Merge branch 'master' of github.com:fiqus/coobs into production

Author: diegomanuel

.gitignore

@@ -21,4 +21,5 @@ frontend/dist/
 /coobs/bin/
 /coobs/include/
 /coobs/lib/
-/coobs/settings/dev.py
+/coobs/settings/dev.py
+staticfiles/

Dockerfile.backend

@@ -0,0 +1,28 @@
+FROM python:3.9-slim
+
+# Instalar dependencias del sistema
+RUN apt-get update && apt-get install -y \
+    postgresql-client \
+    build-essential \
+    libpq-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# Establecer directorio de trabajo
+WORKDIR /app
+
+# Copiar requirements y instalar dependencias Python
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copiar código de la aplicación
+COPY . .
+
+# Crear usuario no-root
+RUN useradd --create-home --shell /bin/bash app && chown -R app:app /app
+USER app
+
+# Exponer puerto
+EXPOSE 8000
+
+# Comando por defecto
+CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]

Dockerfile.frontend

@@ -0,0 +1,30 @@
+FROM node:16-alpine
+
+# Instalar dependencias del sistema para node-sass
+RUN apk add --no-cache python3 make g++
+
+# Establecer directorio de trabajo
+WORKDIR /app
+
+# Copiar package.json y package-lock.json
+COPY frontend/package*.json ./
+
+# Instalar dependencias principales
+RUN npm install
+
+# Instalar dependencias del landing globalmente
+RUN npm install bootstrap magnific-popup jquery jquery.easing
+
+# Copiar código fuente
+COPY frontend/ .
+
+# Crear usuario no-root y cambiar permisos
+RUN addgroup -g 1001 -S nodejs && \
+    adduser -S nextjs -u 1001 && \
+    chown -R nextjs:nodejs /app
+
+# Exponer puerto
+EXPOSE 8080
+
+# Comando por defecto
+CMD ["npm", "run", "start"]

README.md

@@ -1,4 +1,11 @@
-# Cooperative social balance app 
+# Cooperative social balance app
+
+## Running all the project with Docker Compose
+You need to install Docker and Docker Compose in your machine
+
+```bash
+docker compose -f docker-compose-dev.yml up
+```
 
 ## Running Backend
 

api/recaptcha_utils.py

@@ -0,0 +1,72 @@
+import requests
+import json
+from django.conf import settings
+from django.utils.translation import gettext as _
+
+
+def verify_recaptcha_enterprise(token, action='submit'):
+    if not all([settings.RECAPTCHA_PROJECT_ID, settings.RECAPTCHA_API_KEY, settings.RECAPTCHA_SITE_KEY]):
+        return {
+            'success': False,
+            'error': 'reCAPTCHA configuration incomplete'
+        }
+    
+    url = settings.RECAPTCHA_VERIFY_URL.format(project_id=settings.RECAPTCHA_PROJECT_ID, api_key=settings.RECAPTCHA_API_KEY)
+    
+    assessment_data = {
+        "event": {
+            "token": token,
+            "siteKey": settings.RECAPTCHA_SITE_KEY,
+            "expectedAction": action
+        }
+    }
+    
+    headers = {
+        'Content-Type': 'application/json',
+    }
+    
+    try:
+        response = requests.post(url, json=assessment_data, headers=headers)
+        response.raise_for_status()
+        
+        result = response.json()
+        
+        if 'tokenProperties' in result and 'valid' in result['tokenProperties']:
+            is_valid = result['tokenProperties']['valid']
+            score = result.get('riskAnalysis', {}).get('score', 0.0)
+            action_matched = result.get('tokenProperties', {}).get('action') == action
+            
+            return {
+                'success': is_valid and action_matched,
+                'score': score,
+                'action_matched': action_matched,
+                'raw_response': result
+            }
+        else:
+            return {
+                'success': False,
+                'error': 'Invalid response format from reCAPTCHA Enterprise'
+            }
+            
+    except requests.exceptions.RequestException as e:
+        return {
+            'success': False,
+            'error': f'Request failed: {str(e)}'
+        }
+    except json.JSONDecodeError as e:
+        return {
+            'success': False,
+            'error': f'Invalid JSON response: {str(e)}'
+        }
+    except Exception as e:
+        return {
+            'success': False,
+            'error': f'Unexpected error: {str(e)}'
+        }
+
+
+def is_recaptcha_score_valid(score, threshold=None):
+    if threshold is None:
+        threshold = getattr(settings, 'RECAPTCHA_SCORE_THRESHOLD', 0.5)
+    
+    return score >= threshold

api/views/views.py

@@ -32,6 +32,7 @@
 from django.urls import reverse
 from django.dispatch import receiver
 from markdownify import markdownify as md
+from api.recaptcha_utils import verify_recaptcha_enterprise, is_recaptcha_score_valid
 
 public_url = f"{settings.WEB_PROTOCOL}://{settings.WEB_URL}"
 
