diff --git a/README.md b/README.md index 655f49564a..825614694b 100644 --- a/README.md +++ b/README.md @@ -118,7 +118,7 @@ Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant 40. NIST SP 800-171 rev3 (2024) πŸ‡ΊπŸ‡Έ 41. ENISA: 5G Security Controls Matrix πŸ‡ͺπŸ‡Ί 42. OWASP Mobile Application Security Verification Standard (MASVS) πŸπŸ“± -43. Agile Security Framework (ASF) - baseline - by intuitem πŸ€— +43. Agile Security Framework (ASF) - baseline - by intuitem πŸ€— 44. EU AI Act πŸ‡ͺπŸ‡ΊπŸ€– ### Community contributions @@ -279,7 +279,7 @@ export LOG_LEVEL=INFO # optional, default value is INFO. Available options: DEBU export LOG_FORMAT=plain # optional, default value is plain. Available options: json, plain # Authentication options -export AUTH_TOKEN_TTL=900 # optional, default value is 900 seconds (15 minutes). It defines the time to live of the authentication token +export AUTH_TOKEN_TTL=900 # optional, default value is 3600 seconds (60 minutes). It defines the time to live of the authentication token export AUTH_TOKEN_AUTO_REFRESH=True # optional, default value is True. It defines if the token TTL should be refreshed automatically after each request authenticated with the token ``` @@ -419,7 +419,7 @@ The goal of the test harness is to prevent any regression, i.e. all the tests sh ## API and Swagger -- The API documentation is available in dev mode on the `/api/schema/swagger/`, for instance http://127.0.0.1:8000/api/schema/swagger/ +- The API documentation is available in dev mode on the `/api/schema/swagger/`, for instance http://127.0.0.1:8000/api/schema/swagger/ To interact with it: diff --git a/backend/ciso_assistant/settings.py b/backend/ciso_assistant/settings.py index 10aed45b1e..1a552fc3d7 100644 --- a/backend/ciso_assistant/settings.py +++ b/backend/ciso_assistant/settings.py @@ -125,6 +125,7 @@ def set_ciso_assistant_url(_, __, event_dict): "core", "cal", "django_filters", + # "debug_toolbar", "library", "serdes", "rest_framework", @@ -142,6 +143,8 @@ def set_ciso_assistant_url(_, __, event_dict): "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", "django_structlog.middlewares.RequestMiddleware", + # "debug_toolbar.middleware.DebugToolbarMiddleware", + # "pyinstrument.middleware.ProfilerMiddleware", ] ROOT_URLCONF = "ciso_assistant.urls" @@ -149,8 +152,8 @@ def set_ciso_assistant_url(_, __, event_dict): LOGOUT_REDIRECT_URL = "login" AUTH_TOKEN_TTL = int( - os.environ.get("AUTH_TOKEN_TTL", default=60 * 15) -) # defaults to 15 minutes + os.environ.get("AUTH_TOKEN_TTL", default=60 * 60) +) # defaults to 60 minutes AUTH_TOKEN_AUTO_REFRESH = ( os.environ.get("AUTH_TOKEN_AUTO_REFRESH", default="True") == "True" ) # prevents token from expiring while user is active @@ -211,6 +214,14 @@ def set_ciso_assistant_url(_, __, event_dict): STATIC_URL = "/static/" STATIC_ROOT = BASE_DIR / "static" + INTERNAL_IPS = [ + "127.0.0.1", + ] + + DEBUG_TOOLBAR_CONFIG = { + "SHOW_TOOLBAR_CALLBACK": lambda request: True, + } + TEMPLATES = [ { "BACKEND": "django.template.backends.django.DjangoTemplates", diff --git a/docker-compose.yml b/docker-compose.yml index f7605960b9..ee2204d93f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,6 +9,7 @@ services: - ALLOWED_HOSTS=backend - CISO_ASSISTANT_URL=https://localhost:8443 - DJANGO_DEBUG=True + - AUTH_TOKEN_TTL=7200 volumes: - ./db:/code/db diff --git a/frontend/src/routes/(app)/requirement-assessments/[id=uuid]/+page.server.ts b/frontend/src/routes/(app)/requirement-assessments/[id=uuid]/+page.server.ts index af9b58bf33..3c07dd2ccf 100644 --- a/frontend/src/routes/(app)/requirement-assessments/[id=uuid]/+page.server.ts +++ b/frontend/src/routes/(app)/requirement-assessments/[id=uuid]/+page.server.ts @@ -22,7 +22,7 @@ export const load = (async ({ fetch, params }) => { const requirementAssessment = await res.json(); const compliance_assessment_score = await fetch( - `${BASE_API_URL}/compliance-assessments/${requirementAssessment.compliance_assessment.id}/global_score` + `${BASE_API_URL}/compliance-assessments/${requirementAssessment.compliance_assessment.id}/global_score/` ).then((res) => res.json()); const requirement = await fetch( `${BASE_API_URL}/requirement-nodes/${requirementAssessment.requirement}/`