drinks-manager/project/settings.py

"""
Django settings for project project.

Generated by 'django-admin startproject' using Django 4.1.6.

For more information on this file, see
https://docs.djangoproject.com/en/4.1/topics/settings/

For the full list of settings and their values, see
https://docs.djangoproject.com/en/4.1/ref/settings/
"""

import os
from pathlib import Path
from yaml import safe_load

# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent

# Load configuration file
with Path(BASE_DIR / "data" / "config.yml").open("r") as f:
    config = safe_load(f)

# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/4.1/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = config["app"]["secret_key"]
if SECRET_KEY == "!!!replace this with random data!!!" or len(SECRET_KEY) < 40:
    print(
        "WARNING: You didn't provide a secure secret_key in the configuration file!",
        "This is a security risk!!!")

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
if "APP_PROD" in os.environ:
    DEBUG = not os.environ["APP_PROD"]

# ALLOWED_HOSTS can be wildcarded,
# because caddy already handles requests
ALLOWED_HOSTS = ["*"]

# Application definition

INSTALLED_APPS = [
    "app.apps.AppConfig",
    "django.contrib.admin",
    "django.contrib.auth",
    "django.contrib.contenttypes",
    "django.contrib.sessions",
    "django.contrib.messages",
    "django.contrib.staticfiles",
]

MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.locale.LocaleMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
]

ROOT_URLCONF = "project.urls"

TEMPLATES = [
    {
        "BACKEND": "django.template.backends.django.DjangoTemplates",
        "DIRS": [],
        "APP_DIRS": True,
        "OPTIONS": {
            "context_processors": [
                "django.template.context_processors.debug",
                "django.template.context_processors.request",
                "django.contrib.auth.context_processors.auth",
                "django.contrib.messages.context_processors.messages",
                "app.context_processors.app_version"
            ],
        },
    },
]

WSGI_APPLICATION = "project.wsgi.application"

# Database
# https://docs.djangoproject.com/en/4.1/ref/settings/#databases

DATABASES = {
    "default": {
        "ENGINE": 'django.db.backends.postgresql',
        "NAME": config["db"]["database"],
        "USER": config["db"]["user"],
        "PASSWORD": config["db"]["password"],
        "HOST": config["db"]["host"],
        "PORT": str(config["db"]["port"]),
    }
}

# Password validation
# https://docs.djangoproject.com/en/4.1/ref/settings/#auth-password-validators

if config["app"]["password_validation"]:
    AUTH_PASSWORD_VALIDATORS = [
        {
            "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
        },
        {
            "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
        },
        {
            "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
        },
        {
            "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
        },
    ]
else:
    AUTH_PASSWORD_VALIDATORS = []

# Security settings

AUTH_USER_MODEL = "app.User"
SESSION_COOKIE_AGE = int(config["app"]["session_cookie_age"])
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
CSRF_TRUSTED_ORIGINS = [
    f"https://{config['caddy']['host']}",
    f"http://{config['caddy']['host']}",
    f"https://{config['caddy']['host']}:{config['caddy']['https_port']}",
    f"http://{config['caddy']['host']}:{config['caddy']['https_port']}"]

# Internationalization
# https://docs.djangoproject.com/en/4.1/topics/i18n/

LANGUAGE_CODE = config["app"]["language_code"]
TIME_ZONE = config["app"]["timezone"]
USE_I18N = True
USE_L10N = True
USE_TZ = True

LOCALE_PATHS = [
    BASE_DIR / "locales"
]

# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/4.1/howto/static-files/

STATIC_URL = "static/"
STATIC_ROOT = BASE_DIR / "data" / "static"

# Default primary key field type
# https://docs.djangoproject.com/en/4.1/ref/settings/#default-auto-field

DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"

# Additional settings

if "APP_VERSION" in os.environ:
    APP_VERSION = os.environ["APP_VERSION"]
else:
    APP_VERSION = "unknown"

CURRENCY_SUFFIX = config["app"]["currency_suffix"]
Completely re-structured the project from scratch, wrote a better bootstrap script, changed configuration format to yaml, improved Caddyfile, and more. #15 #16 #20 2023-02-11 17:23:57 +01:00			`"""`
			`Django settings for project project.`

			`Generated by 'django-admin startproject' using Django 4.1.6.`

			`For more information on this file, see`
			`https://docs.djangoproject.com/en/4.1/topics/settings/`

			`For the full list of settings and their values, see`
			`https://docs.djangoproject.com/en/4.1/ref/settings/`
			`"""`

			`import os`
			`from pathlib import Path`
			`from yaml import safe_load`

			`# Build paths inside the project like this: BASE_DIR / 'subdir'.`
			`BASE_DIR = Path(__file__).resolve().parent.parent`

			`# Load configuration file`
			`with Path(BASE_DIR / "data" / "config.yml").open("r") as f:`
			`config = safe_load(f)`

			`# Quick-start development settings - unsuitable for production`
			`# See https://docs.djangoproject.com/en/4.1/howto/deployment/checklist/`

