"""
Django development settings for django_project.
Settings for development environment (Replit).
"""

import os
from .base import *

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'django-insecure-4ju2n@$f9d0c=h)_g0lbb%k9&@rf(xa$d$g$&5ri$uf)*gev^4'

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True

# Show custom error pages even in DEBUG mode for testing
# Remove this in production
if DEBUG:
    # This allows testing of custom error templates
    import os
    if os.environ.get('TEST_ERROR_PAGES') == '1':
        DEBUG = False

ALLOWED_HOSTS = os.environ.get("REPLIT_DOMAINS", "localhost,127.0.0.1").split(',')
CSRF_TRUSTED_ORIGINS = [
    "https://" + domain for domain in os.environ.get("REPLIT_DOMAINS", "localhost").split(',')
]

# Only use clickjacking protection in deployments because the Development Web View uses
# iframes and needs to be a cross origin.
if ("REPLIT_DEPLOYMENT" in os.environ):
    MIDDLEWARE.append('django.middleware.clickjacking.XFrameOptionsMiddleware')

# Database
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': BASE_DIR / 'db.sqlite3',
    }
}

# M-Pesa callback URL for development
MPESA_CALLBACK_URL = os.getenv('MPESA_CALLBACK_URL', 'https://your-repl-name.replit.app/payments/mpesa/callback/')

# Session security for development
SESSION_COOKIE_SECURE = False  # Allow non-HTTPS in development