olly/mcma-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
356cd0077264acd95139d92e3a5a20f8d8f1ffff
mcma-backend/app/core/config.py
T
Senko-san 14c1bc16e0
Docker Build & Publish / build (push) Successful in 1m8s
Details
Docker Build & Publish / push (push) Failing after 34s
Details
Docker Build & Publish / Prune old image versions (push) Has been skipped
Details
feat(auth): public self-service registration (ALLOW_REGISTRATION) 
Add POST /auth/register: creates a non-superuser then auto-logs in,
returning the same TokenResponse as login. Gated by the new
allow_registration setting (env ALLOW_REGISTRATION, default true);
when disabled it raises PermissionDeniedError (403). Accounts remain
admin-only for superusers.

Tests cover create+login, duplicate (409), short password (422), and
the disabled (403) path.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-10 14:06:52 +03:00

104 lines
4.1 KiB
Python
Raw Blame History

"""Application settings — single source of truth, sourced from environment.
Nothing is hardcoded. All knobs come from env vars (or a local ``.env`` during
development). Access the cached singleton via :func:`get_settings`.
"""
from functools import lru_cache
from pathlib import Path
from typing import Literal
from pydantic import Field, SecretStr, field_validator
from pydantic_settings import BaseSettings, SettingsConfigDict
class Settings(BaseSettings):
model_config = SettingsConfigDict(
env_file=".env",
env_file_encoding="utf-8",
extra="ignore",
case_sensitive=False,
)
# -- runtime ----------------------------------------------------------
environment: Literal["dev", "test", "prod"] = "dev"
log_level: str = "INFO"
log_json: bool = Field(
default=False,
description="Structured JSON logs (enable in prod).",
)
# -- database ---------------------------------------------------------
# Async driver required (asyncpg). Example:
# postgresql+asyncpg://mcma:mcma@db:5432/mcma
database_url: str = "postgresql+asyncpg://mcma:mcma@localhost:5432/mcma"
db_echo: bool = False
db_pool_size: int = 5
db_max_overflow: int = 10
# -- redis (cache + arq broker) --------------------------------------
redis_url: str = "redis://localhost:6379/0"
# -- auth -------------------------------------------------------------
jwt_secret: SecretStr = SecretStr("change-me-in-prod")
jwt_algorithm: str = "HS256"
access_token_ttl_seconds: int = 60 * 15 # 15 min
refresh_token_ttl_seconds: int = 60 * 60 * 24 * 30 # 30 days (offline-first)
# Public self-service sign-up. When disabled, accounts are created
# admin-only (POST /admin/users). Registered users are never superusers.
allow_registration: bool = True
# -- subsonic ---------------------------------------------------------
# Symmetric key (any string) used to encrypt each user's recoverable
# Subsonic app-password at rest. A Fernet key is derived from it; rotating
# this value renders stored app-passwords undecryptable (rotate them too).
subsonic_secret_key: SecretStr = SecretStr("change-me-subsonic-key")
# -- media / storage --------------------------------------------------
media_path: Path = Path("/data/media")
transcode_cache_path: Path = Path("/data/transcode-cache")
max_parallel_downloads: int = 2
storage_backend: Literal["local", "s3"] = "local"
upload_tmp_dir: Path | None = None
# -- sources ----------------------------------------------------------
# Mounted folder the ``local`` source indexes (copies into managed storage).
# Unset → the local source is simply not registered.
local_media_import_path: Path | None = None
# -- S3 storage (deferred; set storage_backend="s3" to use) ----------
s3_endpoint_url: str | None = None
s3_bucket: str | None = None
s3_region: str | None = None
s3_access_key: SecretStr | None = None
s3_secret_key: SecretStr | None = None
# -- external services (all optional; graceful degradation) ----------
ml_service_url: str | None = None
acoustid_api_key: SecretStr | None = None
acoustid_api_url: str = "https://api.acoustid.org/v2/lookup"
musicbrainz_user_agent: str = "mcma-backend/0.1.0 ( https://github.com/your/repo )"
youtube_cookies_path: Path | None = None
# -- enrichment -------------------------------------------------------
# ``fpcalc`` (Chromaprint) binary; resolved on PATH by default. The Docker
# image installs it via libchromaprint-tools.
fpcalc_path: str = "fpcalc"
@field_validator("database_url")
@classmethod
def _require_async_driver(cls, v: str) -> str:
if "+asyncpg" not in v:
raise ValueError("database_url must use the asyncpg driver: postgresql+asyncpg://")
return v
@property
def is_prod(self) -> bool:
return self.environment == "prod"
@lru_cache
def get_settings() -> Settings:
"""Cached settings singleton. Patch the cache in tests via ``get_settings.cache_clear()``."""
return Settings()
Reference in New Issue View Git Blame Copy Permalink