add recaptcha plugin

.dockerignore

@@ -1,6 +1,6 @@
 *.pyc
 *.pyo
 /.env
-/docker
+/data
+/static_collected
 /node_modules
-.git

.env

@@ -1,13 +1,5 @@
 SECRET_KEY=TEST---asdg4hr63453452542h4sdf25g42s3df54hj38rd4sg3f2d54h3sd5f4g53
-DEBUG=True
+DEBUG=False
 SENTRY_DSN=https://460e310d034c49a794941e087c4fcc6e@sentry.io/1196285
 DEFAULT_HAYSTACK_URL=es+https://tcjf1ngoog:qj70l67kk2@tagesschule-elementa-8329801232.eu-west-1.bonsaisearch.net/index-*
-DATABASE_URL=postgres://django:MuzQzD6yLyaksfw9f6NUDLsK6Tp7gD7f8uX@postgres:5432/db
-HTTP_PORT=8009
-POSTGRES_PASSWORD=MuzQzD6yLyaksfw9f6NUDLsK6Tp7gD7f8uX
-POSTGRES_USER=django
-POSTGRES_DB=db
-POSTGRES_DATA_DIR=./docker/pgdata
-MEDIA_DIR=./docker/data/media
-DATA_DIR=./docker/data
-STATIC_DIR=./docker/static_collected
+DATABASE_URL=postgres://django:MuzQzD6yLyaksfw9f6NUDLsK6Tp7gD7f8uX@postgres:5432/db

.env-local

@@ -1,2 +1,2 @@
-DATABASE_URL=postgres://django@MuzQzD6yLyaksfw9f6NUDLsK6Tp7gD7f8uX:5432/db
-DEFAULT_HAYSTACK_URL=es+https://tcjf1ngoog:qj70l67kk2@tagesschule-elementa-8329801232.eu-west-1.bonsaisearch.net/test-*
+DATABASE_URL=postgres://postgres@postgres:5432/db
+DEFAULT_HAYSTACK_URL=es+https://tcjf1ngoog:qj70l67kk2@tagesschule-elementa-8329801232.eu-west-1.bonsaisearch.net/test-*

.gitignore

@@ -15,8 +15,9 @@ Thumbs.db
 
 # Aldryn
 .aldryn
+/data
 /data.tar.gz
-/docker/static_collected
+/static_collected
 /node_modules
 # </DEFAULT>
 /static/css/
@@ -26,14 +27,4 @@ Thumbs.db
 /static/animation/
 /.idea
 /requirements.txt
-/docker/conf/certbot/
-/docker/pgdata/**
-/docker/data
-.env-nginx
-.env-db
-.env
-docker/storage/**
-.bash_history
-.cache/
-.local/
-.ssh/
+/conf/certbot/

Dockerfile

@@ -54,8 +54,8 @@ RUN pip-reqs compile && \
 COPY . /app
 # </SOURCE>
 
-RUN mkdir -p /app/static_collected
-RUN mkdir -p /app/data/media
+RUN mkdir /app/static_collected
+RUN mkdir /app/data/media
 
 # <GULP>
 ENV GULP_MODE=production

README.md

@@ -1,43 +0,0 @@
-# Tagesschule elementa
-
-
-## Docker
-
-1. Copy environment files `.env*.example` to `.env*` and make the configuration changes.
-Configure database user and ports for docker.
-    - HTTP_PORT=8009 [.env] ...
-          
-      
-2. Main app has several mountpoints / volumes. Point them into the appropriate location on 
-your filesystem  
-    - ./docker/static_collected 
-    - ./docker/data/media
-    - ./docker/data
-    
-3. To start
-
-        docker-compose up
-          
-4. Restore DB   
-
-        docker exec -i tagesschule_db_1 pg_restore -U django --no-owner -d db < 41ebf901-4607-4653-9b00-54a42d877b38.dump       
-
-3. Migrate
-
-        docker-compose exec web manage.py migrate
-
-5. Add admin user
-
-In docker container `docker-compose exec web bash` run
-
-    python manage.py shell
-    
-In that shell create admin user (https://stackoverflow.com/questions/18503770/how-to-create-user-from-django-shell)     
-
-    user@host> manage.py shell
-    >>> from django.contrib.auth.models import User
-    >>> user=User.objects.create_user('foo', password='bar')
-    >>> user.is_superuser=True
-    >>> user.is_staff=True
-    >>> user.save()
-

conf/nginx/app.conf

@@ -2,15 +2,33 @@ upstream gunicorn {
     server web:80;
 }
 
+
 server {
     listen 80;
     server_name tagesschule.mprofiag.ch;
     server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name tagesschule.mprofiag.ch;
+    server_tokens off;
     sendfile on;
 
