""" Django settings for django_project project. Generated by 'django-admin startproject' using Django 5.0.1. For more information on this file, see https://docs.djangoproject.com/en/5.0/topics/settings/ For the full list of settings and their values, see https://docs.djangoproject.com/en/5.0/ref/settings/ """ import os from pathlib import Path # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/5.0/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = 'django-insecure-4ju2n@$f9d0c=h)_g0lbb%k9&@rf(xa$d$g$&5ri$uf)*gev^4' # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True # Show custom error pages even in DEBUG mode for testing # Remove this in production if DEBUG: # This allows testing of custom error templates import os if os.environ.get('TEST_ERROR_PAGES') == '1': DEBUG = False ALLOWED_HOSTS = os.environ["REPLIT_DOMAINS"].split(',') CSRF_TRUSTED_ORIGINS = [ "https://" + domain for domain in os.environ["REPLIT_DOMAINS"].split(',') ] # Additional CSRF settings for development CSRF_COOKIE_SECURE = not DEBUG CSRF_COOKIE_HTTPONLY = False # Allow JavaScript access if needed CSRF_USE_SESSIONS = False CSRF_COOKIE_SAMESITE = 'Lax' # Application definition INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'accounts', 'customers', 'billing', 'payments', 'tickets', 'hr', 'network', 'notifications', 'settings', 'expenditure', ] MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'customers.middleware.CustomerOnlyMiddleware', 'accounts.middleware.DepartmentPermissionMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] # Only use clickjacking protection in deployments because the Development Web View uses # iframes and needs to be a cross origin. if ("REPLIT_DEPLOYMENT" in os.environ): MIDDLEWARE.append('django.middleware.clickjacking.XFrameOptionsMiddleware') ROOT_URLCONF = 'django_project.urls' TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [BASE_DIR / 'templates'], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', 'accounts.context_processors.department_permissions', 'settings.context_processors.company_profile', ], }, }, ] WSGI_APPLICATION = 'django_project.wsgi.application' # Database # https://docs.djangoproject.com/en/5.0/ref/settings/#databases DATABASES = { 'default': { 'ENGINE': 'django.db.backends.sqlite3', 'NAME': BASE_DIR / 'db.sqlite3', } } # Password validation # https://docs.djangoproject.com/en/5.0/ref/settings/#auth-password-validators AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, ] # Internationalization # https://docs.djangoproject.com/en/5.0/topics/i18n/ LANGUAGE_CODE = 'en-us' TIME_ZONE = 'Africa/Nairobi' USE_I18N = True USE_TZ = True # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/5.0/howto/static-files/ STATIC_URL = '/static/' STATIC_ROOT = BASE_DIR / 'staticfiles' # Additional locations of static files STATICFILES_DIRS = [ BASE_DIR / 'static', ] # Static files finders STATICFILES_FINDERS = [ 'django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder', ] MEDIA_URL = '/media/' MEDIA_ROOT = BASE_DIR / 'media' # Default primary key field type # https://docs.djangoproject.com/en/5.0/ref/settings/#default-auto-field DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' # Custom User Model AUTH_USER_MODEL = 'accounts.CustomUser' # Authentication backends AUTHENTICATION_BACKENDS = [ 'accounts.backends.SuperuserAuthBackend', 'accounts.backends.EmployeeAuthBackend', 'accounts.backends.CustomerAuthBackend', 'django.contrib.auth.backends.ModelBackend', # Keep as fallback ] # REST Framework configuration REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': [ 'rest_framework.authentication.SessionAuthentication', ], 'DEFAULT_PERMISSION_CLASSES': [ 'rest_framework.permissions.IsAuthenticated', ], } # Email configuration EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = os.environ.get('EMAIL_HOST', 'smtp.gmail.com') EMAIL_PORT = 587 EMAIL_USE_TLS = True EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER', '') EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD', '') DEFAULT_FROM_EMAIL = os.environ.get('DEFAULT_FROM_EMAIL', 'noreply@optinet.com') # Logging configuration LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'formatters': { 'verbose': { 'format': '{levelname} {asctime} {module} {process:d} {thread:d} {message}', 'style': '{', }, }, 'handlers': { 'file': { 'level': 'INFO', 'class': 'logging.FileHandler', 'filename': 'login_attempts.log', 'formatter': 'verbose', }, 'console': { 'level': 'INFO', 'class': 'logging.StreamHandler', 'formatter': 'verbose', }, }, 'loggers': { 'accounts.login': { 'handlers': ['file', 'console'], 'level': 'INFO', 'propagate': True, }, }, } # M-Pesa Configuration MPESA_CONSUMER_KEY = os.getenv('MPESA_CONSUMER_KEY', '') MPESA_CONSUMER_SECRET = os.getenv('MPESA_CONSUMER_SECRET', '') MPESA_BUSINESS_SHORT_CODE = os.getenv('MPESA_BUSINESS_SHORT_CODE', '') MPESA_PASSKEY = os.getenv('MPESA_PASSKEY', '') MPESA_CALLBACK_URL = os.getenv('MPESA_CALLBACK_URL', 'https://your-repl-name.replit.app/payments/mpesa/callback/') MPESA_ENVIRONMENT = os.getenv('MPESA_ENVIRONMENT', 'sandbox') # 'sandbox' or 'production' # MikroTik Configuration MIKROTIK_ROUTERS = [ { 'host': os.getenv('MIKROTIK_HOST', '192.168.1.1'), 'username': os.getenv('MIKROTIK_USERNAME', 'admin'), 'password': os.getenv('MIKROTIK_PASSWORD', ''), 'port': int(os.getenv('MIKROTIK_PORT', '8728')), } ] # RADIUS Server Configuration RADIUS_SERVER = { 'HOST': '0.0.0.0', 'PORT': 1812, 'SECRET': 'your-radius-secret-key', } # RADIUS Secret for MikroTik communication RADIUS_SECRET = 'your-radius-secret-key' # Celery Configuration CELERY_BROKER_URL = 'redis://localhost:6379' CELERY_RESULT_BACKEND = 'redis://localhost:6379' CELERY_ACCEPT_CONTENT = ['application/json'] CELERY_TASK_SERIALIZER = 'json' CELERY_RESULT_SERIALIZER = 'json' # Login/Logout URLs LOGIN_URL = '/accounts/login/' LOGIN_REDIRECT_URL = '/dashboard/' LOGOUT_REDIRECT_URL = '/accounts/login/' # Override admin logout URL ADMIN_LOGOUT_URL = '/logout/' # Session Security SESSION_COOKIE_AGE = 3600 # 1 hour for regular users SESSION_COOKIE_SECURE = not DEBUG # Use secure cookies in production SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_SAMESITE = 'Lax' SESSION_EXPIRE_AT_BROWSER_CLOSE = True # Different session timeouts for different user types EMPLOYEE_SESSION_TIMEOUT = 3600 * 8 # 8 hours for employees CUSTOMER_SESSION_TIMEOUT = 3600 * 2 # 2 hours for customers ADMIN_SESSION_TIMEOUT = 3600 * 4 # 4 hours for admins # Security settings SECURE_BROWSER_XSS_FILTER = True SECURE_CONTENT_TYPE_NOSNIFF = True X_FRAME_OPTIONS = 'DENY' # Ensure admin login uses our custom login page ADMIN_URL = 'admin/'