Spaces:
Paused
Paused
| import os | |
| from pathlib import Path | |
| from typing import Optional | |
| from dotenv import load_dotenv | |
| from pydantic_settings import BaseSettings, SettingsConfigDict | |
| load_dotenv(dotenv_path=Path(__file__).parent.parent / "config" / ".env.development") | |
| class Settings(BaseSettings): | |
| PROJECT_NAME: str = "Zenith Fraud Detection" | |
| API_V1_STR: str = "/api/v1" | |
| # Database - Use SQLite by default for development/testing | |
| DATABASE_URL: str = "sqlite:///./test_fraud_detection.db" | |
| # Redis | |
| REDIS_URL: str = os.environ.get("REDIS_URL", "redis://localhost:6379/0") | |
| # Security | |
| # Secrets must be provided via environment variables in production | |
| SECRET_KEY: str | |
| JWT_SECRET_KEY: str | |
| JWT_ALGORITHM: str = "HS256" | |
| JWT_ACCESS_TOKEN_EXPIRE_MINUTES: int = 30 | |
| FIELD_ENCRYPTION_KEY: Optional[str] = None | |
| # CORS Configuration | |
| ALLOWED_ORIGINS: list[str] = os.environ.get( | |
| "CORS_ALLOWED_ORIGINS", | |
| "http://localhost:5173,http://localhost:5174,http://localhost:3000", | |
| ).split(",") | |
| # Optional external service configurations | |
| github_token: Optional[str] = None | |
| postgres_url: Optional[str] = None | |
| prometheus_url: Optional[str] = None | |
| mcp_profile: str = "development" | |
| # Auth Hardening | |
| # When True, allows usage of "mock_" tokens for testing. | |
| # MUST be False in production. | |
| ALLOW_MOCK_AUTH: bool = False | |
| MFA_REQUIRED_FOR_ADMIN: bool = True | |
| # AI Configuration | |
| AI_MODEL_PATH: str = "models/isolation_forest.pkl" | |
| AI_TRAINING_INTERVAL_HOURS: int = 24 | |
| AI_MIN_TRAINING_SAMPLES: int = 1000 | |
| HF_TOKEN: Optional[str] = None | |
| # Security - Certificate Pinning | |
| TRUSTED_PUBLIC_KEY_HASHES: list[str] = [ | |
| "dummy_hash_for_development" | |
| ] # Replace with actual hashes in production | |
| # File Upload Configuration | |
| MAX_UPLOAD_SIZE: int = 10 * 1024 * 1024 # 10MB | |
| DEFAULT_MAX_PROCESS_SIZE: int = 50 * 1024 * 1024 # 50MB | |
| ALLOWED_FILE_TYPES: str = "pdf,doc,docx,txt,jpg,jpeg,png,tiff,mp3,wav,mp4,mov" | |
| # Fraud Score Thresholds | |
| FRAUD_SCORE_CRITICAL: float = 90.0 | |
| FRAUD_SCORE_HIGH: float = 75.0 | |
| FRAUD_SCORE_MEDIUM: float = 50.0 | |
| # Plugin System | |
| PLUGIN_CACHE_TTL: int = 3600 | |
| # Backup/Storage (Optional) | |
| S3_BUCKET_NAME: str = "zenith-backups" | |
| S3_REGION: str = "us-east-1" | |
| AWS_ACCESS_KEY_ID: Optional[str] = None | |
| AWS_SECRET_ACCESS_KEY: Optional[str] = None | |
| AWS_REGION: str = "us-east-1" | |
| model_config = SettingsConfigDict( | |
| env_file=".env", env_file_encoding="utf-8", extra="ignore" | |
| ) | |
| # Validate required settings | |
| settings = Settings() | |
| # Manual validation for encryption key to ensure secure startup | |
| def get_encryption_key() -> str: | |
| """Retrieves the encryption key from environment variables, raising an error if not found.""" | |
| key = ( | |
| os.environ.get("FIELD_ENCRYPTION_KEY") | |
| or os.environ.get("ENCRYPTION_KEY") | |
| or os.environ.get("SECRET_KEY") | |
| ) | |
| if not key: | |
| # In production, this must be explicitly set | |
| raise ValueError("Encryption key configuration is missing. Please set FIELD_ENCRYPTION_KEY, ENCRYPTION_KEY, or SECRET_KEY.") | |
| return key | |
| settings.FIELD_ENCRYPTION_KEY = get_encryption_key() | |
| # DATABASE_URL validation removed - system uses get_database_url() for SQLite path | |
| # SECRET_KEY now has default value | |