""" Django settings for FitMtaani Gym Management System. """ import os from pathlib import Path from datetime import timedelta import environ # Build paths BASE_DIR = Path(__file__).resolve().parent.parent # Environment env = environ.Env( DEBUG=(bool, False), ALLOWED_HOSTS=(list, ['localhost', '127.0.0.1']), ) environ.Env.read_env(os.path.join(BASE_DIR, '.env')) # Core SECRET_KEY = env('SECRET_KEY') DEBUG = env('DEBUG') ALLOWED_HOSTS = env('ALLOWED_HOSTS') # Application definition DJANGO_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'django.contrib.sites', ] THIRD_PARTY_APPS = [ 'rest_framework', 'rest_framework_simplejwt', 'rest_framework_simplejwt.token_blacklist', 'corsheaders', 'django_filters', 'drf_spectacular', 'django_celery_beat', 'django_celery_results', 'simple_history', 'import_export', 'phonenumber_field', 'taggit', 'mptt', 'storages', ] LOCAL_APPS = [ 'apps.core', 'apps.members', 'apps.billing', 'apps.scheduling', 'apps.staff', 'apps.training', 'apps.operations', 'apps.crm', 'apps.analytics', 'apps.events', 'apps.content', 'apps.integrations', ] INSTALLED_APPS = DJANGO_APPS + THIRD_PARTY_APPS + LOCAL_APPS SITE_ID = 1 MIDDLEWARE = [ 'corsheaders.middleware.CorsMiddleware', 'django.middleware.security.SecurityMiddleware', 'whitenoise.middleware.WhiteNoiseMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'simple_history.middleware.HistoryRequestMiddleware', ] ROOT_URLCONF = 'config.urls' TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [BASE_DIR / 'templates'], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ] WSGI_APPLICATION = 'config.wsgi.application' ASGI_APPLICATION = 'config.asgi.application' # Database DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': env('DB_NAME', default='jengafit_db'), 'USER': env('DB_USER', default='postgres'), 'PASSWORD': env('DB_PASSWORD', default=''), 'HOST': env('DB_HOST', default='localhost'), 'PORT': env('DB_PORT', default='5432'), 'OPTIONS': { 'connect_timeout': 5, }, } } # Cache CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', } } # Auth AUTH_USER_MODEL = 'core.User' AUTH_PASSWORD_VALIDATORS = [ {'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'}, {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'}, {'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator'}, {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'}, ] # Internationalization LANGUAGE_CODE = 'en-us' TIME_ZONE = 'Africa/Nairobi' USE_I18N = True USE_TZ = True # Static & Media STATIC_URL = '/static/' STATIC_ROOT = BASE_DIR / 'staticfiles' STATICFILES_DIRS = [BASE_DIR / 'static'] MEDIA_URL = '/media/' MEDIA_ROOT = BASE_DIR / 'media' STORAGES = { 'staticfiles': { 'BACKEND': 'whitenoise.storage.CompressedManifestStaticFilesStorage', }, } DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' # REST Framework REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_simplejwt.authentication.JWTAuthentication', 'rest_framework.authentication.SessionAuthentication', ), 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', ), 'DEFAULT_FILTER_BACKENDS': ( 'django_filters.rest_framework.DjangoFilterBackend', 'rest_framework.filters.SearchFilter', 'rest_framework.filters.OrderingFilter', ), 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination', 'PAGE_SIZE': 20, 'DEFAULT_SCHEMA_CLASS': 'drf_spectacular.openapi.AutoSchema', 'DEFAULT_THROTTLE_CLASSES': [ 'rest_framework.throttling.AnonRateThrottle', 'rest_framework.throttling.UserRateThrottle', ], 'DEFAULT_THROTTLE_RATES': { 'anon': '100/hour', 'user': '1000/hour', }, 'DATETIME_FORMAT': '%Y-%m-%dT%H:%M:%S%z', } # JWT SIMPLE_JWT = { 'ACCESS_TOKEN_LIFETIME': timedelta( minutes=env.int('JWT_ACCESS_TOKEN_LIFETIME_MINUTES', default=60) ), 