Emi Matchu
d6888f1941
Ah right, now that you no longer need to provide this secret value as a
query param or a cookie in order to see NeoPass stuff, we can safely
delete it! Goodbye! 👋
160 lines
6.9 KiB
Ruby
160 lines
6.9 KiB
Ruby
require "active_support/core_ext/integer/time"
|
|
|
|
Rails.application.configure do
|
|
# Settings specified here will take precedence over those in config/application.rb.
|
|
|
|
# In the development environment your application's code is reloaded any time
|
|
# it changes. This slows down response time but is perfect for development
|
|
# since you don't have to restart the web server when you make code changes.
|
|
config.enable_reloading = true
|
|
|
|
# Do not eager load code on boot.
|
|
config.eager_load = false
|
|
|
|
# Show full error reports.
|
|
config.consider_all_requests_local = true
|
|
|
|
# Enable server timing
|
|
config.server_timing = true
|
|
|
|
# Enable/disable caching. By default caching is disabled.
|
|
# Run rails dev:cache to toggle caching.
|
|
if Rails.root.join("tmp/caching-dev.txt").exist?
|
|
config.action_controller.perform_caching = true
|
|
config.action_controller.enable_fragment_cache_logging = true
|
|
|
|
config.cache_store = :memory_store
|
|
config.public_file_server.headers = {
|
|
"Cache-Control" => "public, max-age=#{2.days.to_i}"
|
|
}
|
|
else
|
|
config.action_controller.perform_caching = false
|
|
|
|
config.cache_store = :null_store
|
|
end
|
|
|
|
# Store uploaded files on the local file system (see config/storage.yml for options).
|
|
# config.active_storage.service = :local
|
|
|
|
# Don't care if the mailer can't send.
|
|
config.action_mailer.raise_delivery_errors = false
|
|
config.action_mailer.default_url_options = {host: "localhost", port: 3000}
|
|
config.action_mailer.delivery_method = :letter_opener
|
|
config.action_mailer.perform_caching = false
|
|
|
|
# Raise exceptions for disallowed deprecations.
|
|
config.active_support.disallowed_deprecation = :raise
|
|
|
|
# Tell Active Support which deprecation messages to disallow.
|
|
config.active_support.disallowed_deprecation_warnings = []
|
|
|
|
# Raise an error on page load if there are pending migrations.
|
|
config.active_record.migration_error = :page_load
|
|
|
|
# Debug mode disables concatenation and preprocessing of assets.
|
|
# This option may cause significant delays in view rendering with a large
|
|
# number of complex assets.
|
|
config.assets.debug = true
|
|
|
|
# Highlight code that triggered database queries in logs.
|
|
config.active_record.verbose_query_logs = true
|
|
|
|
# Highlight code that enqueued background job in logs.
|
|
config.active_job.verbose_enqueue_logs = true
|
|
|
|
# Suppress logger output for asset requests.
|
|
config.assets.quiet = true
|
|
|
|
config.react.variant = :development
|
|
|
|
# Raises error for missing translations.
|
|
# config.i18n.raise_on_missing_translations = true
|
|
|
|
# Annotate rendered view with file names.
|
|
# config.action_view.annotate_rendered_view_with_filenames = true
|
|
|
|
# Uncomment if you wish to allow Action Cable access from any origin.
|
|
# config.action_cable.disable_request_forgery_protection = true
|
|
|
|
# Raise error when a before_action's only/except options reference missing actions
|
|
config.action_controller.raise_on_missing_callback_actions = true
|
|
|
|
# Don't use the assets precompiled for production; recompile live instead.
|
|
# HACK: We do this by just telling it that dev assets belong in a special
|
|
# folder, so if you run precompile in development it'll look there instead,
|
|
# as recommended by the Rails guide. But I don't actually use that irl!
|
|
# https://guides.rubyonrails.org/v7.0.7/asset_pipeline.html#local-precompilation
|
|
config.assets.prefix = "/dev-assets"
