codefortify-starter 1.0.0__py3-none-any.whl

codefortify_starter/templates/base_project/core/env.py.jinja

@@ -0,0 +1,46 @@
+import os
+from pathlib import Path
+
+
+ROOT_DIR = Path(__file__).resolve().parent.parent
+DOTENV_FILE = ROOT_DIR / ".env"
+DOTENV_LOCAL_FILE = ROOT_DIR / ".env.local"
+TRUE_VALUES = {"1", "true", "yes", "on"}
+
+
+def env_flag(name: str, default: bool = False) -> bool:
+    value = os.environ.get(name)
+    if value is None:
+        return default
+    return value.strip().lower() in TRUE_VALUES
+
+
+def _load_env_file(path: Path) -> None:
+    if not path.exists():
+        return
+    for raw_line in path.read_text(encoding="utf-8").splitlines():
+        line = raw_line.strip()
+        if not line or line.startswith("#") or "=" not in line:
+            continue
+        key, value = line.split("=", 1)
+        key = key.strip()
+        value = value.strip().strip('"').strip("'")
+        if key and key not in os.environ:
+            os.environ[key] = value
+
+
+def configure_environment() -> str:
+    explicit_environment = (os.environ.get("CODEFORTIFY_ENVIRONMENT") or "").strip().lower()
+    load_dotenv_in_production = env_flag("CODEFORTIFY_LOAD_DOTENV_IN_PRODUCTION", default=False)
+    should_load_dotenv = explicit_environment != "production" or load_dotenv_in_production
+
+    if should_load_dotenv:
+        if DOTENV_LOCAL_FILE.exists() and not env_flag("CODEFORTIFY_SKIP_DOTENV_LOCAL", default=False):
+            _load_env_file(DOTENV_LOCAL_FILE)
+        _load_env_file(DOTENV_FILE)
+
+    environment = (os.environ.get("CODEFORTIFY_ENVIRONMENT") or "dev").strip().lower()
+    settings_module = "core.settings.production" if environment == "production" else "core.settings.dev"
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", settings_module)
+    return settings_module
+

codefortify_starter/templates/base_project/core/middleware/__init__.py

@@ -0,0 +1 @@
+

codefortify_starter/templates/base_project/core/middleware/exceptions.py

@@ -0,0 +1,26 @@
+import logging
+
+from django.conf import settings
+from django.http import JsonResponse
+
+
+logger = logging.getLogger(__name__)
+
+
+class SafeExceptionMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        try:
+            return self.get_response(request)
+        except Exception as exc:  # pragma: no cover
+            logger.exception("Unhandled application exception")
+            if settings.DEBUG:
+                raise
+
+            accept_header = request.headers.get("Accept", "")
+            if "application/json" in accept_header or request.path.startswith("/api/"):
+                return JsonResponse({"detail": str(exc) or "Internal server error."}, status=500)
+            raise
+

codefortify_starter/templates/base_project/core/middleware/security.py

@@ -0,0 +1,12 @@
+class SecurityHeadersMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+        response.setdefault("Referrer-Policy", "strict-origin-when-cross-origin")
+        response.setdefault("X-Content-Type-Options", "nosniff")
+        response.setdefault("X-Frame-Options", "DENY")
+        response.setdefault("Permissions-Policy", "geolocation=(), microphone=(), camera=()")
+        return response
+

