feat: Core models implementation - Phase 1 complete

Settings Configuration:
- Split settings into base.py, local.py, production.py
- Configured all 60+ installed packages
- Set up PostgreSQL, Redis, Celery, Channels
- Configured caching, sessions, logging
- Added security settings for production

Core Models (apps/core/models.py):
- BaseModel: UUID primary key + timestamps + lifecycle hooks
- VersionedModel: Automatic version tracking with DirtyFieldsMixin
- Country, Subdivision, Locality: Location reference data
- DatePrecisionMixin: Track date precision (year/month/day)
- SoftDeleteMixin: Soft-delete functionality
- ActiveManager & AllObjectsManager: Query managers

User Models (apps/users/models.py):
- Custom User model with UUID, email-based auth
- OAuth support (Google, Discord)
- MFA support fields
- Ban/unban functionality
- UserRole: Role-based permissions (user/moderator/admin)
- UserProfile: Extended user info and preferences

App Structure:
- Created 7 Django apps with proper configs
- Set up migrations for core and users apps
- All migrations applied successfully to SQLite

Testing:
- Django check passes with only 1 warning (static dir)
- Database migrations successful
- Ready for entity models (Park, Ride, Company)

Next: Implement entity models for parks, rides, companies

django/config/settings/production.py

@@ -0,0 +1,67 @@
+"""
+Django production settings for ThrillWiki project.
+These settings are used in production environments.
+"""
+
+from .base import *
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = False
+
+ALLOWED_HOSTS = env.list('ALLOWED_HOSTS')
+
+# Security Settings
+SECURE_SSL_REDIRECT = True
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+SECURE_HSTS_SECONDS = 31536000  # 1 year
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_BROWSER_XSS_FILTER = True
+X_FRAME_OPTIONS = 'DENY'
+
+# Static files (WhiteNoise)
+STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
+MIDDLEWARE.insert(1, 'whitenoise.middleware.WhiteNoiseMiddleware')
+
+# Email Configuration (configure for production email backend)
+EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+EMAIL_HOST = env('EMAIL_HOST', default='smtp.gmail.com')
+EMAIL_PORT = env.int('EMAIL_PORT', default=587)
+EMAIL_USE_TLS = env.bool('EMAIL_USE_TLS', default=True)
+EMAIL_HOST_USER = env('EMAIL_HOST_USER', default='')
+EMAIL_HOST_PASSWORD = env('EMAIL_HOST_PASSWORD', default='')
+DEFAULT_FROM_EMAIL = env('DEFAULT_FROM_EMAIL', default='noreply@thrillwiki.com')
+
+# Database - Require DATABASE_URL in production
+if not env('DATABASE_URL', default=None):
+    raise ImproperlyConfigured('DATABASE_URL environment variable is required in production')
+
+# Connection pooling
+DATABASES['default']['CONN_MAX_AGE'] = env.int('CONN_MAX_AGE', default=600)
+
+# Redis - Require REDIS_URL in production
+if not env('REDIS_URL', default=None):
+    raise ImproperlyConfigured('REDIS_URL environment variable is required in production')
+
+# Celery - Run tasks asynchronously in production
+CELERY_TASK_ALWAYS_EAGER = False
+
+# Logging - Send errors to file and Sentry
+LOGGING['handlers']['file']['filename'] = '/var/log/thrillwiki/django.log'
+LOGGING['root']['level'] = 'WARNING'
+LOGGING['loggers']['django']['level'] = 'WARNING'
+LOGGING['loggers']['apps']['level'] = 'INFO'
+
+# Admin URL (obfuscate in production)
+ADMIN_URL = env('ADMIN_URL', default='admin/')
+
+# Performance
+CACHEOPS_ENABLED = True
+
+# CORS - Strict in production
+CORS_ALLOW_ALL_ORIGINS = False
+if not CORS_ALLOWED_ORIGINS:
+    raise ImproperlyConfigured('CORS_ALLOWED_ORIGINS must be set in production')