Add comprehensive API documentation for user management endpoints including profile updates, user listing, and admin user management features. Update appointment model to include additional status options (completed, cancelled) and add max_length constraint to email field. Change appointment creation endpoint to require user authentication instead of being public.
Changes:
- Add API docs for update_profile, get_profile, all-users endpoints
- Add API docs for activate-deactivate-user and delete-user admin endpoints
- Update appointment creation to require authentication
- Add 'completed' and 'cancelled' status options to Appointment model
- Add max_length constraint to EncryptedEmailField
- Regenerate initial migration with updated model definitions
Replace hardcoded localhost URLs (http://127.0.0.1:8000) in API root
endpoint documentation with request.build_absolute_uri() calls. This
makes the API documentation URLs environment-agnostic and ensures they
reflect the actual domain/host being used to access the API, improving
portability across development, staging, and production environments.
Replace SQLite with PostgreSQL as the default database backend.
Database connection settings are now configured via environment
variables (POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD,
POSTGRES_HOST, POSTGRES_PORT) for better scalability and
production readiness.
- Remove strip_tags usage and use explicit fallback text for HTML emails
- Use named parameters in EmailMultiAlternatives for better clarity
- Add fail_silently=False to email.send() for explicit error handling
- Rename variables (html_content -> html_message, email_msg -> email)
- Remove action buttons from appointment email templates
These changes improve code readability and provide a clearer fallback
message for non-HTML email clients instead of relying on stripped HTML.
- Enable meetings app in INSTALLED_APPS and add URL routing
- Switch from PostgreSQL to SQLite for default database configuration
- Remove meetings directory from .gitignore
- Move API root endpoint from users app to main URL configuration
- Remove HIPAA-specific email and compliance settings (EMAIL_ENCRYPTION_KEY, HIPAA_EMAIL_CONFIG, BAA_VERIFICATION)
- Add SITE_NAME and ENCRYPTION_KEY environment variables
- Regenerate initial user migrations
These changes simplify the development setup by using SQLite as the default database and removing complex compliance configurations while enabling the core meetings functionality.
Add comprehensive HIPAA compliance features and OTP-based authentication:
- Configure HIPAA email settings with AES-256 encryption standard
- Add secure portal URL and BAA verification configuration
- Implement OTP verification for user registration and password reset
- Add user model fields for email verification and password reset OTPs
- Configure templates directory in Django settings
- Add authentication flow endpoints with detailed documentation
- Update dependencies to support new security features
- Reorganize .gitignore for better structure
These changes ensure HIPAA compliance for healthcare data handling
with 6-year audit retention, secure email communications, and
multi-factor authentication capabilities.
