settings.py 7.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201
  1. """
  2. Django settings for config project.
  3. Generated by 'django-admin startproject' using Django 5.2.1.
  4. For more information on this file, see
  5. https://docs.djangoproject.com/en/5.2/topics/settings/
  6. For the full list of settings and their values, see
  7. https://docs.djangoproject.com/en/5.2/ref/settings/
  8. """
  9. import os
  10. from pathlib import Path # Path 通常也在顶部
  11. from pathlib import Path
  12. from datetime import timedelta # 确保这行在 settings.py 文件顶部
  13. # Build paths inside the project like this: BASE_DIR / 'subdir'.
  14. BASE_DIR = Path(__file__).resolve().parent.parent
  15. # Quick-start development settings - unsuitable for production
  16. # See https://docs.djangoproject.com/en/5.2/howto/deployment/checklist/
  17. # SECURITY WARNING: keep the secret key used in production secret!
  18. SECRET_KEY = "django-insecure-12o%i9mzoyn8ua+j#l!8fed0-4d&y$x3%vtk00y82@97f9702+"
  19. # SECURITY WARNING: don't run with debug turned on in production!
  20. DEBUG = True
  21. ALLOWED_HOSTS = []
  22. # Application definition
  23. INSTALLED_APPS = [
  24. 'django.contrib.admin',
  25. 'django.contrib.auth',
  26. 'django.contrib.contenttypes',
  27. 'django.contrib.sessions',
  28. 'django.contrib.messages',
  29. 'django.contrib.staticfiles',
  30. 'rest_framework',
  31. 'rest_framework_simplejwt',
  32. 'accounts',
  33. 'groups.apps.GroupsConfig', # <--- 确保是这个,并且没有拼写错误
  34. ]
  35. MIDDLEWARE = [
  36. "django.middleware.security.SecurityMiddleware",
  37. "django.contrib.sessions.middleware.SessionMiddleware",
  38. "django.middleware.common.CommonMiddleware",
  39. "django.middleware.csrf.CsrfViewMiddleware",
  40. "django.contrib.auth.middleware.AuthenticationMiddleware",
  41. "django.contrib.messages.middleware.MessageMiddleware",
  42. "django.middleware.clickjacking.XFrameOptionsMiddleware",
  43. ]
  44. ROOT_URLCONF = "config.urls"
  45. TEMPLATES = [
  46. {
  47. "BACKEND": "django.template.backends.django.DjangoTemplates",
  48. "DIRS": [],
  49. "APP_DIRS": True,
  50. "OPTIONS": {
  51. "context_processors": [
  52. "django.template.context_processors.request",
  53. "django.contrib.auth.context_processors.auth",
  54. "django.contrib.messages.context_processors.messages",
  55. ],
  56. },
  57. },
  58. ]
  59. WSGI_APPLICATION = "config.wsgi.application"
  60. # Database
  61. # https://docs.djangoproject.com/en/5.2/ref/settings/#databases
  62. DATABASES = {
  63. 'default': {
  64. 'ENGINE': 'django.db.backends.postgresql',
  65. 'NAME': 'tongqu_v2_db', # 你创建的数据库名
  66. 'USER': 'postgres', # 你的PostgreSQL用户名 (如果是默认超级用户)
  67. # 或者 'tongqu_v2_user' (如果你创建了专用用户)
  68. 'PASSWORD': '20030316', # 你的PostgreSQL密码
  69. 'HOST': 'localhost', # 或者 '127.0.0.1'
  70. 'PORT': '5432', # PostgreSQL默认端口
  71. }
  72. }
  73. # Password validation
  74. # https://docs.djangoproject.com/en/5.2/ref/settings/#auth-password-validators
  75. AUTH_PASSWORD_VALIDATORS = [
  76. {
  77. "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
  78. },
  79. {
  80. "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
  81. },
  82. {
  83. "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
  84. },
  85. {
  86. "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
  87. },
  88. ]
  89. # Internationalization
  90. # https://docs.djangoproject.com/en/5.2/topics/i18n/
