Spaces:

CosmoLABHub
/

AkomptaBackend

Sleeping

App Files Files Community

AkomptaBackend / Akompta /settings.py

rinogeek

fix: disable SECURE_SSL_REDIRECT to fix redirect loop on HF Spaces

a25d074 10 days ago

raw

history blame contribute delete

8.45 kB

	"""
	Django settings for Akompta project.

	Generated by 'django-admin startproject' using Django 5.2.8.

	For more information on this file, see
	https://docs.djangoproject.com/en/5.2/topics/settings/

	For the full list of settings and their values, see
	https://docs.djangoproject.com/en/5.2/ref/settings/
	"""

	import os
	from pathlib import Path
	from datetime import timedelta
	from decouple import config, Csv

	# Build paths inside the project like this: BASE_DIR / 'subdir'.
	BASE_DIR = Path(__file__).resolve().parent.parent


	# Quick-start development settings - unsuitable for production
	# See https://docs.djangoproject.com/en/5.2/howto/deployment/checklist/

	# SECURITY WARNING: keep the secret key used in production secret!
	SECRET_KEY = config('SECRET_KEY', default='django-insecure-3m1!a3u-z=5k8x9y#-954&3ree&mr&$o97fuy8ds*8dox!(rvx')

	# SECURITY WARNING: don't run with debug turned on in production!
	DEBUG = config('DEBUG', default=True, cast=bool)

	ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='*', cast=Csv())

	# CSRF Trusted Origins for Hugging Face and Frontend
	CSRF_TRUSTED_ORIGINS = config(
	'CSRF_TRUSTED_ORIGINS',
	default='https://.hf.space,https://.huggingface.co,https://akompta-ai-flame.vercel.app,https://cosmolabhub-akomptabackend.hf.space',
	cast=Csv()
	)


	# Application definition

	INSTALLED_APPS = [
	'django.contrib.admin',
	'django.contrib.auth',
	'django.contrib.contenttypes',
	'django.contrib.sessions',
	'django.contrib.messages',
	'django.contrib.staticfiles',

	# Third party
	'rest_framework',
	'rest_framework_simplejwt',
	'corsheaders',
	'django_filters',

	# Local apps
	'api', # Votre app principale
	]

	MIDDLEWARE = [
	'django.middleware.security.SecurityMiddleware',
	'whitenoise.middleware.WhiteNoiseMiddleware',
	'corsheaders.middleware.CorsMiddleware',
	'django.contrib.sessions.middleware.SessionMiddleware',
	'django.middleware.common.CommonMiddleware',
	'django.middleware.csrf.CsrfViewMiddleware',
	'django.contrib.auth.middleware.AuthenticationMiddleware',
	'django.contrib.messages.middleware.MessageMiddleware',
	'django.middleware.clickjacking.XFrameOptionsMiddleware',
	]

	ROOT_URLCONF = 'Akompta.urls'

	TEMPLATES = [
	{
	'BACKEND': 'django.template.backends.django.DjangoTemplates',
	'DIRS': [],
	'APP_DIRS': True,
	'OPTIONS': {
	'context_processors': [
	'django.template.context_processors.request',
	'django.contrib.auth.context_processors.auth',
	'django.contrib.messages.context_processors.messages',
	],
	},
	},
	]

	WSGI_APPLICATION = 'Akompta.wsgi.application'


	# Database
	# https://docs.djangoproject.com/en/5.2/ref/settings/#databases

	DATABASES = {
	'default': {
	'ENGINE': 'django.db.backends.sqlite3',
	'NAME': BASE_DIR / 'db.sqlite3',
	}
	}


	# Password validation
	# https://docs.djangoproject.com/en/5.2/ref/settings/#auth-password-validators

	AUTH_PASSWORD_VALIDATORS = [
	{
	'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
	},
	{
	'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
	'OPTIONS': {
	'min_length': 8,
	}
	},
	{
	'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
	},
	{
	'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
	},
	]


	# Internationalization
	# https://docs.djangoproject.com/en/5.2/topics/i18n/

	LANGUAGE_CODE = 'fr-fr'

	TIME_ZONE = 'UTC'

	USE_I18N = True

	USE_TZ = True


	# Static files (CSS, JavaScript, Images)
	# https://docs.djangoproject.com/en/5.2/howto/static-files/

	STATIC_URL = '/static/'
	STATIC_ROOT = BASE_DIR / 'static'
	STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'

	MEDIA_URL = '/media/'
	MEDIA_ROOT = BASE_DIR / 'media'

	# Default primary key field type
	# https://docs.djangoproject.com/en/5.2/ref/settings/#default-auto-field

	DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'


	AUTH_USER_MODEL = 'api.User'


