Coverage for product_risk_suite/product_risk_suite/settings.py: 94%
35 statements
« prev ^ index » next coverage.py v7.15.0, created at 2026-07-07 12:45 +0000
« prev ^ index » next coverage.py v7.15.0, created at 2026-07-07 12:45 +0000
1"""
2Django settings for product_risk_suite project.
4Generated by 'django-admin startproject' using Django 6.0.3.
6For more information on this file, see
7https://docs.djangoproject.com/en/6.0/topics/settings/
9For the full list of settings and their values, see
10https://docs.djangoproject.com/en/6.0/ref/settings/
11"""
13from pathlib import Path
14import os
15import logging
17# Build paths inside the project like this: BASE_DIR / 'subdir'.
18BASE_DIR = Path(__file__).resolve().parent.parent
20# enforce it even if its true by default
21APPEND_SLASH = True
23# Quick-start development settings - unsuitable for production
24# See https://docs.djangoproject.com/en/6.0/howto/deployment/checklist/
26# SECURITY WARNING: keep the secret key used in production secret!
27SECRET_KEY = os.environ.get("DJANGO_SECRET_KEY", 'django-insecure-scwz(sj+*te-dbfuc)vnkju5y1=p1en^d#8mz5*keg2(fj^mn-dudi-bla%')
29# SECURITY WARNING: don't run with debug turned on in production!
30DEBUG = bool(os.environ.get("DJANGO_DEBUG", default=False))
31IN_DOCKER = bool(os.environ.get("IN_DOCKER", default=False))
33ALLOWED_HOSTS = os.environ.get("DJANGO_ALLOWED_HOSTS","127.0.0.1,localhost").split(",")
34CSRF_TRUSTED_ORIGINS = os.environ.get("DJANGO_CSRF_TRUSTED_ORIGINS", "https://localhost:8443,http://localhost:80").split(",")
36# Application definition
37INSTALLED_APPS = [
38 'django.contrib.admin',
39 'django.contrib.auth',
40 'django.contrib.contenttypes',
41 'django.contrib.sessions',
42 'django.contrib.messages',
43 'django.contrib.staticfiles',
44 'django_summernote',
45 "graphene_django",
46 'guardian',
47 'product_risk_suite',
48 'risk_assessment',
49 'threat_model',
50 'product',
51 'api',
52]
54GRAPHENE = {
55 "SCHEMA": "api.schema.schema",
56}
58MIDDLEWARE = [
59 'django.middleware.security.SecurityMiddleware',
60 'django.contrib.sessions.middleware.SessionMiddleware',
61 'django.middleware.common.CommonMiddleware',
62 'django.middleware.csrf.CsrfViewMiddleware',
63 'django.contrib.auth.middleware.AuthenticationMiddleware',
64 'django.contrib.messages.middleware.MessageMiddleware',
65 'django.middleware.clickjacking.XFrameOptionsMiddleware',
66]
68ROOT_URLCONF = 'product_risk_suite.urls'
70TEMPLATES = [
71 {
72 'BACKEND': 'django.template.backends.django.DjangoTemplates',
73 'DIRS': [BASE_DIR / 'product_risk_suite' / 'templates'],
74 'APP_DIRS': True,
75 'OPTIONS': {
76 'context_processors': [
77 'django.template.context_processors.request',
78 'django.contrib.auth.context_processors.auth',
79 'django.contrib.messages.context_processors.messages',
80 ],
81 },
82 },
83]
85WSGI_APPLICATION = 'product_risk_suite.wsgi.application'
87SUMMERNOTE_CONFIG = {
88 # Using SummernoteWidget - iframe mode, default
89 'iframe': True,
90 'summernote': {
91 'lang': 'en-US',
93 # Toolbar customization
94 # https://summernote.org/deep-dive/#custom-toolbar-popover
95 'toolbar': [
96 ['font', ['bold', 'italic', 'underline', 'clear']],
97 ['para', ['ul', 'ol', 'paragraph']],
98 ['insert', ['link']],
99 ['view', ['fullscreen', 'codeview', 'help']],
100 ],
101 }
102}
104# Database
105# https://docs.djangoproject.com/en/6.0/ref/settings/#databases
107DATABASES = {
108 'default': {
109 'ENGINE': f"django.db.backends.{os.getenv('DATABASE_ENGINE', 'sqlite3')}",
110 'NAME': os.getenv('DATABASE_NAME', BASE_DIR / 'db.sqlite3'),
111 'USER': os.getenv('DATABASE_USERNAME'),
112 'PASSWORD': os.getenv('DATABASE_PASSWORD'),
113 'HOST': os.getenv('DATABASE_HOST'),
114 'PORT': os.getenv('DATABASE_PORT'),
115 }
116}
118# Password validation
119# https://docs.djangoproject.com/en/6.0/ref/settings/#auth-password-validators
121AUTH_PASSWORD_VALIDATORS = [
122 {
123 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
124 },
125 {
126 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
127 },
128 {
129 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
130 },
131 {
132 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
133 },
134]
136LOGGING = {
137 'version': 1,
138 'disable_existing_loggers': False,
139 'formatters': {
140 'verbose': {
141 'format': '{levelname} {asctime} {module} {message}',
142 'style': '{',
143 },
144 },
145 'handlers': {
146 'console': {
147 'level': os.getenv("DJANGO_LOG_LEVEL", "INFO"),
148 'class': 'logging.StreamHandler',
149 'formatter': 'verbose',
150 },
151 },
152 'root': {
153 'handlers': ['console'],
154 'level': os.getenv("DJANGO_LOG_LEVEL", "INFO"),
155 },
156 'loggers': {
157 'django': {
158 'handlers': ['console'],
159 'level': os.getenv("DJANGO_LOG_LEVEL", "INFO"),
160 'propagate': True,
161 },
162 # For your app-specific logs (e.g., `myapp`)
163 'myapp': {
164 'handlers': ['console'],
165 'level': os.getenv("DJANGO_LOG_LEVEL", "INFO"),
166 'propagate': True,
167 },
168 },
169}
171AUTHENTICATION_BACKENDS = (
172 'django.contrib.auth.backends.ModelBackend', # Default backend
173 'guardian.backends.ObjectPermissionBackend', # For object permissions
174)
176# Internationalization
177# https://docs.djangoproject.com/en/6.0/topics/i18n/
179LANGUAGE_CODE = 'en-us'
181TIME_ZONE = 'UTC'
183USE_I18N = True
185USE_TZ = True
187LOGIN_URL = '/login'
189# Static files (CSS, JavaScript, Images)
190# https://docs.djangoproject.com/en/6.0/howto/static-files/
192STATIC_URL = '/static/'
193if IN_DOCKER:
194 STATIC_ROOT = "/app/staticfiles"
195else:
196 STATIC_ROOT = BASE_DIR / "staticfiles"
198STATICFILES_DIRS = [
199 BASE_DIR / "static",
200]
202# uploaded files
203MEDIA_URL = '/media/'
204if IN_DOCKER:
205 MEDIA_ROOT = "/data/media"
206else:
207 MEDIA_ROOT = BASE_DIR / "media"