""" Django settings for FaceID System. Reads secrets from .env using python-dotenv. """ import os from pathlib import Path from dotenv import load_dotenv # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent # Load environment variables from .env file load_dotenv(BASE_DIR / ".env") load_dotenv(BASE_DIR.parent / ".env") # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = os.getenv("SECRET_KEY", "django-insecure-change-this-to-a-real-secret-key") # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True #os.getenv("DEBUG", "False").lower() in ("true", "1", "yes") ALLOWED_HOSTS = os.getenv("ALLOWED_HOSTS", "attendance-api.talchi.ai,attendance.talchi.ai,localhost,127.0.0.1").split(",") # Application definition INSTALLED_APPS = [ "django.contrib.admin", "django.contrib.auth", "django.contrib.contenttypes", "django.contrib.sessions", "django.contrib.messages", "django.contrib.staticfiles", # Third-party "rest_framework", "corsheaders", # Local "faces", ] MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", "corsheaders.middleware.CorsMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", "django.middleware.common.CommonMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", ] ROOT_URLCONF = "config.urls" TEMPLATES = [ { "BACKEND": "django.template.backends.django.DjangoTemplates", "DIRS": [], "APP_DIRS": True, "OPTIONS": { "context_processors": [ "django.template.context_processors.debug", "django.template.context_processors.request", "django.contrib.auth.context_processors.auth", "django.contrib.messages.context_processors.messages", ], }, }, ] WSGI_APPLICATION = "config.wsgi.application" # Database — PostgreSQL with pgvector DATABASES = { "default": { "ENGINE": "django.db.backends.postgresql", "NAME": os.getenv("DB_NAME", "attendance_db"), "USER": os.getenv("DB_USER", "attendance_admin"), "PASSWORD": os.getenv("DB_PASSWORD", "Attenance@2026"), "HOST": os.getenv("DB_HOST", "localhost"), "PORT": os.getenv("DB_PORT", "5432"), } } # Password validation AUTH_PASSWORD_VALIDATORS = [ {"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"}, {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"}, {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"}, {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"}, ] # Internationalization LANGUAGE_CODE = "en-us" TIME_ZONE = "UTC" USE_I18N = True USE_TZ = True # Static files STATIC_URL = "static/" STATIC_ROOT = BASE_DIR / "staticfiles" # Media files MEDIA_URL = "/media/" MEDIA_ROOT = BASE_DIR / "media" # File upload limits MAX_UPLOAD_SIZE = 10 * 1024 * 1024 # 10 MB FILE_UPLOAD_MAX_MEMORY_SIZE = 10 * 1024 * 1024 # 10 MB # Default primary key field type DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField" # Django REST Framework REST_FRAMEWORK = { "DEFAULT_RENDERER_CLASSES": [ "rest_framework.renderers.JSONRenderer", ], "DEFAULT_PARSER_CLASSES": [ "rest_framework.parsers.JSONParser", "rest_framework.parsers.MultiPartParser", "rest_framework.parsers.FormParser", ], } # CORS Configuration CORS_ALLOWED_ORIGINS = [ "http://localhost:5173", "http://localhost:3000", ] CORS_ALLOW_HEADERS = [ "accept", "accept-encoding", "authorization", "content-type", "dnt", "origin", "user-agent", "x-csrftoken", "x-requested-with", ] CORS_ALLOW_METHODS = [ "DELETE", "GET", "OPTIONS", "PATCH", "POST", "PUT", ]