Use whitenoise for static file handling (#6662)

* Update config_template.yaml file * Adjust ALLOWED_HOSTS behaviour - Only add wildcard * in DEBUG mode - Exit if ALLOWED_HOSTS not defined * Tweak error message * Use whitenoise for serving static files - Any requests to /static/ are handled by whitenoise - If an external reverse proxy (e.g. Caddy) is being used, this will not make a difference * Update python package requirements * Add extra log output * Update ENV for CI checks * Updates - Thow error but do not exit - Revert CI changes
2024-08-30 18:33:04 +00:00 · 2024-03-08 11:11:30 +11:00 · 2024-03-08 11:11:30 +11:00 · a613a7b9fc
commit a613a7b9fc
parent 8aab19b578
4 changed files with 35 additions and 8 deletions
--- a/InvenTree/InvenTree/settings.py
+++ b/InvenTree/InvenTree/settings.py
@ -205,6 +205,7 @@ INSTALLED_APPS = [
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'user_sessions',  # db user sessions
+    'whitenoise.runserver_nostatic',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'django.contrib.sites',
@ -249,6 +250,7 @@ MIDDLEWARE = CONFIG.get(
        'django.middleware.locale.LocaleMiddleware',
        'django.middleware.csrf.CsrfViewMiddleware',
        'corsheaders.middleware.CorsMiddleware',
+        'whitenoise.middleware.WhiteNoiseMiddleware',
        'django.middleware.common.CommonMiddleware',
        'django.contrib.auth.middleware.AuthenticationMiddleware',
        'InvenTree.middleware.InvenTreeRemoteUserMiddleware',  # Remote / proxy auth
@ -975,13 +977,24 @@ if not SITE_MULTI:
 ALLOWED_HOSTS = get_setting(
    'INVENTREE_ALLOWED_HOSTS',
    config_key='allowed_hosts',
-    default_value=['*'],
+    default_value=[],
    typecast=list,
 )

+if DEBUG and not ALLOWED_HOSTS:
+    logger.warning(
+        'No ALLOWED_HOSTS specified. Defaulting to ["*"] for debug mode. This is not recommended for production use'
+    )
+    ALLOWED_HOSTS = ['*']
+
 if SITE_URL and SITE_URL not in ALLOWED_HOSTS:
    ALLOWED_HOSTS.append(SITE_URL)

+if not ALLOWED_HOSTS:
+    logger.error(
+        'No ALLOWED_HOSTS specified. Please provide a list of allowed hosts, or specify INVENTREE_SITE_URL'
+    )
+
 # List of trusted origins for unsafe requests
 # Ref: https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins
 CSRF_TRUSTED_ORIGINS = get_setting(
@ -1048,6 +1061,15 @@ CORS_ALLOWED_ORIGIN_REGEXES = get_setting(
 if DEBUG:
    CORS_ALLOWED_ORIGIN_REGEXES.append(r'^http://localhost:\d+$')

+if CORS_ALLOW_ALL_ORIGINS:
+    logger.info('CORS: All origins allowed')
+else:
+    if CORS_ALLOWED_ORIGINS:
+        logger.info('CORS: Whitelisted origins: %s', CORS_ALLOWED_ORIGINS)
+
+    if CORS_ALLOWED_ORIGIN_REGEXES:
+        logger.info('CORS: Whitelisted origin regexes: %s', CORS_ALLOWED_ORIGIN_REGEXES)
+
 for app in SOCIAL_BACKENDS:
    # Ensure that the app starts with 'allauth.socialaccount.providers'
    social_prefix = 'allauth.socialaccount.providers.'
--- a/InvenTree/config_template.yaml
+++ b/InvenTree/config_template.yaml
@ -163,14 +163,14 @@ auto_update: False
 # Allowed hosts (see ALLOWED_HOSTS in Django settings documentation)
 # A list of strings representing the host/domain names that this Django site can serve.
 # Default behaviour is to allow all hosts (THIS IS NOT SECURE!)
-allowed_hosts:
-  - '*'
+# allowed_hosts:
+# - '*'

 # Trusted origins (see CSRF_TRUSTED_ORIGINS in Django settings documentation)
 # If you are running behind a proxy, you may need to add the proxy address here
-trusted_origins:
-  - 'http://localhost:8000'
-
+# trusted_origins:
+#   - 'http://localhost'
+#   - 'http://*.localhost'

 # Proxy forwarding settings
 # If InvenTree is running behind a proxy, you may need to configure these settings
@ -183,13 +183,16 @@ use_x_forwarded_port: false

 # Cross Origin Resource Sharing (CORS) settings (see https://github.com/adamchainz/django-cors-headers)
 cors:
-  allow_all: True
-  allow_credentials: True,
+  allow_credentials: true
+
+  # allow_all: false

  # whitelist:
  # - https://example.com
  # - https://sub.example.com

+  # regex:
+
 # MEDIA_ROOT is the local filesystem location for storing uploaded files
 #media_root: '/home/inventree/data/media'

--- a/requirements.in
+++ b/requirements.in
@ -51,6 +51,7 @@ sentry-sdk                              # Error reporting (optional)
 setuptools                              # Standard dependency
 tablib[xls,xlsx,yaml]                   # Support for XLS and XLSX formats
 weasyprint                              # PDF generation
+whitenoise                              # Enhanced static file serving

 # OpenTelemetry dependencies
 grpcio
--- a/requirements.txt
+++ b/requirements.txt
@ -342,6 +342,7 @@ webencodings==0.5.1
    #   cssselect2
    #   html5lib
    #   tinycss2
+whitenoise==6.6.0
 wrapt==1.16.0
    # via
    #   deprecated