thrilltrack-explorer/django/config/settings/production.py

"""
Django production settings for ThrillWiki project.
These settings are used in production environments.
"""

from .base import *

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False

ALLOWED_HOSTS = env.list('ALLOWED_HOSTS')

# Security Settings
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_HSTS_SECONDS = 31536000  # 1 year
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
X_FRAME_OPTIONS = 'DENY'

# Static files (WhiteNoise)
STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
MIDDLEWARE.insert(1, 'whitenoise.middleware.WhiteNoiseMiddleware')

# Email Configuration (configure for production email backend)
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = env('EMAIL_HOST', default='smtp.gmail.com')
EMAIL_PORT = env.int('EMAIL_PORT', default=587)
EMAIL_USE_TLS = env.bool('EMAIL_USE_TLS', default=True)
EMAIL_HOST_USER = env('EMAIL_HOST_USER', default='')
EMAIL_HOST_PASSWORD = env('EMAIL_HOST_PASSWORD', default='')
DEFAULT_FROM_EMAIL = env('DEFAULT_FROM_EMAIL', default='noreply@thrillwiki.com')

# Database - Use PostGIS backend for production
DATABASES = {
    'default': {
        'ENGINE': 'django.contrib.gis.db.backends.postgis',
        'NAME': env('DB_NAME'),
        'USER': env('DB_USER'),
        'PASSWORD': env('DB_PASSWORD'),
        'HOST': env('DB_HOST'),
        'PORT': env('DB_PORT', default='5432'),
        'CONN_MAX_AGE': env.int('CONN_MAX_AGE', default=600),
        'OPTIONS': {
            'sslmode': env('DB_SSLMODE', default='require'),
        },
    }
}

# Verify required database credentials
if not all([env('DB_NAME', default=None), env('DB_USER', default=None), env('DB_PASSWORD', default=None)]):
    raise ImproperlyConfigured('DB_NAME, DB_USER, and DB_PASSWORD environment variables are required in production')

# Redis - Require REDIS_URL in production
if not env('REDIS_URL', default=None):
    raise ImproperlyConfigured('REDIS_URL environment variable is required in production')

# Celery - Run tasks asynchronously in production
CELERY_TASK_ALWAYS_EAGER = False

# Logging - Send errors to file and Sentry
LOGGING['handlers']['file']['filename'] = '/var/log/thrillwiki/django.log'
LOGGING['root']['level'] = 'WARNING'
LOGGING['loggers']['django']['level'] = 'WARNING'
LOGGING['loggers']['apps']['level'] = 'INFO'

# Admin URL (obfuscate in production)
ADMIN_URL = env('ADMIN_URL', default='admin/')

# Performance
CACHEOPS_ENABLED = True

# CORS - Strict in production
CORS_ALLOW_ALL_ORIGINS = False
if not CORS_ALLOWED_ORIGINS:
    raise ImproperlyConfigured('CORS_ALLOWED_ORIGINS must be set in production')