config/config.yml

# WARNING: DO NOT EDIT THIS FILE (unless you are changing the underlying code)
# Instead, create a file called local.yml in the same place,
# copy any sections you want to change to it, and edit them there.

# Your secret key for verifying cookie session data integrity.
# If you change this key, all old sessions will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.

# do not use the defaults in production!
SESSION_KEY: '_otwarchive_session'
SESSION_SECRET: '898f6d0363863ec79d782238cd1c5767636d712cc0d138238bcd5bfc9d2672fb852380050e52c03a0401175d909c09dba48512a119d46b126a84c2dd05716eb5'

DEFAULT_SESSION_LENGTH_IN_WEEKS: 2
REMEMBERED_SESSION_LENGTH_IN_MONTHS: 3

# This length is hardcoded into the reset_password_instructions email message,
# defined in config/locales/mailers/en.yml. If you change this value, you should
# also change the message (and vice versa).
DAYS_UNTIL_RESET_PASSWORD_LINK_EXPIRES: 7

# email addresses
RETURN_ADDRESS: 'do-not-reply@example.org'
SPAM_ALERT_ADDRESS: 'abuse-discuss@example.org'
SPAM_THRESHOLD: 15
ADMIN_ADDRESS: 'admin@example.org'
FEEDBACK_ADDRESS: feedback@example.org

# Because the default email addresses are fake,
# email delivery is turned off by default, even for production.
# The log file will nonetheless show "Sent mail:"
#
# Note that this is independent from whether the scheduled email-sending
# tasks will be run -- to make changes to that, please see schedule.rb
# and your deploy file.
PERFORM_DELIVERIES: false

# email server
SMTP_SERVER: localhost
SMTP_PORT: 25
SMTP_DOMAIN: localhost
SMTP_OPENSSL_VERIFY_MODE: none
SMTP_ENABLE_STARTTLS_AUTO: false
# if required for email authentication
#SMTP_USER:
#SMTP_PASSWORD:
#SMTP_AUTHENTICATION: # :plain, :login or :cram_md5

# Branding
APP_URL: 'http://www.example.org'
APP_NAME: 'Example Archive'
APP_HOST: 'archiveofourown.org'
APP_SHORT_NAME: 'AO3'
LOGO: 'logo.png'
ALT_LOGO: 'Archive of Our Own'
OTWLOGO: 'OTWLogo.png'
OTWALT_LOGO: 'OTW Logo:closing the circle of the copyright symbol, it symbolizes our creative engagement with media: participating and not just consuming.'
REVISION: ''
ES_URL: 'http://127.0.0.1:9400'
MEMCACHED_SERVERS: '127.0.0.1:11211'

# tag settings
DELIMITER_FOR_INPUT: ','  # if you change this, you will need to change
# validates_format_of :name, in app/models/tag.rb
DELIMITER_FOR_OUTPUT: ', '

# accounts and invitations
# these can be overridden in the admin controller
INVITE_FROM_QUEUE_ENABLED: true
INVITE_FROM_QUEUE_NUMBER: 10
INVITE_FROM_QUEUE_FREQUENCY: 7
# this is whether or not people without invitations can create accounts
ACCOUNT_CREATION_ENABLED: false
DAYS_TO_PURGE_UNACTIVATED: 7
# number of invites users can request
MAX_USER_INVITE_REQUEST: 10

# this determines how long we keep processed results like tag set nominations in redis
DAYS_TO_SAVE_PROCESSED: 56

# validation values -- max/min lengths
TITLE_MAX: 255
TITLE_MIN: 1
SUMMARY_MAX: 1250
NOTES_MAX: 5000
COMMENT_MAX: 10000
TAG_MAX: 100
CONTENT_MIN: 10
CONTENT_MAX: 510000
CONTENT_MAX_DISPLAYED: 500000
LOGNOTE_MIN: 5
LOGNOTE_MAX: 1250
FEEDBACK_SUMMARY_MAX_DISPLAYED: 100
FEEDBACK_SUMMARY_MAX: 107
INFO_MAX: 100000
FAQ_MAX: 200000
ICON_ALT_MAX: 250
ICON_COMMENT_MAX: 50
LOGIN_LENGTH_MIN: 3
LOGIN_LENGTH_MAX: 40
PASSWORD_LENGTH_MIN: 6
PASSWORD_LENGTH_MAX: 40

