227 lines
6.6 KiB
Python
227 lines
6.6 KiB
Python
"""
|
||
Django settings for config project.
|
||
|
||
Generated by 'django-admin startproject' using Django 5.2.7.
|
||
|
||
For more information on this file, see
|
||
https://docs.djangoproject.com/en/5.2/topics/settings/
|
||
|
||
For the full list of settings and their values, see
|
||
https://docs.djangoproject.com/en/5.2/ref/settings/
|
||
"""
|
||
|
||
from pathlib import Path
|
||
import os
|
||
from dotenv import load_dotenv
|
||
|
||
BASE_DIR = Path(__file__).resolve().parent.parent
|
||
load_dotenv(BASE_DIR.parent / ".env")
|
||
|
||
SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", "change-me")
|
||
DEBUG = os.getenv("DJANGO_DEBUG", "true").lower() == "true"
|
||
|
||
ALLOWED_HOSTS = [
|
||
"127.0.0.1",
|
||
"localhost",
|
||
os.getenv("HOST_FQDN", ""),
|
||
]
|
||
|
||
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
|
||
|
||
CSRF_TRUSTED_ORIGINS = [
|
||
origin for origin in [
|
||
os.getenv("HOST_FQDN", ""),
|
||
os.getenv("CSRF_TRUSTED_ORIGIN", "")
|
||
] if origin
|
||
]
|
||
CSRF_TRUSTED_ORIGINS = [
|
||
f"https://{host}" if not host.startswith(("http://", "https://")) else host
|
||
for host in CSRF_TRUSTED_ORIGINS
|
||
]
|
||
|
||
# Cookies must always be HTTPS-only; SameSite=None is required for iframes.
|
||
SESSION_COOKIE_SECURE = True
|
||
CSRF_COOKIE_SECURE = True
|
||
SESSION_COOKIE_SAMESITE = "None"
|
||
CSRF_COOKIE_SAMESITE = "None"
|
||
LANGUAGE_COOKIE_SECURE = True
|
||
LANGUAGE_COOKIE_SAMESITE = "None"
|
||
|
||
# Quick-start development settings - unsuitable for production
|
||
# See https://docs.djangoproject.com/en/5.2/howto/deployment/checklist/
|
||
|
||
# Application definition
|
||
|
||
INSTALLED_APPS = [
|
||
'django.contrib.admin',
|
||
'django.contrib.auth',
|
||
'django.contrib.contenttypes',
|
||
'django.contrib.sessions',
|
||
'django.contrib.messages',
|
||
'django.contrib.staticfiles',
|
||
'core',
|
||
'accounting',
|
||
'hr',
|
||
]
|
||
|
||
MIDDLEWARE = [
|
||
'django.middleware.security.SecurityMiddleware',
|
||
'django.contrib.sessions.middleware.SessionMiddleware',
|
||
'django.middleware.locale.LocaleMiddleware',
|
||
'django.middleware.common.CommonMiddleware',
|
||
'django.middleware.csrf.CsrfViewMiddleware',
|
||
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
||
'django.contrib.messages.middleware.MessageMiddleware',
|
||
# Disable X-Frame-Options middleware to allow Flatlogic preview iframes.
|
||
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
||
]
|
||
|
||
X_FRAME_OPTIONS = 'ALLOWALL'
|
||
|
||
ROOT_URLCONF = 'config.urls'
|
||
|
||
TEMPLATES = [
|
||
{
|
||
'BACKEND': 'django.template.backends.django.DjangoTemplates',
|
||
'DIRS': [],
|
||
'APP_DIRS': True,
|
||
'OPTIONS': {
|
||
'context_processors': [
|
||
'django.template.context_processors.request',
|
||
'django.contrib.auth.context_processors.auth',
|
||
'django.contrib.messages.context_processors.messages',
|
||
'django.template.context_processors.i18n',
|
||
# IMPORTANT: do not remove – injects PROJECT_DESCRIPTION/PROJECT_IMAGE_URL and cache-busting timestamp
|
||
'core.context_processors.project_context',
|
||
'core.context_processors.global_settings',
|
||
],
|
||
},
|
||
},
|
||
]
|
||
|
||
WSGI_APPLICATION = 'config.wsgi.application'
|
||
|
||
|
||
# Database
|
||
# https://docs.djangoproject.com/en/5.2/ref/settings/#databases
|
||
|
||
DATABASES = {
|
||
'default': {
|
||
'ENGINE': 'django.db.backends.mysql',
|
||
'NAME': os.getenv('DB_NAME', ''),
|
||
'USER': os.getenv('DB_USER', ''),
|
||
'PASSWORD': os.getenv('DB_PASS', ''),
|
||
'HOST': os.getenv('DB_HOST', '127.0.0.1'),
|
||
