mirror of
https://github.com/pacnpal/thrillwiki_django_no_react.git
synced 2025-12-20 18:11:08 -05:00
c26414ff74
- Implemented extensive test cases for the Parks API, covering endpoints for listing, retrieving, creating, updating, and deleting parks. - Added tests for filtering, searching, and ordering parks in the API. - Created tests for error handling in the API, including malformed JSON and unsupported methods. - Developed model tests for Park, ParkArea, Company, and ParkReview models, ensuring validation and constraints are enforced. - Introduced utility mixins for API and model testing to streamline assertions and enhance test readability. - Included integration tests to validate complete workflows involving park creation, retrieval, updating, and deletion.
33 lines
1.4 KiB
Python
33 lines
1.4 KiB
Python
"""
|
|
Security configuration for thrillwiki project.
|
|
"""
|
|
|
|
import environ
|
|
|
|
env = environ.Env()
|
|
|
|
# Cloudflare Turnstile settings
|
|
TURNSTILE_SITE_KEY = env('TURNSTILE_SITE_KEY', default='')
|
|
TURNSTILE_SECRET_KEY = env('TURNSTILE_SECRET_KEY', default='')
|
|
TURNSTILE_VERIFY_URL = env('TURNSTILE_VERIFY_URL', default='https://challenges.cloudflare.com/turnstile/v0/siteverify')
|
|
|
|
# Security headers and settings (for production)
|
|
SECURE_BROWSER_XSS_FILTER = env.bool('SECURE_BROWSER_XSS_FILTER', default=True)
|
|
SECURE_CONTENT_TYPE_NOSNIFF = env.bool('SECURE_CONTENT_TYPE_NOSNIFF', default=True)
|
|
SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool('SECURE_HSTS_INCLUDE_SUBDOMAINS', default=True)
|
|
SECURE_HSTS_SECONDS = env.int('SECURE_HSTS_SECONDS', default=31536000) # 1 year
|
|
SECURE_REDIRECT_EXEMPT = env.list('SECURE_REDIRECT_EXEMPT', default=[])
|
|
SECURE_SSL_REDIRECT = env.bool('SECURE_SSL_REDIRECT', default=False)
|
|
SECURE_PROXY_SSL_HEADER = env.tuple('SECURE_PROXY_SSL_HEADER', default=None)
|
|
|
|
# Session security
|
|
SESSION_COOKIE_SECURE = env.bool('SESSION_COOKIE_SECURE', default=False)
|
|
SESSION_COOKIE_HTTPONLY = env.bool('SESSION_COOKIE_HTTPONLY', default=True)
|
|
SESSION_COOKIE_SAMESITE = env('SESSION_COOKIE_SAMESITE', default='Lax')
|
|
|
|
# CSRF security
|
|
CSRF_COOKIE_SECURE = env.bool('CSRF_COOKIE_SECURE', default=False)
|
|
CSRF_COOKIE_HTTPONLY = env.bool('CSRF_COOKIE_HTTPONLY', default=True)
|
|
CSRF_COOKIE_SAMESITE = env('CSRF_COOKIE_SAMESITE', default='Lax')
|
|
|