chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
7ab2ff1be2bedbd20ed5bad803485f6cb754ae75
resolutionflow/backend/app/core/config.py
chihlasm 4ccb93ee31 feat: add account-based subscription model with migrations 
Transition from team-based to account-based multi-tenancy (Free/Pro/Team).
Migrations 016-020 create accounts, subscriptions, plan_limits, and
account_invites tables, then migrate existing users and content FKs.

New models: Account, Subscription, PlanLimits, AccountInvite.
Updated models add account_id alongside existing team_id (coexistence
for safe two-PR deployment). Permissions and deps refactored for
account_role instead of is_team_admin.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 02:38:47 -05:00

95 lines
3.3 KiB
Python
Raw Blame History

from pydantic_settings import BaseSettings
from pydantic import field_validator
from typing import Optional
_DEFAULT_SECRET_KEY = "your-secret-key-change-in-production-use-openssl-rand-hex-32"
class Settings(BaseSettings):
# Application
APP_NAME: str = "ResolutionFlow"
DEBUG: bool = False
API_V1_PREFIX: str = "/api/v1"
# Database - Railway provides DATABASE_URL, we convert it for asyncpg
DATABASE_URL: str = "postgresql+asyncpg://postgres:postgres@localhost:5432/patherly"
@field_validator("DATABASE_URL", mode="before")
@classmethod
def convert_database_url(cls, v: str) -> str:
"""Convert standard postgres URL to asyncpg format."""
if v.startswith("postgresql://"):
return v.replace("postgresql://", "postgresql+asyncpg://", 1)
return v
@property
def DATABASE_URL_SYNC(self) -> str:
"""Get sync URL by removing asyncpg prefix from DATABASE_URL."""
return self.DATABASE_URL.replace("postgresql+asyncpg://", "postgresql://", 1)
# JWT Settings
SECRET_KEY: str = _DEFAULT_SECRET_KEY
@field_validator("SECRET_KEY", mode="after")
@classmethod
def reject_default_secret_in_production(cls, v: str, info) -> str:
"""Fail loudly if the default secret key is used outside of DEBUG mode."""
debug = info.data.get("DEBUG", False)
if v == _DEFAULT_SECRET_KEY and not debug:
raise ValueError(
"SECRET_KEY must be set to a secure value in production. "
"Generate one with: openssl rand -hex 32"
)
return v
ALGORITHM: str = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES: int = 5
REFRESH_TOKEN_EXPIRE_DAYS: int = 7
# Security
BCRYPT_ROUNDS: int = 12
# Registration
REQUIRE_INVITE_CODE: bool = True # Set to False to allow open registration
# Stripe
STRIPE_SECRET_KEY: Optional[str] = None
STRIPE_PUBLISHABLE_KEY: Optional[str] = None
STRIPE_WEBHOOK_SECRET: Optional[str] = None
@property
def stripe_enabled(self) -> bool:
"""Check if Stripe is configured."""
return self.STRIPE_SECRET_KEY is not None and self.STRIPE_WEBHOOK_SECRET is not None
# CORS - set FRONTEND_URL in production (e.g., https://patherly.up.railway.app)
CORS_ORIGINS: list[str] = ["http://localhost:3000", "http://localhost:5173", "http://localhost:5174"]
FRONTEND_URL: Optional[str] = None
# Allow all Railway PR environments (set to True in Railway env vars)
ALLOW_RAILWAY_ORIGINS: bool = False
@property
def allowed_origins(self) -> list[str]:
"""Get all allowed CORS origins including FRONTEND_URL if set."""
origins = self.CORS_ORIGINS.copy()
if self.FRONTEND_URL and self.FRONTEND_URL not in origins:
origins.append(self.FRONTEND_URL)
return origins
def is_origin_allowed(self, origin: str) -> bool:
"""Check if an origin is allowed, including Railway wildcard pattern."""
if origin in self.allowed_origins:
return True
# Allow any *.up.railway.app origin for PR environments
if self.ALLOW_RAILWAY_ORIGINS and origin.endswith(".up.railway.app"):
return True
return False
class Config:
env_file = ".env"
case_sensitive = True
extra = "ignore" # Ignore extra env vars like DATABASE_URL_SYNC
settings = Settings()
Reference in New Issue View Git Blame Copy Permalink