint]
# Optional overrides for NRPS (Names and Roles) endpoint requests.
# allow_http_in_development = true
# Redirects are validated hop-by-hop against these same host/path rules.
# allow_redirects = true
# [lti.security.names_and_role_endpoint.hosts]
# allow = ["*.instructure.com", "canvas.docker"]
# deny = []
# [lti.security.names_and_role_endpoint.paths]
# allow = ["/api/lti/*/names_and_roles", "/api/lti/*"]
# deny = []