""" Django settings for aibimagics project. E-commerce Platform with AI Integration, Multi-Role System, and Production Deployment """ import os from pathlib import Path # from dotenv import load_dotenv # Not installed yet # import dj_database_url # Not installed yet # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent # Load environment variables # load_dotenv() # Not needed for development # SECURITY WARNING: keep the secret key used in production secret! #SECRET_KEY = os.getenv('SECRET_KEY', 'django-insecure-change-this-in-production') SECRET_KEY = 'django-insecure-h2g!8$7=h)i@7)r$%!@^1&y%2!$29@pxyntb52j4n0p*+-)f9i' # SECURITY WARNING: don't run with debug turned on in production! import os as _osdbg #DEBUG = os.getenv('DEBUG', 'False') == 'True' DEBUG = True ALLOWED_HOSTS = ['aibimagics.com', 'www.aibimagics.com', '66.116.196.21'] CSRF_TRUSTED_ORIGINS = [ 'https://aibimagics.com', 'https://www.aibimagics.com', ] # Application definition INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'django.contrib.sites', 'django.contrib.sitemaps', #'sslserver', # Third-party apps 'rest_framework', # 'rest_framework.authtoken', #'rest_framework_simplejwt', 'corsheaders', # 'crispy_forms', # 'crispy_bootstrap5', # 'django_filters', # 'import_export', # 'imagekit', 'drf_yasg', # Django Allauth for Social Authentication 'allauth', 'allauth.account', 'allauth.socialaccount', # 'allauth.socialaccount.providers.google', # 'allauth.socialaccount.providers.facebook', # Custom apps 'frontend', # Site configuration & frontend 'accounts', 'products', 'cart', 'orders', 'payments', 'inventory', 'ai_features', 'notifications', 'analytics', 'vendors', # Multi-vendor marketplace ] MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'whitenoise.middleware.WhiteNoiseMiddleware', # Static files serving 'corsheaders.middleware.CorsMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'frontend.maintenance_middleware.MaintenanceModeMiddleware', 'frontend.admin_access_middleware.AdminAccessMiddleware', 'frontend.nocache_middleware.NoCacheAuthenticatedMiddleware', 'frontend.nocache_middleware.SecurityHeadersMiddleware', 'frontend.nocache_middleware.RateLimitMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'allauth.account.middleware.AccountMiddleware', # Required for allauth 'core.middleware.NoCacheMiddleware', # <--- ADD THIS LINE ] ROOT_URLCONF = 'aibimagics.urls' TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [BASE_DIR / 'templates'], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', 'frontend.context_processors.site_settings', # Dynamic site settings 'aibimagics.context_processors.currency_symbol', # Currency symbol 'frontend.context_processors.staff_permissions', # Role-based permission flags # 'cart.context_processors.cart_total_amount', # Comment for now ], }, }, ] WSGI_APPLICATION = 'aibimagics.wsgi.application' # Database # https://docs.djangoproject.com/en/5.0/ref/settings/#databases DATABASES = { 'default': { 'ENGINE': 'django.db.backends.sqlite3', 'NAME': BASE_DIR / 'db.sqlite3', } } # Custom User Model AUTH_USER_MODEL = 'accounts.User' # Password validation AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, ] # Internationalization LANGUAGE_CODE = 'en-us' TIME_ZONE = 'Asia/Kolkata' USE_I18N = True USE_TZ = True # Static files (CSS, JavaScript, Images) STATIC_URL = '/static/' STATIC_ROOT = BASE_DIR / 'staticfiles' # STATICFILES_DIRS = [BASE_DIR / 'static'] # Comment out - folder doesn't exist yet # STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage' # Media files MEDIA_URL = '/media/' MEDIA_ROOT = BASE_DIR / 'media' # Default primary key field type DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' # Site ID for django.contrib.sites SITE_ID = 1 # CORS Settings CORS_ALLOWED_ORIGINS = [ "http://localhost:3000", "http://127.0.0.1:3000", ] CORS_ALLOW_CREDENTIALS = True # REST Framework REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': [ # 'rest_framework_simplejwt.authentication.JWTAuthentication', # Optional - install if needed 'rest_framework.authentication.SessionAuthentication', ], 'DEFAULT_PERMISSION_CLASSES': [ 