init

backend/config/settings/base.py

@@ -0,0 +1,233 @@
+from decouple import config
+from pathlib import Path
+import os
+
+BASE_DIR = Path(__file__).resolve().parent.parent.parent
+
+SECRET_KEY = config('SECRET_KEY')
+
+DEBUG = config('DEBUG', default=False, cast=bool)
+
+ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='').split(',')
+
+DJANGO_APPS = [
+    'unfold',
+    'unfold.contrib.filters',
+    'unfold.contrib.forms',
+    'unfold.contrib.import_export',
+    'unfold.contrib.location_field',
+
+    'django.contrib.admin',
+    'django.contrib.auth',
+    'django.contrib.contenttypes',
+    'django.contrib.sessions',
+    'django.contrib.messages',
+    'django.contrib.staticfiles',
+]
+
+THIRD_PARTY_APPS = [
+    'corsheaders',
+    'import_export',
+    'simplemde',
+    'location_field',
+    "django_prometheus",
+]
+
+LOCAL_APPS = [
+    'users',
+    'blog',
+    'gallery',
+    'events',
+    'certificates',
+    'communications',
+    'payments',
+    'utils',
+]
+
+INSTALLED_APPS = DJANGO_APPS + THIRD_PARTY_APPS + LOCAL_APPS
+
+MIDDLEWARE = [
+    "django_prometheus.middleware.PrometheusBeforeMiddleware",
+    'corsheaders.middleware.CorsMiddleware',
+    'django.middleware.security.SecurityMiddleware',
+    'whitenoise.middleware.WhiteNoiseMiddleware',
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    "django_prometheus.middleware.PrometheusAfterMiddleware",
+]
+
+ROOT_URLCONF = 'config.urls'
+
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [BASE_DIR / 'templates'],
+        'APP_DIRS': True,
+        'OPTIONS': {
+            'context_processors': [
+                'django.template.context_processors.debug',
+                'django.template.context_processors.request',
+                'django.contrib.auth.context_processors.auth',
+                'django.contrib.messages.context_processors.messages',
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = 'config.wsgi.application'
+
+# Database
+DATABASES = {
+    'default': {
+        'ENGINE': config('DB_ENGINE', 'django.db.backends.sqlite3'),
+        'NAME': config('DB_NAME', BASE_DIR / 'db.sqlite3'),
+        'USER': config('DB_USER'),
+        'PASSWORD': config('DB_PASSWORD'),
+        'HOST': config('DB_HOST', default='localhost'),
+        'PORT': config('DB_PORT', default='5432'),
+    }
+}
+
+# Password validation
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+]
+
+LANGUAGE_CODE = 'en-us'
+TIME_ZONE = 'Asia/Tehran'
+
+LANGUAGES = [
+    ('en', 'English'),
+    ('fa', 'فارسی'),
+]
+
+USE_I18N = True
+USE_L10N = True
+USE_TZ = True
+
+# For RTL support in admin
+LOCALE_PATHS = [BASE_DIR / 'locale']
+
+STATIC_URL = config('STATIC_URL', default='/static/')
+STATIC_ROOT = BASE_DIR / 'staticfiles'
+STATICFILES_DIRS = [BASE_DIR / 'static']
+
+MEDIA_URL = config('MEDIA_URL', default='/media/')
+MEDIA_ROOT = BASE_DIR / 'media'
+
+DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
+
+AUTH_USER_MODEL = 'users.User'
+
+# CORS Settings
+CORS_ALLOWED_ORIGINS = config('CORS_ALLOWED_ORIGINS', default='https://east-guilan-ce.ir').split(',')
+CORS_ALLOW_CREDENTIALS = True
+CSRF_TRUSTED_ORIGINS = ["https://east-guilan-ce.ir"]
+CSRF_COOKIE_SECURE = True
+SESSION_COOKIE_SECURE = True
+
+# Email Configuration
+EMAIL_BACKEND = config('EMAIL_BACKEND', default='django.core.mail.backends.console.EmailBackend')
+EMAIL_HOST = config('EMAIL_HOST', default='')
+EMAIL_PORT = config('EMAIL_PORT', default=587, cast=int)
+EMAIL_USE_TLS = config('EMAIL_USE_TLS', default=True, cast=bool)
+EMAIL_HOST_USER = config('EMAIL_HOST_USER', default='')
+EMAIL_HOST_PASSWORD = config('EMAIL_HOST_PASSWORD', default='')
+DEFAULT_FROM_EMAIL = config('DEFAULT_FROM_EMAIL', default='webmaster@localhost')
+
+# JWT Configuration
+JWT_SECRET_KEY = config('JWT_SECRET_KEY', default=SECRET_KEY)
+JWT_ALGORITHM = config('JWT_ALGORITHM', default='HS256')
+JWT_ACCESS_TOKEN_LIFETIME = config('JWT_ACCESS_TOKEN_LIFETIME', default=3600, cast=int)
+JWT_REFRESH_TOKEN_LIFETIME = config('JWT_REFRESH_TOKEN_LIFETIME', default=86400, cast=int)
+
+# Redis Configuration
+REDIS_URL = config('REDIS_URL', default='redis://localhost:6379/0')
+
+# Cache Configuration
+CACHES = {
+    'default': {
+        'BACKEND': 'django_prometheus.cache.backends.redis.RedisCache',
+        'LOCATION': REDIS_URL,
+    }
+}
+
+# Celery Configuration
+CELERY_BROKER_URL = REDIS_URL
+CELERY_RESULT_BACKEND = REDIS_URL
+
+
+# Logging Configuration
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'formatters': {
+        'verbose': {
+            'format': '{levelname} {asctime} {module} {process:d} {thread:d} {message}',
+            'style': '{',
+        },
+        'simple': {
+            'format': '{levelname} {message}',
+            'style': '{',
+        },
+    },
+    'handlers': {
+        'file': {
+            'level': 'INFO',
+            'class': 'logging.FileHandler',
+            'filename': BASE_DIR / 'logs' / 'django.log',
+            'formatter': 'verbose',
+        },
+        'console': {
+            'level': 'INFO',
+            'class': 'logging.StreamHandler',
+            'formatter': 'simple',
+        },
+    },
+    'root': {
+        'handlers': ['console'],
+        'level': 'INFO',
+    },
+    'loggers': {
+        'django': {
+            'handlers': ['file', 'console'],
+            'level': 'INFO',
+            'propagate': False,
+        },
+        'apps': {
+            'handlers': ['file', 'console'],
+            'level': 'INFO',
+            'propagate': False,
+        },
+    },
+}
+
+# Create logs directory
+os.makedirs(BASE_DIR / 'logs', exist_ok=True)
+
+BACKEND_ROOT = config('DJANGO_HOST', default='http://localhost:8000/')
+FRONTEND_ROOT = config('FRONTEND_ROOT', default='http://localhost:3000/')
+FRONTEND_PASSWORD_RESET_PAGE = config('FRONTEND_PASSWORD_RESET_PAGE', default='http://localhost:3000/api/auth/reset-password-confirm/')
+FRONTEND_CALLBACK_URL = config('FRONTEND_CALLBACK_URL', default='http://localhost:3000/payments/result')
+
+DATABASES["default"]["ENGINE"] = "django_prometheus.db.backends.postgresql"
+
+from config.services.unfold import *
+from config.services.location import *
+from config.services.notifications import *
+from config.services.zarinpal import *

