django-cfg 1.3.3__py3-none-any.whl → 1.3.5__py3-none-any.whl

django_cfg/core/generation.py

@@ -179,7 +179,7 @@ class SettingsGenerator:
                 # Apply database defaults for each database based on its engine
                 for alias, db_config in config.databases.items():
                     db_defaults = SmartDefaults.get_database_defaults(
-                        config._environment, 
+                        config.env_mode, 
                         config.debug, 
                         db_config.engine
                     )
@@ -219,17 +219,17 @@ class SettingsGenerator:
 
             # Default cache - always provide one
             if config.cache_default:
-                caches["default"] = config.cache_default.to_django_config(config._environment, config.debug, "default")
+                caches["default"] = config.cache_default.to_django_config(config.env_mode, config.debug, "default")
             else:
                 # Create default cache backend
                 from django_cfg.models.cache import CacheConfig
 
                 default_cache = CacheConfig()
-                caches["default"] = default_cache.to_django_config(config._environment, config.debug, "default")
+                caches["default"] = default_cache.to_django_config(config.env_mode, config.debug, "default")
 
             # Sessions cache
             if config.cache_sessions:
-                caches["sessions"] = config.cache_sessions.to_django_config(config._environment, config.debug, "sessions")
+                caches["sessions"] = config.cache_sessions.to_django_config(config.env_mode, config.debug, "sessions")
 
                 # Configure Django to use cache for sessions (can be overridden)
                 settings["SESSION_ENGINE"] = "django.contrib.sessions.backends.cache"
@@ -241,7 +241,7 @@ class SettingsGenerator:
                     cache_obj = getattr(config, attr_name)
                     if hasattr(cache_obj, "to_django_config"):
                         cache_alias = attr_name.replace("cache_", "")
-                        caches[cache_alias] = cache_obj.to_django_config(config._environment, config.debug, cache_alias)
+                        caches[cache_alias] = cache_obj.to_django_config(config.env_mode, config.debug, cache_alias)
 
             if caches:
                 settings["CACHES"] = caches
@@ -261,7 +261,7 @@ class SettingsGenerator:
             if config.security_domains or config.ssl_redirect is not None:
                 security_defaults = SmartDefaults.get_security_defaults(
                     config.security_domains, 
-                    config._environment, 
+                    config.env_mode, 
                     config.debug,
                     config.ssl_redirect,
                     config.cors_allow_headers
@@ -275,12 +275,12 @@ class SettingsGenerator:
                     pass
 
             # Additional security settings for production
-            if config._environment == "production":
+            if config.env_mode == "production":
                 settings.update(
                     {
-                        "SESSION_COOKIE_AGE": 86400,  # 24 hours
+                        "SESSION_COOKIE_AGE": 2592000,  # 30 days (30 * 24 * 60 * 60)
                         "SESSION_SAVE_EVERY_REQUEST": True,
-                        "SESSION_EXPIRE_AT_BROWSER_CLOSE": True,
+                        "SESSION_EXPIRE_AT_BROWSER_CLOSE": False,  # Allow persistent sessions
                     }
                 )
 
@@ -296,7 +296,7 @@ class SettingsGenerator:
             settings = {}
 
             if config.email:
-                email_settings = config.email.to_django_config(config._environment, config.debug)
+                email_settings = config.email.to_django_config(config.env_mode, config.debug)
                 settings.update(email_settings)
 
             return settings
@@ -311,7 +311,7 @@ class SettingsGenerator:
             settings = {}
 
             # Generate logging defaults
-            logging_defaults = SmartDefaults.get_logging_defaults(config._environment, config.debug)
+            logging_defaults = SmartDefaults.get_logging_defaults(config.env_mode, config.debug)
 
             if logging_defaults:
                 settings["LOGGING"] = logging_defaults
@@ -370,7 +370,7 @@ class SettingsGenerator:
             }
 
