Fixing PLans page

2025-12-08 14:12:08 +00:00
parent da3b45d1c7
commit 144e955b92
24 changed files with 1992 additions and 1105 deletions
--- a/backend/igny8_core/settings.py
+++ b/backend/igny8_core/settings.py
@@ -80,6 +80,15 @@ USE_SECURE_COOKIES = os.getenv('USE_SECURE_COOKIES', 'False').lower() == 'true'
 SESSION_COOKIE_SECURE = USE_SECURE_COOKIES
 CSRF_COOKIE_SECURE = USE_SECURE_COOKIES

+# CRITICAL: Session isolation to prevent contamination
+SESSION_COOKIE_NAME = 'igny8_sessionid'  # Custom name to avoid conflicts
+SESSION_COOKIE_HTTPONLY = True  # Prevent JavaScript access
+SESSION_COOKIE_SAMESITE = 'Strict'  # Prevent cross-site cookie sharing
+SESSION_COOKIE_AGE = 86400  # 24 hours
+SESSION_SAVE_EVERY_REQUEST = False  # Don't update session on every request (reduces DB load)
+SESSION_COOKIE_PATH = '/'  # Explicit path
+# Don't set SESSION_COOKIE_DOMAIN - let it default to current domain for strict isolation
+
 MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'whitenoise.middleware.WhiteNoiseMiddleware',
@@ -228,39 +237,9 @@ REST_FRAMEWORK = {
    # Unified API Standard v1.0: Exception handler enabled by default
    # Set IGNY8_USE_UNIFIED_EXCEPTION_HANDLER=False to disable
    'EXCEPTION_HANDLER': 'rest_framework.views.exception_handler' if os.getenv('IGNY8_USE_UNIFIED_EXCEPTION_HANDLER', 'True').lower() == 'false' else 'igny8_core.api.exception_handlers.custom_exception_handler',
-    # Rate limiting - configured but bypassed in DEBUG mode
-    'DEFAULT_THROTTLE_CLASSES': [
-        'igny8_core.api.throttles.DebugScopedRateThrottle',
-    ],
-    'DEFAULT_THROTTLE_RATES': {
-        # AI Functions - Expensive operations (kept modest but higher to reduce false 429s)
-        'ai_function': '60/min',
-        'image_gen': '90/min',
-        # Content Operations
-        'content_write': '180/min',
-        'content_read': '600/min',
-        # Authentication
-        'auth': '300/min',                  # Login, register, password reset
-        'auth_strict': '120/min',           # Sensitive auth operations
-        'auth_read': '600/min',             # Read-only auth-adjacent endpoints (e.g., subscriptions, industries)
-        # Planner Operations
-        'planner': '300/min',
-        'planner_ai': '60/min',
-        # Writer Operations
-        'writer': '300/min',
-        'writer_ai': '60/min',
-        # System Operations
-        'system': '600/min',
-        'system_admin': '120/min',
-        # Billing Operations
-        'billing': '180/min',
-        'billing_admin': '60/min',
-        'linker': '180/min',
-        'optimizer': '60/min',
-        'integration': '600/min',
-        # Default fallback
-        'default': '600/min',
-    },
+    # Rate limiting - DISABLED
+    'DEFAULT_THROTTLE_CLASSES': [],
+    'DEFAULT_THROTTLE_RATES': {},
    # OpenAPI Schema Generation (drf-spectacular)
    'DEFAULT_SCHEMA_CLASS': 'drf_spectacular.openapi.AutoSchema',
 }