SECRET_KEY = "e$3$hp7u@1ba25kxxa46a7q+bc*3dfulsxhyq+nmap1f@me78$"

DOMAIN = "rik.veenboer.xyz"
SERVICE_URL = f"https://seafile.{DOMAIN}"
CSRF_TRUSTED_ORIGINS = [SERVICE_URL]
# DEBUG = True
TIME_ZONE = "Europe/Amsterdam"
DATABASES = {
    "default": {
        "ENGINE": "django.db.backends.mysql",
        "NAME": "seahub_db",
        "USER": "seafile",
        "PASSWORD": "PASSWORD",
        "HOST": "seafile-mysql",
        "PORT": "3306",
        "OPTIONS": {"charset": "utf8mb4"},
    }
}

ENABLE_OAUTH = True

# If create new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_CREATE_UNKNOWN_USER = True

# If active new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_ACTIVATE_USER_AFTER_CREATION = True

# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error.
OAUTH_ENABLE_INSECURE_TRANSPORT = False

# Client id/secret generated by authorization server when you register your client application.
OAUTH_CLIENT_ID = "ppPkXbiyxpYKOlHdKHNM69HlzrKBz1DB9eTgvfgh"
OAUTH_CLIENT_SECRET = "G1F5UwQyMDFSZpo8OjMLdU7TbMniWzNDJqjGHsGo1Yr03MOMM5uAw4gHLRMdxM72DLZUWWgSllEOkHk8ifBH7FVhlNw9zwc5LNOFIoXzMNZAuaJhLDlWPjWrfMCiosNT"

# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.
OAUTH_REDIRECT_URL = f"{SERVICE_URL}/oauth/callback/"
OAUTH_PROVIDER_DOMAIN = f"authentik.{DOMAIN}"

OAUTH_AUTHORIZATION_URL = f"https://{OAUTH_PROVIDER_DOMAIN}/application/o/authorize/"
OAUTH_TOKEN_URL = f"https://{OAUTH_PROVIDER_DOMAIN}/application/o/token/"
OAUTH_USER_INFO_URL = f"https://{OAUTH_PROVIDER_DOMAIN}/application/o/userinfo/"
OAUTH_SCOPE = ["openid", "profile", "seafile"]
OAUTH_ATTRIBUTE_MAP = {
    "seafile_id": (True, "email"),
    "seafile_email": (False, "contact_email"),
    "name": (False, "name"),
}