codefortify_starter/templates/base_project/core/settings/__init__.py

@@ -0,0 +1 @@
+

codefortify_starter/templates/base_project/core/settings/base.py.jinja

@@ -0,0 +1,160 @@
+from pathlib import Path
+
+from decouple import Csv, config
+from django.core.exceptions import ImproperlyConfigured
+[% if use_postgres or use_mysql %]
+import dj_database_url
+[% endif %]
+[% if use_mysql %]
+import pymysql
+
+pymysql.install_as_MySQLdb()
+[% endif %]
+
+
+BASE_DIR = Path(__file__).resolve().parent.parent.parent
+
+
+DEBUG = config("DEBUG", default=True, cast=bool)
+SECRET_KEY = config("SECRET_KEY", default="django-insecure-change-me")
+if not DEBUG and SECRET_KEY == "django-insecure-change-me":
+    raise ImproperlyConfigured("SECRET_KEY must be set when DEBUG is False.")
+
+ALLOWED_HOSTS = config("ALLOWED_HOSTS", default="localhost,127.0.0.1,0.0.0.0", cast=Csv())
+CSRF_TRUSTED_ORIGINS = config(
+    "CSRF_TRUSTED_ORIGINS",
+    default="http://localhost:8000,http://127.0.0.1:8000",
+    cast=Csv(),
+)
+
+INSTALLED_APPS = [
+    "django.contrib.admin",
+    "django.contrib.auth",
+    "django.contrib.contenttypes",
+    "django.contrib.sessions",
+    "django.contrib.messages",
+    "django.contrib.staticfiles",
+[% if use_htmx %]
+    "django_htmx",
+[% endif %]
+[% if use_drf %]
+    "rest_framework",
+    "django_filters",
+    "apps.api",
+[% endif %]
+    "apps.home",
+]
+
+MIDDLEWARE = [
+    "core.middleware.security.SecurityHeadersMiddleware",
+    "django.middleware.security.SecurityMiddleware",
+[% if use_docker %]
+    "whitenoise.middleware.WhiteNoiseMiddleware",
+[% endif %]
+    "django.contrib.sessions.middleware.SessionMiddleware",
+    "django.middleware.common.CommonMiddleware",
+[% if use_htmx %]
+    "django_htmx.middleware.HtmxMiddleware",
+[% endif %]
+    "django.middleware.csrf.CsrfViewMiddleware",
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django.contrib.messages.middleware.MessageMiddleware",
+    "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "core.middleware.exceptions.SafeExceptionMiddleware",
+]
+
+ROOT_URLCONF = "core.urls"
+WSGI_APPLICATION = "core.wsgi.application"
+ASGI_APPLICATION = "core.asgi.application"
+
+TEMPLATES = [
+    {
+        "BACKEND": "django.template.backends.django.DjangoTemplates",
+        "DIRS": [BASE_DIR / "templates"],
+        "APP_DIRS": True,
+        "OPTIONS": {
+            "context_processors": [
+                "django.template.context_processors.request",
+                "django.contrib.auth.context_processors.auth",
+                "django.contrib.messages.context_processors.messages",
+            ]
+        },
+    }
+]
+
+[% if use_sqlite %]
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.sqlite3",
+        "NAME": BASE_DIR / "db.sqlite3",
+    }
+}
+[% elif use_postgres or use_mysql %]
+DATABASE_URL = config("DATABASE_URL", default="").strip()
+
+if DATABASE_URL:
+    DATABASES = {
+        "default": dj_database_url.parse(
+            DATABASE_URL,
+            conn_max_age=config("DB_CONN_MAX_AGE", default=600, cast=int),
+        )
+    }
+else:
+    DATABASES = {
+        "default": {
+            "ENGINE": "django.db.backends.sqlite3",
+            "NAME": BASE_DIR / "db.sqlite3",
+        }
+    }
+[% endif %]
+
+AUTH_PASSWORD_VALIDATORS = [
+    {"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"},
+    {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
+    {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
+    {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
+]
+
+LANGUAGE_CODE = config("LANGUAGE_CODE", default="en-us")
+TIME_ZONE = config("TIME_ZONE", default="UTC")
+USE_I18N = True
+USE_TZ = True
+
+STATIC_URL = "/static/"
+STATIC_ROOT = BASE_DIR / "static_root"
+STATICFILES_DIRS = [BASE_DIR / "static"]
+[% if use_docker %]
+STATICFILES_STORAGE = "whitenoise.storage.CompressedManifestStaticFilesStorage"
+[% endif %]
+
+MEDIA_URL = "/media/"
+MEDIA_ROOT = BASE_DIR / "media"
+
+DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
+
+[% if use_drf %]
+REST_FRAMEWORK = {
+    "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.AllowAny",),
+    "DEFAULT_AUTHENTICATION_CLASSES": ("rest_framework.authentication.SessionAuthentication",),
+    "DEFAULT_FILTER_BACKENDS": (
+        "django_filters.rest_framework.DjangoFilterBackend",
+        "rest_framework.filters.OrderingFilter",
+        "rest_framework.filters.SearchFilter",
+    ),
+}
+[% endif %]
+
+[% if use_celery %]
+REDIS_URL = config("REDIS_URL", default="redis://127.0.0.1:6379/0")
+CELERY_BROKER_URL = config("CELERY_BROKER_URL", default=REDIS_URL)
+CELERY_RESULT_BACKEND = config("CELERY_RESULT_BACKEND", default="redis://127.0.0.1:6379/1")
+CELERY_ACCEPT_CONTENT = ["json"]
+CELERY_TASK_SERIALIZER = "json"
+CELERY_RESULT_SERIALIZER = "json"
+CELERY_TIMEZONE = TIME_ZONE
+CELERY_ENABLE_UTC = USE_TZ
+[% endif %]
+
+SESSION_COOKIE_HTTPONLY = True
+SESSION_COOKIE_SECURE = config("SESSION_COOKIE_SECURE", default=not DEBUG, cast=bool)
+CSRF_COOKIE_SECURE = config("CSRF_COOKIE_SECURE", default=not DEBUG, cast=bool)

