2 files changed, 37 insertions, 35 deletions
diff --git a/gn3/app.py b/gn3/app.py
index e9a2bbe..57d9fa0 100644
--- a/gn3/app.py
+++ b/gn3/app.py
@@ -1,4 +1,5 @@
 """Entry point from spinning up flask"""
+
 import os
 import sys
 import logging
@@ -29,6 +30,35 @@ from gn3.api.llm import gnqa
 from gn3.case_attributes import caseattr
 
 
+class ConfigurationError(Exception):
+    """Raised in case of a configuration error."""
+
+
+def verify_app_config(app: Flask) -> None:
+    """Verify that configuration variables are as expected
+    It includes:
+        1. making sure mandatory settings are defined
+        2. provides examples for what to set as config variables (helps local dev)
+    """
+    app_config = {
+        "BCRYPT_SALT": """set BCRYPT_SALT to $2b$12$mxLvu9XRLlIaaSeDxt8Sle for local dev work
+        or run `python3 -c "import bcrypt; print(bcrypt.gensalt().decode())` to get a new one
+        """,
+        "AUTH_SERVER_URL": """AUTH_SERVER_URL is used for api requests that need login.
+        For local dev, use the running auth server url, which defaults to http://127.0.0.1:8081
+        """,
+    }
+    error_message = []
+
+    for setting, err in app_config.items():
+        print(f"{setting}: {app.config.get(setting)}")
+        if setting in app.config and bool(app.config[setting]):
+            continue
+        error_message.append(err)
+    if error_message:
+        raise ConfigurationError("\n".join(error_message))
+
+
 def create_app(config: Union[Dict, str, None] = None) -> Flask:
     """Create a new flask object"""
     app = Flask(__name__)
@@ -37,7 +67,7 @@ def create_app(config: Union[Dict, str, None] = None) -> Flask:
 
     # Load environment configuration
     if "GN3_CONF" in os.environ:
-        app.config.from_envvar('GN3_CONF')
+        app.config.from_envvar("GN3_CONF")
 
     # Load app specified configuration
     if config is not None:
@@ -51,6 +81,7 @@ def create_app(config: Union[Dict, str, None] = None) -> Flask:
     if secrets_file and Path(secrets_file).exists():
         app.config.from_envvar("GN3_SECRETS")
     # END: SECRETS
+    verify_app_config(app)
     setup_app_handlers(app)
     # DO NOT log anything before this point
     logging.info("Guix Profile: '%s'.", os.environ.get("GUIX_PROFILE"))
@@ -60,7 +91,9 @@ def create_app(config: Union[Dict, str, None] = None) -> Flask:
         app,
         origins=app.config["CORS_ORIGINS"],
         allow_headers=app.config["CORS_HEADERS"],
-        supports_credentials=True, intercept_exceptions=False)
+        supports_credentials=True,
+        intercept_exceptions=False,
+    )
 
     app.register_blueprint(general, url_prefix="/api/")
     app.register_blueprint(gemma, url_prefix="/api/gemma")
diff --git a/gn3/settings.py b/gn3/settings.py
index 439d88c..2c657af 100644
--- a/gn3/settings.py
+++ b/gn3/settings.py
@@ -8,7 +8,7 @@ import os
 import uuid
 import tempfile
 
-BCRYPT_SALT = "$2b$12$mxLvu9XRLlIaaSeDxt8Sle"  # Change this!
+BCRYPT_SALT = ""
 DATA_DIR = ""
 GEMMA_WRAPPER_CMD = os.environ.get("GEMMA_WRAPPER", "gemma-wrapper")
 CACHEDIR = ""
@@ -29,14 +29,10 @@ LMDB_PATH = os.environ.get(
 SQL_URI = os.environ.get(
     "SQL_URI", "mysql://webqtlout:webqtlout@localhost/db_webqtl")
 SECRET_KEY = "password"
-# gn2 results only used in fetching dataset info
-
 
 # FAHAMU API TOKEN
 FAHAMU_AUTH_TOKEN = ""
 
-GN2_BASE_URL = "http://www.genenetwork.org/"
-
 # wgcna script
 WGCNA_RSCRIPT = "wgcna_analysis.R"
 # qtlreaper command
@@ -83,31 +79,4 @@ ROUND_TO = 10
 
 MULTIPROCESSOR_PROCS = 6  # Number of processes to spawn
 
-AUTH_SERVER_URL = "https://auth.genenetwork.org"
-AUTH_MIGRATIONS = "migrations/auth"
-OAUTH2_SCOPE = (
-    "profile", "group", "role", "resource", "user", "masquerade",
-    "introspect")
-
-
-try:
-    # *** SECURITY CONCERN ***
-    # Clients with access to this privileges create a security concern.
-    # Be careful when adding to this configuration
-    OAUTH2_CLIENTS_WITH_INTROSPECTION_PRIVILEGE = tuple(
-        uuid.UUID(client_id) for client_id in
-        os.environ.get(
-            "OAUTH2_CLIENTS_WITH_INTROSPECTION_PRIVILEGE", "").split(","))
-except ValueError as _valerr:
-    OAUTH2_CLIENTS_WITH_INTROSPECTION_PRIVILEGE = tuple()
-
-try:
-    # *** SECURITY CONCERN ***
-    # Clients with access to this privileges create a security concern.
-    # Be careful when adding to this configuration
-    OAUTH2_CLIENTS_WITH_DATA_MIGRATION_PRIVILEGE = tuple(
-        uuid.UUID(client_id) for client_id in
-        os.environ.get(
-            "OAUTH2_CLIENTS_WITH_DATA_MIGRATION_PRIVILEGE", "").split(","))
-except ValueError as _valerr:
-    OAUTH2_CLIENTS_WITH_DATA_MIGRATION_PRIVILEGE = tuple()
+AUTH_SERVER_URL = ""