feat(config): improve security and add WhiteNoise static file serving
**Security Improvements:** - Fix DEBUG setting to properly parse boolean from environment variable - Remove hardcoded SMTP password fallback, rely solely on env var - Update Celery to use REDIS_URL environment variable instead of hardcoded localhost **Static File Serving:** - Add WhiteNoise middleware for production-grade static file serving - Configure CompressedManifestStaticFilesStorage for optimized delivery **Configuration Updates:** - Enable CORS credentials support - Remove duplicate CORS_ALLOWED_ORIGINS configuration - Update API documentation title from "Blog API" to "Attune Heart Therapy API" - Clean up code formatting and remove unnecessary comments These changes make the application more secure by eliminating hardcoded credentials and more deployment-ready by properly handling environment variables and serving static files efficiently in production.
This commit is contained in:
parent
d1a8f4403a
commit
d0dcfccb7f
@ -10,18 +10,17 @@ BASE_DIR = Path(__file__).resolve().parent.parent
|
||||
|
||||
SECRET_KEY = os.getenv('JWT_SECRET', 'django-insecure-fallback-secret-key')
|
||||
|
||||
DEBUG = os.getenv('DEBUG')
|
||||
DEBUG = os.getenv('DEBUG', 'False').lower() == 'true'
|
||||
|
||||
ALLOWED_HOSTS = os.getenv(
|
||||
'ALLOWED_HOSTS',
|
||||
'*'
|
||||
).split(',')
|
||||
ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '*').split(',')
|
||||
|
||||
CORS_ALLOWED_ORIGINS = os.getenv(
|
||||
'CORS_ALLOWED_ORIGINS',
|
||||
'http://localhost:3000,http://127.0.0.1:3000,https://attunehearttherapy.com'
|
||||
).split(',')
|
||||
CORS_ALLOWED_ORIGINS = [
|
||||
'http://localhost:3000',
|
||||
'http://127.0.0.1:3000',
|
||||
'https://attunehearttherapy.com'
|
||||
]
|
||||
|
||||
CORS_ALLOW_CREDENTIALS = True
|
||||
|
||||
|
||||
INSTALLED_APPS = [
|
||||
@ -45,6 +44,7 @@ INSTALLED_APPS = [
|
||||
MIDDLEWARE = [
|
||||
'corsheaders.middleware.CorsMiddleware',
|
||||
'django.middleware.security.SecurityMiddleware',
|
||||
'whitenoise.middleware.WhiteNoiseMiddleware',
|
||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||
'django.middleware.common.CommonMiddleware',
|
||||
'django.middleware.csrf.CsrfViewMiddleware',
|
||||
@ -99,7 +99,6 @@ else:
|
||||
ENCRYPTION_KEY = os.getenv('ENCRYPTION_KEY')
|
||||
|
||||
|
||||
|
||||
AUTH_PASSWORD_VALIDATORS = [
|
||||
{
|
||||
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
|
||||
@ -125,23 +124,20 @@ SIMPLE_JWT = {
|
||||
'AUTH_HEADER_TYPES': ('Bearer',),
|
||||
}
|
||||
|
||||
|
||||
# Stripe Configuration
|
||||
STRIPE_PUBLISHABLE_KEY = os.getenv('STRIPE_PUBLISHABLE_KEY')
|
||||
STRIPE_SECRET_KEY = os.getenv('STRIPE_SECRET_KEY')
|
||||
STRIPE_WEBHOOK_SECRET = os.getenv('STRIPE_WEBHOOK_SECRET')
|
||||
|
||||
|
||||
# Jitsi Configuration
|
||||
JITSI_BASE_URL = os.getenv('JITSI_BASE_URL', 'https://meet.jit.si')
|
||||
|
||||
# Email Configuration
|
||||
|
||||
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
|
||||
EMAIL_HOST = os.getenv('SMTP_HOST', 'smtp.hostinger.com')
|
||||
EMAIL_PORT = int(os.getenv('SMTP_PORT', 465))
|
||||
EMAIL_USE_SSL = True
|
||||
EMAIL_HOST_USER = os.getenv('SMTP_USERNAME', 'hello@attunehearttherapy.com')
|
||||
EMAIL_HOST_PASSWORD = os.getenv('SMTP_PASSWORD', 'G&n2S;ffTc8f')
|
||||
EMAIL_HOST_PASSWORD = os.getenv('SMTP_PASSWORD')
|
||||
DEFAULT_FROM_EMAIL = os.getenv('SMTP_FROM', 'hello@attunehearttherapy.com')
|
||||
|
||||
|
||||
@ -158,26 +154,14 @@ REST_FRAMEWORK = {
|
||||
),
|
||||
}
|
||||
|
||||
# Configure Spectacular settings
|
||||
|
||||
SPECTACULAR_SETTINGS = {
|
||||
'TITLE': 'Blog API',
|
||||
'DESCRIPTION': 'API for managing users, meetings, and more.',
|
||||
'TITLE': 'Attune Heart Therapy API',
|
||||
'DESCRIPTION': 'API for managing appointments, meetings, and user authentication.',
|
||||
'VERSION': '1.0.0',
|
||||
'SERVE_INCLUDE_SCHEMA': False,
|
||||
}
|
||||
|
||||
CORS_ALLOWED_ORIGINS = [
|
||||
"http://localhost:3000",
|
||||
"http://127.0.0.1:3000",
|
||||
"http://localhost:8080",
|
||||
"http://127.0.0.1:8080",
|
||||
]
|
||||
|
||||
CORS_ALLOW_CREDENTIALS = True
|
||||
|
||||
|
||||
|
||||
ROOT_URLCONF = 'booking_system.urls'
|
||||
|
||||
AUTH_USER_MODEL = 'users.CustomUser'
|
||||
|
||||
@ -186,22 +170,26 @@ AUTHENTICATION_BACKENDS = [
|
||||
'django.contrib.auth.backends.ModelBackend',
|
||||
]
|
||||
|
||||
|
||||
LANGUAGE_CODE = 'en-us'
|
||||
TIME_ZONE = 'UTC'
|
||||
USE_I18N = True
|
||||
USE_TZ = True
|
||||
|
||||
|
||||
STATIC_URL = '/static/'
|
||||
STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
|
||||
STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
|
||||
|
||||
|
||||
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
|
||||
|
||||
CELERY_BROKER_URL = 'redis://localhost:6379/0'
|
||||
CELERY_RESULT_BACKEND = 'redis://localhost:6379/0'
|
||||
|
||||
CELERY_BROKER_URL = os.getenv('REDIS_URL', 'redis://localhost:6379/0')
|
||||
CELERY_RESULT_BACKEND = os.getenv('REDIS_URL', 'redis://localhost:6379/0')
|
||||
CELERY_ACCEPT_CONTENT = ['json']
|
||||
CELERY_TASK_SERIALIZER = 'json'
|
||||
|
||||
|
||||
LOGGING = {
|
||||
'version': 1,
|
||||
'disable_existing_loggers': False,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user