Remove local development URLs (localhost:3000 and 127.0.0.1:3000) from
CORS_ALLOWED_ORIGINS configuration. This restricts CORS to only allow
requests from the production domain (attunehearttherapy.com), improving
security by preventing unauthorized cross-origin requests from
development environments.
- Replace dynamic admin_dashboard_url construction with hardcoded production URL (https://attunehearttherapy.com/admin/dashboard)
- Add target="_blank" to admin notification email button to open dashboard in new tab
- Improves user experience by preventing email client navigation disruption
Add extra blank lines in booking_system and meetings views to improve
code structure and visual separation between logical sections. This
enhances code readability without affecting functionality.
Changes:
- booking_system/views.py: added blank line after availability_system section
- meetings/views.py: added blank line after get_queryset method
- Replace generic placeholder data with specific examples in API root documentation
- Update example email from 'user@example.com' to 'saanii929@gmail'
- Update example names from 'John Doe' to 'Saani Iddi'
- Update example phone number to '+233552732025'
- Add POST method support to user_appointments endpoint
- Add request_fields and example_request to user_appointments documentation
Note: Consider using generic placeholder data instead of real personal information in API documentation examples.
- Change support email from hello@attunehearttherapy.com to admin@attunehearttherapy.com across all email templates
- Remove support contact section from admin notification template
- Standardize email addresses by hardcoding admin email in templates
- Remove unused CSS comment from base email template
This ensures consistent support contact information across the application and directs user inquiries to the appropriate admin channel.
Changed the fallback admin email from 'hello@' to 'admin@attunehearttherapy.com' in the email service. This ensures admin notifications are sent to the correct administrative email address when ADMIN_EMAIL setting is not configured.
Add `null=True` to `jitsi_meet_url` and `jitsi_room_id` fields in the AppointmentRequest model. This allows these optional fields to be NULL at the database level in addition to accepting blank values, which is the proper Django pattern for optional string-based fields.
This change requires a database migration to be generated and applied.
- Increase max_length from 100 to 255 for first_name and last_name encrypted fields
- Increase phone field max_length from 20 to 255 to accommodate encryption overhead
- Add 'id' field to AppointmentRequest admin list_display for easier reference
- Remove redundant docstring from _convert_to_datetime method
The increased field lengths ensure adequate storage for encrypted data, which typically requires more space than plaintext values.
Enhanced the API root documentation for the appointments system with improved formatting and updated description to include "flexible availability" feature. Restructured the endpoint documentation for better readability and maintainability while preserving all endpoint information including Jitsi meeting integration details.
Changed the user_appointment_stats endpoint from GET to POST method
and added email as a required field. This change allows for more
flexible querying of appointment statistics by requiring user email
in the request body rather than URL parameters.
BREAKING CHANGE: The /api/meetings/user/appointments/stats/ endpoint
now accepts POST requests instead of GET and requires an email field
in the request body.
Modified UserAppointmentStatsView to accept POST requests instead of GET
and retrieve email from request body rather than from authenticated user.
This allows querying appointment statistics for any email address instead
of being limited to the current user's email.
Changes:
- Changed HTTP method from GET to POST
- Added email parameter extraction from request.data
- Updated filter to use provided email instead of request.user.email
Add CSRF_TRUSTED_ORIGINS setting to whitelist the production domains
(attunehearttherapy.com and its api subdomain) for CSRF verification.
This ensures secure cross-origin POST requests from the frontend.
Also add documentation comment for CORS configuration section.
Modified requirements.txt to update project dependencies. The file
appears to have encoding changes or significant content modifications.
Unable to display specific package changes due to binary diff format.
**Security Improvements:**
- Fix DEBUG setting to properly parse boolean from environment variable
- Remove hardcoded SMTP password fallback, rely solely on env var
- Update Celery to use REDIS_URL environment variable instead of hardcoded localhost
**Static File Serving:**
- Add WhiteNoise middleware for production-grade static file serving
- Configure CompressedManifestStaticFilesStorage for optimized delivery
**Configuration Updates:**
- Enable CORS credentials support
- Remove duplicate CORS_ALLOWED_ORIGINS configuration
- Update API documentation title from "Blog API" to "Attune Heart Therapy API"
- Clean up code formatting and remove unnecessary comments
These changes make the application more secure by eliminating hardcoded
credentials and more deployment-ready by properly handling environment
variables and serving static files efficiently in production.
