import json import logging from ipaddress import ip_network from pathlib import Path from decouple import Csv, config from django.core.exceptions import ImproperlyConfigured BASE_DIR = Path(__file__).resolve().parent.parent.parent SECRET_KEY = config("DJANGO_SECRET_KEY", default="unsafe-development-secret-key") DEBUG = config("DEBUG", default=False, cast=bool) ALLOWED_HOSTS = config("ALLOWED_HOSTS", default="localhost,127.0.0.1", cast=Csv()) INSTALLED_APPS = [ "django.contrib.admin", "django.contrib.auth", "django.contrib.contenttypes", "django.contrib.sessions", "django.contrib.messages", "django.contrib.staticfiles", "corsheaders", "rest_framework", "chat", ] MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", "corsheaders.middleware.CorsMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", "django.middleware.common.CommonMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", ] ROOT_URLCONF = "config.urls" TEMPLATES = [ { "BACKEND": "django.template.backends.django.DjangoTemplates", "DIRS": [], "APP_DIRS": True, "OPTIONS": { "context_processors": [ "django.template.context_processors.request", "django.contrib.auth.context_processors.auth", "django.contrib.messages.context_processors.messages", ], }, }, ] WSGI_APPLICATION = "config.wsgi.application" ASGI_APPLICATION = "config.asgi.application" # Em producao use PostgreSQL (USE_POSTGRES=true). SQLite fica para desenvolvimento local. USE_POSTGRES = config("USE_POSTGRES", default=False, cast=bool) if USE_POSTGRES: DATABASES = { "default": { "ENGINE": "django.db.backends.postgresql", "NAME": config("POSTGRES_DB"), "USER": config("POSTGRES_USER"), "PASSWORD": config("POSTGRES_PASSWORD"), "HOST": config("POSTGRES_HOST", default="127.0.0.1"), "PORT": config("POSTGRES_PORT", default="5432"), "OPTIONS": {"connect_timeout": 10}, } } else: DATABASES = { "default": { "ENGINE": "django.db.backends.sqlite3", "NAME": config("SQLITE_PATH", default=str(BASE_DIR / "db.sqlite3")), } } AUTH_PASSWORD_VALIDATORS = [ {"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"}, {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"}, {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"}, {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"}, ] LANGUAGE_CODE = "pt-br" TIME_ZONE = config("TIME_ZONE", default="UTC") USE_I18N = True USE_TZ = True STATIC_URL = "static/" STATIC_ROOT = BASE_DIR / "staticfiles" DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField" CORS_ALLOWED_ORIGINS = config("CORS_ALLOWED_ORIGINS", default="", cast=Csv()) CORS_ALLOW_CREDENTIALS = config("CORS_ALLOW_CREDENTIALS", default=False, cast=bool) OPENAI_API_KEY = config("OPENAI_API_KEY", default="") OPENAI_MODEL = config("OPENAI_MODEL", default="gpt-5-nano") OPENAI_TIMEOUT = config("OPENAI_TIMEOUT", default=30, cast=int) OPENAI_MAX_OUTPUT_TOKENS = config("OPENAI_MAX_OUTPUT_TOKENS", default=600, cast=int) INTERNAL_API_KEY = config("INTERNAL_API_KEY", default="change-me") def _load_internal_api_allowed_networks(): """ Lista vazia = não restringe por IP (só API key). Em produção atrás de firewall ou Docker, defina CIDRs (ex.: 172.16.0.0/12,127.0.0.1/32). """ raw = config("INTERNAL_API_ALLOWED_CIDRS", default="", cast=Csv()) networks = [] for item in raw: item = (item or "").strip() if not item: continue try: networks.append(ip_network(item, strict=False)) except ValueError as e: raise ImproperlyConfigured( f"INTERNAL_API_ALLOWED_CIDRS contém CIDR inválido: {item!r}" ) from e return networks INTERNAL_API_ALLOWED_NETWORKS = _load_internal_api_allowed_networks() INTERNAL_API_TRUST_X_FORWARDED_FOR = config( "INTERNAL_API_TRUST_X_FORWARDED_FOR", default=False, cast=bool, ) CHAT_SYSTEM_PROMPT = config( "CHAT_SYSTEM_PROMPT", default="Você é um especialista em seguros e responde de forma clara, objetiva e segura.", ) MAX_QUESTION_LENGTH = config("MAX_QUESTION_LENGTH", default=2000, cast=int) REST_FRAMEWORK = { "DEFAULT_AUTHENTICATION_CLASSES": [ "chat.api.authentication.ServiceAPIKeyAuthentication", ], "DEFAULT_PERMISSION_CLASSES": [ "rest_framework.permissions.IsAuthenticated", ], "DEFAULT_THROTTLE_CLASSES": [ "rest_framework.throttling.AnonRateThrottle", "rest_framework.throttling.UserRateThrottle", "rest_framework.throttling.ScopedRateThrottle", ], "DEFAULT_THROTTLE_RATES": { "anon": config("API_THROTTLE_ANON", default="10/minute"), "user": config("API_THROTTLE_USER", default="60/minute"), "chat": config("API_THROTTLE_CHAT", default="30/minute"), }, "EXCEPTION_HANDLER": "chat.api.exceptions.custom_exception_handler", } LOG_LEVEL = config("LOG_LEVEL", default="INFO") DJANGO_LOG_LEVEL = config("DJANGO_LOG_LEVEL", default="WARNING") class JsonFormatter(logging.Formatter): def format(self, record): payload = { "level": record.levelname, "logger": record.name, "message": record.getMessage(), "module": record.module, } if record.exc_info: payload["exception"] = self.formatException(record.exc_info) return json.dumps(payload, ensure_ascii=True) LOGGING = { "version": 1, "disable_existing_loggers": False, "formatters": { "json": { "()": JsonFormatter, } }, "handlers": { "console": { "class": "logging.StreamHandler", "formatter": "json", } }, "root": { "handlers": ["console"], "level": LOG_LEVEL, }, "loggers": { "django": { "handlers": ["console"], "level": DJANGO_LOG_LEVEL, "propagate": False, }, "chat": { "handlers": ["console"], "level": LOG_LEVEL, "propagate": False, }, }, }