-
Notifications
You must be signed in to change notification settings - Fork 0
/
env_sample.hjson
326 lines (325 loc) · 16.2 KB
/
env_sample.hjson
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
{
# Required to set this with some value
# Run the code here to generate https://raw.githubusercontent.com/openwisp/ansible-openwisp2/master/files/generate_django_secret_key.py
"DJANGO_SECRET_KEY": "<Generate Secret Key>",
# Sets the time zone for Django (defaults to environment variable TZ, which defaults to "America/Detroit")
"TIME_ZONE": "America/Detroit",
# CSV List of hosts allowed, no spaces in between commas
"ALLOWED_HOSTS": [
"127.0.0.1",
"localhost"
],
# The URL of a generic help or documentation site, to be used in the front end's drop-down menu
"HELP_URL": "https://its.umich.edu/academics-research/teaching-learning/my-learning-analytics",
# Help for views. Specify URLs to overide defaults
# URL_VIEW_RESOURCES_ACCESSED
# URL_VIEW_ASSIGNMENT_PLANNING
# URL_VIEW_GRADE_DISTRIBUTION
# ID for your Google Analytics, defaults to nothing/disabled
"GA_ID": "",
# The hex value to be used in the front end for the primary color of the palette and theme
"PRIMARY_UI_COLOR": "#00274C",
# Configuration of CSP see https://django-csp.readthedocs.io/en/latest/configuration.html
# To enable this at all you must set have the CSP key set
# and REPORT_ONLY should be be false, otherwise it will just console Warn
"CSP": {
"REPORT_ONLY": true,
# You should set your domain as the DEFAULT_SRC
"DEFAULT_SRC": ["'self'","example.edu"],
"SCRIPT_SRC": ["'self'", "'unsafe-inline'", "*.googletagmanager.com"],
"IMG_SRC": ["'self'", "data:", "*.google-analytics.com", "*.googletagmanager.com"],
"OBJECT_SRC": [],
"MEDIA_SRC": [],
# If you're embedding in Canvas you may need to include instructure.com as FRAME_SRC
"FRAME_SRC": [],
"FONT_SRC": ["'self'", "fonts.gstatic.com"],
"CONNECT_SRC": ["'self'", "*.google-analytics.com", "*.analytics.google.com", "*.googletagmanager.com"],
"STYLE_SRC": ["'self'", "'unsafe-inline'"],
"BASE_URI": [],
"FRAME_ANCESTORS": [],
"FORM_ACTION": [],
"SANDBOX": [],
"REPORT_URI": [],
"MANIFEST_SRC": [],
"WORKER_SRC": [],
"PLUGIN_TYPES": [],
"REQUIRE_SRI_FOR": [],
"UPGRADE_INSECURE_REQUESTS": false,
"BLOCK_ALL_MIXED_CONTENT": false,
"INCLUDE_NONCE_IN": ["script-src"]
},
# default password length indicator incase of creating user from command line or LTI auto login
"RANDOM_PASSWORD_DEFAULT_LENGTH": 32,
# Enable secure cookies, also set your trusted origin (example of instructure.com)
# This needs to be true for deployments or when testing LTI with ngrok or loophole.
"CSRF_COOKIE_SECURE": false,
"CSRF_TRUSTED_ORIGINS": ["https://*.instructure.com", "https://*.umich.edu"],
# If you have a proxy that sets this header then set this to true. Default is false
"USE_X_FORWARDED_HOST": false,
# SameSite settings for Session and CSRF (defaults in settings.py should work), if you do want non-string None set to null.
"SESSION_COOKIE_SAMESITE": "None",
"CSRF_COOKIE_SAMESITE": "None",
# user Django session expiration, defaults to 24hrs matching canvas
"SESSION_COOKIE_AGE": 86400,
# Django Session to expire on browser close (quit), defaults to true
"SESSION_EXPIRE_AT_BROWSER_CLOSE": true
# Warning:
# This enables debugging of Django code
# Use "true" for local development
# Use "false" in production; otherwise, it may reveal internal information such as settings to a user if they encounter an error.
