import re from django.http.request import HttpRequest from django.views.debug import SafeExceptionReporterFilter class RelaySaferExceptionReporterFilter(SafeExceptionReporterFilter): """ Hide all settings EXCEPT ones explicitly allowed by SAFE_PREFIXES or SAFE_NAMES. """ # By default, Django disables the filter if DEBUG=True. # Django correctly assumes "If DEBUG is True then your site is not safe anyway." # (https://github.com/django/django/blob/1520d18/django/views/debug.py#L175) # But, we sometimes temporarily set DEBUG=True in our dev environment to help debug. # And even in that case, we want as much additional safety as we can get. def is_active(self, request: HttpRequest | None) -> bool: return True # Allow variable values that start with these prefixes SAFE_PREFIXES: list = [] # Allow variable values named in this list SAFE_NAMES = [ "BUNDLE_PLAN_ID_US", "BUNDLE_PROD_ID", "RELAY_CHANNEL", "RELAY_CHANNEL_NAME", "RELAY_FROM_ADDRESS", "SUBPLAT3_BUNDLE_PRODUCT_KEY", "SUBPLAT3_PHONES_PRODUCT_KEY", "SUBPLAT3_PREMIUM_PRODUCT_KEY", ] # Match everything EXCEPT safe names and safe prefixes hidden_settings = re.compile( r"^(?!(" + "|".join(f"{re.escape(name)}" for name in SAFE_NAMES) + "|" + "|".join(f"{re.escape(prefix)}.*" for prefix in SAFE_PREFIXES) + r")$).+", re.IGNORECASE, )