-    add_header X-Frame-Options "";
+    ssl_certificate /etc/letsencrypt/live/tagesschule.mprofiag.ch/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/tagesschule.mprofiag.ch/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
-    client_max_body_size 1000M;
+    add_header X-Frame-Options "";
 
     gzip on;
     gzip_http_version 1.1;

docker-compose.yml

@@ -5,36 +5,55 @@ services:
     image: nginx:1.16-alpine
     restart: unless-stopped
     volumes:
-      - ./docker/conf/nginx:/etc/nginx/conf.d
-      - ./docker/static_collected:/app/static_collected
-      - ${MEDIA_DIR}:/app/data/media
+      - ./conf/nginx:/etc/nginx/conf.d
+      - ./conf/certbot/conf:/etc/letsencrypt
+      - ./conf/certbot/www:/var/www/certbot
+      - ./static_collected:/app/static_collected
+      - ./data/media:/app/data/media
     ports:
-      - ${HTTP_PORT}:80
-    #command: "/bin/sh -c 'while :; do sleep 1m & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
+      - "80:80"
+      - "443:443"
+    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
     depends_on:
       - web
-    network_mode: bridge
-    links:
-      - web
-  web:
+    networks:
+      - nginx_network
+
+  certbot:
+    image: certbot/certbot
     restart: unless-stopped
+    volumes:
+      - ./conf/certbot/conf:/etc/letsencrypt
+      - ./conf/certbot/www:/var/www/certbot
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
+
+  web:
     build: "."
     links:
       - "db:postgres"
     volumes:
-      - .:/app:rw
-      - ${DATA_DIR}:/data:rw
-      - ${STATIC_DIR}:/app/static_collected
-      - ${MEDIA_DIR}:/app/data/media
-    network_mode: bridge
+      - ".:/app:rw"
+      - "./data:/data:rw"
+      - ./static_collected:/app/static_collected
+      - ./data/media:/app/data/media
+    networks:
+      - nginx_network
+      - db_network
     command: "/bin/sh -c '/app/wait-for-postgres.sh postgres /app/run.sh'"
     env_file:
       - ./.env
   db:
-    restart: unless-stopped
     image: postgres:9.6-alpine
     env_file:
       - ./.env-db
     volumes:
-      - ${POSTGRES_DATA_DIR}:/var/lib/postgresql/data:rw
-    network_mode: bridge
+      - ".:/app:rw"
+      - "./pgdata:/var/lib/postgresql/data:rw"
+    networks:
+      - db_network
+
+networks:
+  nginx_network:
+    driver: bridge
+  db_network:
+    driver: bridge

requirements.in

@@ -21,6 +21,14 @@ django-image-cropping==1.2.0
 django-anymail[mailgun]==1.4
 django-admin-view-permission==1.9
 gunicorn==19.9.0
-django-storages<1.9 # https://stackoverflow.com/questions/60297619/divio-importerror-cannot-import-name-s3boto
-
 sentry-sdk==0.14.3
+aldryn-forms-recaptcha-plugin==1.0.0.2
+django-recaptcha2==1.4.1
+# compat versions
+django-storages<1.9
+psycopg2<2.8
+django-parler<=2.1
+django-select2<=6.3.1
+django-sekizai<=1.1.0
+django-classy-tags<=1.0.0
+djangocms-attributes-field<=1.2.0

settings.py

@@ -38,6 +38,8 @@ aldryn_addons.settings.load(locals())
 
 INSTALLED_APPS.insert(0, 'admin_view_permission')
 INSTALLED_APPS.extend([
+    'aldryn_forms_recaptcha_plugin',
+    'snowpenguin.django.recaptcha3',
     'portal',
     'project',
     'fontawesome',
@@ -253,7 +255,11 @@ if not DEBUG:
         'tagesschule-elementa.ch',
         'www.tagesschule-elementa.ch',
         'tagesschule.mprofiag.ch',
-        'docker.mprofiag.de'
     ]
 