codefortify_starter/templates/base_project/core/settings/dev.py.jinja

@@ -0,0 +1,8 @@
+from .base import *  # noqa: F403,F401
+
+
+DEBUG = True
+SECURE_SSL_REDIRECT = False
+SESSION_COOKIE_SECURE = False
+CSRF_COOKIE_SECURE = False
+

codefortify_starter/templates/base_project/core/settings/production.py.jinja

@@ -0,0 +1,21 @@
+from decouple import config
+from django.core.exceptions import ImproperlyConfigured
+
+from .base import *  # noqa: F403,F401
+
+
+DEBUG = False
+
+if SECRET_KEY == "django-insecure-change-me":  # noqa: F405
+    raise ImproperlyConfigured("SECRET_KEY must be set in production.")  # noqa: F405
+
+if not ALLOWED_HOSTS:  # noqa: F405
+    raise ImproperlyConfigured("ALLOWED_HOSTS must be configured in production.")  # noqa: F405
+
+SECURE_SSL_REDIRECT = config("SECURE_SSL_REDIRECT", default=True, cast=bool)
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+SECURE_HSTS_SECONDS = config("SECURE_HSTS_SECONDS", default=31536000, cast=int)
+SECURE_HSTS_INCLUDE_SUBDOMAINS = config("SECURE_HSTS_INCLUDE_SUBDOMAINS", default=True, cast=bool)
+SECURE_HSTS_PRELOAD = config("SECURE_HSTS_PRELOAD", default=True, cast=bool)
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")

codefortify_starter/templates/base_project/core/templates/errors/400.html

@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+
+{% block title %}400 Bad Request{% endblock %}
+
+{% block content %}
+<h1>400 - Bad Request</h1>
+{% endblock %}
+

codefortify_starter/templates/base_project/core/templates/errors/403.html

@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+
+{% block title %}403 Permission Denied{% endblock %}
+
+{% block content %}
+<h1>403 - Permission denied</h1>
+{% endblock %}
+

codefortify_starter/templates/base_project/core/templates/errors/404.html

@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+
+{% block title %}404 Not Found{% endblock %}
+
+{% block content %}
+<h1>404 - Page not found</h1>
+{% endblock %}
+

codefortify_starter/templates/base_project/core/templates/errors/405.html

@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+
+{% block title %}405 Method Not Allowed{% endblock %}
+
+{% block content %}
+<h1>405 - Method not allowed</h1>
+{% endblock %}
+

codefortify_starter/templates/base_project/core/templates/errors/500.html

@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+
+{% block title %}500 Server Error{% endblock %}
+
+{% block content %}
+<h1>500 - Internal server error</h1>
+{% endblock %}
+

codefortify_starter/templates/base_project/core/urls.py.jinja

@@ -0,0 +1,23 @@
+from django.conf import settings
+from django.conf.urls.static import static
+from django.contrib import admin
+from django.urls import include, path
+
+
+urlpatterns = [
+    path("admin/", admin.site.urls),
+    path("", include(("apps.home.urls", "home"), namespace="home")),
+[% if use_drf %]
+    path("api/", include(("apps.api.urls", "api"), namespace="api")),
+[% endif %]
+]
+
+if settings.DEBUG:
+    urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
+
+handler400 = "core.views.bad_request"
+handler403 = "core.views.permission_denied"
+handler404 = "core.views.page_not_found"
+handler405 = "core.views.method_not_allowed"
+handler500 = "core.views.server_error"
+

