From 4bdb1ee80dd242c5c1704e8ae8af02bfb69d0e7a Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Thu, 9 Apr 2026 12:39:42 +0530
Subject: [PATCH] feat: configure environment variables, CORS, and PostgreSQL
 database settings for backend-frontend integration

---
 .env.example               |  2 ++
 backend/config/settings.py | 22 ++++++++++++++++++----
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/.env.example b/.env.example
index 6cf238d..1f69f99 100644
--- a/.env.example
+++ b/.env.example
@@ -9,6 +9,7 @@ DB_PORT=5432
 DEBUG=True
 SECRET_KEY=django-secret-key
 ALLOWED_HOSTS=localhost,127.0.0.1
+CORS_ALLOWED_ORIGINS=http://localhost:5173,http://127.0.0.1:5173
 
 # EMAIL
 EMAIL_HOST=localhost
@@ -16,3 +17,4 @@ EMAIL_PORT=1025
 
 # FRONTEND
 VITE_API_URL=http://localhost:8000
+FRONTEND_PORT=5173
diff --git a/backend/config/settings.py b/backend/config/settings.py
index 362bff4..f8f2580 100644
--- a/backend/config/settings.py
+++ b/backend/config/settings.py
@@ -10,20 +10,25 @@ For the full list of settings and their values, see
 https://docs.djangoproject.com/en/6.0/ref/settings/
 """
 
+import os
 from pathlib import Path
+import environ
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
+env = environ.Env()
+# find .env in root
+environ.Env.read_env(os.path.join(BASE_DIR.parent, ".env"))
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/6.0/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = "django-insecure-rj_!92m9m5o7&&g5q=uj#=+7@h6q16o4l-7^u2ilz014j%oo-t"
+SECRET_KEY = env("SECRET_KEY")
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = env("DEBUG")
 
 ALLOWED_HOSTS = []
 
@@ -37,9 +42,12 @@ INSTALLED_APPS = [
     "django.contrib.sessions",
     "django.contrib.messages",
     "django.contrib.staticfiles",
+    "rest_framework", # for API
+    "corsheaders", # for API and Frontend connect
 ]
 
 MIDDLEWARE = [
+    "corsheaders.middleware.CorsMiddleware", # allow frontend to connect
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.common.CommonMiddleware",
@@ -74,11 +82,17 @@ WSGI_APPLICATION = "config.wsgi.application"
 
 DATABASES = {
     "default": {
-        "ENGINE": "django.db.backends.sqlite3",
-        "NAME": BASE_DIR / "db.sqlite3",
+        "ENGINE": "django.db.backends.postgresql",
+        "NAME": env("DB_NAME"),
+        "USER": env("DB_USER"),
+        "PASSWORD": env("DB_PASSWORD"),
+        "HOST": env("DB_HOST"),
+        "PORT": env("DB_PORT"),
     }
 }
 
+CORS_ALLOWED_ORIGINS = env.list("CORS_ALLOWED_ORIGINS")
+
 
 # Password validation
 # https://docs.djangoproject.com/en/6.0/ref/settings/#auth-password-validators