From a613a7b9fcf5acad124213599ac20220764a84d3 Mon Sep 17 00:00:00 2001
From: Oliver <oliver.henry.walters@gmail.com>
Date: Fri, 8 Mar 2024 11:11:30 +1100
Subject: [PATCH] Use whitenoise for static file handling (#6662)

* Update config_template.yaml file

* Adjust ALLOWED_HOSTS behaviour

- Only add wildcard * in DEBUG mode
- Exit if ALLOWED_HOSTS not defined

* Tweak error message

* Use whitenoise for serving static files

- Any requests to /static/ are handled by whitenoise
- If an external reverse proxy (e.g. Caddy) is being used, this will not make a difference

* Update python package requirements

* Add extra log output

* Update ENV for CI checks

* Updates

- Thow error but do not exit
- Revert CI changes
---
 InvenTree/InvenTree/settings.py | 24 +++++++++++++++++++++++-
 InvenTree/config_template.yaml  | 17 ++++++++++-------
 requirements.in                 |  1 +
 requirements.txt                |  1 +
 4 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/InvenTree/InvenTree/settings.py b/InvenTree/InvenTree/settings.py
index ad6f59271b..26ce57f62f 100644
--- a/InvenTree/InvenTree/settings.py
+++ b/InvenTree/InvenTree/settings.py
@@ -205,6 +205,7 @@ INSTALLED_APPS = [
     'django.contrib.auth',
     'django.contrib.contenttypes',
     'user_sessions',  # db user sessions
+    'whitenoise.runserver_nostatic',
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'django.contrib.sites',
@@ -249,6 +250,7 @@ MIDDLEWARE = CONFIG.get(
         'django.middleware.locale.LocaleMiddleware',
         'django.middleware.csrf.CsrfViewMiddleware',
         'corsheaders.middleware.CorsMiddleware',
+        'whitenoise.middleware.WhiteNoiseMiddleware',
         'django.middleware.common.CommonMiddleware',
         'django.contrib.auth.middleware.AuthenticationMiddleware',
         'InvenTree.middleware.InvenTreeRemoteUserMiddleware',  # Remote / proxy auth
@@ -975,13 +977,24 @@ if not SITE_MULTI:
 ALLOWED_HOSTS = get_setting(
     'INVENTREE_ALLOWED_HOSTS',
     config_key='allowed_hosts',
-    default_value=['*'],
+    default_value=[],
     typecast=list,
 )
 
+if DEBUG and not ALLOWED_HOSTS:
+    logger.warning(
+        'No ALLOWED_HOSTS specified. Defaulting to ["*"] for debug mode. This is not recommended for production use'
+    )
+    ALLOWED_HOSTS = ['*']
+
 if SITE_URL and SITE_URL not in ALLOWED_HOSTS:
     ALLOWED_HOSTS.append(SITE_URL)
 
+if not ALLOWED_HOSTS:
+    logger.error(
+        'No ALLOWED_HOSTS specified. Please provide a list of allowed hosts, or specify INVENTREE_SITE_URL'
+    )
+
 # List of trusted origins for unsafe requests
 # Ref: https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins
 CSRF_TRUSTED_ORIGINS = get_setting(
@@ -1048,6 +1061,15 @@ CORS_ALLOWED_ORIGIN_REGEXES = get_setting(
 if DEBUG:
     CORS_ALLOWED_ORIGIN_REGEXES.append(r'^http://localhost:\d+$')
 
+if CORS_ALLOW_ALL_ORIGINS:
+    logger.info('CORS: All origins allowed')
+else:
+    if CORS_ALLOWED_ORIGINS:
+        logger.info('CORS: Whitelisted origins: %s', CORS_ALLOWED_ORIGINS)
+
+    if CORS_ALLOWED_ORIGIN_REGEXES:
+        logger.info('CORS: Whitelisted origin regexes: %s', CORS_ALLOWED_ORIGIN_REGEXES)
+
 for app in SOCIAL_BACKENDS:
     # Ensure that the app starts with 'allauth.socialaccount.providers'
     social_prefix = 'allauth.socialaccount.providers.'
diff --git a/InvenTree/config_template.yaml b/InvenTree/config_template.yaml
index 931c135d1e..f013fb8495 100644
--- a/InvenTree/config_template.yaml
+++ b/InvenTree/config_template.yaml
@@ -163,14 +163,14 @@ auto_update: False
 # Allowed hosts (see ALLOWED_HOSTS in Django settings documentation)
 # A list of strings representing the host/domain names that this Django site can serve.
 # Default behaviour is to allow all hosts (THIS IS NOT SECURE!)
-allowed_hosts:
-  - '*'
+# allowed_hosts:
+# - '*'
 
 # Trusted origins (see CSRF_TRUSTED_ORIGINS in Django settings documentation)
 # If you are running behind a proxy, you may need to add the proxy address here
-trusted_origins:
-  - 'http://localhost:8000'
-
+# trusted_origins:
+#   - 'http://localhost'
+#   - 'http://*.localhost'
 
 # Proxy forwarding settings
 # If InvenTree is running behind a proxy, you may need to configure these settings
@@ -183,13 +183,16 @@ use_x_forwarded_port: false
 
 # Cross Origin Resource Sharing (CORS) settings (see https://github.com/adamchainz/django-cors-headers)
 cors:
-  allow_all: True
-  allow_credentials: True,
+  allow_credentials: true
+
+  # allow_all: false
 
   # whitelist:
   # - https://example.com
   # - https://sub.example.com
 
+  # regex:
+
 # MEDIA_ROOT is the local filesystem location for storing uploaded files
 #media_root: '/home/inventree/data/media'
 
diff --git a/requirements.in b/requirements.in
index 4b20acff31..dc8da35a59 100644
--- a/requirements.in
+++ b/requirements.in
@@ -51,6 +51,7 @@ sentry-sdk                              # Error reporting (optional)
 setuptools                              # Standard dependency
 tablib[xls,xlsx,yaml]                   # Support for XLS and XLSX formats
 weasyprint                              # PDF generation
+whitenoise                              # Enhanced static file serving
 
 # OpenTelemetry dependencies
 grpcio
diff --git a/requirements.txt b/requirements.txt
index 80b468c491..40f7a17231 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -342,6 +342,7 @@ webencodings==0.5.1
     #   cssselect2
     #   html5lib
     #   tinycss2
+whitenoise==6.6.0
 wrapt==1.16.0
     # via
     #   deprecated