	# REST Framework Configuration
	REST_FRAMEWORK = {
	'DEFAULT_AUTHENTICATION_CLASSES': [
	'rest_framework_simplejwt.authentication.JWTAuthentication',
	],
	'DEFAULT_PERMISSION_CLASSES': [
	'rest_framework.permissions.IsAuthenticated',
	],
	'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
	'PAGE_SIZE': 20,
	'DEFAULT_FILTER_BACKENDS': [
	'django_filters.rest_framework.DjangoFilterBackend',
	'rest_framework.filters.SearchFilter',
	'rest_framework.filters.OrderingFilter',
	],
	'DEFAULT_THROTTLE_CLASSES': [
	'rest_framework.throttling.AnonRateThrottle',
	'rest_framework.throttling.UserRateThrottle'
	],
	'DEFAULT_THROTTLE_RATES': {
	'anon': '100/hour',
	'user': '1000/hour'
	},
	'EXCEPTION_HANDLER': 'api.exceptions.custom_exception_handler',
	}


	# Simple JWT Configuration
	SIMPLE_JWT = {
	'ACCESS_TOKEN_LIFETIME': timedelta(days=1),
	'REFRESH_TOKEN_LIFETIME': timedelta(days=30),
	'ROTATE_REFRESH_TOKENS': True,
	'BLACKLIST_AFTER_ROTATION': True,
	'UPDATE_LAST_LOGIN': True,

	'ALGORITHM': 'HS256',
	'SIGNING_KEY': SECRET_KEY,
	'VERIFYING_KEY': None,
	'AUDIENCE': None,
	'ISSUER': None,

	'AUTH_HEADER_TYPES': ('Bearer',),
	'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION',
	'USER_ID_FIELD': 'id',
	'USER_ID_CLAIM': 'user_id',

	'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
	'TOKEN_TYPE_CLAIM': 'token_type',
	}


	# CORS Configuration
	CORS_ALLOWED_ORIGINS = config(
	'CORS_ALLOWED_ORIGINS',
	default='http://localhost:3000,http://localhost:5173,http://127.0.0.1:3000,http://127.0.0.1:5173,https://akompta-ai-flame.vercel.app,https://cosmolabhub-akomptabackend.hf.space',
	cast=Csv()
	)

	CORS_ALLOW_CREDENTIALS = True

	CORS_ALLOW_METHODS = [
	'DELETE',
	'GET',
	'OPTIONS',
	'PATCH',
	'POST',
	'PUT',
	]

	CORS_ALLOW_HEADERS = [
	'accept',
	'accept-encoding',
	'authorization',
	'content-type',
	'dnt',
	'origin',
	'user-agent',
	'x-csrftoken',
	'x-requested-with',
	]


	# File Upload Settings
	FILE_UPLOAD_MAX_MEMORY_SIZE = 5242880 # 5MB
	DATA_UPLOAD_MAX_MEMORY_SIZE = 5242880 # 5MB

	# Allowed image formats
	ALLOWED_IMAGE_EXTENSIONS = ['jpg', 'jpeg', 'png', 'gif', 'webp']
	MAX_IMAGE_SIZE = 5 * 1024 * 1024 # 5MB


	# Email Configuration (pour password reset)
	EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
	EMAIL_HOST = os.environ.get('EMAIL_HOST', 'smtp.gmail.com')
	EMAIL_PORT = int(os.environ.get('EMAIL_PORT', '587'))
	EMAIL_USE_TLS = True
	EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER', '')
	EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD', '')
	DEFAULT_FROM_EMAIL = os.environ.get('DEFAULT_FROM_EMAIL', 'noreply@akompta.com')


	# Security Settings for Production
	if not DEBUG:
	# IMPORTANT: Ne pas activer SECURE_SSL_REDIRECT sur Hugging Face Spaces
	# Le reverse proxy de HF gère déjà HTTPS, activer cette option cause une boucle de redirection
	SECURE_SSL_REDIRECT = False

	# Permet à Django de reconnaître les requêtes HTTPS via le proxy
	SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

	SESSION_COOKIE_SECURE = True
	CSRF_COOKIE_SECURE = True
	SECURE_BROWSER_XSS_FILTER = True
	SECURE_CONTENT_TYPE_NOSNIFF = True
	X_FRAME_OPTIONS = 'DENY'
	SECURE_HSTS_SECONDS = 31536000
	SECURE_HSTS_INCLUDE_SUBDOMAINS = True
	SECURE_HSTS_PRELOAD = True


	# Logging Configuration
	LOGGING = {
	'version': 1,
	'disable_existing_loggers': False,
	'formatters': {
	'verbose': {
	'format': '{levelname} {asctime} {module} {message}',
	'style': '{',
	},
	},
	'handlers': {
	'console': {
	'class': 'logging.StreamHandler',
	'formatter': 'verbose',
	},
	'file': {
	'class': 'logging.FileHandler',
	'filename': BASE_DIR / 'logs' / 'django.log',
	'formatter': 'verbose',
	},
	},
	'root': {
	'handlers': ['console', 'file'],
	'level': 'INFO',
	},
	'loggers': {
	'django': {
	'handlers': ['console', 'file'],
	'level': 'INFO',
	'propagate': False,
	},
	},
	}