"DJANGO_DEBUG": false,
# Any other logs
"ROOT_LOG_LEVEL": "INFO",
# How long to cache some URL's on the client (Defualt 3600 seconds)
# "CLIENT_CACHE_TIME": 3600,
# MySQL Configuration
"MYSQL": {
# Mysql Django Engine name
"ENGINE": "django.db.backends.mysql",
# Local database name
"NAME": "student_dashboard",
# Local database user
"USER": "student_dashboard_user",
# Local database password
"PASSWORD": "student_dashboard_pw",
# Local database host
"HOST": "student_dashboard_mysql",
# Local database port
"PORT": 3306,
# Local database root password (optional)
"ROOT_PASSWORD": "student_dashboard_root_pw"
},
# Default Canvas Data id increment for course id, user id, etc
"CANVAS_DATA_ID_INCREMENT": 17700000000000000,
# Canvas Configuration
"CANVAS_USER": "",
# strings for construct file download url
"CANVAS_FILE_PREFIX": "https://umich.instructure.com/files/",
"CANVAS_FILE_POSTFIX": "/download?download_frd=1",
# LTI Configuration
# LTI is disabled by default
"ENABLE_LTI": false,
# LTI 1.3 configuration
# Each key in this object corresponds to an "iss" from the LTI protocol.
# The first key of LTI_CONFIG is the Canvas URL (production, beta, or test)
"LTI_CONFIG": {
"https://canvas.instructure.com": [
{
# requests without ID from this platform use this config by default
"default": true,
# from Canvas: Developer Keys → value from Details column
"client_id": "17700000000000111",
# Allowed hosts for the following 3 URLs: canvas.instructure.com, canvas.beta.instructure.com, canvas.test.instructure.com
"auth_login_url": "https://canvas.instructure.com/api/lti/authorize_redirect",
"auth_token_url": "https://canvas.instructure.com/login/oauth2/token",
"key_set_url": "https://canvas.instructure.com/api/lti/security/jwks",
"key_set":null,
# this tool's private key
"private_key_file": "/secrets/private.key",
# this tool's public key
"public_key_file": "/secrets/public.key",
# Go to Canvas course where this tool installed, click on the setting button (a gear icon, similar to '⚙️'), click 'Deployment Id', copy it, and paste here
"deployment_ids": [
"9:0123456789abcdef0123456789abcdef01234567"
]
}
]
},
/* Full path in container to LTI config template. If unset or null, defaults to location of 'config/lti_config_template.json' (usually '/code/assets/config/lti_config_template.json' in container)
*/
"LTI_CONFIG_TEMPLATE_PATH": null,
# Disable deployment id validation check for LTI launches.
"LTI_CONFIG_DISABLE_DEPLOYMENT_ID_VALIDATION": false,
# Database caching using mysql cache for ltiv1p3
"DB_CACHE_CONFIGS": {
# cache timeout
"CACHE_TTL": 7200,
# Cache type
"BACKEND": "django_mysql.cache.MySQLCache",
# cache tablename as stated in the 0018_adding_mysql_cache migration file
"LOCATION": "django_myla_cache",
"CACHE_KEY_PREFIX": "myla",
"CACHE_OPTIONS": {"COMPRESS_MIN_LENGTH": 5000, "COMPRESS_LEVEL": 6}
},
# Set this to true to enable the backend login/logout URLs.
# This is enabled by default if no external auth is enabled.
"ENABLE_BACKEND_LOGIN": false,
# Login Redirect, default is /, probably don't need to change.
"DJANGO_LOGIN_REDIRECT_URL": "/",
# Logout redirect (If SAML enabled)
# This URL could be configured to the logout, but the default should work fine as LTI doesn't currently have logout.
"DJANGO_LOGOUT_REDIRECT_URL": "/",
# Optional token value to be used for token based authentication
"DJANGO_WATCHMAN_TOKEN": "",
# CRON POD SETTINGS
#
# All of these settings go together and need to be enabled for cron job
# Uncomment all of these to run the cron
# set this to be true on OpenShift pod for running cron job.
# RUN_AT_TIMES and CRONTAB_SCHEDULE have no affect otherwise.
"IS_CRON_POD": false,
# Time to run cron CSV separated times in HH:MM format.
# An example is 02:00,04:00 to run at 2AM and 4AM
"RUN_AT_TIMES": "",
# Time to run system cron
# An example to match the above would be 0 2,4 * * *
# This should run as frequently or more frequently than RUN_AT_TIMES
# Use https://crontab.guru to validate your schedule
"CRONTAB_SCHEDULE": "",
# How many values to pass to big query at a time in one run. UMich uses 1000 for this setting
# "CRON_BQ_IN_LIMIT": 1000,
# Change this to set the max default weeks to allow. Default is currently 16. The issue is the end dates in Canvas currently are set 10 years out so it can't calculate the range.