# The maximum number of tags you can add to a collection
COLLECTION_TAGS_MAX: 10

# The maximum number of user-defined tags you can add to a work or external work
USER_DEFINED_TAGS_MAX: 75

# max number of tags of each type allowed in challenge prompts (requests/offers)
# increasing this number can lead to slower automated matching
PROMPT_TAGS_MAX: 20

# max number of potential matches to generate
POTENTIAL_MATCHES_MAX: 50
# min number of potential matches to allow
POTENTIAL_MATCHES_MIN: 10
# max percentage of participants to match
POTENTIAL_MATCHES_PERCENT: 10

# These options control the number of tags we'd ideally like to see in each tag
# type in a gift exchange, in order to ensure that indexing on that type (to
# speed up matching) will yield good results. The number scales with the number
# of signups (using the divisor), but is capped at the maximum. Increasing the
# maximum (and decreasing the divisor) will cause the preprocessing step to
# take somewhat longer.
PREPROCESS_COUNT_TAGS_DIVISOR: 10
PREPROCESS_COUNT_TAGS_MAX: 10

# These options control how many prompts with "any_#{type}" an exchange can
# have before we consider that tag type to be difficult to index on.
PREPROCESS_COUNT_ANY_DIVISOR: 10
PREPROCESS_COUNT_ANY_MIN: 10

# max number of prompts of each type (offer, request) allowed
PROMPTS_MAX: 10
# max for prompt memes (can be much higher than for gift exchanges, as there is no matching)
PROMPT_MEME_PROMPTS_MAX: 50


# max number of works/chapters that can be imported
IMPORT_MAX_WORKS: 25
IMPORT_MAX_CHAPTERS: 200
IMPORT_MAX_WORKS_BY_ARCHIVIST: 200

# max number of abuse reports to accept for a given user profile URL
ABUSE_REPORTS_PER_USER_MAX: 5
# max number of abuse reports to accept for a given work URL
ABUSE_REPORTS_PER_WORK_MAX: 5

# number of items in various displays
ITEMS_PER_PAGE: 25
# must be less than ITEMS_PER_PAGE above
NUMBER_OF_ITEMS_VISIBLE_IN_DASHBOARD: 5
NUMBER_OF_ITEMS_VISIBLE_ON_HOMEPAGE: 3
COMMENT_THREAD_MAX_DEPTH: 5
TAGS_IN_CLOUD: 200
TAG_LIST_LIMIT: 300
# how many options there should be before we show a scrollable window, and how many there
# can be before we just use an autocomplete instead
OPTIONS_TO_SHOW: 3
MAX_OPTIONS_TO_SHOW: 20
MAX_KUDOS_TO_SHOW: 50
MAX_FAVORITE_TAGS: 20

# Used by Rack Attack, periods are measured in seconds
RATE_LIMIT_NUMBER: 300
RATE_LIMIT_PERIOD: 300
RATE_LIMIT_LOGIN_ATTEMPTS: 5
RATE_LIMIT_LOGIN_PERIOD: 20
RATE_LIMIT_PER_NGINX_UPSTREAM:
  unicorn_elastic:
    limit: 300
    period: 300
  unicorn_elastic_bookmarks:
    limit: 300
    period: 300
RATE_LIMIT_SAFELIST: ["127.0.0.0/8", "10.0.0.0/8"]