 DATA_UPLOAD_MAX_MEMORY_SIZE = 1024 * 1024 * 1024
+
+RECAPTCHA_PUBLIC_KEY = '6Lec78gZAAAAANc-oxXJPMi7BXmINlP-QkcS937g'
+RECAPTCHA_PRIVATE_KEY = '6Lec78gZAAAAADuIppqW7cSh6iPw3TZQ9r-ogHtz'
+
+RECAPTCHA_SCORE_THRESHOLD = 0.5

src/portal/migrations/0005_auto_20200325_1611.py

@@ -1,46 +0,0 @@
-# -*- coding: utf-8 -*-
-# Generated by Django 1.11.21 on 2020-03-25 16:11
-from __future__ import unicode_literals
-
-from django.db import migrations
-import django.db.models.deletion
-import parler.fields
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('portal', '0004_auto_20180718_1754'),
-    ]
-
-    operations = [
-        migrations.AlterModelOptions(
-            name='announcement',
-            options={'ordering': ['-updated'], 'verbose_name': 'Neuigkeit', 'verbose_name_plural': 'Aktuell'},
-        ),
-        migrations.AlterField(
-            model_name='announcementtranslation',
-            name='master',
-            field=parler.fields.TranslationsForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='translations', to='portal.Announcement'),
-        ),
-        migrations.AlterField(
-            model_name='downloadfiletranslation',
-            name='master',
-            field=parler.fields.TranslationsForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='translations', to='portal.DownloadFile'),
-        ),
-        migrations.AlterField(
-            model_name='downloadsectiontranslation',
-            name='master',
-            field=parler.fields.TranslationsForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='translations', to='portal.DownloadSection'),
-        ),
-        migrations.AlterField(
-            model_name='informationsectiontranslation',
-            name='master',
-            field=parler.fields.TranslationsForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='translations', to='portal.InformationSection'),
-        ),
-        migrations.AlterField(
-            model_name='informationtranslation',
-            name='master',
-            field=parler.fields.TranslationsForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='translations', to='portal.Information'),
-        ),
-    ]

src/project/cms_plugins.py

@@ -203,12 +203,7 @@ class FormPlugin(_FormPlugin):
     module = 'Content'
     name = 'Form'
     child_classes = ['TextField', 'TextAreaField', 'EmailField', 'RadioSelectField', 'MultipleSelectField',
-                     'SubmitButton']
-
-    def send_notifications(self, instance, form):
-        if dict(form.get_serialized_field_choices()).get('honeypot', ''):
-            return []
-        return super(FormPlugin, self).send_notifications(instance, form)
+                     'SubmitButton', 'ReCaptchaFieldPlugin']
 
 
 class SocialMediaListItemInlineAdmin(admin.TabularInline):

src/project/migrations/0010_auto_20200325_1611.py

@@ -1,27 +0,0 @@
-# -*- coding: utf-8 -*-
-# Generated by Django 1.11.21 on 2020-03-25 16:11
-from __future__ import unicode_literals
-
-from django.db import migrations
-import django.db.models.deletion
-import parler.fields
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('project', '0009_auto_20190214_1250'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='notificationtranslation',
-            name='master',
-            field=parler.fields.TranslationsForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='translations', to='project.Notification'),
-        ),
-        migrations.AlterField(
-            model_name='slideritemqualificationtranslation',
-            name='master',
-            field=parler.fields.TranslationsForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='translations', to='project.SliderItemQualification'),
-        ),
-    ]

wait-for-postgres.sh

@@ -7,10 +7,10 @@ host="$1"
 shift
 cmd="$@"
 
-until PGPASSWORD=$POSTGRES_PASSWORD psql -h "$host" -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c '\q'; do
+until PGPASSWORD=$POSTGRES_PASSWORD psql -h "$host" -U "postgres" -c '\q'; do
   >&2 echo "Postgres is unavailable - sleeping"
   sleep 1
 done
 
 >&2 echo "Postgres is up - executing command"
-exec $cmd
+exec $cmd