If you're starting without an existing django application, see the polaris-project-template repository for getting started with the boilerplate code. To get a SEP-24 anchor server running quickly, see the tutorial.
For important updates on Polaris' development and releases please join the email list.
The documentation below outlines the common set up needed for any Polaris deployment, but each SEP implementation has its own configuration and integration requirements. These requirements are described in the documentation for each SEP.
Polaris is an extendable django app for Stellar Ecosystem Proposal (SEP) implementations maintained by the Stellar Development Foundation (SDF). Using Polaris, you can run a web server supporting any combination of SEP-1, 6, 10, 12, 24, and 31.
While Polaris implements the majority of the functionality described in each SEP, there are pieces of functionality that can only be implemented by the developer using Polaris. For example, only an anchor can implement the integration with their partner bank.
This is why each SEP implemented by Polaris comes with a programmable interface for developers to inject their own business logic.
The complete documentation can be found on readthedocs. The SDF also runs a reference server using Polaris that can be tested using our demo wallet.
These instructions assume you have already set up a django project. If you haven't,
take a look at the Django docs. It also assumes you have a database configured
from the project's settings.py.
First make sure you have cd'ed into your django project's main directory
and then run
pip install django-polarisAdd the following to INSTALLED_APPS in settings.py.
INSTALLED_APPS = [
...,
"corsheaders",
"rest_framework",
"polaris",
"<YOUR APP NAME>"
]Add CorsMiddleware to your settings.MIDDLEWARE. It should be listed above
other middleware that can return responses such as CommonMiddleware.
MIDDLEWARE = [
...,
'corsheaders.middleware.CorsMiddleware',
...
]Polaris will now accept requests from all origins to its endpoints. It does this by adding corsheaders signal that checks the request URI. However this does not change the CORS policy for any other endpoint on the server. You can change this functionality using the settings listed in the corsheaders documentation.
Optionally, you can add Polaris' logger to your LOGGING configuration. For example:
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'simple': {
'format': '{levelname} {message}',
'style': '{',
},
},
'handlers': {
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
'formatter': 'simple'
}
},
'loggers': {
'myapp': {
'handlers': ['console'],
'propogate': True,
'LEVEL': 'DEBUG'
},
'polaris': {
'handlers': ['console'],
'propagate': True,
'LEVEL': 'INFO'
},
}
}You may want to configure the LEVEL of the Polaris logger differently depending on whether you're running the service locally or in production. One way to do this by reading a POLARIS_LOG_LEVEL variable, or something similar, from the project's environment.
See the environment variables documentation for a complete list of supported environment variables. Some environment variables are required for all Polaris deployments, some are required for a specific set of SEPs, and others are optional.
Environment variables can be set within the environment itelf, in a .env file,
or specified in your Django settings file.
A .env file must be within the directory specified by Django's BASE_DIR
setting or specified explitly using the POLARIS_ENV_PATH setting.
To set the variables in the project's settings file, the variable name must be
prepended with POLARIS_. Make sure not to put sensitive information in the
project's settings file, such as Stellar secret keys, encryption keys, etc.
Add the Polaris endpoints in urls.py
import polaris.urls
from django.urls import path, include
urlpatterns = [
...,
path("", include(polaris.urls)),
]Polaris works with all Django-supported databases. Install your database driver and see the DATABASES setting docs for configuring the database connection. If you find Polaris attempts to make queries incompatible with your database, file an issue in the project's github repository.
Once configured, run migrations to create these tables in your database.
python manage.py migrateNow, create an Asset database object for each asset you intend to anchor. Get
into your python shell, then run something like this:
from polaris.models import Asset
Asset.objects.create(
code="USD",
issuer="<the issuer address>",
distribution_seed="<distribution account secret key>",
sep24_enabled=True,
...
)The distribution_seed and channel_seed columns are encrypted at the database layer using
Fernet symmetric encryption, and only decrypted when held in memory within an Asset object.