             # Adjust for different environments
-            if config._environment == "development":
+            if config.env_mode == "development":
                 settings["USE_L10N"] = True  # Deprecated but sometimes needed
 
             return settings

django_cfg/core/integration/display/startup.py

@@ -122,7 +122,7 @@ class StartupDisplayManager(BaseDisplayManager):
         info_table.add_row("🏗️ Project", self.config.project_name)
         
         # Add environment source
-        env_source = getattr(self.config, '_environment', 'default_fallback')
+        env_source = getattr(self.config, 'env_mode', 'default_fallback')
         info_table.add_row("🔍 Env Source", env_source)
         
         info_table.add_row("🌐 Site", LIB_SITE_URL)

django_cfg/core/validation.py

@@ -81,7 +81,7 @@ class ConfigurationValidator:
             errors.append("SECRET_KEY must be at least 50 characters long")
         else:
             # Check for insecure patterns in production
-            if config._environment == 'production':
+            if config.env_mode == 'production':
                 insecure_patterns = [
                     'django-insecure',
                     'change-me',
@@ -110,7 +110,7 @@ class ConfigurationValidator:
                     errors.append(f"Invalid hostname in ALLOWED_HOSTS[{i}]: '{host}'")
             
             # Production-specific validation
-            if config._environment == 'production' and '*' in allowed_hosts:
+            if config.env_mode == 'production' and '*' in allowed_hosts:
                 errors.append("Wildcard '*' in ALLOWED_HOSTS is not recommended for production")
         
         return errors
@@ -143,7 +143,7 @@ class ConfigurationValidator:
         errors = []
         
         # Environment-specific security validation
-        if config._environment == 'production':
+        if config.env_mode == 'production':
             # Allow DEBUG=True in production for development purposes
             pass
         
@@ -161,7 +161,7 @@ class ConfigurationValidator:
         """Validate environment-specific consistency."""
         errors = []
         
-        environment = config._environment
+        environment = config.env_mode
         
         if environment == 'production':
             # Production requirements - allow DEBUG=True for development

django_cfg/management/commands/show_config.py

@@ -100,7 +100,7 @@ class Command(BaseCommand):
         self.stdout.write(self.style.SUCCESS('\n🌍 Environment'))
         self.stdout.write('-' * 40)
         env_data = [
-            ('Environment', getattr(config, '_environment', 'auto-detected')),
+            ('Environment', getattr(config, 'env_mode', 'auto-detected')),
             ('Debug Mode', config.debug),
             ('Security Domains', ', '.join(config.security_domains) if config.security_domains else 'None'),
         ]
@@ -186,7 +186,7 @@ class Command(BaseCommand):
                 'description': getattr(config, 'project_description', None),
             },
             'environment': {
-                'environment': getattr(config, '_environment', 'auto-detected'),
+                'environment': getattr(config, 'env_mode', 'auto-detected'),
                 'debug': config.debug,
                 'allowed_hosts': config.allowed_hosts,
             },

django_cfg/management/commands/tree.py

@@ -97,9 +97,7 @@ class Command(BaseCommand):
             
             # Try to get environment info
             try:
-                env_info = getattr(config, 'environment', 'unknown')
-                if hasattr(config, '_environment'):
-                    env_info = config._environment or 'unknown'
+                env_info = getattr(config, 'env_mode', 'unknown')
                 self.stdout.write(
                     self.style.HTTP_INFO(f"🔧 Environment: {env_info}")
                 )

django_cfg/middleware/__init__.py

@@ -5,7 +5,9 @@ Provides middleware components for Django CFG applications.
 """
 
 from .user_activity import UserActivityMiddleware
+from .static_nocache import StaticNoCacheMiddleware
 
