""" Django settings for config project. Generated by 'django-admin startproject' using Django 6.0.4. For more information on this file, see https://docs.djangoproject.com/en/6.0/topics/settings/ For the full list of settings and their values, see https://docs.djangoproject.com/en/6.0/ref/settings/ """ import os from datetime import timedelta from pathlib import Path import environ # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent # Load dotenv files env = environ.Env() env_file = os.environ.get("PIKU_ENV_FILE", os.path.join(BASE_DIR.parent, ".env")) if os.path.exists(env_file): environ.Env.read_env(env_file, overwrite=False) # Security Settings ALLOWED_HOSTS = env.list("ALLOWED_HOSTS", default=["127.0.0.1"]) ALLOWED_HOSTS.append(env("FRONTEND_DOMAIN", default="127.0.0.1")) ALLOWED_HOSTS.append(env("BACKEND_DOMAIN", default="127.0.0.1")) # NOTE: Set to forward https when using reverse proxy SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS", default=[]) SSL_ENABLED = env.bool("SSL_ENABLED", default=False) URI_SCHEME = "https://" if SSL_ENABLED else "http://" FRONTEND_URLS = [] if env("FRONTEND_URL", default=None): FRONTEND_URLS.append(env("FRONTEND_URL")) if env("FRONTEND_PORT", default=None): FRONTEND_URLS.append(f"{URI_SCHEME}{env('FRONTEND_DOMAIN')}:{env('FRONTEND_PORT')}") else: FRONTEND_URLS.append(f"{URI_SCHEME}{env('FRONTEND_DOMAIN')}") # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/6.0/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = env("SECRET_KEY") # SECURITY WARNING: don't run with debug turned on in production! DEBUG = env.bool("DEBUG", default=False) # Application definition INSTALLED_APPS = [ "django_apscheduler", "django.contrib.auth", "django.contrib.contenttypes", "django.contrib.sessions", "django.contrib.staticfiles", "django_extensions", "django_structlog", "rest_framework", "corsheaders", "users", "letters", "scripts", ] MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", "corsheaders.middleware.CorsMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", "django.middleware.common.CommonMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", "django_structlog.middlewares.RequestMiddleware", ] ROOT_URLCONF = "config.urls" WSGI_APPLICATION = "config.wsgi.application" # Database # https://docs.djangoproject.com/en/6.0/ref/settings/#databases DATABASES = { "default": { "ENGINE": "django.db.backends.postgresql", "NAME": env("DB_NAME"), "USER": env("DB_USER"), "PASSWORD": env("DB_PASSWORD"), "HOST": env("DB_HOST"), "PORT": env("DB_PORT"), } } CORS_ALLOWED_ORIGINS = FRONTEND_URLS CSRF_TRUSTED_ORIGINS += FRONTEND_URLS CORS_ALLOW_CREDENTIALS = True AUTH_USER_MODEL = "users.User" REST_FRAMEWORK = { "DEFAULT_AUTHENTICATION_CLASSES": ("rest_framework_simplejwt.authentication.JWTAuthentication",), "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",), "DEFAULT_RENDERER_CLASSES": ("rest_framework.renderers.JSONRenderer",), } SIMPLE_JWT = { "ACCESS_TOKEN_LIFETIME": timedelta(minutes=30), "REFRESH_TOKEN_LIFETIME": timedelta(days=1), "ROTATE_REFRESH_TOKENS": True, "BLACKLIST_AFTER_ROTATION": True, "AUTH_HEADER_TYPES": ("Bearer",), "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",), } """ NOTE: COOKIE_SAMESITE: Lax is used to allow cross-site redirection, like links from email. """ AUTH_COOKIE = { "NAME": "refresh_token", "DOMAIN": None if DEBUG else env("FRONTEND_DOMAIN"), "SECURE": SSL_ENABLED if DEBUG else True, "HTTPONLY": True, "SAMESITE": "Lax", } # Email config EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend" EMAIL_HOST = env("EMAIL_HOST") EMAIL_PORT = env.int("EMAIL_PORT") EMAIL_HOST_USER = env("EMAIL_HOST_USER") EMAIL_HOST_PASSWORD = env("EMAIL_HOST_PASSWORD") EMAIL_USE_TLS = env.bool("EMAIL_USE_TLS", default=False) EMAIL_USE_SSL = env.bool("EMAIL_USE_SSL", default=False) FROM_EMAIL = env("FROM_EMAIL") # Password validation # https://docs.djangoproject.com/en/6.0/ref/settings/#auth-password-validators AUTH_PASSWORD_VALIDATORS = [ { "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", }, { "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", }, { "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", }, { "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", }, ] # Internationalization # https://docs.djangoproject.com/en/6.0/topics/i18n/ LANGUAGE_CODE = "en-us" TIME_ZONE = "UTC" USE_I18N = True USE_TZ = True # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/6.0/howto/static-files/ STATIC_URL = "static/" MEDIA_URL = "/media/" if env.bool("S3_ENABLED", default=False): MEDIA_URL = f"{env('R2_PUBLIC_URL')}/media/" # HACK: S3 auto pre-pends the url scheme forcefully and this prevents double https R2_HOST = env("R2_PUBLIC_URL").replace("https://", "") STORAGES = { "default": { "BACKEND": "storages.backends.s3.S3Storage", "OPTIONS": { "access_key": env("R2_ACCESS_KEY_ID"), "secret_key": env("R2_SECRET_ACCESS_KEY"), "bucket_name": env("R2_STORAGE_BUCKET_NAME"), "region_name": env("R2_REGION_NAME"), "endpoint_url": env("R2_ENDPOINT_URL"), "location": "media", "signature_version": "s3v4", "file_overwrite": False, "custom_domain": R2_HOST, "querystring_auth": False, }, }, "staticfiles": { "BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage", }, } DEFAULT_FILE_STORAGE = "storages.backends.s3.S3Storage" MEDIA_ROOT = BASE_DIR / "media"