# Local applications (Adtlas modules) LOCAL_APPS = [ "apps.common", "apps.core", "apps.accounts", "apps.authentication", "apps.activities", "apps.channels", "apps.advertisers", # "apps.agencies", "apps.campaigns", # "apps.creatives", # "apps.adspots", "apps.playlists", "apps.analytics", "apps.vast", # "apps.api", # "apps.epg", # "apps.reporting", ] LOCAL_MIDDLEWARE = [ "django_session_timeout.middleware.SessionTimeoutMiddleware", "apps.common.middleware.SecurityHeadersMiddleware", "apps.common.middleware.TrustedOriginMiddleware", # "debug_toolbar.middleware.DebugToolbarMiddleware", # # "django_session_timeout.middleware.SessionTimeoutMiddleware", # # "apps.core.middleware.RequestMiddleware", # # "apps.accounts.middleware.UserActivityMiddleware", # # "apps.accounts.middleware.RateLimitMiddleware", # # "apps.accounts.middleware.SecurityHeadersMiddleware", # # "apps.accounts.middleware.MaintenanceModeMiddleware", # # "apps.accounts.middleware.RequestLoggingMiddleware", ] # ============================================================================== # CSRF CONFIGURATION # ============================================================================== # CSRF trusted origins for cross-origin requests (configured in security section below) # Internationalization LANGUAGE_CODE = "en-us" TIME_ZONE = "UTC" USE_I18N = True USE_L10N = True USE_TZ = True USE_THOUSAND_SEPARATOR = True # Session settings SESSION_EXPIRE_SECONDS = int(config("SESSION_EXPIRE_SECONDS", default="7200")) # 2 hours SESSION_EXPIRE_AFTER_LAST_ACTIVITY = True SESSION_TIMEOUT_REDIRECT = "/auth/login/" # Celery Configuration CELERY_BROKER_URL = config("CELERY_BROKER_URL", default="redis://redis:6379/0") CELERY_RESULT_BACKEND = config("CELERY_RESULT_BACKEND", default="redis://redis:6379/0") CELERY_ACCEPT_CONTENT = ["json"] CELERY_TASK_SERIALIZER = "json" CELERY_RESULT_SERIALIZER = "json" CELERY_TIMEZONE = TIME_ZONE # Logging LOGGING = { "version": 1, "disable_existing_loggers": False, "handlers": { "console": { "level": "INFO", "class": "logging.StreamHandler", }, }, "root": { "handlers": ["console"], "level": "INFO", }, } # Telegram Bot Configuration TELEGRAM = { "bot_token": config("TELEGRAM_BOT_TOKEN", default=""), "channel_name": config("TELEGRAM_CHANNEL_NAME", default="adtlasbot"), } # Application URL prefix APP_URL = config("APP_URL", default="/adtlas/") # ============================================================================== # SECURITY CONFIGURATION # ============================================================================== # HTTPS and SSL settings SECURE_SSL_REDIRECT = config("SECURE_SSL_REDIRECT", default=True, cast=bool) SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") SECURE_HSTS_SECONDS = config("SECURE_HSTS_SECONDS", default=31536000, cast=int) # 1 year SECURE_HSTS_INCLUDE_SUBDOMAINS = config("SECURE_HSTS_INCLUDE_SUBDOMAINS", default=True, cast=bool) SECURE_HSTS_PRELOAD = config("SECURE_HSTS_PRELOAD", default=True, cast=bool) SECURE_CONTENT_TYPE_NOSNIFF = config("SECURE_CONTENT_TYPE_NOSNIFF", default=True, cast=bool) SECURE_BROWSER_XSS_FILTER = config("SECURE_BROWSER_XSS_FILTER", default=True, cast=bool) # Trust proxy headers USE_X_FORWARDED_HOST = True USE_X_FORWARDED_PORT = True # Security headers middleware configuration SECURE_CROSS_ORIGIN_OPENER_POLICY = config("SECURE_CROSS_ORIGIN_OPENER_POLICY", default="same-origin") SECURE_CROSS_ORIGIN_EMBEDDER_POLICY = config("SECURE_CROSS_ORIGIN_EMBEDDER_POLICY", default="require-corp") SECURE_REFERRER_POLICY = config("SECURE_REFERRER_POLICY", default="strict-origin-when-cross-origin") SECURE_PERMISSIONS_POLICY = config("SECURE_PERMISSIONS_POLICY", default="geolocation=(), microphone=(), camera=()") # Ensure logs directory exists import os LOGS_DIR = BASE_DIR / "logs" os.makedirs(LOGS_DIR, exist_ok=True) # Enhanced logging configuration LOGGING = { "version": 1, "disable_existing_loggers": False, "formatters": { "verbose": { "format": "{levelname} {asctime} {module} {process:d} {thread:d} {message}", "style": "{", }, "simple": { "format": "{levelname} {message}", "style": "{", }, }, "handlers": { "console": { "level": "INFO", "class": "logging.StreamHandler", "formatter": "simple", }, }, "root": { "handlers": ["console"], "level": "INFO", }, "loggers": { "django": { "handlers": ["console"], "level": "INFO", "propagate": False, }, }, } # ============================================================================== # PRODUCTION