modify settings instead of local_settings

api/tacticalrmm/core/management/commands/get_config.py

@@ -3,7 +3,7 @@ from urllib.parse import urlparse
 from django.conf import settings
 from django.core.management.base import BaseCommand
 
-from tacticalrmm.helpers import get_webdomain
+from tacticalrmm.helpers import get_root_domain, get_webdomain
 from tacticalrmm.utils import get_certs
 
 
@@ -18,11 +18,7 @@ class Command(BaseCommand):
             case "api":
                 self.stdout.write(settings.ALLOWED_HOSTS[0])
             case "rootdomain":
-                import tldextract
-
-                no_fetch_extract = tldextract.TLDExtract(suffix_list_urls=())
-                extracted = no_fetch_extract(settings.ALLOWED_HOSTS[0])
-                self.stdout.write(f"{extracted.domain}.{extracted.suffix}")
+                self.stdout.write(get_root_domain(settings.ALLOWED_HOSTS[0]))
             case "version":
                 self.stdout.write(settings.TRMM_VERSION)
             case "webversion":

api/tacticalrmm/core/management/commands/post_update_tasks.py

@@ -1,9 +1,5 @@
 import base64
-import os
-import shutil
-from pathlib import Path
 
-from django.conf import settings
 from django.core.management.base import BaseCommand
 
 from accounts.models import User
@@ -14,7 +10,6 @@ from core.models import CoreSettings
 from core.tasks import remove_orphaned_history_results, sync_mesh_perms_task
 from scripts.models import Script
 from tacticalrmm.constants import AGENT_DEFER, ScriptType
-from tacticalrmm.helpers import get_webdomain
 
 
 class Command(BaseCommand):
@@ -23,37 +18,6 @@ class Command(BaseCommand):
     def handle(self, *args, **kwargs) -> None:
         self.stdout.write("Running post update tasks")
 
-        # for 0.20.0 release
-        if not settings.DOCKER_BUILD:
-            needs_frontend = False
-            frontend_domain = get_webdomain().split(":")[0]
-
-            local_settings = os.path.join(
-                settings.BASE_DIR, "tacticalrmm", "local_settings.py"
-            )
-
-            with open(local_settings) as f:
-                lines = f.readlines()
-
-            modified_lines = []
-            for line in lines:
-                if line.strip().startswith("ALLOWED_HOSTS"):
-                    exec(line, globals())
-
-                    if frontend_domain not in settings.ALLOWED_HOSTS:
-                        needs_frontend = True
-                        settings.ALLOWED_HOSTS.append(frontend_domain)
-
-                    line = f"ALLOWED_HOSTS = {settings.ALLOWED_HOSTS}\n"
-
-                modified_lines.append(line)
-
-            if needs_frontend:
-                backup = Path.home() / (Path("local_settings_0.20.0.bak"))
-                shutil.copy2(local_settings, backup)
-                with open(local_settings, "w") as f:
-                    f.writelines(modified_lines)
-
         # load community scripts into the db
         Script.load_community_scripts()
 

api/tacticalrmm/tacticalrmm/helpers.py

@@ -9,6 +9,7 @@ from typing import TYPE_CHECKING, Any, Literal
 from urllib.parse import urlparse
 from zoneinfo import ZoneInfo
 
+import tldextract
 from cryptography import x509
 from django.conf import settings
 from django.utils import timezone as djangotime
@@ -107,6 +108,12 @@ def get_webdomain() -> str:
     return urlparse(settings.CORS_ORIGIN_WHITELIST[0]).netloc
 
 
+def get_root_domain(subdomain) -> str:
+    no_fetch_extract = tldextract.TLDExtract(suffix_list_urls=())
+    extracted = no_fetch_extract(subdomain)
+    return f"{extracted.domain}.{extracted.suffix}"
+
+
 def rand_range(min: int, max: int) -> float:
     """
     Input is milliseconds.

api/tacticalrmm/tacticalrmm/settings.py

@@ -3,6 +3,7 @@ import sys
 from contextlib import suppress
 from datetime import timedelta
 from pathlib import Path
+from tacticalrmm.helpers import get_root_domain
 
 BASE_DIR = Path(__file__).resolve().parent.parent
 
@@ -117,12 +118,38 @@ REDIS_HOST = "127.0.0.1"
 TRMM_LOG_LEVEL = "ERROR"
 TRMM_LOG_TO = "file"
 
