Spaces:
Paused
Paused
File size: 3,357 Bytes
4a2ab42 c0d7aba 4a2ab42 c0d7aba 4a2ab42 c0d7aba 4a2ab42 c0d7aba 4a2ab42 c0d7aba 4a2ab42 c0d7aba 4a2ab42 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 | import os
from pathlib import Path
from typing import Optional
from dotenv import load_dotenv
from pydantic_settings import BaseSettings, SettingsConfigDict
load_dotenv(dotenv_path=Path(__file__).parent.parent / "config" / ".env.development")
class Settings(BaseSettings):
PROJECT_NAME: str = "Zenith Fraud Detection"
API_V1_STR: str = "/api/v1"
# Database - Use SQLite by default for development/testing
DATABASE_URL: str = "sqlite:///./test_fraud_detection.db"
# Redis
REDIS_URL: str = os.environ.get("REDIS_URL", "redis://localhost:6379/0")
# Security
# Secrets must be provided via environment variables in production
SECRET_KEY: str
JWT_SECRET_KEY: str
JWT_ALGORITHM: str = "HS256"
JWT_ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
FIELD_ENCRYPTION_KEY: Optional[str] = None
# CORS Configuration
ALLOWED_ORIGINS: list[str] = os.environ.get(
"CORS_ALLOWED_ORIGINS",
"http://localhost:5173,http://localhost:5174,http://localhost:3000",
).split(",")
# Optional external service configurations
github_token: Optional[str] = None
postgres_url: Optional[str] = None
prometheus_url: Optional[str] = None
mcp_profile: str = "development"
# Auth Hardening
# When True, allows usage of "mock_" tokens for testing.
# MUST be False in production.
ALLOW_MOCK_AUTH: bool = False
MFA_REQUIRED_FOR_ADMIN: bool = True
# AI Configuration
AI_MODEL_PATH: str = "models/isolation_forest.pkl"
AI_TRAINING_INTERVAL_HOURS: int = 24
AI_MIN_TRAINING_SAMPLES: int = 1000
HF_TOKEN: Optional[str] = None
# Security - Certificate Pinning
TRUSTED_PUBLIC_KEY_HASHES: list[str] = [
"dummy_hash_for_development"
] # Replace with actual hashes in production
# File Upload Configuration
MAX_UPLOAD_SIZE: int = 10 * 1024 * 1024 # 10MB
DEFAULT_MAX_PROCESS_SIZE: int = 50 * 1024 * 1024 # 50MB
ALLOWED_FILE_TYPES: str = "pdf,doc,docx,txt,jpg,jpeg,png,tiff,mp3,wav,mp4,mov"
# Fraud Score Thresholds
FRAUD_SCORE_CRITICAL: float = 90.0
FRAUD_SCORE_HIGH: float = 75.0
FRAUD_SCORE_MEDIUM: float = 50.0
# Plugin System
PLUGIN_CACHE_TTL: int = 3600
# Backup/Storage (Optional)
S3_BUCKET_NAME: str = "zenith-backups"
S3_REGION: str = "us-east-1"
AWS_ACCESS_KEY_ID: Optional[str] = None
AWS_SECRET_ACCESS_KEY: Optional[str] = None
AWS_REGION: str = "us-east-1"
model_config = SettingsConfigDict(
env_file=".env", env_file_encoding="utf-8", extra="ignore"
)
# Validate required settings
settings = Settings()
# Manual validation for encryption key to ensure secure startup
def get_encryption_key() -> str:
"""Retrieves the encryption key from environment variables, raising an error if not found."""
key = (
os.environ.get("FIELD_ENCRYPTION_KEY")
or os.environ.get("ENCRYPTION_KEY")
or os.environ.get("SECRET_KEY")
)
if not key:
# In production, this must be explicitly set
raise ValueError("Encryption key configuration is missing. Please set FIELD_ENCRYPTION_KEY, ENCRYPTION_KEY, or SECRET_KEY.")
return key
settings.FIELD_ENCRYPTION_KEY = get_encryption_key()
# DATABASE_URL validation removed - system uses get_database_url() for SQLite path
# SECRET_KEY now has default value
|