Initial commit

2026-05-12 16:54:38 +00:00
commit 8638273475
92 changed files with 6861 additions and 0 deletions
--- a/config/settings/prod.py
+++ b/config/settings/prod.py
@@ -0,0 +1,61 @@
+from .base import *
+
+DEBUG = False
+
+DATABASES = {
+    'default': env.db('DATABASE_URL', default='sqlite:///tmp/build.db')
+}
+
+# WhiteNoise pour servir les fichiers statiques en fallback
+MIDDLEWARE = [
+    'django.middleware.security.SecurityMiddleware',
+    'whitenoise.middleware.WhiteNoiseMiddleware',
+] + [m for m in MIDDLEWARE if m != 'django.middleware.security.SecurityMiddleware']
+
+STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
+
+EMAIL_BACKEND   = 'django.core.mail.backends.smtp.EmailBackend'
+EMAIL_HOST      = env('EMAIL_HOST',           default='smtp.dreamhost.com')
+EMAIL_PORT      = env.int('EMAIL_PORT',        default=465)
+EMAIL_USE_SSL   = True
+EMAIL_HOST_USER = env('EMAIL_HOST_USER',       default='')
+EMAIL_HOST_PASSWORD = env('EMAIL_HOST_PASSWORD', default='')
+
+# ── HTTPS / cookies ───────────────────────────────────────
+SECURE_SSL_REDIRECT = True
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')  # derrière nginx
+
+SESSION_COOKIE_SECURE   = True
+SESSION_COOKIE_HTTPONLY = True
+SESSION_COOKIE_SAMESITE = 'Lax'
+
+CSRF_COOKIE_SECURE   = True
+CSRF_COOKIE_HTTPONLY = True
+CSRF_COOKIE_SAMESITE = 'Lax'
+
+# ── HSTS ──────────────────────────────────────────────────
+# Commencer à 3600, passer à 31536000 après validation SSL
+SECURE_HSTS_SECONDS            = 3600
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD            = False  # passer à True avec HSTS 1 an
+
+# ── Headers de sécurité Django ─────────────────────────────
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_REFERRER_POLICY      = 'strict-origin-when-cross-origin'
+X_FRAME_OPTIONS             = 'DENY'
+
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'handlers': {
+        'console': {'class': 'logging.StreamHandler'},
+    },
+    'root': {
+        'handlers': ['console'],
+        'level': 'WARNING',
+    },
+    'loggers': {
+        'django': {'handlers': ['console'], 'level': 'WARNING', 'propagate': False},
+        'apps.core': {'handlers': ['console'], 'level': 'INFO', 'propagate': False},
+    },
+}