# Environment Variables ## Purpose List environment variables that influence runtime behavior, taken directly from `settings.py` and related auth/Celery configuration. ## Code Locations (exact paths) - Primary definitions and defaults: `backend/igny8_core/settings.py` - JWT helpers: `backend/igny8_core/auth/utils.py` ## High-Level Responsibilities - Configure secrets, debug flags, DB connections, CORS, auth, Celery, and billing providers without code changes. ## Detailed Behavior - Core flags: - `SECRET_KEY` (required for production) - `DEBUG` (enables debug when set to true) - `IGNY8_DEBUG_THROTTLE` (bypass rate limiting when true; defaults to `DEBUG`) - `IGNY8_USE_UNIFIED_EXCEPTION_HANDLER` (controls custom DRF exception handler; enabled by default) - `USE_SITE_BUILDER_REFACTOR` (feature flag for site builder) - `USE_SECURE_COOKIES` (sets session/CSRF secure cookies) - `USE_SECURE_PROXY_HEADER` (enables `SECURE_PROXY_SSL_HEADER`) - `USE_X_FORWARDED_HOST` is disabled by default; no env provided. - Database selection (PostgreSQL default with SQLite fallbacks): - `DATABASE_URL` (parsed for engine/user/pass/host/port/name; supports postgres or sqlite) - `DB_ENGINE` (forces sqlite when set to sqlite/sqlite3) - `DJANGO_FORCE_POSTGRES` (force Postgres even in debug) - `DB_NAME`, `DB_USER`, `DB_PASSWORD`, `DB_HOST`, `DB_PORT` (used when `DATABASE_URL` not provided) - `USE_SQLITE` and `SQLITE_NAME` (explicit sqlite override) - CORS/hosts: - CORS origins are hardcoded; no env toggle beyond `DEBUG`. Trusted CSRF origins are static in settings. - Auth/JWT: - `JWT_SECRET_KEY` (defaults to `SECRET_KEY`) - `JWT_ALGORITHM` (defaults to HS256) - `JWT_ACCESS_TOKEN_EXPIRY` (timedelta in settings; default 15 minutes) - `JWT_REFRESH_TOKEN_EXPIRY` (default 30 days) - Celery/Redis: - `CELERY_BROKER_URL` (defaults to `redis://{REDIS_HOST}:{REDIS_PORT}/0`) - `CELERY_RESULT_BACKEND` (defaults to same as broker) - `REDIS_HOST`, `REDIS_PORT` (defaults redis:6379) - `REDIS_SENTINEL_ENABLED` (when true, adds sentinel backend options) - `REDIS_SSL_ENABLED` (enables Redis backend SSL) - Feature/config paths: - `PUBLISH_SYNC_LOG_DIR` is derived; no env override. - Payments: - `STRIPE_PUBLIC_KEY`, `STRIPE_SECRET_KEY`, `STRIPE_WEBHOOK_SECRET` - `PAYPAL_CLIENT_ID`, `PAYPAL_CLIENT_SECRET`, `PAYPAL_API_BASE` (defaults to sandbox base) - Rate limiting and throttles: - Scopes are defined in settings; toggling is via `IGNY8_DEBUG_THROTTLE`. - Security/Cookies: - `USE_SECURE_COOKIES`, `USE_SECURE_PROXY_HEADER` control secure cookie and proxy behavior. ## Data Structures / Models Involved (no code) - None; variables configure runtime services used by auth, database, Celery, and billing. ## Execution Flow - Django reads env vars at import of `settings.py`; defaults apply when unset. - Token helpers read JWT secrets/algorithms/expiries for generation and validation. - Celery settings are consumed by workers/beat at startup. ## Cross-Module Interactions - Auth stack uses JWT settings and secrets. - Account middleware uses plan validation; DB settings drive tenancy storage. - Celery settings affect AI/automation/publishing/billing tasks. - Stripe/PayPal keys are consumed by billing modules. ## State Transitions (if applicable) - Changes to env vars take effect on process restart; token expiry/secret changes invalidate existing tokens accordingly. ## Error Handling - Missing/invalid DB env falls back to defaults (SQLite in debug unless forced). - Missing JWT secret falls back to `SECRET_KEY`; an absent secret raises errors during decode if unset. ## Tenancy Rules - Env vars do not alter tenancy logic; they configure infrastructure supporting it. ## Billing Rules (if applicable) - Stripe/PayPal keys must be present for payment webhooks/operations; plan enforcement itself is not env-driven. ## Background Tasks / Schedulers (if applicable) - Celery broker/backend URLs and Redis options come from env; task timeouts and serializer are fixed in settings. ## Key Design Considerations - Favor explicit env configuration for production (secrets, DB, Redis, Stripe/PayPal). - Keep debug-only flags (`DEBUG`, `IGNY8_DEBUG_THROTTLE`) off in production. - Use `DATABASE_URL` for portability; fallback logic supports sqlite for local dev. ## How Developers Should Work With This Module - Set required secrets (`SECRET_KEY`, `JWT_SECRET_KEY`, Stripe/PayPal keys) before deploying. - Choose DB via `DATABASE_URL` or explicit `DB_*` vars; avoid sqlite in production unless intentional. - Configure Redis URLs for Celery in non-dev environments. - Restart services after changing env vars to apply new configuration.