mirror of
https://github.com/ramvignesh-b/pi-ku.git
synced 2026-05-04 08:56:52 +00:00
ramvignesh-b
210 lines
6.3 KiB
Python
210 lines
6.3 KiB
Python
"""
|
|
Django settings for config project.
|
|
|
|
Generated by 'django-admin startproject' using Django 6.0.4.
|
|
|
|
For more information on this file, see
|
|
https://docs.djangoproject.com/en/6.0/topics/settings/
|
|
|
|
For the full list of settings and their values, see
|
|
https://docs.djangoproject.com/en/6.0/ref/settings/
|
|
"""
|
|
|
|
import os
|
|
from datetime import timedelta
|
|
from pathlib import Path
|
|
|
|
import environ
|
|
|
|
# Build paths inside the project like this: BASE_DIR / 'subdir'.
|
|
BASE_DIR = Path(__file__).resolve().parent.parent
|
|
|
|
# Load dotenv files
|
|
env = environ.Env()
|
|
env_file = os.environ.get("PIKU_ENV_FILE", os.path.join(BASE_DIR.parent, ".env"))
|
|
if os.path.exists(env_file):
|
|
environ.Env.read_env(env_file, overwrite=False)
|
|
|
|
# Security Settings
|
|
ALLOWED_HOSTS = env.list("ALLOWED_HOSTS", default=["127.0.0.1"])
|
|
ALLOWED_HOSTS.append(env("FRONTEND_DOMAIN", default="127.0.0.1"))
|
|
ALLOWED_HOSTS.append(env("BACKEND_DOMAIN", default="127.0.0.1"))
|
|
# NOTE: Set to forward https when using reverse proxy
|
|
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
|
|
|
|
CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS", default=[])
|
|
|
|
SSL_ENABLED = env.bool("SSL_ENABLED", default=False)
|
|
URI_SCHEME = "https://" if SSL_ENABLED else "http://"
|
|
|
|
FRONTEND_URLS = []
|
|
if env("FRONTEND_URL", default=None):
|
|
FRONTEND_URLS.append(env("FRONTEND_URL"))
|
|
if env("FRONTEND_PORT", default=None):
|
|
FRONTEND_URLS.append(f"{URI_SCHEME}{env('FRONTEND_DOMAIN')}:{env('FRONTEND_PORT')}")
|
|
else:
|
|
FRONTEND_URLS.append(f"{URI_SCHEME}{env('FRONTEND_DOMAIN')}")
|
|
|
|
# Quick-start development settings - unsuitable for production
|
|
# See https://docs.djangoproject.com/en/6.0/howto/deployment/checklist/
|
|
|
|
# SECURITY WARNING: keep the secret key used in production secret!
|
|
SECRET_KEY = env("SECRET_KEY")
|
|
|
|
# SECURITY WARNING: don't run with debug turned on in production!
|
|
DEBUG = env.bool("DEBUG", default=False)
|
|
|
|
|
|
# Application definition
|
|
|
|
INSTALLED_APPS = [
|
|
"django_apscheduler",
|
|
"django.contrib.auth",
|
|
"django.contrib.contenttypes",
|
|
"django.contrib.sessions",
|
|
"django.contrib.staticfiles",
|
|
"django_extensions",
|
|
"django_structlog",
|
|
"rest_framework",
|
|
"corsheaders",
|
|
"users",
|
|
"letters",
|
|
"scripts",
|
|
]
|
|
|
|
MIDDLEWARE = [
|
|
"django.middleware.security.SecurityMiddleware",
|
|
"corsheaders.middleware.CorsMiddleware",
|
|
"django.contrib.sessions.middleware.SessionMiddleware",
|
|
"django.middleware.common.CommonMiddleware",
|
|
"django.middleware.csrf.CsrfViewMiddleware",
|
|
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
|
"django.contrib.messages.middleware.MessageMiddleware",
|
|
"django.middleware.clickjacking.XFrameOptionsMiddleware",
|
|
"django_structlog.middlewares.RequestMiddleware",
|
|
]
|
|
|
|
|
|
ROOT_URLCONF = "config.urls"
|
|
|
|
WSGI_APPLICATION = "config.wsgi.application"
|
|
|
|
# Database
|
|
# https://docs.djangoproject.com/en/6.0/ref/settings/#databases
|
|
|
|
DATABASES = {
|
|
"default": {
|
|
"ENGINE": "django.db.backends.postgresql",
|
|
"NAME": env("DB_NAME"),
|
|
"USER": env("DB_USER"),
|
|
"PASSWORD": env("DB_PASSWORD"),
|
|
"HOST": env("DB_HOST"),
|
|
"PORT": env("DB_PORT"),
|
|
}
|
|
}
|
|
|
|
CORS_ALLOWED_ORIGINS = FRONTEND_URLS
|
|
CSRF_TRUSTED_ORIGINS += FRONTEND_URLS
|
|
CORS_ALLOW_CREDENTIALS = True
|
|
|
|
AUTH_USER_MODEL = "users.User"
|
|
|
|
REST_FRAMEWORK = {
|
|
"DEFAULT_AUTHENTICATION_CLASSES": ("rest_framework_simplejwt.authentication.JWTAuthentication",),
|
|
"DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",),
|
|
"DEFAULT_RENDERER_CLASSES": ("rest_framework.renderers.JSONRenderer",),
|
|
}
|
|
|
|
SIMPLE_JWT = {
|
|
"ACCESS_TOKEN_LIFETIME": timedelta(minutes=30),
|
|
"REFRESH_TOKEN_LIFETIME": timedelta(days=1),
|
|
"ROTATE_REFRESH_TOKENS": True,
|
|
"BLACKLIST_AFTER_ROTATION": True,
|
|
"AUTH_HEADER_TYPES": ("Bearer",),
|
|
"AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
|
|
}
|
|
|
|
"""
|
|
NOTE: COOKIE_SAMESITE: Lax is used to allow cross-site redirection, like links from email.