'rest_framework.permissions.IsAuthenticatedOrReadOnly', ], 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination', 'PAGE_SIZE': 20, 'DEFAULT_FILTER_BACKENDS': [ # 'django_filters.rest_framework.DjangoFilterBackend', # Optional - install django-filter if needed 'rest_framework.filters.SearchFilter', 'rest_framework.filters.OrderingFilter', ], } # JWT Settings from datetime import timedelta SIMPLE_JWT = { 'ACCESS_TOKEN_LIFETIME': timedelta(days=1), 'REFRESH_TOKEN_LIFETIME': timedelta(days=7), 'ROTATE_REFRESH_TOKENS': True, 'BLACKLIST_AFTER_ROTATION': True, } # Crispy Forms CRISPY_ALLOWED_TEMPLATE_PACKS = "bootstrap5" CRISPY_TEMPLATE_PACK = "bootstrap5" # Email Configuration EMAIL_BACKEND = os.getenv('EMAIL_BACKEND', 'django.core.mail.backends.console.EmailBackend') EMAIL_HOST = os.getenv('EMAIL_HOST', 'smtp.gmail.com') EMAIL_PORT = int(os.getenv('EMAIL_PORT', 587)) EMAIL_USE_TLS = os.getenv('EMAIL_USE_TLS', 'True') == 'True' EMAIL_HOST_USER = os.getenv('EMAIL_HOST_USER', '') EMAIL_HOST_PASSWORD = os.getenv('EMAIL_HOST_PASSWORD', '') DEFAULT_FROM_EMAIL = os.getenv('DEFAULT_FROM_EMAIL', 'noreply@aibimagics.com') # Celery Configuration CELERY_BROKER_URL = os.getenv('REDIS_URL', 'redis://localhost:6379/0') CELERY_RESULT_BACKEND = os.getenv('REDIS_URL', 'redis://localhost:6379/0') CELERY_ACCEPT_CONTENT = ['json'] CELERY_TASK_SERIALIZER = 'json' CELERY_RESULT_SERIALIZER = 'json' CELERY_TIMEZONE = TIME_ZONE # Redis Cache - Using database cache for development CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.db.DatabaseCache', 'LOCATION': 'cache_table', } } # Session Configuration SESSION_ENGINE = 'django.contrib.sessions.backends.db' # Use database sessions # Payment Gateway Settings STRIPE_PUBLIC_KEY = os.getenv('STRIPE_PUBLIC_KEY', '') STRIPE_SECRET_KEY = os.getenv('STRIPE_SECRET_KEY', '') RAZORPAY_KEY_ID = os.getenv('RAZORPAY_KEY_ID', '') RAZORPAY_KEY_SECRET = os.getenv('RAZORPAY_KEY_SECRET', '') # AI API Keys OPENAI_API_KEY = os.getenv('OPENAI_API_KEY', '') ANTHROPIC_API_KEY = os.getenv('ANTHROPIC_API_KEY', '') # Twilio SMS Settings TWILIO_ACCOUNT_SID = os.getenv('TWILIO_ACCOUNT_SID', '') TWILIO_AUTH_TOKEN = os.getenv('TWILIO_AUTH_TOKEN', '') TWILIO_PHONE_NUMBER = os.getenv('TWILIO_PHONE_NUMBER', '') BANK_API_BASE_URL = os.getenv('BANK_API_BASE_URL', '') BANK_API_TOKEN = os.getenv('BANK_API_TOKEN', '') # Security Settings (Production) if not DEBUG: SECURE_SSL_REDIRECT = True SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True SECURE_BROWSER_XSS_FILTER = True SECURE_CONTENT_TYPE_NOSNIFF = True X_FRAME_OPTIONS = 'DENY' SECURE_HSTS_SECONDS = 31536000 SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_HSTS_PRELOAD = True SESSION_COOKIE_HTTPONLY = True CSRF_COOKIE_HTTPONLY = True SECURE_REFERRER_POLICY = 'strict-origin-when-cross-origin' SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') # Logging LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'formatters': { 'verbose': { 'format': '{levelname} {asctime} {module} {message}', 'style': '{', }, }, 'handlers': { 'file': { 'level': 'INFO', 'class': 'logging.FileHandler', 'filename': BASE_DIR / 'logs' / 'django.log', 'formatter': 'verbose', }, 'console': { 'level': 'DEBUG', 'class': 'logging.StreamHandler', 'formatter': 'verbose', }, }, 'loggers': { 'django': { 'handlers': ['file', 'console'], 'level': 'INFO', 'propagate': True, }, }, } # Sentry Error Monitoring (Production) if not DEBUG and os.getenv('SENTRY_DSN'): import sentry_sdk from sentry_sdk.integrations.django import DjangoIntegration sentry_sdk.init( dsn=os.getenv('SENTRY_DSN'), integrations=[DjangoIntegration()], traces_sample_rate=1.0, send_default_pii=True ) # ============================================================================== # ENHANCED SECURITY SETTINGS # ============================================================================== # Session Security SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_SECURE = not DEBUG # True in production SESSION_COOKIE_SAMESITE = 'Lax' SESSION_COOKIE_AGE = 86400 # 24 hours # CSRF Protection CSRF_COOKIE_HTTPONLY = False # Allow JavaScript to read CSRF token for AJAX requests