codefortify_starter/templates/base_project/core/views.py.jinja

@@ -0,0 +1,56 @@
+from django.http import JsonResponse
+from django.shortcuts import render
+from django.views.decorators.csrf import requires_csrf_token
+
+
+def _expects_json(request) -> bool:
+    accept_header = request.headers.get("Accept", "")
+    content_type = request.headers.get("Content-Type", "")
+    return (
+        "application/json" in accept_header
+        or "application/json" in content_type
+        or request.path.startswith("/api/")
+    )
+
+
+@requires_csrf_token
+def bad_request(request, exception, template_name="errors/400.html"):
+    if _expects_json(request):
+        return JsonResponse({"detail": "Bad request."}, status=400)
+    return render(request, template_name, status=400)
+
+
+@requires_csrf_token
+def permission_denied(request, exception, template_name="errors/403.html"):
+    if _expects_json(request):
+        return JsonResponse({"detail": "Permission denied."}, status=403)
+    return render(request, template_name, status=403)
+
+
+@requires_csrf_token
+def page_not_found(request, exception, template_name="errors/404.html"):
+    if _expects_json(request):
+        return JsonResponse({"detail": "Not found."}, status=404)
+    return render(request, template_name, status=404)
+
+
+@requires_csrf_token
+def method_not_allowed(request, exception, template_name="errors/405.html"):
+    if _expects_json(request):
+        return JsonResponse({"detail": "Method not allowed."}, status=405)
+    return render(request, template_name, status=405)
+
+
+@requires_csrf_token
+def server_error(request, template_name="errors/500.html"):
+    if _expects_json(request):
+        return JsonResponse({"detail": "Internal server error."}, status=500)
+    return render(request, template_name, status=500)
+
+
+@requires_csrf_token
+def csrf_failure(request, reason="", template_name="errors/403.html"):
+    if _expects_json(request):
+        return JsonResponse({"detail": "CSRF verification failed."}, status=403)
+    return render(request, template_name, status=403)
+

codefortify_starter/templates/base_project/core/wsgi.py.jinja

@@ -0,0 +1,10 @@
+from core.env import configure_environment
+
+
+configure_environment()
+
+from django.core.wsgi import get_wsgi_application
+
+
+application = get_wsgi_application()
+

codefortify_starter/templates/base_project/dot-env.example.jinja

@@ -0,0 +1,66 @@
+# ------------------------------------------------------------------------------
+# Runtime
+# ------------------------------------------------------------------------------
+CODEFORTIFY_ENVIRONMENT=dev
+DEBUG=True
+SECRET_KEY=change-me
+ALLOWED_HOSTS=localhost,127.0.0.1,0.0.0.0
+CSRF_TRUSTED_ORIGINS=http://localhost:8000,http://127.0.0.1:8000
+TIME_ZONE=UTC
+LANGUAGE_CODE=en-us
+
+# ------------------------------------------------------------------------------
+# Database
+# ------------------------------------------------------------------------------
+[% if use_sqlite %]
+DATABASE_URL=
+[% elif use_postgres %]
+[% if use_docker %]
+# Leave blank for local SQLite fallback.
+# DATABASE_URL=sqlite:///db.sqlite3
+# Docker PostgreSQL example:
+# DATABASE_URL=postgres://[[ project_slug ]]:[[ project_slug ]]@db:5432/[[ project_slug ]]
+[% endif %]
+DATABASE_URL=
+POSTGRES_DB=[[ project_slug ]]
+POSTGRES_USER=[[ project_slug ]]
+POSTGRES_PASSWORD=change-me
+POSTGRES_HOST=127.0.0.1
+POSTGRES_PORT=5432
+[% elif use_mysql %]
+[% if use_docker %]
+# Leave blank for local SQLite fallback.
+# DATABASE_URL=sqlite:///db.sqlite3
+# Docker MySQL example:
+# DATABASE_URL=mysql://[[ project_slug ]]:[[ project_slug ]]@db:3306/[[ project_slug ]]
+[% endif %]
+DATABASE_URL=
+MYSQL_DATABASE=[[ project_slug ]]
+MYSQL_USER=[[ project_slug ]]
+MYSQL_PASSWORD=change-me
+MYSQL_HOST=127.0.0.1
+MYSQL_PORT=3306
+[% endif %]
+DB_CONN_MAX_AGE=60
+
+[% if use_celery %]
+# ------------------------------------------------------------------------------
+# Redis / Celery
+# ------------------------------------------------------------------------------
+[% if use_docker %]
+REDIS_URL=redis://redis:6379/0
+CELERY_BROKER_URL=redis://redis:6379/0
+CELERY_RESULT_BACKEND=redis://redis:6379/1
+[% else %]
+REDIS_URL=redis://127.0.0.1:6379/0
+CELERY_BROKER_URL=redis://127.0.0.1:6379/0
+CELERY_RESULT_BACKEND=redis://127.0.0.1:6379/1
+[% endif %]
+[% endif %]
+
+# ------------------------------------------------------------------------------
+# Deployment / security flags
+# ------------------------------------------------------------------------------
+SECURE_SSL_REDIRECT=False
+RUN_MIGRATIONS=true
+COLLECT_STATIC=false