# The number of tags to show on the search page:
TAGS_PER_SEARCH_PAGE: 50

# When updating tag counts, how many to do in one transaction
TAG_UPDATE_BATCH_SIZE: 100

# We only start caching tag counts for tags used more than a certain number of times
TAGGINGS_COUNT_MIN_CACHE_COUNT: 1000

# For tagging changes, we only reindex tags used less than a certain number of times
TAGGINGS_COUNT_REINDEX_LIMIT: 1000

# how many signups in a challenge before we move to static summaries generated hourly
MAX_SIGNUPS_FOR_LIVE_SUMMARY: 20

DOWNLOAD_FORMATS: ['azw3', 'epub', 'mobi', 'pdf', 'html']

# Tag kinds and default tags
WARNING_CATEGORY_NAME: 'Archive Warning'
WARNING_DEFAULT_TAG_NAME: 'Choose Not To Use Archive Warnings'
WARNING_DEFAULT_TAG_DISPLAY_NAME: 'Creator Chose Not To Use Archive Warnings'
WARNING_NONE_TAG_NAME: 'No Archive Warnings Apply'
WARNING_NONE_TAG_DISPLAY_NAME: 'No Archive Warnings Apply'
WARNING_VIOLENCE_TAG_NAME: 'Graphic Depictions Of Violence'
WARNING_DEATH_TAG_NAME: 'Major Character Death'
WARNING_NONCON_TAG_NAME: 'Rape/Non-Con'
WARNING_CHAN_TAG_NAME: 'Underage'

RATING_CATEGORY_NAME: 'Rating'
RATING_DEFAULT_TAG_NAME: 'Not Rated'
RATING_EXPLICIT_TAG_NAME: 'Explicit'
RATING_MATURE_TAG_NAME: 'Mature'
RATING_TEEN_TAG_NAME: 'Teen And Up Audiences'
RATING_GENERAL_TAG_NAME: 'General Audiences'

CATEGORY_CATEGORY_NAME: 'Category'
CATEGORY_GEN_TAG_NAME: 'Gen'
CATEGORY_HET_TAG_NAME: 'F/M'
CATEGORY_SLASH_TAG_NAME: 'M/M'
CATEGORY_FEMSLASH_TAG_NAME: 'F/F'
CATEGORY_MULTI_TAG_NAME: 'Multi'
CATEGORY_OTHER_TAG_NAME: 'Other'

MEDIA_CATEGORY_NAME: 'Media'
MEDIA_NO_TAG_NAME: 'No Media'
MEDIA_UNCATEGORIZED_NAME: 'Uncategorized Fandoms'
FANDOM_CATEGORY_NAME: 'Fandom'
FANDOM_NO_TAG_NAME: 'No Fandom'
RELATIONSHIP_CATEGORY_NAME: 'Relationship'
CHARACTER_CATEGORY_NAME: 'Character'
FREEFORM_CATEGORY_NAME: 'Additional Tags'
COMMON_CATEGORY_NAME: 'Common'
BANNED_CATEGORY_NAME: 'Banned'

# DATE TIME FORMAT see http://ruby-doc.org/core/classes/Time.html#M000392
DEFAULT_DATETIME_FORMAT: '%Y-%m-%d %I:%M%p'

# SEARCH TIPS
SEARCH_TIPS: ['arthur merlin words>1000 sort:hits', 'words:100', 'buffy gen teen AND "no archive warnings apply"', 'lex m/m (mature OR explicit)',
    'hetalia f/f sort:kudos', '"sherlock (tv)" m/m NOT "sherlock holmes/john watson"', 'austen words:10000-50000 sort:title',
    'katekyou "alternate universe" sort:>words', '"uchiha sasuke/uzumaki naruto" angst kudos>10'
]

# This is used to determine how many recent items
# to cache for recent lookups -- eg if we want to
# provide a "ten most recent" items to browse.
# used in CacheFinds module -- include CacheFinds in a model
# and the methods Model.recent and Model.last(#) will be
# enabled, cached on production/test environments.
MAX_RECENT: 20

