Claude
d8558eca89
Introduce timetracker/config.py with a single config() helper that resolves settings from a fixed priority chain: NAME__FILE (opt-in secret) -> env var -> .env -> settings.ini -> in-code default. Supports type casting (bool/list/int/Path), file-based secrets with .strip(), and required_in_prod validation. Migrate settings.py off the previous ad-hoc idioms: - DEBUG via config() (PROD kept as deprecated alias) - SECRET_KEY required in prod, supports SECRET_KEY__FILE - APP_URL derives ALLOWED_HOSTS and CSRF_TRUSTED_ORIGINS (kept separate, each independently overridable); ALLOWED_HOSTS is now configurable - TZ and DATA_DIR via config() Fix DATA_DIR inconsistency: entrypoint.sh now reads DATA_DIR (was hardcoded) so the bash bootstrap and Django agree on the database directory. Document the container/entrypoint-only flags (PUID/PGID/ CREATE_DEFAULT_SUPERUSER/STAGING/LOAD_SAMPLE_DATA) as bash concerns. Update deployment configs to set APP_URL (and DEBUG), add docs/configuration.md, settings.ini.example, regrouped .env.example, CLAUDE.md, and tests. https://claude.ai/code/session_01FFn8BiGrQpEJarC8xGse8s
213 lines
6.2 KiB
Python
213 lines
6.2 KiB
Python
"""
|
|
Django settings for timetracker project.
|
|
|
|
Generated by 'django-admin startproject' using Django 4.1.4.
|
|
|
|
For more information on this file, see
|
|
https://docs.djangoproject.com/en/4.1/topics/deployment/checklist/
|
|
|
|
For the full list of settings and their values, see
|
|
https://docs.djangoproject.com/en/4.1/ref/settings/
|
|
"""
|
|
|
|
import os
|
|
import warnings
|
|
from pathlib import Path
|
|
from urllib.parse import urlparse
|
|
|
|
from timetracker.config import config
|
|
|
|
# Build paths inside the project like this: BASE_DIR / 'subdir'.
|
|
BASE_DIR = Path(__file__).resolve().parent.parent
|
|
|
|
|
|
# Quick-start development settings - unsuitable for production
|
|
# See https://docs.djangoproject.com/en/4.1/howto/deployment/checklist/
|
|
|
|
# SECURITY WARNING: don't run with debug turned on in production!
|
|
# DEBUG defaults on for local development. Production turns it off via
|
|
# DEBUG=false (preferred) or the deprecated PROD env var.
|
|
_debug = config("DEBUG", default=None, cast=bool)
|
|
if _debug is None:
|
|
if os.environ.get("PROD"):
|
|
warnings.warn(
|
|
"The PROD environment variable is deprecated; set DEBUG=false instead.",
|
|
DeprecationWarning,
|
|
stacklevel=2,
|
|
)
|
|
_debug = False
|
|
else:
|
|
_debug = True
|
|
DEBUG = _debug
|
|
|
|
# SECURITY WARNING: keep the secret key used in production secret!
|
|
# Each deployment supplies its own key (env, .env/.ini, or a SECRET_KEY__FILE
|
|
# secret); falls back to an insecure default only in DEBUG. Missing in
|
|
# production is a hard error rather than a silent insecure fallback.
|
|
SECRET_KEY = config(
|
|
"SECRET_KEY",
|
|
default="django-insecure-x0_t$gei=_o_p(%%!-db$jezka@y+d67$a8tvw13nl^8$l*t@=",
|
|
allow_file=True,
|
|
required_in_prod=True,
|
|
)