			`# SECURITY WARNING: keep the secret key used in production secret!`
			`SECRET_KEY = config["app"]["secret_key"]`
			`if SECRET_KEY == "!!!replace this with random data!!!" or len(SECRET_KEY) < 40:`
			`print(`
			`"WARNING: You didn't provide a secure secret_key in the configuration file!",`
			`"This is a security risk!!!")`

			`# SECURITY WARNING: don't run with debug turned on in production!`
			`DEBUG = True`
			`if "APP_PROD" in os.environ:`
			`DEBUG = not os.environ["APP_PROD"]`

			`# ALLOWED_HOSTS can be wildcarded,`
			`# because caddy already handles requests`
			`ALLOWED_HOSTS = ["*"]`

			`# Application definition`

			`INSTALLED_APPS = [`
			`"app.apps.AppConfig",`
			`"django.contrib.admin",`
			`"django.contrib.auth",`
			`"django.contrib.contenttypes",`
			`"django.contrib.sessions",`
			`"django.contrib.messages",`
			`"django.contrib.staticfiles",`
			`]`

			`MIDDLEWARE = [`
			`"django.middleware.security.SecurityMiddleware",`
			`"django.contrib.sessions.middleware.SessionMiddleware",`
			`"django.middleware.locale.LocaleMiddleware",`
			`"django.middleware.common.CommonMiddleware",`
			`"django.middleware.csrf.CsrfViewMiddleware",`
			`"django.contrib.auth.middleware.AuthenticationMiddleware",`
			`"django.contrib.messages.middleware.MessageMiddleware",`
			`"django.middleware.clickjacking.XFrameOptionsMiddleware",`
			`]`

			`ROOT_URLCONF = "project.urls"`

			`TEMPLATES = [`
			`{`
			`"BACKEND": "django.template.backends.django.DjangoTemplates",`
			`"DIRS": [],`
			`"APP_DIRS": True,`
			`"OPTIONS": {`
			`"context_processors": [`
			`"django.template.context_processors.debug",`
			`"django.template.context_processors.request",`
			`"django.contrib.auth.context_processors.auth",`
			`"django.contrib.messages.context_processors.messages",`
			`"app.context_processors.app_version"`
			`],`
			`},`
			`},`
			`]`

			`WSGI_APPLICATION = "project.wsgi.application"`

			`# Database`
			`# https://docs.djangoproject.com/en/4.1/ref/settings/#databases`

			`DATABASES = {`
			`"default": {`
			`"ENGINE": 'django.db.backends.postgresql',`
			`"NAME": config["db"]["database"],`
			`"USER": config["db"]["user"],`
			`"PASSWORD": config["db"]["password"],`
			`"HOST": config["db"]["host"],`
			`"PORT": str(config["db"]["port"]),`
			`}`
			`}`

			`# Password validation`
			`# https://docs.djangoproject.com/en/4.1/ref/settings/#auth-password-validators`

			`if config["app"]["password_validation"]:`
			`AUTH_PASSWORD_VALIDATORS = [`
			`{`
			`"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",`
			`},`
			`{`
			`"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",`
			`},`
			`{`
			`"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",`
			`},`
			`{`
			`"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",`
			`},`
			`]`
			`else:`
			`AUTH_PASSWORD_VALIDATORS = []`

			`# Security settings`

			`AUTH_USER_MODEL = "app.User"`
			`SESSION_COOKIE_AGE = int(config["app"]["session_cookie_age"])`
			`CSRF_COOKIE_SECURE = True`
			`SESSION_COOKIE_SECURE = True`
Fixed CSRF-related issues and profilepictures by starting caddy for development server too. Also improved boostrap script. #15 #16 2023-02-11 18:04:52 +01:00			`CSRF_TRUSTED_ORIGINS = [`
			`f"https://{config['caddy']['host']}",`
			`f"http://{config['caddy']['host']}",`
			`f"https://{config['caddy']['host']}:{config['caddy']['https_port']}",`
			`f"http://{config['caddy']['host']}:{config['caddy']['https_port']}"]`
Completely re-structured the project from scratch, wrote a better bootstrap script, changed configuration format to yaml, improved Caddyfile, and more. #15 #16 #20 2023-02-11 17:23:57 +01:00
			`# Internationalization`
			`# https://docs.djangoproject.com/en/4.1/topics/i18n/`

			`LANGUAGE_CODE = config["app"]["language_code"]`
			`TIME_ZONE = config["app"]["timezone"]`
			`USE_I18N = True`
			`USE_L10N = True`
			`USE_TZ = True`

			`LOCALE_PATHS = [`
			`BASE_DIR / "locales"`
			`]`

			`# Static files (CSS, JavaScript, Images)`
			`# https://docs.djangoproject.com/en/4.1/howto/static-files/`

			`STATIC_URL = "static/"`
			`STATIC_ROOT = BASE_DIR / "data" / "static"`

			`# Default primary key field type`
			`# https://docs.djangoproject.com/en/4.1/ref/settings/#default-auto-field`

			`DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"`

			`# Additional settings`

			`if "APP_VERSION" in os.environ:`
			`APP_VERSION = os.environ["APP_VERSION"]`
			`else:`
			`APP_VERSION = "unknown"`

			`CURRENCY_SUFFIX = config["app"]["currency_suffix"]`