snapshot seafile

2024-11-22 09:50:16 +01:00
parent 0824e07bf6
commit c2c61f93c7
3 changed files with 82 additions and 83 deletions
--- a/seafile/conf/conf
+++ b/seafile/conf/conf
@@ -0,0 +1 @@
 /seafile/conf
--- a/seafile/conf/seahub_settings.py
+++ b/seafile/conf/seahub_settings.py
@@ -1,86 +1,3 @@
 ## General
 SECRET_KEY = "zt^$p=*-yzytt3)1lidvsfjrq7qe+3t^$nw6wp_+bqhttxy4c!"
 SERVICE_URL = "https://seafile.rik.veenboer.xyz/"
 ## Remote User Authentication
 ENABLE_REMOTE_USER_AUTHENTICATION = False
 # Optional, HTTP header, which is configured in your web server conf file,
 # used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'.
 REMOTE_USER_HEADER = 'X-Seafile-User'
 # Optional, when the value of HTTP_REMOTE_USER is not a valid email address，
 # Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER'
 # and this domain, e.g. user1@example.com.
 REMOTE_USER_DOMAIN = 'veenboer.xyz'
 # Optional, whether to create new user in Seafile system, default value is True.
 # If this setting is disabled, users doesn't preexist in the Seafile DB cannot login.
 # The admin has to first import the users from external systems like LDAP.
 REMOTE_USER_CREATE_UNKNOWN_USER = True
 # Optional, whether to activate new user in Seafile system, default value is True.
 # If this setting is disabled, user will be unable to login by default.
 # the administrator needs to manually activate this user.
 REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True
 # Optional, map user attribute in HTTP header and Seafile's user attribute.
 REMOTE_USER_ATTRIBUTE_MAP = {
    'X-Authentik-Username': 'name',
    'X-Seafile-User': 'contact_email',
    # for user info
    # "HTTP_GIVENNAME": 'givenname',
    # "HTTP_SN": 'surname',
    # "HTTP_ORGANIZATION": 'institution',
    # for user role
    # 'HTTP_Shibboleth-affiliation': 'affiliation',
 }
 # Map affiliation to user role. Though the config name is SHIBBOLETH_AFFILIATION_ROLE_MAP,
 # it is not restricted to Shibboleth
 SHIBBOLETH_AFFILIATION_ROLE_MAP = {
    # 'employee@uni-mainz.de': 'staff',
    # 'member@uni-mainz.de': 'staff',
    # 'student@uni-mainz.de': 'student',
    # 'employee@hu-berlin.de': 'guest',
    # 'patterns': (
    #     ('*@hu-berlin.de', 'guest1'),
    #     ('*@*.de', 'guest2'),
    #     ('*', 'guest'),
    # ),
 }
 ## OAuth Authentication
 ENABLE_OAUTH = True
 # If create new user when he/she logs in Seafile for the first time, defalut `True`.
 OAUTH_CREATE_UNKNOWN_USER = True
 # If active new user when he/she logs in Seafile for the first time, defalut `True`.
 OAUTH_ACTIVATE_USER_AFTER_CREATION = True
 # Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error.
 OAUTH_ENABLE_INSECURE_TRANSPORT = True
 # Client id/secret generated by authorization server when you register your client application.
 OAUTH_CLIENT_ID = "ppPkXbiyxpYKOlHdKHNM69HlzrKBz1DB9eTgvfgh"
 OAUTH_CLIENT_SECRET = "G1F5UwQyMDFSZpo8OjMLdU7TbMniWzNDJqjGHsGo1Yr03MOMM5uAw4gHLRMdxM72DLZUWWgSllEOkHk8ifBH7FVhlNw9zwc5LNOFIoXzMNZAuaJhLDlWPjWrfMCiosNT"
 # Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.
 OAUTH_REDIRECT_URL = 'https://seafile.rik.veenboer.xyz/oauth/callback/'
 OAUTH_PROVIDER_DOMAIN = 'authentik.rik.veenboer.xyz'
 OAUTH_AUTHORIZATION_URL = 'https://authentik.rik.veenboer.xyz/application/o/authorize/'
 OAUTH_TOKEN_URL = 'https://authentik.rik.veenboer.xyz/application/o/token/'
 OAUTH_USER_INFO_URL = 'https://authentik.rik.veenboer.xyz/application/o/userinfo/'
 OAUTH_SCOPE = ["user",]
 OAUTH_ATTRIBUTE_MAP = {
    # "id": (True, "email"),  # Please keep the 'email' option unchanged to be compatible with the login of users of version 11.0 and earlier.