|
|
|
|
# ALLOWED_HOSTS and CSRF_TRUSTED_ORIGINS are configured independently (they
|
|
# guard different things), but both default off a single user-facing APP_URL
|
|
# when not set explicitly. Power users override either one directly — e.g.
|
|
# ALLOWED_HOSTS=* behind a reverse proxy while CSRF stays locked to the domain.
|
|
APP_URL = config("APP_URL", default="http://localhost:8000")
|
|
_app_url = urlparse(APP_URL)
|
|
|
|
ALLOWED_HOSTS = config("ALLOWED_HOSTS", default=None, cast=list) or [_app_url.hostname]
|
|
CSRF_TRUSTED_ORIGINS = config("CSRF_TRUSTED_ORIGINS", default=None, cast=list) or [
|
|
f"{_app_url.scheme}://{_app_url.netloc}"
|
|
]
|
|
|
|
|
|
# Application definition
|
|
|
|
INSTALLED_APPS = [
|
|
"games.apps.GamesConfig",
|
|
"django.contrib.auth",
|
|
"django.contrib.contenttypes",
|
|
"django.contrib.sessions",
|
|
"django.contrib.messages",
|
|
"django.contrib.staticfiles",
|
|
"template_partials",
|
|
"django_htmx",
|
|
"django_q",
|
|
]
|
|
|
|
Q_CLUSTER = {
|
|
"name": "DjangoQ",
|
|
"workers": 1,
|
|
"recycle": 500,
|
|
"timeout": 60,
|
|
"retry": 120,
|
|
"orm": "default",
|
|
}
|
|
|
|
if DEBUG:
|
|
INSTALLED_APPS.append("django_extensions")
|
|
INSTALLED_APPS.append("django.contrib.admin")
|
|
INSTALLED_APPS.append("debug_toolbar")
|
|
|
|
MIDDLEWARE = [
|
|
"django.middleware.security.SecurityMiddleware",
|
|
"django.contrib.sessions.middleware.SessionMiddleware",
|
|
"django.middleware.common.CommonMiddleware",
|
|
"django.middleware.csrf.CsrfViewMiddleware",
|
|
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
|
"django.contrib.messages.middleware.MessageMiddleware",
|
|
"django.middleware.clickjacking.XFrameOptionsMiddleware",
|
|
"django_htmx.middleware.HtmxMiddleware",
|
|
"games.htmx_middleware.HTMXMessagesMiddleware",
|
|
]
|
|
|
|
if DEBUG:
|
|
MIDDLEWARE.append("debug_toolbar.middleware.DebugToolbarMiddleware")
|
|
INTERNAL_IPS = ["127.0.0.1"]
|
|
DEBUG_TOOLBAR_CONFIG = {"ROOT_TAG_EXTRA_ATTRS": "hx-preserve"}
|
|
|
|
ROOT_URLCONF = "timetracker.urls"
|
|
LOGIN_URL = "/login/"
|
|
LOGIN_REDIRECT_URL = "/"
|
|
LOGOUT_REDIRECT_URL = "/login/"
|
|
|
|
TEMPLATES = [
|
|
{
|
|
"BACKEND": "django.template.backends.django.DjangoTemplates",
|
|
"DIRS": [],
|
|
"APP_DIRS": True,
|
|
"OPTIONS": {
|
|
"context_processors": [
|
|
"django.template.context_processors.debug",
|
|
"django.template.context_processors.request",
|
|
"django.contrib.auth.context_processors.auth",
|
|
"django.contrib.messages.context_processors.messages",
|
|
"games.views.general.model_counts",
|
|
"games.views.general.global_current_year",
|
|
],
|
|
"builtins": [
|
|
"template_partials.templatetags.partials",
|
|
],
|
|
},
|
|
},
|
|
]
|
|
|
|
WSGI_APPLICATION = "timetracker.wsgi.application"
|
|
|
|
|
|
# Database
|
|
# https://docs.djangoproject.com/en/4.1/ref/settings/#databases
|
|
|
|
DATABASES = {
|
|
"default": {
|
|
"ENGINE": "django.db.backends.sqlite3",
|
|
"NAME": config("DATA_DIR", default=BASE_DIR, cast=Path) / "db.sqlite3",
|
|
"OPTIONS": {
|
|
"timeout": 20,
|
|
"init_command": "PRAGMA synchronous=FULL; PRAGMA journal_mode=WAL;",
|
|
},
|
|
}
|
|
}
|
|
|
|
|
|
# Password validation
|
|
# https://docs.djangoproject.com/en/4.1/ref/settings/#auth-password-validators
|
|
|
|
AUTH_PASSWORD_VALIDATORS = [
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
|
|
},
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
|
|
},
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
|
|
},
|
|
{
|
|
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
|
|
},
|
|
]
|
|
|
|
|
|
# Internationalization
|
|
# https://docs.djangoproject.com/en/4.1/topics/i18n/
|
|
|
|
LANGUAGE_CODE = "en-us"
|
|
|
|
TIME_ZONE = config("TZ", default="Europe/Prague" if DEBUG else "UTC")
|
|
|
|
USE_I18N = True
|
|
|
|
USE_TZ = True
|
|
|
|
|
|
# Static files (CSS, JavaScript, Images)
|
|
# https://docs.djangoproject.com/en/4.1/howto/static-files/
|
|
|
|
STATIC_URL = "static/"
|
|
STATIC_ROOT = BASE_DIR / "static"
|
|
|
|
# Default primary key field type
|
|
# https://docs.djangoproject.com/en/4.1/ref/settings/#default-auto-field
|
|
|
|
DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
|
|
|
|
# https://docs.djangoproject.com/en/4.1/topics/logging/
|
|
LOGGING = {
|
|
"version": 1,
|
|
"disable_existing_loggers": False,
|
|
"handlers": {
|
|
"console": {"class": "logging.StreamHandler"},
|
|
},
|
|
"loggers": {
|
|
"django": {
|
|
"handlers": ["console"],
|
|
"level": "WARNING",
|
|
},
|
|
"games": {"handlers": ["console"], "level": "INFO", "propagate": False},
|
|
},
|
|
}
|