Merge pull request #511 from intuitem/minor_tweaks

Minor tweaks

README.md

@@ -118,7 +118,7 @@ Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant
 40. NIST SP 800-171 rev3 (2024) 🇺🇸
 41. ENISA: 5G Security Controls Matrix 🇪🇺
 42. OWASP Mobile Application Security Verification Standard (MASVS) 🐝📱
-43. Agile Security Framework (ASF) - baseline - by intuitem 🤗   
+43. Agile Security Framework (ASF) - baseline - by intuitem 🤗
 44. EU AI Act 🇪🇺🤖
 
 ### Community contributions
@@ -279,7 +279,7 @@ export LOG_LEVEL=INFO # optional, default value is INFO. Available options: DEBU
 export LOG_FORMAT=plain # optional, default value is plain. Available options: json, plain
 
 # Authentication options
-export AUTH_TOKEN_TTL=900 # optional, default value is 900 seconds (15 minutes). It defines the time to live of the authentication token
+export AUTH_TOKEN_TTL=900 # optional, default value is 3600 seconds (60 minutes). It defines the time to live of the authentication token
 export AUTH_TOKEN_AUTO_REFRESH=True # optional, default value is True. It defines if the token TTL should be refreshed automatically after each request authenticated with the token
 ```
 
@@ -419,7 +419,7 @@ The goal of the test harness is to prevent any regression, i.e. all the tests sh
 
 ## API and Swagger
 
-- The API documentation is available in dev mode on the `<backend_endpoint>/api/schema/swagger/`, for instance http://127.0.0.1:8000/api/schema/swagger/ 
+- The API documentation is available in dev mode on the `<backend_endpoint>/api/schema/swagger/`, for instance http://127.0.0.1:8000/api/schema/swagger/
 
 To interact with it:
 

backend/ciso_assistant/settings.py

@@ -125,6 +125,7 @@ def set_ciso_assistant_url(_, __, event_dict):
     "core",
     "cal",
     "django_filters",
+    # "debug_toolbar",
     "library",
     "serdes",
     "rest_framework",
@@ -142,15 +143,17 @@ def set_ciso_assistant_url(_, __, event_dict):
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
     "django_structlog.middlewares.RequestMiddleware",
+    # "debug_toolbar.middleware.DebugToolbarMiddleware",
+    # "pyinstrument.middleware.ProfilerMiddleware",
 ]
 
 ROOT_URLCONF = "ciso_assistant.urls"
 LOGIN_REDIRECT_URL = "home"
 LOGOUT_REDIRECT_URL = "login"
 
 AUTH_TOKEN_TTL = int(
-    os.environ.get("AUTH_TOKEN_TTL", default=60 * 15)
-)  # defaults to 15 minutes
+    os.environ.get("AUTH_TOKEN_TTL", default=60 * 60)
+)  # defaults to 60 minutes
 AUTH_TOKEN_AUTO_REFRESH = (
     os.environ.get("AUTH_TOKEN_AUTO_REFRESH", default="True") == "True"
 )  # prevents token from expiring while user is active
@@ -211,6 +214,14 @@ def set_ciso_assistant_url(_, __, event_dict):
     STATIC_URL = "/static/"
     STATIC_ROOT = BASE_DIR / "static"
 
+    INTERNAL_IPS = [
+        "127.0.0.1",
+    ]
+
+    DEBUG_TOOLBAR_CONFIG = {
+        "SHOW_TOOLBAR_CALLBACK": lambda request: True,
+    }
+
 TEMPLATES = [
     {
         "BACKEND": "django.template.backends.django.DjangoTemplates",

docker-compose.yml

@@ -9,6 +9,7 @@ services:
       - ALLOWED_HOSTS=backend
       - CISO_ASSISTANT_URL=https://localhost:8443
       - DJANGO_DEBUG=True
+      - AUTH_TOKEN_TTL=7200
     volumes:
       - ./db:/code/db
 

frontend/src/routes/(app)/requirement-assessments/[id=uuid]/+page.server.ts

@@ -22,7 +22,7 @@ export const load = (async ({ fetch, params }) => {
 	const requirementAssessment = await res.json();
 
 	const compliance_assessment_score = await fetch(
-		`${BASE_API_URL}/compliance-assessments/${requirementAssessment.compliance_assessment.id}/global_score`
+		`${BASE_API_URL}/compliance-assessments/${requirementAssessment.compliance_assessment.id}/global_score/`
 	).then((res) => res.json());
 	const requirement = await fetch(
 		`${BASE_API_URL}/requirement-nodes/${requirementAssessment.requirement}/`