Refactor Docker and Django configuration

- Update Dockerfile to use Python 3.11-slim and optimize build steps
- Remove Dockerfile.prod and update docker-compose.yml
- Remove entrypoint.sh and twilio dependency
- Modify Django settings for production security and configuration
- Update user serializer to include group permissions
- Enhance CSRF and SSL configuration settings

Dockerfile

@@ -3,7 +3,7 @@
 ###########
 
 # pull official base image
-FROM python:3.11.4-slim-buster AS builder
+FROM python:3.11-slim AS builder
 
 # set work directory
 WORKDIR /app
@@ -14,7 +14,9 @@ ENV PYTHONUNBUFFERED 1
 
 # install system dependencies
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends gcc
+    apt-get install -y --no-install-recommends gcc && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 
 # lint
 RUN pip install --upgrade pip
@@ -30,7 +32,7 @@ RUN pip wheel --no-cache-dir --no-deps --wheel-dir /app/wheels -r requirements.t
 #########
 
 # pull official base image
-FROM python:3.11.4-slim-buster
+FROM python:3.11-slim
 
 # create directory for the app user
 RUN mkdir -p /home/app
@@ -39,15 +41,15 @@ RUN mkdir -p /home/app
 RUN addgroup --system app && adduser --system --group app
 
 # create the appropriate directories
-ENV HOME=/home/app
-ENV APP_HOME=/home/app/api
-RUN mkdir $APP_HOME
-RUN mkdir $APP_HOME/staticfiles
-RUN chmod -R 777 $APP_HOME/staticfiles
-WORKDIR $APP_HOME
+RUN mkdir -p /home/app/api/staticfiles
+RUN chmod -R 777 /home/app/api/staticfiles
+WORKDIR /home/app/api
 
 # install dependencies
-RUN apt-get update && apt-get install -y --no-install-recommends netcat
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends netcat-openbsd && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 COPY --from=builder /app/wheels /wheels
 COPY --from=builder /app/requirements.txt .
 RUN pip install --upgrade pip
@@ -55,14 +57,14 @@ RUN pip install --no-cache /wheels/*
 
 # copy entrypoint.prod.sh
 COPY ./entrypoint.prod.sh .
-RUN sed -i 's/\r$//g'  $APP_HOME/entrypoint.prod.sh
-RUN chmod +x  $APP_HOME/entrypoint.prod.sh
+RUN sed -i 's/\r$//g'  /home/app/api/entrypoint.prod.sh
+RUN chmod +x  /home/app/api/entrypoint.prod.sh
 
 # copy project
-COPY . $APP_HOME
+COPY . /home/app/api
 
 # chown all the files to the app user
-RUN chown -R app:app $APP_HOME
+RUN chown -R app:app /home/app/api
 
 # change to the app user
 USER app

api/serializers.py

@@ -1,6 +1,7 @@
 from knox.models import AuthToken
 from django.contrib.auth import authenticate
 from api.models import User, Atoll, Island
+from django.contrib.auth.models import Permission
 
 from rest_framework import serializers
 
@@ -11,10 +12,20 @@ class CustomUserSerializer(serializers.ModelSerializer):
     user_permissions = serializers.SerializerMethodField()
 
     def get_user_permissions(self, instance):
-        permission_ids = instance.user_permissions.all()
+        # Fetch user's direct permissions
+        user_permissions = instance.user_permissions.all()
+
+        # Fetch permissions from groups
+        group_permissions = instance.groups.values_list("permissions", flat=True)
+
+        # Combine both permissions
+        all_permissions = user_permissions | Permission.objects.filter(
+            id__in=group_permissions
+        )
+
         return [
             {"id": permission.id, "name": permission.name}
-            for permission in permission_ids
+            for permission in all_permissions.distinct()
         ]
 
     class Meta:  # type: ignore
@@ -22,10 +33,11 @@ class CustomUserSerializer(serializers.ModelSerializer):
         fields = (
             "id",
             "username",
-            "email",
             "user_permissions",
+            "id_card",
             "first_name",
             "last_name",
+            "email",
             "last_login",
             "date_joined",
             "is_superuser",

apibase/settings.py

@@ -31,8 +31,7 @@ SECRET_KEY = config("SECRET_KEY")
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = config("DEBUG", cast=bool)
 
-if not DEBUG:
-    ALLOWED_HOSTS = str(config("DJANGO_ALLOWED_HOSTS", cast=str)).split(" ")
+
 if DEBUG:
     INTERNAL_IPS = [
         "127.0.0.1",
@@ -318,16 +317,16 @@ logging.config.dictConfig(
 )
 
 if not DEBUG:
-    SECURE_SSL_REDIRECT = True
+    SECURE_SSL_REDIRECT = config("DJANGO_SECURE_SSL_REDIRECT", cast=bool)
     SESSION_COOKIE_SECURE = True
     CSRF_COOKIE_SECURE = True
     SECURE_HSTS_SECONDS = config("SECURE_HSTS_SECONDS", cast=int)
     SECURE_HSTS_INCLUDE_SUBDOMAINS = True
     SECURE_HSTS_PRELOAD = True
-    CSRF_TRUSTED_ORIGINS = [config("CSRF_ALLOWED_HOST")]
+    CSRF_TRUSTED_ORIGINS = [config("CSRF_TRUSTED_ORIGINS")]
     CSRF_COOKIE_DOMAIN = config("CSRF_COOKIE_DOMAIN")
     SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
-
+    ALLOWED_HOSTS = str(config("ALLOWED_HOSTS", cast=str)).split(" ")
 
 EMAIL_BACKEND = (
     "django.core.mail.backends.smtp.EmailBackend"  # Replace with your preferred backend

docker-compose.yml

@@ -2,7 +2,6 @@ services:
   api:
     build:
       context: .
-      dockerfile: Dockerfile.prod
     restart: always
     command: gunicorn apibase.wsgi:application --bind 0.0.0.0:5000 --workers=2
     volumes:

entrypoint.sh

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-if [ "$DATABASE" = "postgres" ]
-then
-    echo "Waiting for postgres..."
-
-    while ! nc -z $POSTGRES_HOST $POSTGRES_PORT; do
-      sleep 0.1
-    done
-
-    echo "PostgreSQL started"
-fi
-
-exec "$@"

requirements.txt

@@ -85,7 +85,6 @@ svglib==1.5.1
 tinycss2==1.2.1
 tomli==2.0.2
 toposort==1.10
-twilio==9.3.7
 types-pyyaml==6.0.12.20240917
 types-requests==2.32.0.20241016
 typing-extensions==4.12.2