-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.py
More file actions
62 lines (47 loc) · 1.61 KB
/
config.py
File metadata and controls
62 lines (47 loc) · 1.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
import os
from datetime import timedelta
from dotenv import load_dotenv
load_dotenv()
class Config:
"""Base configuration"""
_secret_key = os.getenv('SECRET_KEY')
if not _secret_key:
import warnings
warnings.warn(
"SECRET_KEY not set — sessions are insecure. Add SECRET_KEY to your .env file.",
stacklevel=2
)
SECRET_KEY = _secret_key or 'dev-secret-key-change-in-production'
GOOGLE_PLACES_API_KEY = os.getenv('GOOGLE_PLACES_API_KEY')
ADMIN_PASSWORD = os.getenv('ADMIN_PASSWORD') # Admin dashboard password
INVITE_CODE = os.getenv('INVITE_CODE') # Required for user registration
# Flask config
DEBUG = False
TESTING = False
# Session security
SESSION_COOKIE_HTTPONLY = True # Prevent JavaScript access to cookies
SESSION_COOKIE_SAMESITE = 'Lax' # CSRF protection
PERMANENT_SESSION_LIFETIME = timedelta(days=7) # Session expires after 7 days
# Application config
DEFAULT_SEARCH_RADIUS = 5000 # meters (about 3 miles)
MAX_RESULTS = 20
CACHE_TIMEOUT = 60 # seconds
class DevelopmentConfig(Config):
"""Development configuration"""
DEBUG = True
class ProductionConfig(Config):
"""Production configuration"""
DEBUG = False
# Security enhancements
SESSION_COOKIE_SECURE = True # Require HTTPS for cookies
PREFERRED_URL_SCHEME = 'https'
class TestingConfig(Config):
"""Testing configuration"""
TESTING = True
DEBUG = True
config = {
'development': DevelopmentConfig,
'production': ProductionConfig,
'testing': TestingConfig,
'default': DevelopmentConfig
}