aljaz/enclava
1
0
Fork 0
mirror of https://github.com/aljazceru/enclava.git synced 2025-12-17 07:24:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
27ee8b4cdba3612c0338cbd53cfe68ec9a0d6c4c
enclava/backend/app/core/config.py

133 lines
4.2 KiB
Python
Raw Blame History

"""
Configuration settings for the application
"""
import os
from typing import List, Optional, Union
from pydantic import field_validator
from pydantic_settings import BaseSettings
class Settings(BaseSettings):
"""Application settings"""
# Application
APP_NAME: str = "Enclava"
APP_DEBUG: bool = False
APP_LOG_LEVEL: str = "INFO"
APP_HOST: str = "0.0.0.0"
APP_PORT: int = 8000
# Detailed logging for LLM interactions
LOG_LLM_PROMPTS: bool = False # Set to True to log prompts and context sent to LLM
# Database
DATABASE_URL: str = "postgresql://empire_user:empire_pass@localhost:5432/empire_db"
# Redis
REDIS_URL: str = "redis://localhost:6379"
# Security
JWT_SECRET: str = "your-super-secret-jwt-key-here"
JWT_ALGORITHM: str = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
REFRESH_TOKEN_EXPIRE_MINUTES: int = 60 * 24 * 7 # 7 days
SESSION_EXPIRE_MINUTES: int = 60 * 24 # 24 hours
API_KEY_PREFIX: str = "en_"
# Admin user provisioning
ADMIN_USER: str = "admin"
ADMIN_PASSWORD: str = "admin123"
ADMIN_EMAIL: Optional[str] = None
# CORS
CORS_ORIGINS: List[str] = ["http://localhost:3000", "http://localhost:8000"]
# LLM Service Configuration (replaced LiteLLM)
# LLM service configuration is now handled in app/services/llm/config.py
# LLM Service Security
LLM_ENCRYPTION_KEY: Optional[str] = None # Key for encrypting LLM provider API keys
# API Keys for LLM providers
OPENAI_API_KEY: Optional[str] = None
ANTHROPIC_API_KEY: Optional[str] = None
GOOGLE_API_KEY: Optional[str] = None
PRIVATEMODE_API_KEY: Optional[str] = None
PRIVATEMODE_PROXY_URL: str = "http://privatemode-proxy:8080/v1"
# Qdrant
QDRANT_HOST: str = "localhost"
QDRANT_PORT: int = 6333
QDRANT_API_KEY: Optional[str] = None
# API & Security Settings
API_SECURITY_ENABLED: bool = True
API_THREAT_DETECTION_ENABLED: bool = True
API_IP_REPUTATION_ENABLED: bool = True
API_ANOMALY_DETECTION_ENABLED: bool = True
# Rate Limiting Configuration
API_RATE_LIMITING_ENABLED: bool = True
# Authenticated users (JWT token)
API_RATE_LIMIT_AUTHENTICATED_PER_MINUTE: int = 300
API_RATE_LIMIT_AUTHENTICATED_PER_HOUR: int = 5000
# API key users (programmatic access)
API_RATE_LIMIT_API_KEY_PER_MINUTE: int = 1000
API_RATE_LIMIT_API_KEY_PER_HOUR: int = 20000
# Premium/Enterprise API keys
API_RATE_LIMIT_PREMIUM_PER_MINUTE: int = 5000
API_RATE_LIMIT_PREMIUM_PER_HOUR: int = 100000
# Security Thresholds
API_SECURITY_RISK_THRESHOLD: float = 0.8 # Block requests above this risk score
API_SECURITY_WARNING_THRESHOLD: float = 0.6 # Log warnings above this threshold
API_SECURITY_ANOMALY_THRESHOLD: float = 0.7 # Flag anomalies above this threshold
# Request Size Limits
API_MAX_REQUEST_BODY_SIZE: int = 10 * 1024 * 1024 # 10MB
API_MAX_REQUEST_BODY_SIZE_PREMIUM: int = 50 * 1024 * 1024 # 50MB for premium
# IP Security
API_BLOCKED_IPS: List[str] = [] # IPs to always block
API_ALLOWED_IPS: List[str] = [] # IPs to always allow (empty = allow all)
API_IP_REPUTATION_CACHE_TTL: int = 3600 # 1 hour
# Security Headers
API_SECURITY_HEADERS_ENABLED: bool = True
API_CSP_HEADER: str = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
# Monitoring
PROMETHEUS_ENABLED: bool = True
PROMETHEUS_PORT: int = 9090
# File uploads
MAX_UPLOAD_SIZE: int = 10 * 1024 * 1024 # 10MB
# Module configuration
MODULES_CONFIG_PATH: str = "config/modules.yaml"
# Logging
LOG_FORMAT: str = "json"
LOG_LEVEL: str = "INFO"
@field_validator("CORS_ORIGINS", mode="before")
@classmethod
def assemble_cors_origins(cls, v: Union[str, List[str]]) -> Union[List[str], str]:
if isinstance(v, str) and not v.startswith("["):
return [i.strip() for i in v.split(",")]
elif isinstance(v, (list, str)):
return v
raise ValueError(v)
model_config = {
"env_file": ".env",
"case_sensitive": True
}
# Global settings instance
settings = Settings()
Reference in New Issue View Git Blame Copy Permalink