'PORT': os.getenv('DB_PORT', '3306'),
|
||
'OPTIONS': {
|
||
'charset': 'utf8mb4',
|
||
},
|
||
},
|
||
}
|
||
|
||
|
||
# Password validation
|
||
# https://docs.djangoproject.com/en/5.2/ref/settings/#auth-password-validators
|
||
|
||
AUTH_PASSWORD_VALIDATORS = [
|
||
{
|
||
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
|
||
},
|
||
{
|
||
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
|
||
},
|
||
{
|
||
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
|
||
},
|
||
{
|
||
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
|
||
},
|
||
]
|
||
|
||
|
||
# Internationalization
|
||
# https://docs.djangoproject.com/en/5.2/topics/i18n/
|
||
|
||
LANGUAGE_CODE = 'en'
|
||
LANGUAGES = [
|
||
('en', 'English'),
|
||
('ar', 'Arabic'),
|
||
]
|
||
|
||
LOCALE_PATHS = [BASE_DIR / 'locale']
|
||
|
||
TIME_ZONE = 'UTC'
|
||
|
||
USE_I18N = True
|
||
|
||
USE_TZ = True
|
||
|
||
# Script Name (for subpath deployment)
|
||
FORCE_SCRIPT_NAME = os.getenv("FORCE_SCRIPT_NAME")
|
||
|
||
# Static files (CSS, JavaScript, Images)
|
||
# https://docs.djangoproject.com/en/5.2/howto/static-files/
|
||
|
||
# Default to 'static/' but allow override or adjust based on FORCE_SCRIPT_NAME
|
||
if FORCE_SCRIPT_NAME:
|
||
# Ensure FORCE_SCRIPT_NAME starts with / and ends without / for consistency if needed,
|
||
# but normally users provide "/meezan".
|
||
# We strip trailing slash from script name when forming static url
|
||
_script_prefix = FORCE_SCRIPT_NAME.rstrip('/')
|
||
STATIC_URL = os.getenv("STATIC_URL", f"{_script_prefix}/static/")
|
||
MEDIA_URL = os.getenv("MEDIA_URL", f"{_script_prefix}/media/")
|
||
else:
|
||
STATIC_URL = os.getenv("STATIC_URL", "static/")
|
||
MEDIA_URL = os.getenv("MEDIA_URL", "media/")
|
||
|
||
# Collect static into a separate folder; avoid overlapping with STATICFILES_DIRS.
|
||
STATIC_ROOT = BASE_DIR / 'staticfiles'
|
||
MEDIA_ROOT = BASE_DIR / 'media'
|
||
|
||
STATICFILES_DIRS = [
|
||
BASE_DIR / 'static',
|
||
BASE_DIR / 'assets',
|
||
BASE_DIR / 'node_modules',
|
||
]
|
||
|
||
# Email
|
||
EMAIL_BACKEND = os.getenv(
|
||
"EMAIL_BACKEND",
|
||
"django.core.mail.backends.smtp.EmailBackend"
|
||
)
|
||
EMAIL_HOST = os.getenv("EMAIL_HOST", "127.0.0.1")
|
||
EMAIL_PORT = int(os.getenv("EMAIL_PORT", "587"))
|
||
EMAIL_HOST_USER = os.getenv("EMAIL_HOST_USER", "")
|
||
EMAIL_HOST_PASSWORD = os.getenv("EMAIL_HOST_PASSWORD", "")
|
||
EMAIL_USE_TLS = os.getenv("EMAIL_USE_TLS", "true").lower() == "true"
|
||
EMAIL_USE_SSL = os.getenv("EMAIL_USE_SSL", "false").lower() == "true"
|
||
DEFAULT_FROM_EMAIL = os.getenv("DEFAULT_FROM_EMAIL", "no-reply@example.com")
|
||
CONTACT_EMAIL_TO = [
|
||
item.strip()
|
||
for item in os.getenv("CONTACT_EMAIL_TO", DEFAULT_FROM_EMAIL).split(",")
|
||
if item.strip()
|
||
]
|
||
|
||
# When both TLS and SSL flags are enabled, prefer SSL explicitly
|
||
if EMAIL_USE_SSL:
|
||
EMAIL_USE_TLS = False
|
||
|
||
# Authentication
|
||
LOGIN_REDIRECT_URL = '/'
|
||
LOGOUT_REDIRECT_URL = '/accounts/login/'
|
||
LOGIN_URL = '/accounts/login/'
|
||
|
||
# Default primary key field type
|
||
# https://docs.djangoproject.com/en/5.2/ref/settings/#default-auto-field
|
||
|
||
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
|
||
|
||
# Whitenoise configuration for production
|
||
# Only enable if whitenoise is installed
|
||
try:
|
||
import whitenoise
|
||
MIDDLEWARE.insert(1, 'whitenoise.middleware.WhiteNoiseMiddleware')
|
||
# Use CompressedStaticFilesStorage instead of Manifest to avoid build crashes on missing files
|
||
STATICFILES_STORAGE = 'whitenoise.storage.CompressedStaticFilesStorage'
|
||
except ImportError:
|
||
pass |