""" Django settings for horilla project. Generated by 'django-admin startproject' using Django 4.1.4. For more information on this file, see https://docs.djangoproject.com/en/4.1/topics/settings/ For the full list of settings and their values, see https://docs.djangoproject.com/en/4.1/ref/settings/ """ import os from os.path import join from pathlib import Path import environ from django.contrib.messages import constants as messages # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/4.1/howto/deployment/checklist/ env = environ.Env( DEBUG=(bool, True), SECRET_KEY=( str, "django-insecure-j8op9)1q8$1&0^s&p*_0%d#pr@w9qj@1o=3#@d=a(^@9@zd@%j", ), ALLOWED_HOSTS=(list, ["*"]), CSRF_TRUSTED_ORIGINS=(list, ["http://localhost:8000", "https://hrms.fairenation.com"]), ) env.read_env(os.path.join(BASE_DIR, ".env"), overwrite=True) # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = env("SECRET_KEY") # SECURITY WARNING: don't run with debug turned on in production! DEBUG = env("DEBUG") ALLOWED_HOSTS = env("ALLOWED_HOSTS") # HTTPS/SSL Settings for production if not DEBUG: # Since we're behind a load balancer/proxy already handling HTTPS redirects SECURE_SSL_REDIRECT = False # Prevents redirect loops SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True USE_TLS = True SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True # Application definition THEME_APP = "horilla_theme" INSTALLED_APPS = [ "django.contrib.admin", "django.contrib.auth", "django.contrib.contenttypes", "django.contrib.sessions", "django.contrib.messages", "django.contrib.staticfiles", "notifications", "mathfilters", "corsheaders", "simple_history", "django_filters", THEME_APP, "base", "employee", "recruitment", "leave", "pms", "onboarding", "asset", "attendance", "payroll", "widget_tweaks", "django_apscheduler", ] APSCHEDULER_DATETIME_FORMAT = "N j, Y, f:s a" APSCHEDULER_RUN_NOW_TIMEOUT = 25 # Seconds MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", "horilla.security_middleware.SecurityFilterMiddleware", # Handle malformed requests first "whitenoise.middleware.WhiteNoiseMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", "django.middleware.common.CommonMiddleware", "corsheaders.middleware.CorsMiddleware", "simple_history.middleware.HistoryRequestMiddleware", "django.middleware.locale.LocaleMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", "horilla.enhanced_middleware.EnhancedRateLimitMiddleware", # Enhanced rate limiting with bot detection - AFTER authentication "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", ] ROOT_URLCONF = "horilla.urls" TEMPLATES = [ { "BACKEND": "django.template.backends.django.DjangoTemplates", "DIRS": [ BASE_DIR / "templates", ], "APP_DIRS": False, "OPTIONS": { "context_processors": [ "django.template.context_processors.debug", "django.template.context_processors.request", "django.contrib.auth.context_processors.auth", "django.contrib.messages.context_processors.messages", ], "loaders": [ ( "django.template.loaders.filesystem.Loader", [BASE_DIR / THEME_APP / "templates"], ), "django.template.loaders.app_directories.Loader", ("django.template.loaders.filesystem.Loader", [BASE_DIR / "templates"]), ], }, }, ] WSGI_APPLICATION = "horilla.wsgi.application" # Database # https://docs.djangoproject.com/en/4.1/ref/settings/#databases if env("DATABASE_URL", default=None): DATABASES = { "default": env.db(), } else: DATABASES = { "default": { "ENGINE": env("DB_ENGINE", default="django.db.backends.mysql"), "NAME": env("DB_NAME", default=""), "USER": env("DB_USER", default=""), "PASSWORD": env("DB_PASSWORD", default=""), "HOST": env("DB_HOST", default=""), "PORT": env("DB_PORT", default=""), } } # Password