|
|
|
|
# Fix file reloading in a Vagrant environment.
|
|
# The `ActiveSupport::EventedFileUpdateChecker` is faster, but doesn't work
|
|
# correctly for Vagrant's networked folders!
|
|
# https://stackoverflow.com/a/36616931
|
|
#
|
|
# TODO: In the future, if we don't expect the use of Vagrant or similar tech
|
|
# anymore, we could remove this for a minor dev perf improvement. We're on
|
|
# Vagrant now because it's hard to get older Ruby running on many modern
|
|
# systems, but later on that could change!
|
|
#
|
|
# NOTE: But I also see that this might be the default anyway in current
|
|
# Rails? idk when that changed... so maybe just delete this later?
|
|
config.file_watcher = ActiveSupport::FileUpdateChecker
|
|
|
|
# Allow connections on Vagrant's private network.
|
|
config.web_console.permissions = '10.0.2.2'
|
|
|
|
# Use a local copy of Impress 2020, presumably running on port 4000. (Can
|
|
# override this with the IMPRESS_2020_ORIGIN environment variable!)
|
|
config.impress_2020_origin = ENV.fetch("IMPRESS_2020_ORIGIN",
|
|
"http://localhost:4000")
|
|
|
|
# Save the Neopets Media Archive in the local `tmp` folder. (In production,
|
|
# we keep this in a long-term location instead!)
|
|
config.neopets_media_archive_root = Rails.root / "tmp" /
|
|
"neopets_media_archive" / "development"
|
|
|
|
# When developing the `public_data:commit` command, save to the local `tmp`
|
|
# folder. (In production, we keep this in a long-term location instead!)
|
|
config.public_data_root = Rails.root / "tmp" / "public_data"
|
|
|
|
# Use the local NeoPass development server.
|
|
config.neopass_origin = "https://localhost:8585"
|
|
|
|
# Set the NeoPass redirect callback URL.
|
|
config.neopass_redirect_uri =
|
|
"http://localhost:3000/users/auth/neopass/callback"
|
|
|
|
# If the "USE_LIVE_NEOPASS=1" environment variable is set, override the
|
|
# NeoPass config with the production values instead.
|
|
#
|
|
# Note that this does *not* allow you to just use NeoPass with the
|
|
# development server as one might like! Our `localhost:3000` redirect URL is
|
|
# not registered with live NeoPass, so we have to provide the production
|
|
# callback, or else NeoPass will reject the initial auth request altogether!
|
|
#
|
|
# Instead, you'll need to somehow intercept the flow:
|
|
# 1. Dress to Impress (development) sends you to NeoPass, with production
|
|
# configuration in the request.
|
|
# 2. NeoPass redirects back to Dress to Impress (production).
|
|
# 3. Use some kind of tool to prevent the above redirect, and rewrite it
|
|
# to `localhost:3000` instead.
|
|
# - For me, it's convenient to do this via the Burp Suite's "Proxy"
|
|
# tool: intercept the request, cancel it, and manually rewrite the
|
|
# URL and navigate to it.
|
|
# - Another way I've used for similar things in the past is to edit my
|
|
# /etc/hosts file to temporarily point `impress.openneo.net` to
|
|
# `127.0.0.1`. Then, when the request fails, manually rewrite the
|
|
# URL and navigate to it.
|
|
# - I suppose you could also have your browser's Network panel persist
|
|
# logs, then you can see the `/users/auth/neopass/callback` request
|
|
# that fails and redirects back to the production sign-in page, and
|
|
# manually rewrite it? (The request should be safe to let through,
|
|
# because production DTI will reject the callback, because it knows
|
|
# from the `state` parameter that it didn't initiate this flow.)
|
|
if ENV["USE_LIVE_NEOPASS"].present?
|
|
puts "Using live NeoPass, instead of the development server."
|
|
config.neopass_origin = "https://oidc.neopets.com"
|
|
config.neopass_redirect_uri =
|
|
"https://impress.openneo.net/users/auth/neopass/callback"
|
|
end
|
|
end
|