# This determines the maximum value of (from + size) for searches
# to all indices (Elasticsearch index setting max_result_window).
# If a search has more results than this limit, the last page of
# search results will include a message advising the user to narrow
# their search or change their sorting options.
MAX_SEARCH_RESULTS: 100000

# This is used to determine how many works or how many authors have to be
# present in order for anonymous or mystery works to begin being displayed
ANONYMOUS_THRESHOLD_COUNT: 10

# This is used to determine how tolerant of changes to be when determining
# whether a comment should go back into moderation after editing or not
COMMENT_MODERATION_THRESHOLD: 10

# SANITIZER VERSION
SANITIZER_VERSION: 1

# parameters that must be natural integers and their default values
NONZERO_INTEGER_PARAMETERS:
  page: 1
  per_page: 25

# These fields are encrypted and should not have characters escaped or be treated as HTML
FIELDS_WITHOUT_SANITIZATION: ["password", "password_check", "password_confirmation"]

# These fields are query fields and are allowed to contain "less than" values
FIELDS_ALLOWING_LESS_THAN: ["query", "words", "kudos", "hits", "date", "bookmarkable_date", "word_count", "bookmarks_count", "comments_count", "kudos_count", "revised_at"]


# Only the following fields are allowed to have HTML. In all others,
# all HTML tags will be stripped.
#
# NOTE: the exact HTML tags and attributes and protocols allowed are defined in
#   initializers/sanitizer_config.rb
#
# If you add a new field to this list, you need to:
# - make sure that every model that contains the field also has a matching field "[fieldname]_sanitizer_version"
#   Example:
#     add_column :chapters, :content_sanitizer_version, :integer, :default => 0, :null => false, :limit => 2
#
# - make sure in the model that this field is NOT accessible (eg "attr_protected :content_sanitizer_version")
#
# - when you load the field you should use sanitize_field(object, :fieldname)
#
# This will ensure that the field has been sanitized with the latest version of the sanitizer.
#
FIELDS_ALLOWING_HTML: ["about_me", "bookmarker_notes", "comment", "comment_content", "content", "description", "disabled_support_form_text", "endnotes", "faq", "intro", "note", "notes",
  "rules", "screencast", "series_notes", "signup_instructions_general", "signup_instructions_offers", "signup_instructions_requests", "summary"]

FIELDS_ALLOWING_HTML_ENTITIES: ["title"]

FIELDS_ALLOWING_VIDEO_EMBEDS: ["content"]

FIELDS_ALLOWING_CSS: ["content", "endnotes", "notes"]

# Domains that are not allowed be used as the src for audio and video HTML tags.
# Format: ["google.com", "archiveofourown.org"]
BLACKLISTED_MULTIMEDIA_SRCS: []

# Allowed CSS
#
# *** IMPORTANT: if you edit these values please also update the css-help.html file in public/help ***
#
# the following properties and keywords will be ADDED to the default set allowed in user-submitted CSS code, along with:
# - hex and rgb color values
# - numeric values specified with percentages or cm|em|ex|in|mm|pc|pt|px|%
# - image files specified with url(http://image.url/blahblah/whatever.(jpg|png|gif))
#

# We use this list for properties which can take shorthand values and also have subproperties or variants
# (ie, because "border" is in here, we allow through: border-right, border-bottom-left-radius, -moz-border-foo, etc)
# It is slightly less secure so do NOT put any property in here if you aren't sure all variations on it are okay!
SUPPORTED_CSS_SHORTHAND_PROPERTIES: ["background", "border", "column", "cue", "font", "layer-background",
"layout-grid", "list-style", "margin", "marker", "outline", "overflow", "padding", "page-break", "pause",
"scrollbar", "text", "transform", "transition"]