backend/config/settings/development.py

@@ -0,0 +1,18 @@
+from .base import *
+
+DEBUG = True
+
+# Additional development settings
+INTERNAL_IPS = [
+    "127.0.0.1",
+]
+
+# Email backend for development
+EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+
+# Disable caching in development
+CACHES = {
+    'default': {
+        'BACKEND': 'django.core.cache.backends.dummy.DummyCache',
+    }
+}

backend/config/settings/production.py

@@ -0,0 +1,21 @@
+from .base import *
+
+DEBUG = False
+
+# Security settings for production
+SECURE_BROWSER_XSS_FILTER = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_SECONDS = 31536000
+SECURE_REDIRECT_EXEMPT = []
+SECURE_SSL_REDIRECT = True
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+X_FRAME_OPTIONS = 'DENY'
+
+# 🔹 Exempt /metrics from the redirect so Prometheus can scrape over HTTP
+SECURE_REDIRECT_EXEMPT = [r"^metrics$"]
+
+# Logging for production
+# LOGGING['handlers']['file']['filename'] = '/var/log/django/django.log'

backend/config/settings/test.py

@@ -0,0 +1,46 @@
+from .base import *
+
+# Lightweight defaults keep local/CI test runs isolated from production infra.
+
+TEST_DB_ENGINE = config("TEST_DB_ENGINE", default="django.db.backends.sqlite3")
+TEST_DB_NAME = config("TEST_DB_NAME", default=str(BASE_DIR / "db.test.sqlite3"))
+TEST_DB_USER = config("TEST_DB_USER", default="")
+TEST_DB_PASSWORD = config("TEST_DB_PASSWORD", default="")
+TEST_DB_HOST = config("TEST_DB_HOST", default="")
+TEST_DB_PORT = config("TEST_DB_PORT", default="")
+
+DATABASES["default"] = {
+    "ENGINE": TEST_DB_ENGINE,
+    "NAME": TEST_DB_NAME,
+    "USER": TEST_DB_USER,
+    "PASSWORD": TEST_DB_PASSWORD,
+    "HOST": TEST_DB_HOST,
+    "PORT": TEST_DB_PORT,
+}
+
+PASSWORD_HASHERS = [
+    "django.contrib.auth.hashers.MD5PasswordHasher",
+]
+
+EMAIL_BACKEND = "django.core.mail.backends.locmem.EmailBackend"
+
+CACHES = {
+    "default": {
+        "BACKEND": "django.core.cache.backends.locmem.LocMemCache",
+    }
+}
+
+CELERY_TASK_ALWAYS_EAGER = True
+CELERY_TASK_EAGER_PROPAGATES = True
+
+# Tests should not enforce HTTPS-only cookies to simplify client simulations.
+CSRF_COOKIE_SECURE = False
+SESSION_COOKIE_SECURE = False
+
+# Silence verbose INFO logs (e.g., Celery task output) during tests.
+LOGGING["handlers"]["console"]["level"] = "ERROR"  # type: ignore[index]
+LOGGING["root"]["level"] = "ERROR"  # type: ignore[index]
+if "django" in LOGGING["loggers"]:
+    LOGGING["loggers"]["django"]["level"] = "ERROR"  # type: ignore[index]
+if "apps" in LOGGING["loggers"]:
+    LOGGING["loggers"]["apps"]["level"] = "ERROR"  # type: ignore[index]