# "MAX_DEFAULT_WEEKS": 16,
# DEBUGGER SETTINGS
# Enable Visual Studio Debugging Support (Default False)
# You must also configure the following options
"DEBUGPY_ENABLE": false,
# Port to run DEBUGPY on
"DEBUGPY_REMOTE_PORT": 3000,
# Address to listen for DEBUGPY on
"DEBUGPY_ADDRESS": "0.0.0.0",
# Whether or not to wait for debugpy (formerly ptvsd) to attach before continuing (Default False)
"DEBUGPY_WAIT_FOR_ATTACH": false,
# Control course view options globally
# Current possible values are a CSV list of any/none/all of show_resources_accessed, show_assignment_planning, show_grade_distribution
# By default this is empty and no views are disabled
# options are as described in course_view_options table column names [\"show_assignment_planning\", \"show_grade_distribution\"]
"VIEWS_DISABLED": "",
# Data Warehouse configuration
# Uncomment these variables and fill them in if you're using cron to load
# from a data warehouse. These are optional
# Database engine driver
"DATA_WAREHOUSE": {
"ENGINE": "django.db.backends.postgresql",
# database name
"NAME": "",
# database user
"USER": "",
# database password
"PASSWORD": "",
# database host
"HOST": "",
# database port
"PORT": 5432,
# Enable/Disable Unizin Date Warehouse specific features/data
"IS_UNIZIN": true
},
# Learning Record Store configuration
"LRS": {
# LRS database engine driver (use `google.cloud.bigquery` for bigquery). no other LRS settings needed
"ENGINE": "google.cloud.bigquery",
# LRS database name
"NAME": "",
# LRS database user
"USER": "",
# LRS database password
"PASSWORD": "",
# LRS database host
"HOST": "",
# LRS database port
"PORT": 5432,
# LRS database options
"OPTIONS": {}
},
# Use the LRS data source instead of bigquery (default: false)
# resource type for resource view add or remove per institution needs
"RESOURCE_VALUES": {
"files": {"types": ["canvas"], "icon": "fas fa-file fa-lg"},
"pages": {"types": ["canvas_pages"],"icon": "fas fa-file-code fa-lg"},
"videos": {"types": [""], "icon": "fas fa-video fa-lg"}
},
# Institute specific urls add or remove to your needs, will be used for Resources view
# cron queries to pull the data from various caliper data sources replace if not relevant with your institution
# More sample queries are provided in the MyLA GitHub wiki page: https://github.com/tl-its-umich-edu/my-learning-analytics/wiki/Deploy:-Institution-Architectures
"RESOURCE_ACCESS_CONFIG": {
"canvas": {
"app_display_name": "Canvas Files",
"canvas_course_id_format": "LONG",
"urls": {"prefix": "https://umich.instructure.com/files/", "postfix": "/download?download_frd=1"},
# BigQuery event queries
"query":
'''
SELECT 'canvas' AS resource_type,
REGEXP_EXTRACT(object.id, r'.*:(.*)') AS resource_id,
CAST(REGEXP_EXTRACT(membership.id, r'.*:(.*)') AS INT64) AS user_id,
cast(null as string) AS user_login_name,
CAST(REGEXP_EXTRACT(`group`.id, r'.*:(.*)') AS INT64) AS course_id,
COALESCE(
JSON_EXTRACT_SCALAR(object.extensions, '$[\'com.instructure.canvas\'][asset_name]'),
JSON_EXTRACT_SCALAR(object.extensions, '$[\'com.instructure.canvas\'][filename]'),
object.name,
'attachment'
) as name,
datetime(EVENT_TIME) as access_time