validation # https://docs.djangoproject.com/en/4.1/ref/settings/#auth-password-validators AUTH_PASSWORD_VALIDATORS = [ { "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", }, { "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", }, { "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", }, { "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", }, ] # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/4.1/howto/static-files/ STATIC_URL = "static/" STATIC_ROOT = BASE_DIR / "staticfiles" STATICFILES_DIRS = [ BASE_DIR / "static", ] STATICFILES_STORAGE = "whitenoise.storage.CompressedStaticFilesStorage" MEDIA_URL = "/media/" MEDIA_ROOT = os.path.join(BASE_DIR, "media/") # Default primary key field type # https://docs.djangoproject.com/en/4.1/ref/settings/#default-auto-field DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField" MESSAGE_TAGS = { messages.DEBUG: "oh-alert--warning", messages.INFO: "oh-alert--info", messages.SUCCESS: "oh-alert--success", messages.WARNING: "oh-alert--warning", messages.ERROR: "oh-alert--danger", } CSRF_TRUSTED_ORIGINS = env("CSRF_TRUSTED_ORIGINS") LOGIN_URL = "/login" SIMPLE_HISTORY_REVERT_DISABLED = True DJANGO_NOTIFICATIONS_CONFIG = { "USE_JSONFIELD": True, "SOFT_DELETE": True, "USE_WATCHED": True, "NOTIFICATIONS_STORAGE": "notifications.storage.DatabaseStorage", "TEMPLATE": "notifications.html", # Add this line } X_FRAME_OPTIONS = "SAMEORIGIN" LANGUAGES = ( ("en", "English (US)"), ("de", "Deutsche"), ("es", "Español"), ("fr", "Français"), ("ar", "عربى"), ("pt-br", "Português (Brasil)"), ("zh-hans", "Simplified Chinese"), ("zh-hant", "Traditional Chinese"), ) LOCALE_PATHS = [ join(BASE_DIR, "horilla", "locale"), ] # Internationalization # https://docs.djangoproject.com/en/4.1/topics/i18n/ LANGUAGE_CODE = "en-us" TIME_ZONE = env("TIME_ZONE", default="Africa/Lagos") USE_I18N = True USE_L10N = True USE_TZ = True # LDAP Configuration # import ldap # from django_auth_ldap.config import LDAPSearch, GroupOfNamesType AUTH_LDAP_SERVER_URI = "ldap://127.0.0.1:389" # Replace with your LDAP server address # Bind credentials, if required AUTH_LDAP_BIND_DN = "cn=admin,dc=horilla,dc=com" # Replace with your bind DN AUTH_LDAP_BIND_PASSWORD = "your_password" # Replace with your LDAP bind password # Define the search base and user lookup # AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=users,dc=horilla,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)") # Map LDAP fields to Django user fields AUTH_LDAP_USER_ATTR_MAP = { "first_name": "givenName", "last_name": "sn", "email": "mail", } AUTHENTICATION_BACKENDS = [ # "django_auth_ldap.backend.LDAPBackend", "django.contrib.auth.backends.ModelBackend", ] AUTH_LDAP_ALWAYS_UPDATE_USER = True # Rate Limiting Configuration RATE_LIMIT_ENABLED = True RATE_LIMIT_REQUESTS = 100 # Number of requests allowed per window for normal traffic RATE_LIMIT_WINDOW = 3600 # Time window in seconds (1 hour) RATE_LIMIT_BLOCK_DURATION = 1800 # Block duration in seconds (30 minutes) # Enhanced Bot Detection Rate Limits RATE_LIMIT_BOT_REQUESTS = 20 # Stricter limit for detected bots (20/hour) RATE_LIMIT_BOT_BLOCK_DURATION = 3600 # Longer block for bots (1 hour) RATE_LIMIT_SUSPICIOUS_REQUESTS = 5 # Very strict for suspicious requests (5/hour) RATE_LIMIT_EXEMPT_PATHS = [ '/static/', '/media/', '/favicon.ico', '/robots.txt', '/sitemap.xml', '/admin/jsi18n/', # Django admin i18n '/health/', # Health check endpoint ]