codefortify_starter/templates/base_project/dot-gitignore

@@ -0,0 +1,34 @@
+# Python
+__pycache__/
+*.py[cod]
+*.egg-info/
+.Python
+
+# Virtual environments
+.venv/
+venv/
+env/
+
+# Django
+db.sqlite3
+*.sqlite3
+media/
+static_root/
+
+# Runtime and tooling
+.env
+.env.local
+.pytest_cache/
+.mypy_cache/
+.coverage
+htmlcov/
+
+# Build artifacts
+build/
+dist/
+
+# IDE / OS files
+.idea/
+.vscode/
+.DS_Store
+

codefortify_starter/templates/base_project/manage.py.jinja

@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+import sys
+
+from core.env import configure_environment
+
+
+def main() -> None:
+    configure_environment()
+    from django.core.management import execute_from_command_line
+
+    execute_from_command_line(sys.argv)
+
+
+if __name__ == "__main__":
+    main()
+

codefortify_starter/templates/base_project/static/css/main.css

@@ -0,0 +1,19 @@
+:root {
+  color-scheme: light dark;
+  font-family: Inter, system-ui, -apple-system, Segoe UI, Roboto, sans-serif;
+}
+
+body {
+  margin: 0;
+}
+
+.container {
+  max-width: 960px;
+  margin: 0 auto;
+  padding: 2rem 1rem;
+}
+
+h1 {
+  margin-top: 0;
+}
+

codefortify_starter/templates/base_project/templates/base.html.jinja

@@ -0,0 +1,19 @@
+{% load static %}
+<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>{% block title %}[[ project_title ]]{% endblock %}</title>
+    <link rel="stylesheet" href="{% static 'css/main.css' %}">
+[% if use_htmx %]
+    <script src="https://unpkg.com/htmx.org@2.0.4"></script>
+[% endif %]
+</head>
+<body>
+    <main class="container">
+        {% block content %}{% endblock %}
+    </main>
+</body>
+</html>
+

codefortify_starter/templates/features/celery/apps/home/tasks.py.jinja

@@ -0,0 +1,7 @@
+from celery import shared_task
+
+
+@shared_task
+def ping():
+    return "pong"
+

codefortify_starter/templates/features/celery/core/celery.py.jinja

@@ -0,0 +1,16 @@
+from celery import Celery
+
+from core.env import configure_environment
+
+
+configure_environment()
+
+app = Celery("[[ project_slug ]]")
+app.config_from_object("django.conf:settings", namespace="CELERY")
+app.autodiscover_tasks()
+
+
+@app.task(bind=True)
+def debug_task(self):  # pragma: no cover - smoke task
+    return f"Celery debug task executed: {self.request!r}"
+

codefortify_starter/templates/features/docker/DOCKER_README.md.jinja

@@ -0,0 +1,67 @@
+# Docker Guide
+
+This project includes Docker support for local and production-style workflows.
+
+## Services
+
+- `web` (Django)
+[% if use_postgres %]- `db` (PostgreSQL)
+[% elif use_mysql %]- `db` (MySQL)
+[% else %]- `db` is not used (SQLite)
+[% endif %]
+[% if use_celery %]- `redis` (broker/result backend)
+- `celery` (worker)
+- `celery-beat` (optional profile)
+[% endif %]
+
+## Start local stack
+
+```bash
+cp .env.example .env
+docker compose build
+docker compose up -d
+docker compose exec web python manage.py check
+```
+
+## Stop stack
+
+```bash
+docker compose down
+```
+
+## Production-style compose
+
+```bash
+docker compose -f docker-compose.prod.yml up -d --build
+```
+
+[% if use_celery %]
+## Celery
+
+Inspect worker logs:
+
+```bash
+docker compose logs -f celery
+```
+
+Start beat profile:
+
+```bash
+docker compose --profile beat up -d celery-beat
+```
+[% endif %]
+
+## Helper script
+
+```bash
+./docker_deploy.sh up
+./docker_deploy.sh check
+./docker_deploy.sh logs web
+```
+
+[% if use_sqlite %]
+## Note about SQLite with Docker
+
+SQLite is supported for development convenience but is not suitable for multi-container production workloads.
+[% endif %]
+