Optional Weblate modules#
Several optional modules are available for your setup.
Git exporter#
Provides you read-only access to the underlying Git repository using HTTP(S).
Installation#
Add
weblate.gitexport
to installed apps insettings.py
:
INSTALLED_APPS += ("weblate.gitexport",)
Export existing repositories by migrating your database after installation:
weblate migrate
Usage#
The module automatically hooks into Weblate and sets the exported repository URL in
the Component configuration.
The repositories are accessible under the /git/
part of the Weblate URL, for example
https://example.org/git/weblate/main/
.
Repositories for publicly available projects can be cloned without authentication:
git clone 'https://example.org/git/weblate/main/'
Access to browse the repositories with restricted access (with Private
access control or when REQUIRE_LOGIN
is enabled)
requires an API token which can be obtained in your
user profile:
git clone 'https://user:KEY@example.org/git/weblate/main/'
Hint
By default members or Users group and anonymous user have access to the repositories for public projects via Access repository and Power user roles.
Billing#
This is used on Hosted Weblate to define billing plans, track invoices and usage limits.
Installation#
1. Add weblate.billing
to installed apps in
settings.py
:
INSTALLED_APPS += ("weblate.billing",)
Run the database migration to optionally install additional database structures for the module:
weblate migrate
Usage#
After installation you can control billing in the admin interface. Users with billing enabled will get new Billing tab in their User profile.
The billing module additionally allows project admins to create new projects and components without being superusers (see Adding translation projects and components). This is possible when following conditions are met:
The billing is in its configured limits (any overusage results in blocking of project/component creation) and paid (if its price is non zero)
The user is admin of existing project with billing or user is owner of billing (the latter is necessary when creating new billing for users to be able to import new projects).
Upon project creation user is able to choose which billing should be charged for the project in case he has access to more of them.
Legal#
This is used on Hosted Weblate to provide required legal documents. It comes provided with blank documents, and you are expected to fill out the following templates in the documents:
legal/documents/tos.html
Terms of service document
legal/documents/privacy.html
Privacy policy document
legal/documents/summary.html
Short overview of the terms of service and privacy policy
On changing the terms of service documents, please adjust
LEGAL_TOS_DATE
so that users are forced to agree with the updated
documents.
Note
Legal documents for the Hosted Weblate service are available in this Git repository <https://github.com/WeblateOrg/wllegal/tree/main/wllegal/templates/legal/documents>.
Most likely these will not be directly usable to you, but might come in handy as a starting point if adjusted to meet your needs.
Installation#
1. Add weblate.legal
to installed apps in
settings.py
:
INSTALLED_APPS += ("weblate.legal",)
# Optional:
# Social auth pipeline to confirm TOS upon registration/subsequent sign in
SOCIAL_AUTH_PIPELINE += ("weblate.legal.pipeline.tos_confirm",)
# Middleware to enforce TOS confirmation of signed in users
MIDDLEWARE += [
"weblate.legal.middleware.RequireTOSMiddleware",
]
Run the database migration to optionally install additional database structures for the module:
weblate migrate
Edit the legal documents in the
weblate/legal/templates/legal/
folder to match your service.
Usage#
After installation and editing, the legal documents are shown in the Weblate UI.
Avatars#
Avatars are downloaded and cached server-side to reduce information leaks to the sites serving them
by default. The built-in support for fetching avatars from e-mails addresses configured for it can be
turned off using ENABLE_AVATARS
.
Weblate currently supports:
See also
Spam protection#
You can protect against spamming by users by using the Akismet service.
Install the akismet Python module (this is already included in the official Docker image).
Obtain the Akismet API key.
Store it as
AKISMET_API_KEY
orWEBLATE_AKISMET_API_KEY
in Docker.
Following content is sent to Akismet for checking:
Suggestions from unauthenticated users
Project and component descriptions and links
Note
This (among other things) relies on IP address of the client, please see Running behind reverse proxy for properly configuring that.
Signing Git commits with GnuPG#
All commits can be signed by the GnuPG key of the Weblate instance.
1. Turn on WEBLATE_GPG_IDENTITY
. (Weblate will generate a GnuPG
key when needed and will use it to sign all translation commits.)
This feature needs GnuPG 2.1 or newer installed.
You can find the key in the DATA_DIR
and the public key is shown on
the “About” page:
2. Alternatively you can also import existing keys into Weblate, just set
HOME=$DATA_DIR/home
when invoking gpg.
Hint
The key material is cached by Weblate for a long period. In case you let
Weblate generate a key with WEBLATE_GPG_IDENTITY
and then import
key with the same identity to use an existing key, purging redis cache is
recommended to see the effect of such change.
Note
When sharing DATA_DIR
between multiple hosts, please follow instructions
at https://wiki.gnupg.org/NFS to make GnuPG signing work reliably.
See also
Rate limiting#
Changed in version 4.6: The rate limiting no longer applies to superusers.
Several operations in Weblate are rate limited. At most
RATELIMIT_ATTEMPTS
attempts are allowed within RATELIMIT_WINDOW
seconds.
The user is then blocked for RATELIMIT_LOCKOUT
. There are also settings specific to scopes, for example RATELIMIT_CONTACT_ATTEMPTS
or RATELIMIT_TRANSLATE_ATTEMPTS
. The table below is a full list of available scopes.
The following operations are subject to rate limiting:
Name |
Scope |
Allowed attempts |
Ratelimit window |
Lockout period |
---|---|---|---|---|
Registration |
|
5 |
300 |
600 |
Sending message to admins |
|
2 |
300 |
600 |
Password authentication on sign in |
|
5 |
300 |
600 |
Sitewide search |
|
6 |
60 |
60 |
Translating |
|
30 |
60 |
600 |
Adding to glossary |
|
30 |
60 |
600 |
Starting translation into a new language |
|
2 |
300 |
600 |
Creating new project |
|
5 |
600 |
600 |
If a user fails to sign in AUTH_LOCK_ATTEMPTS
times, password authentication will be turned off on the account until having gone through the process of having its password reset.
The settings can be also applied in the Docker container by adding WEBLATE_
prefix to the setting name, for example RATELIMIT_ATTEMPTS
becomes WEBLATE_RATELIMIT_ATTEMPTS
.
The API has separate rate limiting settings, see API rate limiting.
Fedora Messaging integration#
Fedora Messaging is AMQP-based publisher for all changes happening in Weblate. You can hook additional services on changes happening in Weblate using this.
The Fedora Messaging integration is available as a separate Python module
weblate-fedora-messaging
. Please see
<https://github.com/WeblateOrg/fedora_messaging/> for setup instructions.