import os from pathlib import Path BASE_DIR = Path(__file__).resolve().parent.parent SECRET_KEY = os.getenv("DJANGO_SECRET_KEY","dev-insecure") DEBUG = os.getenv("DJANGO_DEBUG","False") == "True" ALLOWED_HOSTS = os.getenv("DJANGO_ALLOWED_HOSTS","*").split(",") CSRF_TRUSTED_ORIGINS = [x.strip() for x in os.getenv("CSRF_TRUSTED_ORIGINS","").split(",") if x.strip()] SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") INSTALLED_APPS = [ "django.contrib.admin","django.contrib.auth","django.contrib.contenttypes", "django.contrib.sessions","django.contrib.messages","django.contrib.staticfiles", "core","mozilla_django_oidc", ] MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", "django.middleware.common.CommonMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", "core.middleware.CurrentUserMiddleware", ] ROOT_URLCONF = "illustrations.urls" TEMPLATES = [{ "BACKEND":"django.template.backends.django.DjangoTemplates", "DIRS":[BASE_DIR/"templates"], "APP_DIRS":True, "OPTIONS":{"context_processors":[ "django.template.context_processors.debug", "django.template.context_processors.request", "django.contrib.auth.context_processors.auth", "django.contrib.messages.context_processors.messages", # ✅ add this line to expose {{ APP_VERSION }} in templates "core.context_processors.app_version", "core.context_processors.pending_announcement", ]}, }] WSGI_APPLICATION="illustrations.wsgi.application" DATABASES = { "default": { "ENGINE":"django.db.backends.postgresql", "NAME": os.getenv("POSTGRES_DB","illustrations"), "USER": os.getenv("POSTGRES_USER","illustrations"), "PASSWORD": os.getenv("POSTGRES_PASSWORD","illustrations"), "HOST": os.getenv("POSTGRES_HOST","db"), "PORT": int(os.getenv("POSTGRES_PORT","5432")), } } AUTHENTICATION_BACKENDS = ( "core.auth_oidc.AuthentikOIDCBackend", # OIDC via Authentik "django.contrib.auth.backends.ModelBackend", # keep existing username/password login ) LANGUAGE_CODE="en-us" TIME_ZONE="America/Chicago" USE_I18N=True USE_TZ=True STATIC_URL="static/" STATIC_ROOT=BASE_DIR/"staticfiles" STATICFILES_DIRS=[BASE_DIR/"static"] LOGIN_URL="/login/" LOGIN_REDIRECT_URL="/search/" LOGOUT_REDIRECT_URL="/login/" STATICFILES_STORAGE = "django.contrib.staticfiles.storage.ManifestStaticFilesStorage" # --- Authentik OIDC --- OIDC_RP_CLIENT_ID = os.getenv("OIDC_RP_CLIENT_ID", "") OIDC_RP_CLIENT_SECRET = os.getenv("OIDC_RP_CLIENT_SECRET", "") OIDC_OP_AUTHORIZATION_ENDPOINT = os.getenv("OIDC_OP_AUTHORIZATION_ENDPOINT", "") OIDC_OP_TOKEN_ENDPOINT = os.getenv("OIDC_OP_TOKEN_ENDPOINT", "") OIDC_OP_USER_ENDPOINT = os.getenv("OIDC_OP_USER_ENDPOINT", "") OIDC_OP_JWKS_ENDPOINT = os.getenv("OIDC_OP_JWKS_ENDPOINT", "") OIDC_RP_SCOPES = os.getenv("OIDC_RP_SCOPES", "openid email profile") OIDC_CREATE_USER = True USE_X_FORWARDED_HOST = True OIDC_RP_SIGN_ALGO = "RS256" OPENAI_API_KEY = os.environ.get("OPENAI_API_KEY", "") # Ensure MEDIA_ROOT exists (you likely already have this) MEDIA_ROOT = os.path.join(BASE_DIR, "media") MEDIA_URL = "/media/" TEMPLATES[0]['OPTIONS']['context_processors'] += [ 'core.context_processors.available_themes', ]