# app/config.py """ Глобальная конфигурация Flask-приложения. Все секреты читаются из .env (python-dotenv). """ from pathlib import Path from datetime import timedelta import os from dotenv import load_dotenv # ── .env загрузка ─────────────────────────────────────────────────── BASE_DIR = Path(__file__).resolve().parent # …/app ENV_PATH = BASE_DIR.parent / ".env" # проект/.env load_dotenv(ENV_PATH) def _bool(val: str | None, default=False) -> bool: if val is None: return default return str(val).lower() in ("1", "true", "yes", "on") class Config: # ── Flask секция ─────────────────────────────────────────────── SECRET_KEY = os.getenv("SECRET_KEY") if not SECRET_KEY: raise RuntimeError("SECRET_KEY must be set in .env") # ── Uploads ──────────────────────────────────────────────────── MAX_CONTENT_LENGTH = 20 * 1024 * 1024 # 20 МБ UPLOAD_FOLDER = (BASE_DIR / "../var/uploads").resolve() UPLOAD_FOLDER.mkdir(parents=True, exist_ok=True) # ── Sessions ─────────────────────────────────────────────────── SESSION_TYPE = os.getenv("SESSION_TYPE", "redis") # redis | filesystem SESSION_REDIS_URL = os.getenv("REDIS_URL", "redis://:Erik456_debul.ua21@127.0.0.1:6379/0") PERMANENT_SESSION_LIFETIME = timedelta( hours=int(os.getenv("SESSION_HOURS", "6")) ) SESSION_COOKIE_SECURE = _bool(os.getenv("COOKIE_SECURE", "1")) SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_SAMESITE = os.getenv("COOKIE_SAMESITE", "Lax") if SESSION_TYPE == "redis": SESSION_REDIS = os.getenv("REDIS_URL", "redis://:Erik456_debul.ua21@127.0.0.1:6379/0") else: # filesystem SESSION_FILE_DIR = (BASE_DIR / "../flask_sessions").resolve() SESSION_FILE_DIR.mkdir(parents=True, exist_ok=True) # ── Security headers ─────────────────────────────────────────── TALISMAN_CSP = { "default-src": ["'self'"], "script-src": [ "'self'", "'unsafe-inline'", "https://cdn.jsdelivr.net", "https://unpkg.com", ], "script-src-elem": [ "'self'", "'unsafe-inline'", "https://cdn.jsdelivr.net", "https://unpkg.com", ], "style-src": [ "'self'", "'unsafe-inline'", "https://cdn.jsdelivr.net", "https://fonts.googleapis.com", ], "style-src-elem": [ "'self'", "'unsafe-inline'", "https://cdn.jsdelivr.net", "https://fonts.googleapis.com", ], "font-src": [ "'self'", "https://fonts.gstatic.com", ], "img-src": [ "'self'", "data:", ], "connect-src": [ "'self'", ], "frame-src": [ "'self'", ], "object-src": [ "'none'", ], } TALISMAN_FORCE_HTTPS = _bool(os.getenv("FORCE_HTTPS", "1")) RATELIMIT_HEADERS_ENABLED = True # ── SQLAlchemy ─────────────────────────────── SQLALCHEMY_DATABASE_URI = os.getenv("DATABASE_URL", "") SQLALCHEMY_TRACK_MODIFICATIONS = False # ── Старый PyMySQL fallback ──────────── DB_HOST = os.getenv("DB_HOST") DB_PORT = int(os.getenv("DB_PORT", "3306")) if os.getenv("DB_PORT") else None DB_USER = os.getenv("DB_USER") DB_PASSWORD = os.getenv("DB_PASSWORD") DB_NAME = os.getenv("DB_NAME") # ── Бизнес-логика ────────────────────────────────────────────── PLAN_LIMITS = {"start": 10, "business": 50, "pro_plus": None} ALL_BANKS = { "privat_pdf": "ПРИВАТ БАНК", "taskombank_pdf":"ТАСКОМ БАНК", "monobank_pdf": "МОНОБАНК", "mtbbank_pdf": "МТБ БАНК", "ukrgasbank_pdf":"УКР ГАЗ БАНК", "raiffeisen_pdf":"РАЙФАЙЗЕН БАНК", "sensebank_pdf":"СЕНС БАНК", } class DevConfig(Config): SESSION_COOKIE_SECURE = True TALISMAN_FORCE_HTTPS = True SQLALCHEMY_ECHO = True class ProdConfig(Config): pass