+if not DOCKER_BUILD:
+    ALLOWED_HOSTS = []
+    CORS_ORIGIN_WHITELIST = []
+    TRMM_PROTO = "https"
+    TRMM_BACKEND_PORT = None
+
 with suppress(ImportError):
     from ee.sso.sso_settings import *  # noqa
 
 with suppress(ImportError):
     from .local_settings import *  # noqa
 
+if not DOCKER_BUILD:
+
+    TRMM_ROOT_DOMAIN = get_root_domain(ALLOWED_HOSTS[0])
+
+    ALLOWED_HOSTS.append(TRMM_ROOT_DOMAIN)
+
+    if DEBUG:
+        ALLOWED_HOSTS.append("*")
+
+    backend_url = f"{TRMM_PROTO}://{ALLOWED_HOSTS[0]}"
+    if TRMM_BACKEND_PORT:
+        backend_url = f"{backend_url}:{TRMM_BACKEND_PORT}"
+
+    SESSION_COOKIE_DOMAIN = TRMM_ROOT_DOMAIN
+    CSRF_COOKIE_DOMAIN = TRMM_ROOT_DOMAIN
+    CSRF_TRUSTED_ORIGINS = [CORS_ORIGIN_WHITELIST[0], backend_url]
+    HEADLESS_FRONTEND_URLS = {
+        "socialaccount_login_error": f"{CORS_ORIGIN_WHITELIST[0]}/account/provider/callback"
+    }
+
 CHECK_TOKEN_URL = f"{AGENT_BASE_URL}/api/v2/checktoken"
 AGENTS_URL = f"{AGENT_BASE_URL}/api/v2/agents/?"
 EXE_GEN_URL = f"{AGENT_BASE_URL}/api/v2/exe"

install.sh

@@ -570,7 +570,6 @@ python manage.py load_chocos
 python manage.py load_community_scripts
 WEB_VERSION=$(python manage.py get_config webversion)
 WEBTAR_URL=$(python manage.py get_webtar_url)
-ROOT_DOMAIN=$(python manage.py get_config rootdomain)
 printf >&2 "${YELLOW}%0.s*${NC}" {1..80}
 printf >&2 "\n"
 printf >&2 "${YELLOW}Please create your login for the RMM website${NC}\n"
@@ -586,16 +585,6 @@ python manage.py generate_barcode ${RANDBASE} ${djangousername} ${frontenddomain
 deactivate
 read -n 1 -s -r -p "Press any key to continue..."
 
-allauth="$(
-  cat <<EOF
-SESSION_COOKIE_DOMAIN = '${ROOT_DOMAIN}'
-CSRF_COOKIE_DOMAIN = '${ROOT_DOMAIN}'
-CSRF_TRUSTED_ORIGINS = ["https://${frontenddomain}", "https://${rmmdomain}"]
-HEADLESS_FRONTEND_URLS = {"socialaccount_login_error": "https://${frontenddomain}/account/provider/callback"}
-EOF
-)"
-echo "${allauth}" | tee --append $local_settings >/dev/null
-
 rmmservice="$(
   cat <<EOF
 [Unit]

restore.sh

@@ -501,23 +501,6 @@ CERT_PUB_KEY=$(python manage.py get_config certfile)
 CERT_PRIV_KEY=$(python manage.py get_config keyfile)
 deactivate
 
-HAS_ALLAUTH=$(grep HEADLESS_FRONTEND_URLS $local_settings)
-if ! [[ $HAS_ALLAUTH ]]; then
-  source /rmm/api/env/bin/activate
-  cd /rmm/api/tacticalrmm
-  ROOT_DOMAIN=$(python manage.py get_config rootdomain)
-  deactivate
-  allauth="$(
-    cat <<EOF
-SESSION_COOKIE_DOMAIN = '${ROOT_DOMAIN}'
-CSRF_COOKIE_DOMAIN = '${ROOT_DOMAIN}'
-CSRF_TRUSTED_ORIGINS = ["https://${FRONTEND}", "https://${API}"]
-HEADLESS_FRONTEND_URLS = {"socialaccount_login_error": "https://${FRONTEND}/account/provider/callback"}
-EOF
-  )"
-  echo "${allauth}" | tee --append $local_settings >/dev/null
-fi
-
 print_green 'Restoring hosts file'
 
 if grep -q manage_etc_hosts /etc/hosts; then

update.sh

@@ -452,23 +452,6 @@ CERT_PUB_KEY=$(python manage.py get_config certfile)
 CERT_PRIV_KEY=$(python manage.py get_config keyfile)
 deactivate
 
-HAS_ALLAUTH=$(grep HEADLESS_FRONTEND_URLS $local_settings)
-if ! [[ $HAS_ALLAUTH ]]; then
-  source /rmm/api/env/bin/activate
-  cd /rmm/api/tacticalrmm
-  ROOT_DOMAIN=$(python manage.py get_config rootdomain)
-  deactivate
-  allauth="$(
-    cat <<EOF
-SESSION_COOKIE_DOMAIN = '${ROOT_DOMAIN}'
-CSRF_COOKIE_DOMAIN = '${ROOT_DOMAIN}'
-CSRF_TRUSTED_ORIGINS = ["https://${FRONTEND}", "https://${API}"]
-HEADLESS_FRONTEND_URLS = {"socialaccount_login_error": "https://${FRONTEND}/account/provider/callback"}
-EOF
-  )"
-  echo "${allauth}" | tee --append $local_settings >/dev/null
-fi
-
 if grep -q manage_etc_hosts /etc/hosts; then
   sudo sed -i '/manage_etc_hosts: true/d' /etc/cloud/cloud.cfg >/dev/null
   if ! grep -q "manage_etc_hosts: false" /etc/cloud/cloud.cfg; then