SUPPORTED_CSS_PROPERTIES: ["-replace", "-use-link-source",
  "accelerator", "alignment-adjust", "alignment-baseline", "appearance", "azimuth",
  "baseline-shift", "behavior", "binding", "bookmark-label", "bookmark-level", "bookmark-target", "bottom", "box-align", "box-direction",
  "box-flex", "box-flex-group", "box-lines", "box-orient", "box-pack", "box-shadow", "box-sizing", "caption-side", "clear", "clip", "color", "color-profile",
  "content", "counter-increment", "counter-reset", "crop", "cue", "cue-after", "cue-before",
  "cursor", "direction", "display", "dominant-baseline", "drop-initial-after-adjust", "drop-initial-after-align", "drop-initial-before-adjust",
  "drop-initial-before-align", "drop-initial-size", "drop-initial-value", "elevation", "empty-cells", "filter", "fit", "fit-position", "float",
  "float-offset", "font", "font-effect", "font-emphasize", "font-emphasize-position", "font-emphasize-style", "font-family", "font-size", "font-size-adjust",
  "font-smooth", "font-stretch", "font-style", "font-variant", "font-weight", "grid-columns", "grid-rows", "hanging-punctuation", "height", "hyphenate-after",
  "hyphenate-before", "hyphenate-character", "hyphenate-lines", "hyphenate-resource", "hyphens", "icon", "image-orientation", "image-resolution", "ime-mode",
  "include-source", "inline-box-align", "layout-flow", "left", "letter-spacing", "line-break", "line-height", "line-stacking", "line-stacking-ruby",
  "line-stacking-shift", "line-stacking-strategy", "mark", "mark-after", "mark-before", "marks", "marquee-direction", "marquee-play-count",
  "marquee-speed", "marquee-style", "max-height", "max-width", "min-height", "min-width", "move-to", "nav-down", "nav-index", "nav-left", "nav-right",
  "nav-up", "opacity", "orphans", "page",
  "page-policy", "phonemes", "pitch", "pitch-range", "play-during", "position", "presentation-level", "punctuation-trim",
  "quotes", "rendering-intent", "resize", "rest", "rest-after", "rest-before", "richness", "right", "rotation", "rotation-point", "ruby-align", "ruby-overhang",
  "ruby-position", "ruby-span", "size", "speak", "speak-header", "speak-numeral", "speak-punctuation", "speech-rate", "stress", "string-set", "tab-side",
  "table-layout", "target", "target-name", "target-new", "target-position", "top", "unicode-bibi", "unicode-bidi", "user-select",
  "vertical-align", "visibility", "voice-balance", "voice-duration", "voice-family", "voice-pitch", "voice-pitch-range", "voice-rate", "voice-stress",
  "voice-volume", "volume", "white-space", "white-space-collapse", "widows", "width", "word-break", "word-spacing", "word-wrap", "writing-mode", "z-index"]

# we allow through any string that is just a-z plus dashes (no spaces), so the only keywords you need to specify would
# be ones that have something else or url, if you want to allow url values
SUPPORTED_CSS_KEYWORDS: ["!important", "url"]

# if you include "url" in the SUPPORTED_CSS_KEYWORDS, only urls pointing to this kind of
# resource will be allowed
SUPPORTED_EXTERNAL_URLS: ["jpg", "jpeg", "png", "gif"]

# variables for Askimet http://akismet.com/
AKISMET_KEY: '6833ee7298cf'
AKISMET_NAME: 'http://transformativeworks.org'

DEFENSIO_KEY: '521476c0edf3ac96eab7e297f6fb92c8'
DEFENSIO_NAME: 'http://archiveofourown.org'

# Abuse and Support ticket trackers; you may need to change
# feedbacks_controller.rb and abuse_reports_controller.rb
# to properly send to your own ticket tracker.
#
# - Register a new client at Zoho's Developer Console, whatever you fill into "Authorized redirect URIs"
#   is ZOHO_REDIRECT_URI.
# - Upon registering, you receive ZOHO_CLIENT_ID and ZOHO_CLIENT_SECRET.
# - Upon requesting an "offline" authorization grant, you receive ZOHO_REFRESH_TOKEN.
ZOHO_CLIENT_ID: ""
ZOHO_CLIENT_SECRET: ""
ZOHO_REDIRECT_URI: ""
ZOHO_REFRESH_TOKEN: ""
ZOHO_ORG_ID: ""
ABUSE_ZOHO_DEPARTMENT_ID: ""
SUPPORT_ZOHO_DEPARTMENT_ID: ""

