""" Django settings for config project. Generated by 'django-admin startproject' using Django 4.2.7. For more information on this file, see https://docs.djangoproject.com/en/4.2/topics/settings/ For the full list of settings and their values, see https://docs.djangoproject.com/en/4.2/ref/settings/ """ from pathlib import Path import os # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = 'django-insecure-o_b)q@yu+mc7k6ywptymn%2l(m7xsaq1@_^oqb%c7+hnqka29o' # SECURITY WARNING: don't run with debug turned on in production! # Helper to parse boolean-like env vars def _env_bool(name, default=False): val = os.environ.get(name) if val is None: return default return str(val).lower() in ("1", "true", "yes") # Read DEBUG from environment (default True for local development) DEBUG = _env_bool('DJANGO_DEBUG', True) # ALLOWED_HOSTS from environment (comma-separated). Defaults to localhost for dev. # Permitimos localhost, 127.0.0.1 y cualquier subdominio de ngrok # Mantenemos tu lógica de variables de entorno ALLOWED_HOSTS = [h for h in os.environ.get('ALLOWED_HOSTS', 'localhost,127.0.0.1').split(',') if h] # Agregamos manualmente los dominios de ngrok ALLOWED_HOSTS.append('placoid-omissible-shawanna.ngrok-free.dev') ALLOWED_HOSTS.append('.ngrok-free.dev') # El punto inicial permite cualquier subdominio de ngrok # Application definition INSTALLED_APPS = [ 'principal', 'django_cleanup.apps.CleanupConfig', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'django.contrib.humanize', ] MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] ROOT_URLCONF = 'config.urls' TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ] WSGI_APPLICATION = 'config.wsgi.application' # Database # https://docs.djangoproject.com/en/4.2/ref/settings/#databases DATABASES = { 'default': { 'ENGINE': 'django.db.backends.sqlite3', 'NAME': BASE_DIR / 'db.sqlite3', } } # Password validation # https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, ] # Internationalization # https://docs.djangoproject.com/en/4.2/topics/i18n/ LANGUAGE_CODE = 'en-us' TIME_ZONE = 'UTC' USE_I18N = True USE_TZ = True # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/4.2/howto/static-files/ STATIC_URL = 'static/' # Default primary key field type # https://docs.djangoproject.com/en/4.2/ref/settings/#default-auto-field DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' AUTH_USER_MODEL = 'principal.Usuario' MEDIA_URL = '/media/' MEDIA_ROOT = BASE_DIR / 'media' # Security settings: control secure-only behaviour via DJANGO_FORCE_SECURE # When deploying behind HTTPS, set DJANGO_FORCE_SECURE=True and ensure # ALLOWED_HOSTS and SECRET_KEY are correctly configured. For local dev keep # DJANGO_DEBUG=True or DJANGO_FORCE_SECURE=False to avoid redirect loops. FORCE_SECURE = False #_env_bool('DJANGO_FORCE_SECURE', False) # Cookies marked secure only when FORCE_SECURE is enabled SESSION_COOKIE_SECURE = bool(FORCE_SECURE) #CSRF_COOKIE_SECURE = bool(FORCE_SECURE) CSRF_TRUSTED_ORIGINS = ['https://placoid-omissible-shawanna.ngrok-free.dev', 'https://*.ngrok-free.dev'] # Only redirect HTTP->HTTPS and enable HSTS when FORCE_SECURE is True SECURE_SSL_REDIRECT = bool(FORCE_SECURE) if FORCE_SECURE: SECURE_HSTS_SECONDS = int(os.environ.get('SECURE_HSTS_SECONDS', 31536000)) SECURE_HSTS_INCLUDE_SUBDOMAINS = _env_bool('SECURE_HSTS_INCLUDE_SUBDOMAINS', True) SECURE_HSTS_PRELOAD = _env_bool('SECURE_HSTS_PRELOAD', True) else: # sensible defaults for development / non-HTTPS runtimes SECURE_HSTS_SECONDS = 0 SECURE_HSTS_INCLUDE_SUBDOMAINS = False SECURE_HSTS_PRELOAD = False # Login y autenticación LOGIN_URL = 'login' #LOGIN_REDIRECT_URL = 'dashboard' LOGOUT_REDIRECT_URL = 'login'