FROM event_store.expanded
where
JSON_EXTRACT_SCALAR(ed_app.json, '$.id') IN UNNEST(['http://m.canvas.umich.edu/', 'http://umich.instructure.com/'])
and type = 'NavigationEvent'
and STARTS_WITH(object.id, 'urn:instructure:canvas:attachment')
and action = 'NavigatedTo'
and membership.id is not null
and REGEXP_EXTRACT(`group`.id, r'.*:(.*)') IN UNNEST(@course_ids)
'''
},
"canvas_pages": {
"query":
'''
SELECT 'canvas_pages' AS resource_type,
CONCAT(IFNULL(SAFE_CAST(REGEXP_EXTRACT(`group`.id, r'.*:(.*)') AS INT64), @canvas_data_id_increment) - @canvas_data_id_increment,
'/pages/',
IFNULL(SAFE_CAST(JSON_EXTRACT_SCALAR(object.extensions, '$[\'com.instructure.canvas\'][entity_id]') as INT64), @canvas_data_id_increment) - @canvas_data_id_increment) as resource_id,
CAST(REGEXP_EXTRACT(membership.id, r'.*:(.*)') AS INT64) AS user_id,
cast(null as string) AS user_login_name,
CAST(REGEXP_EXTRACT(`group`.id, r'.*:(.*)') AS INT64) AS course_id,
JSON_EXTRACT_SCALAR(object.extensions, '$[\'com.instructure.canvas\'][asset_name]') as name,
datetime(EVENT_TIME) as access_time
FROM event_store.expanded
where
JSON_EXTRACT_SCALAR(ed_app.json, '$.id') IN UNNEST(['http://m.umich.instructure.com/', 'http://umich.instructure.com/'])
and type = 'NavigationEvent'
and object.type = 'Page'
and action = 'NavigatedTo'
and membership.id is not null
-- filtering out Caliper events with '/api/v1/' substring in request_url field,
-- which duplicated the counterpart Caliper events with request_url of pattern 'https://<site_url>/courses/<course_id>/pages/<page_url>'
and not CONTAINS_SUBSTR(JSON_EXTRACT_SCALAR(extensions_json, '$[\'com.instructure.canvas\'][request_url]'), '/api/v1/')
and REGEXP_EXTRACT(`group`.id, r'.*:(.*)') IN UNNEST(@course_ids)
''',
"app_display_name": "Canvas Files",
"canvas_course_id_format": "LONG",
"urls": {
"prefix": "https://umich.instructure.com/courses/",
"postfix": ""
}
},
# replace "mivideo" with Kaltura brand name inside your institution
"mivideo": {
"query":
'''
SELECT 'mivideo' AS resource_type,
replace(object.id, 'https://aakaf.mivideo.it.umich.edu/caliper/info/media/' , '') AS resource_id,
cast(-1 as INT64) AS user_id,
replace(
replace(actor.id, 'https://aakaf.mivideo.it.umich.edu/caliper/info/user/' , ''), '+', '@'
) AS user_login_name,
@canvas_data_id_increment + CAST(JSON_EXTRACT_SCALAR(object.extensions, '$.kaf:course_id') AS INT64) AS course_id,
object.name AS name,
datetime(EVENT_TIME) AS access_time
FROM event_store.expanded
WHERE
ed_app.id = 'https://aakaf.mivideo.it.umich.edu/caliper/info/app/KafEdApp'
AND TYPE = 'MediaEvent'
AND action = 'Started'
AND JSON_EXTRACT_SCALAR(object.extensions, '$.kaf:course_id') IN UNNEST(@course_ids_short)
''',
"app_display_name": "MiVideo",
"/* mention if the caliper event data is providing long or short canvas id and change the query to store long id as in this case": "*/",
"canvas_course_id_format": "SHORT",
"urls": {"prefix": "https://aakaf.mivideo.it.umich.edu/caliper/info/media/" , "postfix": ""}
}
},
# Disable/Enable courses_enabled api
"COURSES_ENABLED": false,
# Path to the hjson file contains cron queries
"CRON_QUERY_FILE": "config/cron_udp.hjson"
}