DEFAULT_LANGUAGE_SHORT: 'en'
DEFAULT_LANGUAGE_NAME: 'English'
DEFAULT_LOCALE_ISO: 'en'
DEFAULT_LOCALE_NAME: 'English (US)'

# Allow orphaninig
ORPHANING_ALLOWED: true

# Help directory, must be in the public folder.
# Create subfolders for each supported language
# (eg, /help/fr/ contains the French versions of the help)
HELP_DIRECTORY: '/help'

# production caching
#PRODUCTION_CACHE: "memory"
PRODUCTION_CACHE: "memcache"

# TTL in seconds for cached work and bookmark counts on user/pseud dashboards.
# Default to 20 minutes.
SECONDS_UNTIL_DASHBOARD_COUNTS_EXPIRE: 1200

# how many cache pages to expire for a tag/collection/pseud when a work is updated or deleted
PAGES_TO_CACHE: 5

# Turn this off in local.yml to keep the development footer/profiling code from running
DEVELOPMENT_PROFILING_ENABLED: true


# These are the actions logged in the user history - the log_items table
ACTION_ACTIVATE: 0
ACTION_ADD_ROLE: 1
ACTION_REMOVE_ROLE: 2
ACTION_SUSPEND: 3
ACTION_UNSUSPEND: 4
ACTION_BAN: 5
ACTION_WARN: 6
ACTION_RENAME: 7
ACTION_PASSWORD_RESET: 8
ACTION_NEW_EMAIL: 9
ACTION_TROUBLESHOOT: 10
ACTION_NOTE: 11


# Elasticsearch index prefix
# If you're using webdev or another shared environment, change this to include
# your username (e.g. ao3_testy) to ensure all users have separate search
# indexes
ELASTICSEARCH_PREFIX: 'ao3'


# List of Unicode scripts where spaces are not used as separators, and
# character counts should be used for word counts.
# Check if a script is supported by the version of Ruby we use:
# https://ruby-doc.org/core/Regexp.html#class-Regexp-label-Character+Properties
CHARACTER_COUNT_SCRIPTS: ["Han", "Hiragana", "Katakana", "Thai"]


# Cache durations for work and bookmark searches (in seconds)
SECONDS_UNTIL_WORK_INDEX_EXPIRE: 1800
SECONDS_UNTIL_BOOKMARK_INDEX_EXPIRE: 1800

# Cache duration for comment counts:
SECONDS_UNTIL_COMMENT_COUNTS_EXPIRE: 3600

# Batch size used for the RedisHitCounter class:
HIT_COUNT_BATCH_SIZE: 100

# The hour (in UTC time) that we want the hit counts to rollover at. If someone
# views the work shortly before this hour and shortly after, it should count as
# two hits. Used by the RedisHitCounter class.
HIT_COUNT_ROLLOVER_HOUR: 3

# The batch size for calculating a work's filters from its tags:
FILTER_UPDATE_BATCH_SIZE: 100

# URLs for which we should not display the proxy notice. Alphabetical by
# environment.
PERMITTED_HOSTS: [
  # Production
  "104.153.64.122",
  "208.85.241.152",
  "208.85.241.157",
  "archiveofourown.org",
  "download.archiveofourown.org",
  "insecure.archiveofourown.org",
  "secure.archiveofourown.org",
  "www.archiveofourown.org",
  # Staging
  "insecure-test.archiveofourown.org",
  "test.archiveofourown.org",
  "testdownload.archiveofourown.org"
]