  91. LANGUAGE_CODE = 'zh-hans'
  92. TIME_ZONE = 'Asia/Shanghai'
  93. USE_I18N = True
  94. USE_TZ = True
  95. # Static files (CSS, JavaScript, Images)
  96. # https://docs.djangoproject.com/en/5.2/howto/static-files/
  97. STATIC_URL = 'static/'
  98. # Django 在开发时查找静态文件的目录列表
  99. STATICFILES_DIRS = [
  100. os.path.join(BASE_DIR, 'static'), # 我们将在项目根目录创建这个 'static' 文件夹
  101. ]
  102. # `collectstatic` 命令收集静态文件到这个目录,主要用于生产环境
  103. STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles_collected')
  104. # Default primary key field type
  105. # https://docs.djangoproject.com/en/5.2/ref/settings/#default-auto-field
  106. DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
  107. STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles_collected') # 运行 collectstatic 时文件的存放位置
  108. STATICFILES_DIRS = [
  109. os.path.join(BASE_DIR, 'static'), # 项目级static文件夹
  110. ]
  111. MEDIA_URL = '/media/'
  112. MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
  113. AUTH_USER_MODEL = 'accounts.CustomUser'
  114. from datetime import timedelta # 确保在文件顶部导入
  115. REST_FRAMEWORK = {
  116. 'DEFAULT_AUTHENTICATION_CLASSES': (
  117. 'rest_framework_simplejwt.authentication.JWTAuthentication', # 使用JWT进行API认证
  118. # 如果你希望在浏览器中测试API时也能使用Django的session认证(比如DRF的可浏览API),可以取消下面这行的注释
  119. # 'rest_framework.authentication.SessionAuthentication',
  120. ),
  121. 'DEFAULT_PERMISSION_CLASSES': (
  122. 'rest_framework.permissions.IsAuthenticated', # 默认情况下,所有API端点都需要用户进行身份验证
  123. # 除非在视图中明确设置了 permission_classes = [permissions.AllowAny] (例如注册和登录接口)
  124. ),
  125. # 你可以根据需要添加其他全局DRF设置,例如:
  126. # 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
  127. # 'PAGE_SIZE': 10, # 每页返回10条数据
  128. # 'DEFAULT_RENDERER_CLASSES': ( # API的默认输出格式
  129. # 'rest_framework.renderers.JSONRenderer',
  130. # # 'rest_framework.renderers.BrowsableAPIRenderer', # 如果你想在浏览器中看到可浏览的API界面 (通常DEBUG=True时自动启用)
  131. # ),
  132. # 'DEFAULT_PARSER_CLASSES': ( # API接受的输入格式
  133. # 'rest_framework.parsers.JSONParser',
  134. # 'rest_framework.parsers.FormParser',
  135. # 'rest_framework.parsers.MultiPartParser', # 支持文件上传
  136. # )
  137. }
  138. SIMPLE_JWT = {
  139. 'ACCESS_TOKEN_LIFETIME': timedelta(minutes=60), # Access Token 的有效期,例如 60 分钟
  140. 'REFRESH_TOKEN_LIFETIME': timedelta(days=1), # Refresh Token 的有效期,例如 1 天
  141. 'ROTATE_REFRESH_TOKENS': False, # 如果为True, 每次刷新token时,旧的refresh token会失效,返回一个新的
  142. 'BLACKLIST_AFTER_ROTATION': True, # 和上面配合使用
  143. 'UPDATE_LAST_LOGIN': True, # 成功获取token后是否更新用户的 last_login 字段
  144. 'ALGORITHM': 'HS256',
  145. 'SIGNING_KEY': SECRET_KEY, # 使用Django的 SECRET_KEY 来签名JWT
  146. 'VERIFYING_KEY': None,
  147. 'AUDIENCE': None,
  148. 'ISSUER': None,
  149. 'JWK_URL': None,
  150. 'LEEWAY': 0,
  151. 'AUTH_HEADER_TYPES': ('Bearer',), # 期望在Authorization头中看到的类型,例如 "Bearer <token>"
  152. 'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION',
  153. 'USER_ID_FIELD': 'id', # 你的 CustomUser 模型中用作主键的字段名
  154. 'USER_ID_CLAIM': 'user_id', # JWT payload 中代表用户ID的claim名称
  155. 'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
  156. 'TOKEN_TYPE_CLAIM': 'token_type',
  157. 'TOKEN_USER_CLASS': 'rest_framework_simplejwt.models.TokenUser',
  158. 'JTI_CLAIM': 'jti',
  159. # 如果你想自定义token payload中包含的内容,可以使用下面这个(需要写自定义的Token序列化器)
  160. # 'TOKEN_OBTAIN_SERIALIZER': 'your_app.serializers.MyTokenObtainPairSerializer',
  161. }