 __all__ = [
     'UserActivityMiddleware',
+    'StaticNoCacheMiddleware',
 ]

django_cfg/middleware/static_nocache.py

@@ -0,0 +1,55 @@
+"""
+Static files no-cache middleware for django-cfg.
+
+Automatically disables caching for static files in development environments
+to prevent browser caching issues during development.
+"""
+
+from django.conf import settings
+from django_cfg.core.config import EnvironmentMode
+
+
+class StaticNoCacheMiddleware:
+    """
+    Middleware to disable caching for static files in development.
+    
+    This ensures that JavaScript and CSS files are always fresh during development,
+    preventing browser caching issues when files are updated.
+    
+    Automatically detects development mode based on:
+    - DEBUG setting
+    - ENV_MODE environment variable
+    """
+    
+    def __init__(self, get_response):
+        self.get_response = get_response
+        
+        # Determine if we should disable caching
+        self.should_disable_cache = self._should_disable_cache()
+
+    def _should_disable_cache(self):
+        """Determine if caching should be disabled based on environment."""
+        # Always disable in DEBUG mode
+        if settings.DEBUG:
+            return True
+            
+        # Check ENV_MODE if available
+        env_mode = getattr(settings, 'ENV_MODE', None)
+        if env_mode == EnvironmentMode.DEVELOPMENT or env_mode == EnvironmentMode.TEST:
+            return True
+            
+        return False
+
+    def __call__(self, request):
+        response = self.get_response(request)
+        
+        # Apply no-cache headers for static files in development
+        if self.should_disable_cache and request.path.startswith('/static/'):
+            response['Cache-Control'] = 'no-store, no-cache, must-revalidate, max-age=0'
+            response['Pragma'] = 'no-cache'
+            response['Expires'] = '0'
+            # Add ETag removal to prevent conditional requests
+            if 'ETag' in response:
+                del response['ETag']
+        
+        return response

django_cfg/models/payments.py

@@ -28,25 +28,23 @@ class PaymentsConfig(BaseModel):
         description="Enable payments middleware"
     )
     
-    api_prefixes: List[str] = Field(
-        default=['/api/'],
-        description="API path prefixes that require authentication"
+    # Whitelist approach - only these paths require API key
+    protected_paths: List[str] = Field(
+        default=[
+            '/api/admin/',  # Admin API endpoints
+            '/api/private/',  # Private API endpoints
+            '/api/secure/',  # Secure API endpoints
+        ],
+        description="Paths that require API key authentication (whitelist approach)"
     )
     
-    exempt_paths: List[str] = Field(
+    protected_patterns: List[str] = Field(
         default=[
-            '/api/payments/create/',
-            '/api/payments/status/',
-            '/api/currencies/rates/',
-            '/api/currencies/supported/',
-            '/api/api-keys/create/',
-            '/api/api-keys/validate/',
-            '/api/health/',
-            '/admin/',
-            '/static/',
-            '/media/',
+            r'^/api/admin/.*$',  # All admin API endpoints
+            r'^/api/private/.*$',  # All private API endpoints  
+            r'^/api/secure/.*$',  # All secure API endpoints
         ],
-        description="Paths exempt from API authentication"
+        description="Regex patterns for paths that require API key authentication"
     )
     
     # Rate limiting defaults

django_cfg/models/security.py

@@ -22,6 +22,20 @@ class SecurityConfig(BaseConfig):
     cors_allow_all_origins: bool = Field(default=False, description="Allow all origins (dev only)")
     cors_allowed_origins: List[str] = Field(default_factory=list, description="Allowed CORS origins")
     cors_allow_credentials: bool = Field(default=True, description="Allow CORS credentials")
+    cors_allow_headers: List[str] = Field(
+        default_factory=lambda: [
+            "accept",
+            "accept-encoding", 
+            "authorization",
+            "content-type",
+            "dnt",
+            "origin",
+            "user-agent",
+            "x-csrftoken",
+            "x-requested-with",
+        ],
+        description="CORS allowed headers with common defaults for API usage",
+    )
     