Consolidate CORS_ALLOWED_ORIGINS default value onto a single line
to fix formatting issue. Removes unnecessary line break and trailing
whitespace that was splitting the URL string across multiple lines.
Add attunehearttherapy.com to the CORS_ALLOWED_ORIGINS setting to enable cross-origin requests from the production domain. This allows the frontend application hosted at the production URL to communicate with the backend API.
Change ALLOWED_HOSTS from a hardcoded list to be read from environment
variable with comma-separated values support. Maintains '*' as default
fallback for backward compatibility. This allows more restrictive host
configuration in production environments while improving security posture.
- Install and configure drf-spectacular for OpenAPI/Swagger documentation
- Add Swagger UI endpoints at /api/schema/ and /api/docs/
- Configure SPECTACULAR_SETTINGS with API metadata
- Refactor meetings views from function-based to class-based views
(ScheduleAppointmentView, RejectAppointmentView, AvailableDatesView,
UserAppointmentsView, AppointmentStatsView, UserAppointmentStatsView)
- Update URL patterns to use new class-based views
- Simplify ALLOWED_HOSTS configuration to accept all hosts
This improves API discoverability through interactive documentation
and modernizes the codebase by using class-based views for better
code organization and reusability.
Add documentation for the new user-specific appointment statistics endpoint
to the API root view. This endpoint provides authenticated users with their
appointment analytics including total requests, pending reviews, scheduled,
rejected, and completed appointments along with completion rate.
The endpoint is available at /api/meetings/user/appointments/stats/ and
requires authentication via GET request.
- Add dj-database-url package for parsing DATABASE_URL
- Replace hardcoded PostgreSQL config with DATABASE_URL environment variable
- Add connection pooling with conn_max_age and health checks
- Fallback to SQLite for local development when DATABASE_URL is not set
- Remove obsolete production config comments
- Update requirements.txt with new dependency
This change improves deployment flexibility by supporting standard DATABASE_URL format commonly used in cloud platforms (Heroku, Railway, etc.) while maintaining backward compatibility with local development using SQLite.
Replace SQLite database configuration with PostgreSQL to improve
scalability and production readiness. PostgreSQL configuration uses
environment variables (POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD,
POSTGRES_HOST, POSTGRES_PORT) for flexible deployment across different
environments.
- Remove redundant comments for cleaner readability
- Simplify COPY commands using relative paths
- Condense pip installation RUN command to single line
- Add 3 workers to gunicorn for improved concurrent request handling
- Remove accidentally included .dockerignore content from Dockerfile
This improves Dockerfile maintainability and production performance
by configuring multiple gunicorn workers for better throughput.
```
refactor: update settings and Docker config for production
- Configure ALLOWED_HOSTS and CORS from environment variables for better security
- Switch default database from PostgreSQL to SQLite3 (PostgreSQL config commented)
- Simplify DEBUG environment variable handling
- Update Dockerfile to use Python 3.11 and gunicorn for production
- Add static file collection in Docker build process
- Add user appointment statistics endpoint (user_apointment_stats)
- Add .dockerignore to exclude unnecessary files from build
These changes improve production readiness by making critical settings
configurable via environment variables and using production-grade WSGI
server (gunicorn) instead of Django development server.
Change CMD from multi-line shell form to JSON array exec form for better
signal handling and to follow Docker best practices. Consolidate the command
chain into a single line while maintaining the same functionality (migrate,
collectstatic, runserver).
- Remove redundant inline comments for better readability
- Replace backslash line continuation with bash -c for CMD instruction
- Remove commented out gunicorn configuration line
- Improve CMD formatting using proper bash string syntax
These changes make the dockerfile cleaner and more maintainable while
preserving the same functionality (migrate, collectstatic, runserver).
Replace gunicorn production server with Django's development server
(manage.py runserver) for easier debugging. The gunicorn configuration
has been commented out rather than removed for easy restoration.
**Warning:** This change makes the application unsuitable for production
deployment as runserver is not designed for production use.
Replace uv package manager with standard pip for dependency management.
Switch base image from debian:bookworm-slim to python:3.12-slim to include
Python runtime by default.
Key changes:
- Remove uv installation and configuration
- Use requirements.txt instead of pyproject.toml/uv.lock
- Install dependencies with pip instead of uv sync
- Move collectstatic and migrate from build-time to runtime in CMD
- Simplify gunicorn command invocation
This simplifies the build process and makes the image more portable by
using standard Python tooling. Running migrations and collectstatic at
container startup ensures they execute against the correct database and
storage backend.