    "name": (False, "name"),
    "email": (False, "contact_email"),
    "uid": (True, "uid"),   # Seafile v11.0 +
 }
--- a/seafile/conf/unused_oauth.py
+++ b/seafile/conf/unused_oauth.py
@@ -0,0 +1,81 @@
 ## Remote User Authentication
 ENABLE_REMOTE_USER_AUTHENTICATION = False
 # Optional, HTTP header, which is configured in your web server conf file,
 # used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'.
 REMOTE_USER_HEADER = 'X-Seafile-User'
 # Optional, when the value of HTTP_REMOTE_USER is not a valid email address，
 # Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER'
 # and this domain, e.g. user1@example.com.
 REMOTE_USER_DOMAIN = 'veenboer.xyz'
 # Optional, whether to create new user in Seafile system, default value is True.
 # If this setting is disabled, users doesn't preexist in the Seafile DB cannot login.
 # The admin has to first import the users from external systems like LDAP.
 REMOTE_USER_CREATE_UNKNOWN_USER = True
 # Optional, whether to activate new user in Seafile system, default value is True.
 # If this setting is disabled, user will be unable to login by default.
 # the administrator needs to manually activate this user.
 REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True
 # Optional, map user attribute in HTTP header and Seafile's user attribute.
 REMOTE_USER_ATTRIBUTE_MAP = {
    'X-Authentik-Username': 'name',
    'X-Seafile-User': 'contact_email',
    # for user info
    # "HTTP_GIVENNAME": 'givenname',
    # "HTTP_SN": 'surname',
    # "HTTP_ORGANIZATION": 'institution',
    # for user role
    # 'HTTP_Shibboleth-affiliation': 'affiliation',
 }
 # Map affiliation to user role. Though the config name is SHIBBOLETH_AFFILIATION_ROLE_MAP,
 # it is not restricted to Shibboleth
 SHIBBOLETH_AFFILIATION_ROLE_MAP = {
    # 'employee@uni-mainz.de': 'staff',
    # 'member@uni-mainz.de': 'staff',
    # 'student@uni-mainz.de': 'student',
    # 'employee@hu-berlin.de': 'guest',
    # 'patterns': (
    #     ('*@hu-berlin.de', 'guest1'),
    #     ('*@*.de', 'guest2'),
    #     ('*', 'guest'),
    # ),
 }
 ## OAuth Authentication
 ENABLE_OAUTH = True
 # If create new user when he/she logs in Seafile for the first time, defalut `True`.
 OAUTH_CREATE_UNKNOWN_USER = True
 # If active new user when he/she logs in Seafile for the first time, defalut `True`.
 OAUTH_ACTIVATE_USER_AFTER_CREATION = True
 # Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error.
 OAUTH_ENABLE_INSECURE_TRANSPORT = True
 # Client id/secret generated by authorization server when you register your client application.
 OAUTH_CLIENT_ID = "ppPkXbiyxpYKOlHdKHNM69HlzrKBz1DB9eTgvfgh"
 OAUTH_CLIENT_SECRET = "G1F5UwQyMDFSZpo8OjMLdU7TbMniWzNDJqjGHsGo1Yr03MOMM5uAw4gHLRMdxM72DLZUWWgSllEOkHk8ifBH7FVhlNw9zwc5LNOFIoXzMNZAuaJhLDlWPjWrfMCiosNT"
 # Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.
 OAUTH_REDIRECT_URL = 'https://seafile.rik.veenboer.xyz/oauth/callback/'
 OAUTH_PROVIDER_DOMAIN = 'authentik.rik.veenboer.xyz'
 OAUTH_AUTHORIZATION_URL = 'https://authentik.rik.veenboer.xyz/application/o/authorize/'
 OAUTH_TOKEN_URL = 'https://authentik.rik.veenboer.xyz/application/o/token/'
 OAUTH_USER_INFO_URL = 'https://authentik.rik.veenboer.xyz/application/o/userinfo/'
 OAUTH_SCOPE = ["user",]
 OAUTH_ATTRIBUTE_MAP = {
    # "id": (True, "email"),  # Please keep the 'email' option unchanged to be compatible with the login of users of version 11.0 and earlier.
    "name": (False, "name"),
    "email": (False, "contact_email"),
    "uid": (True, "uid"),   # Seafile v11.0 +
 }