'REFRESH_TOKEN_LIFETIME': timedelta( days=env.int('JWT_REFRESH_TOKEN_LIFETIME_DAYS', default=7) ), 'ROTATE_REFRESH_TOKENS': True, 'BLACKLIST_AFTER_ROTATION': True, 'AUTH_HEADER_TYPES': ('Bearer',), } # CORS CORS_ALLOWED_ORIGINS = env.list('CORS_ALLOWED_ORIGINS', default=[ 'http://localhost:5173', 'http://localhost:3000', 'http://localhost:8080', ]) CORS_ALLOW_CREDENTIALS = True # Celery CELERY_BROKER_URL = env('CELERY_BROKER_URL', default='redis://localhost:6379/2') CELERY_RESULT_BACKEND = env('CELERY_RESULT_BACKEND', default='django-db') CELERY_ACCEPT_CONTENT = ['json'] CELERY_TASK_SERIALIZER = 'json' CELERY_RESULT_SERIALIZER = 'json' CELERY_TIMEZONE = TIME_ZONE CELERY_BEAT_SCHEDULER = 'django_celery_beat.schedulers:DatabaseScheduler' # API Documentation SPECTACULAR_SETTINGS = { 'TITLE': 'FitMtaani Gym Management API', 'DESCRIPTION': 'Enterprise Gym Management System API', 'VERSION': '1.0.0', 'SERVE_INCLUDE_SCHEMA': False, 'COMPONENT_SPLIT_REQUEST': True, } # Email EMAIL_BACKEND = env('EMAIL_BACKEND', default='django.core.mail.backends.console.EmailBackend') EMAIL_HOST = env('EMAIL_HOST', default='smtp.gmail.com') EMAIL_PORT = env.int('EMAIL_PORT', default=587) EMAIL_USE_TLS = env.bool('EMAIL_USE_TLS', default=False) EMAIL_USE_SSL = env.bool('EMAIL_USE_SSL', default=False) EMAIL_HOST_USER = env('EMAIL_HOST_USER', default='') EMAIL_HOST_PASSWORD = env('EMAIL_HOST_PASSWORD', default='') DEFAULT_FROM_EMAIL = env('DEFAULT_FROM_EMAIL', default='FitMtaani ') # Payment Gateways STRIPE_SECRET_KEY = env('STRIPE_SECRET_KEY', default='') STRIPE_PUBLISHABLE_KEY = env('STRIPE_PUBLISHABLE_KEY', default='') STRIPE_WEBHOOK_SECRET = env('STRIPE_WEBHOOK_SECRET', default='') PAYSTACK_SECRET_KEY = env('PAYSTACK_SECRET_KEY', default='') PAYSTACK_PUBLIC_KEY = env('PAYSTACK_PUBLIC_KEY', default='') PAYSTACK_CURRENCY = env('PAYSTACK_CURRENCY', default='KES') MPESA_CONSUMER_KEY = env('MPESA_CONSUMER_KEY', default='') MPESA_CONSUMER_SECRET = env('MPESA_CONSUMER_SECRET', default='') MPESA_SHORTCODE = env('MPESA_SHORTCODE', default='') MPESA_PASSKEY = env('MPESA_PASSKEY', default='') MPESA_CALLBACK_URL = env('MPESA_CALLBACK_URL', default='') MPESA_ENVIRONMENT = env('MPESA_ENVIRONMENT', default='sandbox') # SMS TWILIO_ACCOUNT_SID = env('TWILIO_ACCOUNT_SID', default='') TWILIO_AUTH_TOKEN = env('TWILIO_AUTH_TOKEN', default='') TWILIO_PHONE_NUMBER = env('TWILIO_PHONE_NUMBER', default='') # Firebase FIREBASE_CREDENTIALS_PATH = env('FIREBASE_CREDENTIALS_PATH', default='') # Logging LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'formatters': { 'verbose': { 'format': '{levelname} {asctime} {module} {message}', 'style': '{', }, }, 'handlers': { 'console': { 'class': 'logging.StreamHandler', 'formatter': 'verbose', }, }, 'root': { 'handlers': ['console'], 'level': env('LOG_LEVEL', default='INFO'), }, 'loggers': { 'django': { 'handlers': ['console'], 'level': 'INFO', 'propagate': False, }, 'apps': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, }, } # Feature Flags ENABLE_MULTI_LOCATION = env.bool('ENABLE_MULTI_LOCATION', default=False) ENABLE_VIRTUAL_CLASSES = env.bool('ENABLE_VIRTUAL_CLASSES', default=False) ENABLE_NUTRITION_TRACKING = env.bool('ENABLE_NUTRITION_TRACKING', default=False) ENABLE_KIDS_PROGRAMS = env.bool('ENABLE_KIDS_PROGRAMS', default=False) ENABLE_COMPETITIONS = env.bool('ENABLE_COMPETITIONS', default=False) ENABLE_POS = env.bool('ENABLE_POS', default=True) ENABLE_CRM = env.bool('ENABLE_CRM', default=True) # Production Security (only when DEBUG=False) if not DEBUG: SECURE_SSL_REDIRECT = True SECURE_HSTS_SECONDS = 31536000 SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_HSTS_PRELOAD = True SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')