It uses your Django project's SECRET_KEY setting to generate the encryption key, so make sure
its value is unguessable and kept a secret.
See the Asset documentation for more information on the fields used.
At this point, you should configure Polaris for one or more of the SEPs currently supported. Once configured, check out how to run the server as described in the next section.
Polaris should only be deployed using HTTPS in production. You should do this by using a HTTPS web server or running Polaris behind a HTTPS reverse proxy (see example Nginx configuration). The steps below outline the settings necessary to ensure your deployment is secure.
To redirect HTTP traffic to HTTPS, add the following to settings.py:
SECURE_SSL_REDIRECT = TrueAnd if you're running Polaris behind a HTTPS proxy:
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')This tells Django what header to check and what value it should be in order to consider the incoming request secure.
If you're running SEP-24, add the following
SESSION_COOKIE_SECURE = TruePolaris requires this setting to be True for SEP-24 deployments if not in
LOCAL_MODE.
It is highly encouraged to employ a rate limiting strategy when running Polaris to ensure the service remains available for all client applications. Many endpoints retrieve and create database records on each request, and some endpoints make outgoing web requests to Horizon or a client application's callback endpoint.
Rate limiting can be particularly important for SEP-6 or SEP-24 deposit requests because the anchor is expected to poll their off-chain rails to detect if any of the funds from pending transactions initiated in these requests have arrived in the anchor's account, which can be a resource-intensive process.
Rate limiting can be deployed using a number of strategies that often depend on the anchor's deployment infrastructure. Optionally, the anchor could also implement a rate limiting policy using Django custom middleware support.
Locally, Polaris can be run using Django's HTTP development server
python manage.py runserverIf you're using Polaris' SEP-24 support, you also need to use the following environment variable:
LOCAL_MODE=1This is necessary to disable SEP-24's interactive flow authentication mechanism, which requires HTTPS. Do not use local mode in production.
To set up the development environment or run the SDF's reference server, run follow the instructions below.
git clone git@github.com:stellar/django-polaris.git
cd django-polarisThen, add a .env file in the example directory. You'll need to create
a signing account on Stellar's testnet and add it to your environment variables.
DJANGO_SECRET_KEY="supersecretdjangokey"
DJANGO_DEBUG=True
DJANGO_ALLOWED_HOSTS=localhost,0.0.0.0,127.0.0.1
SIGNING_SEED=<your signing account seed>
STELLAR_NETWORK_PASSPHRASE="Test SDF Network ; September 2015"
HORIZON_URI="https://horizon-testnet.stellar.org/"
SERVER_JWT_KEY="your jwt local secret"
HOST_URL="http://localhost:8000"
LOCAL_MODE=TrueNext, you'll need to create an asset on the Stellar test network and setup a distribution account. Polaris comes with a testnet issue command to help with this.
Now you're ready to add your asset to Polaris. Run the following commands:
docker-compose build
docker-compose up serverUse another process to run the following:
docker exec -it server python manage.py shellOnce you enter the python console, create the asset database object:
from polaris.models import Asset
Asset.objects.create(...)Enter the code, issuer, and distribution seed for the asset. Enable the SEPs you want to test.
Finally, exit the python console, kill the current docker-compose process, and run a new one:
docker-compose upThis will run all processes, and you should now have a anchor server running on port 8000. When you make changes locally, the docker containers will restart with the updated code.
You can install the dependencies locally in a virtual environment:
pip install pipenv
cd django-polaris
pipenv install --dev
pipenv run pytest -c polaris/pytest.iniOr, you can simply run the tests from inside the docker container. However, this may be slower.
docker exec -it server pytest -c polaris/pytest.iniAfter you've made your changes, push them to you a remote branch and make a Pull Request on the stellar/django-polaris master branch. Note that Polaris uses the black code formatter, so please format your code before requesting us to merge your changes.