     # CSRF settings
     csrf_enabled: bool = Field(default=True, description="Enable CSRF protection")
@@ -85,6 +99,7 @@ class SecurityConfig(BaseConfig):
                 'CORS_ALLOW_ALL_ORIGINS': self.cors_allow_all_origins,
                 'CORS_ALLOWED_ORIGINS': self.cors_allowed_origins,
                 'CORS_ALLOW_CREDENTIALS': self.cors_allow_credentials,
+                'CORS_ALLOW_HEADERS': self.cors_allow_headers,
             })
             
             # Add corsheaders to middleware if not present

django_cfg/modules/django_ngrok.py

@@ -299,6 +299,11 @@ def is_ngrok_available_from_env() -> bool:
     return get_ngrok_service().is_ngrok_available_from_env()
 
 
+def is_tunnel_active() -> bool:
+    """Check if ngrok tunnel is actually active."""
+    return get_ngrok_service().is_tunnel_active()
+
+
 def get_effective_tunnel_url() -> Optional[str]:
     """Get effective tunnel URL (from manager or environment)."""
     return get_ngrok_service().get_effective_tunnel_url()
@@ -318,5 +323,6 @@ __all__ = [
     "get_tunnel_url_from_env",
     "get_ngrok_host_from_env",
     "is_ngrok_available_from_env",
+    "is_tunnel_active",
     "get_effective_tunnel_url",
 ]

django_cfg/modules/django_unfold/dashboard.py

@@ -16,9 +16,7 @@ from .models.dashboard import StatCard, StatsCardsWidget
 
 class DashboardManager(BaseCfgModule):
     """
-    Dashboard configuration manager for Unfold.
-    
-    Based on the working configuration from @old/api__old/api/dashboard/unfold_config.py
+    Dashboard configuration manager for Unfold.    
     """
     
     def __init__(self):

django_cfg/utils/smart_defaults.py

@@ -89,7 +89,10 @@ class SmartDefaults:
         cors_allow_headers=None
     ) -> Dict[str, Any]:
         """Get security configuration defaults."""
-        return {
+        from ..models.security import SecurityConfig
+        
+        # Base security settings
+        base_settings = {
             'USE_TZ': True,
             'USE_I18N': True,
             'USE_L10N': True,
@@ -100,6 +103,43 @@ class SmartDefaults:
             'SECURE_HSTS_INCLUDE_SUBDOMAINS': not debug,
             'SECURE_HSTS_PRELOAD': not debug,
         }
+        
+        # Add CORS settings if security domains are configured
+        if security_domains:
+            # Combine default CORS headers with custom ones
+            default_headers = SecurityConfig().cors_allow_headers
+            if cors_allow_headers:
+                # Combine and deduplicate headers
+                all_headers = default_headers + cors_allow_headers
+                seen = set()
+                unique_headers = []
+                for header in all_headers:
+                    if header.lower() not in seen:
+                        seen.add(header.lower())
+                        unique_headers.append(header)
+                final_headers = unique_headers
+            else:
+                final_headers = default_headers
+            
+            # Create SecurityConfig with appropriate settings
+            security_config = SecurityConfig(
+                cors_enabled=True,
+                cors_allow_all_origins=debug or environment == "development",
+                cors_allowed_origins=security_domains if not (debug or environment == "development") else [],
+                cors_allow_credentials=True,
+                cors_allow_headers=final_headers,
+                ssl_redirect=ssl_redirect or False,
+            )
+            
+            # Configure for development if needed
+            if debug or environment == "development":
+                security_config.configure_for_development()
+            
+            # Get Django settings from SecurityConfig
+            cors_settings = security_config.to_django_settings()
+            base_settings.update(cors_settings)
+        
+        return base_settings
     
     @classmethod
     def get_logging_defaults(

{django_cfg-1.3.3.dist-info → django_cfg-1.3.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: django-cfg
-Version: 1.3.3
+Version: 1.3.5
 Summary: 🚀 Next-gen Django configuration: type-safety, AI features, blazing-fast setup, and automated best practices — all in one.
 Project-URL: Homepage, https://djangocfg.com
 Project-URL: Documentation, https://docs.djangocfg.com