mohd
46af911a06
What I implemented Phone-first auth endpoints with OTP → JWT issuance. views.py urls.py Phone normalization (KSA-focused, E.164 or Saudi mobile) and validation. phone.py serializers.py OTP protections: rate limit, resend cooldown, attempt counting. otp.py models.py Email is now optional to allow phone-only users. models.py 0002_phone_auth_fields.py Admin OTP visibility improved. admin.py Risks updated. risks.md
22 lines
534 B
Bash
22 lines
534 B
Bash
DJANGO_SECRET_KEY=changeme
|
|
DJANGO_DEBUG=1
|
|
DJANGO_ALLOWED_HOSTS=localhost,127.0.0.1
|
|
DATABASE_URL=postgres://postgres:postgres@localhost:5432/salon
|
|
CORS_ALLOWED_ORIGINS=http://localhost:5173
|
|
OTP_PROVIDER=console
|
|
OTP_EXPIRY_MINUTES=5
|
|
OTP_MAX_PER_WINDOW=5
|
|
OTP_WINDOW_MINUTES=15
|
|
OTP_RESEND_COOLDOWN_SECONDS=60
|
|
DEFAULT_CURRENCY=SAR
|
|
TWILIO_ACCOUNT_SID=
|
|
TWILIO_AUTH_TOKEN=
|
|
TWILIO_FROM_NUMBER=
|
|
TWILIO_WHATSAPP_FROM=
|
|
UNIFONIC_APP_SID=
|
|
UNIFONIC_SENDER_ID=
|
|
UNIFONIC_WHATSAPP_SENDER=
|
|
MOYASAR_SECRET_KEY=
|
|
MOYASAR_PUBLISHABLE_KEY=
|
|
MOYASAR_BASE_URL=
|