CSRF_COOKIE_SECURE = not DEBUG CSRF_COOKIE_SAMESITE = 'Lax' CSRF_USE_SESSIONS = False CSRF_COOKIE_AGE = 31449600 # 1 year CSRF_TRUSTED_ORIGINS = ['http://127.0.0.1:8000', 'http://localhost:8000'] # Security Headers SECURE_BROWSER_XSS_FILTER = True SECURE_CONTENT_TYPE_NOSNIFF = True X_FRAME_OPTIONS = 'DENY' if not DEBUG: # SSL/HTTPS SECURE_SSL_REDIRECT = True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') # HSTS Settings SECURE_HSTS_SECONDS = 31536000 # 1 year SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_HSTS_PRELOAD = True AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', 'OPTIONS': { 'min_length': 8, } }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, ] # Login/Logout URLs # Use customer login for general views; staff views have separate URLs LOGIN_URL = '/login/' LOGIN_REDIRECT_URL = '/staff/dashboard/' LOGOUT_REDIRECT_URL = '/login/' # Authentication Backends AUTHENTICATION_BACKENDS = [ 'django.contrib.auth.backends.ModelBackend', # Default Django auth 'allauth.account.auth_backends.AuthenticationBackend', # Allauth social auth ] # Rate Limiting (if using django-ratelimit) RATELIMIT_ENABLE = True RATELIMIT_USE_CACHE = 'default' # File Upload Security FILE_UPLOAD_MAX_MEMORY_SIZE = 5242880 # 5MB DATA_UPLOAD_MAX_MEMORY_SIZE = 5242880 # 5MB FILE_UPLOAD_PERMISSIONS = 0o644 # Allowed file extensions for uploads ALLOWED_IMAGE_EXTENSIONS = ['.jpg', '.jpeg', '.png', '.gif', '.webp'] ALLOWED_DOCUMENT_EXTENSIONS = ['.pdf', '.doc', '.docx', '.xls', '.xlsx'] # Security Middleware Settings SECURE_REFERRER_POLICY = 'same-origin' SECURE_CROSS_ORIGIN_OPENER_POLICY = 'same-origin' # ============================================================================== # STAFF PANEL SECURITY # ============================================================================== # Staff session expires after 8 hours of inactivity STAFF_SESSION_TIMEOUT = 28800 # Require staff to re-authenticate for sensitive operations STAFF_REAUTH_REQUIRED = True # Log all staff actions STAFF_AUDIT_LOG = True # ============================================================================== # DJANGO-ALLAUTH SOCIAL AUTHENTICATION SETTINGS # ============================================================================== # Allauth Configuration (Updated for django-allauth 65+) ACCOUNT_LOGIN_METHODS = {'email'} ACCOUNT_AUTHENTICATION_METHOD = 'email' ACCOUNT_EMAIL_REQUIRED = True ACCOUNT_EMAIL_VERIFICATION = 'optional' ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION = True ACCOUNT_UNIQUE_EMAIL = True ACCOUNT_USER_MODEL_USERNAME_FIELD = None ACCOUNT_SESSION_REMEMBER = True ACCOUNT_USERNAME_REQUIRED = False ACCOUNT_SIGNUP_FIELDS = ['email*', 'password1*', 'password2*'] # Social Account Settings SOCIALACCOUNT_AUTO_SIGNUP = True # Automatically create account on first social login SOCIALACCOUNT_EMAIL_VERIFICATION = 'optional' SOCIALACCOUNT_EMAIL_REQUIRED = True SOCIALACCOUNT_QUERY_EMAIL = True SOCIALACCOUNT_STORE_TOKENS = True # Store OAuth tokens # Google OAuth Settings SOCIALACCOUNT_PROVIDERS = { 'google': { 'SCOPE': [ 'profile', 'email', ], 'AUTH_PARAMS': { 'access_type': 'online', }, 'APP': { 'client_id': os.getenv('GOOGLE_CLIENT_ID', ''), 'secret': os.getenv('GOOGLE_CLIENT_SECRET', ''), 'key': '' } }, 'facebook': { 'METHOD': 'oauth2', 'SCOPE': ['email', 'public_profile'], 'AUTH_PARAMS': {'auth_type': 'reauthenticate'}, 'FIELDS': [ 'id', 'email', 'name', 'first_name', 'last_name', 'verified', 'locale', 'timezone', 'link', 'gender', 'updated_time', ], 'EXCHANGE_TOKEN': True, 'VERIFIED_EMAIL': False, 'VERSION': 'v18.0', 'APP': { 'client_id': os.getenv('FACEBOOK_APP_ID', ''), 'secret': os.getenv('FACEBOOK_APP_SECRET', ''), 'key': '' } }, } # Redirect URLs after social login SOCIALACCOUNT_LOGIN_ON_GET = True # LOGIN_REDIRECT_URL is set above in the staff panel section (line 351) ACCOUNT_LOGOUT_REDIRECT_URL = '/' # ============================================================================== # CURRENCY SETTINGS # ============================================================================== # Default currency DEFAULT_CURRENCY = 'INR' CURRENCY_SYMBOL = '₹' CURRENCY_CODE = 'INR'