|
|
"""
|
|
AUTH_COOKIE = {
|
|
"NAME": "refresh_token",
|
|
"DOMAIN": None if DEBUG else env("FRONTEND_DOMAIN"),
|
|
"SECURE": SSL_ENABLED if DEBUG else True,
|
|
"HTTPONLY": True,
|
|
"SAMESITE": "Lax",
|
|
}
|
|
|
|
# Email config
|
|
EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
|
|
EMAIL_HOST = env("EMAIL_HOST")
|
|
EMAIL_PORT = env.int("EMAIL_PORT")
|
|
EMAIL_HOST_USER = env("EMAIL_HOST_USER")
|
|
EMAIL_HOST_PASSWORD = env("EMAIL_HOST_PASSWORD")
|
|
EMAIL_USE_TLS = env.bool("EMAIL_USE_TLS", default=False)
|
|
EMAIL_USE_SSL = env.bool("EMAIL_USE_SSL", default=False)
|
|
FROM_EMAIL = env("FROM_EMAIL")
|
|
|
|
# Password validation
|
|
# https://docs.djangoproject.com/en/6.0/ref/settings/#auth-password-validators
|
|
|
|
AUTH_PASSWORD_VALIDATORS = [
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
|
|
},
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
|
|
},
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
|
|
},
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
|
|
},
|
|
]
|
|
|
|
# Internationalization
|
|
# https://docs.djangoproject.com/en/6.0/topics/i18n/
|
|
|
|
LANGUAGE_CODE = "en-us"
|
|
|
|
TIME_ZONE = "UTC"
|
|
|
|
USE_I18N = True
|
|
|
|
USE_TZ = True
|
|
|
|
# Static files (CSS, JavaScript, Images)
|
|
# https://docs.djangoproject.com/en/6.0/howto/static-files/
|
|
|
|
STATIC_URL = "static/"
|
|
MEDIA_URL = "/media/"
|
|
|
|
if env.bool("S3_ENABLED", default=False):
|
|
MEDIA_URL = f"{env('R2_PUBLIC_URL')}/media/"
|
|
# HACK: S3 auto pre-pends the url scheme forcefully and this prevents double https
|
|
R2_HOST = env("R2_PUBLIC_URL").replace("https://", "")
|
|
STORAGES = {
|
|
"default": {
|
|
"BACKEND": "storages.backends.s3.S3Storage",
|
|
"OPTIONS": {
|
|
"access_key": env("R2_ACCESS_KEY_ID"),
|
|
"secret_key": env("R2_SECRET_ACCESS_KEY"),
|
|
"bucket_name": env("R2_STORAGE_BUCKET_NAME"),
|
|
"region_name": env("R2_REGION_NAME"),
|
|
"endpoint_url": env("R2_ENDPOINT_URL"),
|
|
"location": "media",
|
|
"signature_version": "s3v4",
|
|
"file_overwrite": False,
|
|
"custom_domain": R2_HOST,
|
|
"querystring_auth": False,
|
|
},
|
|
},
|
|
"staticfiles": {
|
|
"BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage",
|
|
},
|
|
}
|
|
DEFAULT_FILE_STORAGE = "storages.backends.s3.S3Storage"
|
|
|
|
MEDIA_ROOT = BASE_DIR / "media"
|