- Replace pip with UV for faster dependency installation
- Switch base image from python:3.11-slim to debian:bookworm-slim
- Add SECURE_PROXY_SSL_HEADER for production SSL proxy support
- Optimize Docker layer caching by copying dependency files first
- Move database migration to build time for faster container startup
- Enhance Gunicorn logging with access and error log streams
- Update dependency management from requirements.txt to pyproject.toml
These changes improve build performance, production security, and
container startup time while modernizing the dependency management
workflow.
- Set ALLOWED_HOSTS to accept all hosts for easier local testing
- Update Docker port from 8080 to 8000 (Django default)
- Adjust Gunicorn binding to match new port configuration
This simplifies local development setup by using standard Django
conventions and removing host restrictions. The previous specific
host configuration can be restored for production deployment.
- Replace old sslip.io subdomain with new one (r0g84wkoc4cwoo0gckss88ow)
- Remove redundant IP address entries (72.61.138.80, 127.0.0.1)
- Keep localhost for local development
This updates the Django allowed hosts configuration to use the new
SSL.io subdomain while simplifying the host list by removing
redundant entries already covered by localhost.
Update requirements.txt with modified package versions or new dependencies. The specific changes are not visible due to file encoding, but this updates the project's dependency specifications.
- Replace PostgreSQL with SQLite as default database backend
- Comment out PostgreSQL configuration for potential future use
- Update Docker exposed port from 8000 to 8080
- Update Gunicorn bind address to match new port
This simplifies the deployment setup by removing the PostgreSQL
dependency and aligns the application port with common alternatives
to port 8000.
Update Dockerfile to use port 8000 instead of 8081 for the Django
application. This change affects both the EXPOSE directive and the
Gunicorn binding configuration to standardize on the conventional
default port for web applications.
Update the Dockerfile to use port 8081 instead of 8080 for the application.
This includes:
- Modified EXPOSE directive to port 8081
- Updated Gunicorn bind address to 0.0.0.0:8081
Ensures consistency between the exposed port and the actual port the
application binds to when running inside the container.
Update Dockerfile to expose and bind Gunicorn to port 8080 instead of 8000. This aligns the container port configuration with the expected deployment environment requirements.
Changes:
- Update EXPOSE directive to port 8080
- Update Gunicorn bind address to 0.0.0.0:8080
Add comprehensive API documentation for user management endpoints including profile updates, user listing, and admin user management features. Update appointment model to include additional status options (completed, cancelled) and add max_length constraint to email field. Change appointment creation endpoint to require user authentication instead of being public.
Changes:
- Add API docs for update_profile, get_profile, all-users endpoints
- Add API docs for activate-deactivate-user and delete-user admin endpoints
- Update appointment creation to require authentication
- Add 'completed' and 'cancelled' status options to Appointment model
- Add max_length constraint to EncryptedEmailField
- Regenerate initial migration with updated model definitions
Replace hardcoded localhost URLs (http://127.0.0.1:8000) in API root
endpoint documentation with request.build_absolute_uri() calls. This
makes the API documentation URLs environment-agnostic and ensures they
reflect the actual domain/host being used to access the API, improving
portability across development, staging, and production environments.
Replace SQLite with PostgreSQL as the default database backend.
Database connection settings are now configured via environment
variables (POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD,
POSTGRES_HOST, POSTGRES_PORT) for better scalability and
production readiness.
- Remove strip_tags usage and use explicit fallback text for HTML emails
- Use named parameters in EmailMultiAlternatives for better clarity
- Add fail_silently=False to email.send() for explicit error handling
- Rename variables (html_content -> html_message, email_msg -> email)
- Remove action buttons from appointment email templates
These changes improve code readability and provide a clearer fallback
message for non-HTML email clients instead of relying on stripped HTML.
- Enable meetings app in INSTALLED_APPS and add URL routing
- Switch from PostgreSQL to SQLite for default database configuration
- Remove meetings directory from .gitignore
- Move API root endpoint from users app to main URL configuration
- Remove HIPAA-specific email and compliance settings (EMAIL_ENCRYPTION_KEY, HIPAA_EMAIL_CONFIG, BAA_VERIFICATION)
- Add SITE_NAME and ENCRYPTION_KEY environment variables
- Regenerate initial user migrations
These changes simplify the development setup by using SQLite as the default database and removing complex compliance configurations while enabling the core meetings functionality.