SECURITY SETTINGS # ============================================================================== # Production Security Settings if not DEBUG: # Security Headers SECURE_HSTS_SECONDS = config("SECURE_HSTS_SECONDS", default=31536000, cast=int) # 1 year SECURE_HSTS_INCLUDE_SUBDOMAINS = config("SECURE_HSTS_INCLUDE_SUBDOMAINS", default=True, cast=bool) SECURE_HSTS_PRELOAD = config("SECURE_HSTS_PRELOAD", default=True, cast=bool) # SSL/TLS Settings SECURE_SSL_REDIRECT = config("SECURE_SSL_REDIRECT", default=True, cast=bool) SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') # Cookie Security SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True SESSION_COOKIE_HTTPONLY = True CSRF_COOKIE_HTTPONLY = True # Additional Security Headers SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_BROWSER_XSS_FILTER = True X_FRAME_OPTIONS = 'DENY' # Referrer Policy SECURE_REFERRER_POLICY = 'strict-origin-when-cross-origin' # ============================================================================== # LOGGING CONFIGURATION # ============================================================================== LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'formatters': { 'verbose': { 'format': '{levelname} {asctime} {module} {process:d} {thread:d} {message}', 'style': '{', }, 'simple': { 'format': '{levelname} {message}', 'style': '{', }, }, 'filters': { 'require_debug_true': { '()': 'django.utils.log.RequireDebugTrue', }, }, 'handlers': { 'console': { 'level': 'INFO', 'filters': ['require_debug_true'], 'class': 'logging.StreamHandler', 'formatter': 'simple' }, 'file': { 'level': 'INFO', 'class': 'logging.FileHandler', 'filename': '/app/logs/django.log', 'formatter': 'verbose', }, }, 'root': { 'handlers': ['console'], }, 'loggers': { 'django': { 'handlers': ['console'], 'level': config('DJANGO_LOG_LEVEL', default='INFO'), 'propagate': False, }, 'apps': { 'handlers': ['console'], 'level': 'INFO', 'propagate': False, }, }, } # ============================================================================== # RATE LIMITING CONFIGURATION # ============================================================================== # Rate limiting settings RATE_LIMIT_ENABLE = config("RATE_LIMIT_ENABLE", default=True, cast=bool) RATE_LIMIT_PER_MINUTE = config("RATE_LIMIT_PER_MINUTE", default=60, cast=int) RATE_LIMIT_PER_HOUR = config("RATE_LIMIT_PER_HOUR", default=1000, cast=int) # ============================================================================== # SESSION SECURITY CONFIGURATION # ============================================================================== # Session security settings SESSION_COOKIE_AGE = config("SESSION_COOKIE_AGE", default=86400, cast=int) # 24 hours SESSION_EXPIRE_AT_BROWSER_CLOSE = config("SESSION_EXPIRE_AT_BROWSER_CLOSE", default=True, cast=bool) SESSION_SAVE_EVERY_REQUEST = config("SESSION_SAVE_EVERY_REQUEST", default=True, cast=bool) # ============================================================================== # CORS CONFIGURATION # ============================================================================== # CORS settings for production CORS_ALLOWED_ORIGINS = config("CORS_ALLOWED_ORIGINS", default="http://localhost:3000", cast=Csv()) CORS_ALLOW_CREDENTIALS = config("CORS_ALLOW_CREDENTIALS", default=True, cast=bool) # ============================================================================== # ADDITIONAL SECURITY CONFIGURATIONS # ============================================================================== # Password validation AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', 'OPTIONS': { 'min_length': 8, } }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, ] # File upload security FILE_UPLOAD_MAX_MEMORY_SIZE = config("FILE_UPLOAD_MAX_MEMORY_SIZE", default=2621440, cast=int) # 2.5MB DATA_UPLOAD_MAX_MEMORY_SIZE = config("DATA_UPLOAD_MAX_MEMORY_SIZE", default=2621440, cast=int) # 2.5MB FILE_UPLOAD_PERMISSIONS = 0o644