**Security Improvements:**
- Fix DEBUG setting to properly parse boolean from environment variable
- Remove hardcoded SMTP password fallback, rely solely on env var
- Update Celery to use REDIS_URL environment variable instead of hardcoded localhost
**Static File Serving:**
- Add WhiteNoise middleware for production-grade static file serving
- Configure CompressedManifestStaticFilesStorage for optimized delivery
**Configuration Updates:**
- Enable CORS credentials support
- Remove duplicate CORS_ALLOWED_ORIGINS configuration
- Update API documentation title from "Blog API" to "Attune Heart Therapy API"
- Clean up code formatting and remove unnecessary comments
These changes make the application more secure by eliminating hardcoded
credentials and more deployment-ready by properly handling environment
variables and serving static files efficiently in production.
Consolidate CORS_ALLOWED_ORIGINS default value onto a single line
to fix formatting issue. Removes unnecessary line break and trailing
whitespace that was splitting the URL string across multiple lines.
Add attunehearttherapy.com to the CORS_ALLOWED_ORIGINS setting to enable cross-origin requests from the production domain. This allows the frontend application hosted at the production URL to communicate with the backend API.
Change ALLOWED_HOSTS from a hardcoded list to be read from environment
variable with comma-separated values support. Maintains '*' as default
fallback for backward compatibility. This allows more restrictive host
configuration in production environments while improving security posture.
- Install and configure drf-spectacular for OpenAPI/Swagger documentation
- Add Swagger UI endpoints at /api/schema/ and /api/docs/
- Configure SPECTACULAR_SETTINGS with API metadata
- Refactor meetings views from function-based to class-based views
(ScheduleAppointmentView, RejectAppointmentView, AvailableDatesView,
UserAppointmentsView, AppointmentStatsView, UserAppointmentStatsView)
- Update URL patterns to use new class-based views
- Simplify ALLOWED_HOSTS configuration to accept all hosts
This improves API discoverability through interactive documentation
and modernizes the codebase by using class-based views for better
code organization and reusability.
- Add dj-database-url package for parsing DATABASE_URL
- Replace hardcoded PostgreSQL config with DATABASE_URL environment variable
- Add connection pooling with conn_max_age and health checks
- Fallback to SQLite for local development when DATABASE_URL is not set
- Remove obsolete production config comments
- Update requirements.txt with new dependency
This change improves deployment flexibility by supporting standard DATABASE_URL format commonly used in cloud platforms (Heroku, Railway, etc.) while maintaining backward compatibility with local development using SQLite.
Replace SQLite database configuration with PostgreSQL to improve
scalability and production readiness. PostgreSQL configuration uses
environment variables (POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD,
POSTGRES_HOST, POSTGRES_PORT) for flexible deployment across different
environments.
```
refactor: update settings and Docker config for production
- Configure ALLOWED_HOSTS and CORS from environment variables for better security
- Switch default database from PostgreSQL to SQLite3 (PostgreSQL config commented)
- Simplify DEBUG environment variable handling
- Update Dockerfile to use Python 3.11 and gunicorn for production
- Add static file collection in Docker build process
- Add user appointment statistics endpoint (user_apointment_stats)
- Add .dockerignore to exclude unnecessary files from build
These changes improve production readiness by making critical settings
configurable via environment variables and using production-grade WSGI
server (gunicorn) instead of Django development server.
- Replace pip with UV for faster dependency installation
- Switch base image from python:3.11-slim to debian:bookworm-slim
- Add SECURE_PROXY_SSL_HEADER for production SSL proxy support
- Optimize Docker layer caching by copying dependency files first
- Move database migration to build time for faster container startup
- Enhance Gunicorn logging with access and error log streams
- Update dependency management from requirements.txt to pyproject.toml
These changes improve build performance, production security, and
container startup time while modernizing the dependency management
workflow.
- Set ALLOWED_HOSTS to accept all hosts for easier local testing
- Update Docker port from 8080 to 8000 (Django default)
- Adjust Gunicorn binding to match new port configuration
This simplifies local development setup by using standard Django
conventions and removing host restrictions. The previous specific
host configuration can be restored for production deployment.
- Replace old sslip.io subdomain with new one (r0g84wkoc4cwoo0gckss88ow)
- Remove redundant IP address entries (72.61.138.80, 127.0.0.1)
- Keep localhost for local development
This updates the Django allowed hosts configuration to use the new
SSL.io subdomain while simplifying the host list by removing
redundant entries already covered by localhost.
- Replace PostgreSQL with SQLite as default database backend
- Comment out PostgreSQL configuration for potential future use
- Update Docker exposed port from 8000 to 8080
- Update Gunicorn bind address to match new port
This simplifies the deployment setup by removing the PostgreSQL
dependency and aligns the application port with common alternatives
to port 8000.
Replace SQLite with PostgreSQL as the default database backend.
Database connection settings are now configured via environment
variables (POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD,
POSTGRES_HOST, POSTGRES_PORT) for better scalability and
production readiness.
- Enable meetings app in INSTALLED_APPS and add URL routing
- Switch from PostgreSQL to SQLite for default database configuration
- Remove meetings directory from .gitignore
- Move API root endpoint from users app to main URL configuration
- Remove HIPAA-specific email and compliance settings (EMAIL_ENCRYPTION_KEY, HIPAA_EMAIL_CONFIG, BAA_VERIFICATION)
- Add SITE_NAME and ENCRYPTION_KEY environment variables
- Regenerate initial user migrations
These changes simplify the development setup by using SQLite as the default database and removing complex compliance configurations while enabling the core meetings functionality.
Add comprehensive HIPAA compliance features and OTP-based authentication:
- Configure HIPAA email settings with AES-256 encryption standard
- Add secure portal URL and BAA verification configuration
- Implement OTP verification for user registration and password reset
- Add user model fields for email verification and password reset OTPs
- Configure templates directory in Django settings
- Add authentication flow endpoints with detailed documentation
- Update dependencies to support new security features
- Reorganize .gitignore for better structure
These changes ensure HIPAA compliance for healthcare data handling
with 6-year audit retention, secure email communications, and
multi-factor authentication capabilities.