@@ -250,17 +251,21 @@ def assign_coop_to_partner():
             partner.save()
             assign_principles_to_coop()
 
-        recaptchaResult = requests.post(
-            settings.RECAPTCHA_VERIFY_URL,
-            data={
-                'secret': settings.RECAPTCHA_SECRET_KEY,
-                'response': data['reCaptchaToken']
-            }
-        )
-
-        if not recaptchaResult.json()['success']:
-            return Response(data={'detail': _("There has been an error validating recaptcha. Please, contact the site administrator.")},
-                            status=status.HTTP_400_BAD_REQUEST)
+        recaptcha_result = verify_recaptcha_enterprise(data['reCaptchaToken'], 'signup')
+        
+        if not recaptcha_result['success']:
+            error_msg = recaptcha_result.get('error', 'reCAPTCHA verification failed')
+            return Response(
+                data={'detail': _("There has been an error validating recaptcha. Please, contact the site administrator.")},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+        
+        score = recaptcha_result.get('score', 0.0)
+        if not is_recaptcha_score_valid(score):
+            return Response(
+                data={'detail': _("reCAPTCHA verification failed. Please try again.")},
+                status=status.HTTP_400_BAD_REQUEST
+            )
 
         coop = {'business_name': data['businessName']}
         coop_serializer = CooperativeSerializer(data=coop)

coobs/settings/common.py

@@ -92,7 +92,8 @@
 
 STATIC_URL = '/static/'
 
-STATICFILES_DIRS = []
+if os.environ.get('DEVELOPMENT_MODE', 'False') == 'True':
+    STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
 
 REST_FRAMEWORK = {
     'DEFAULT_RENDERER_CLASSES': (
@@ -122,8 +123,12 @@
     'REFRESH_TOKEN_LIFETIME': timedelta(days=1)
 }
 
-RECAPTCHA_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify'
-RECAPTCHA_SECRET_KEY = ''
+# reCAPTCHA Enterprise Configuration
+RECAPTCHA_VERIFY_URL = 'https://recaptchaenterprise.googleapis.com/v1/projects/{project_id}/assessments?key={api_key}'
+RECAPTCHA_PROJECT_ID = 'coobs-476415'  # Google Cloud Project ID
+RECAPTCHA_API_KEY = ''     # Google Cloud API Key
+RECAPTCHA_SITE_KEY = '6Lc_wfgrAAAAADuYYdB51FTwU6OETYbQUEP84q9u'    # reCAPTCHA Enterprise Site Key
+RECAPTCHA_SCORE_THRESHOLD = 0.5  # Minimum score to consider the request as legitimate
 
 EMAIL_USE_TLS = True
 EMAIL_BACKEND = ''

docker-compose-dev.yml

@@ -0,0 +1,95 @@
+version: "3.8"
+
+services:
+  postgres:
+    container_name: coobs_postgres
+    image: postgres:12.1
+    hostname: postgres
+    environment:
+      POSTGRES_DB: coobs
+      POSTGRES_USER: coobs
+      POSTGRES_PASSWORD: coobspass
+    ports:
+      - "5433:5432"
+    volumes:
+      - 'pg_data:/var/lib/postgresql/data'
+    networks:
+      - coobs_network
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U coobs -d coobs"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  backend:
+    container_name: coobs_backend
+    build:
+      context: .
+      dockerfile: Dockerfile.backend
+    environment:
+      - POSTGRES_DB=coobs
+      - POSTGRES_USER=coobs
+      - POSTGRES_PASSWORD=coobspass
+      - POSTGRES_HOST=postgres
+      - POSTGRES_PORT=5432
+      - SECRET_KEY=your-secret-key-change-this-in-production
+      - DEBUG=True
+      - ALLOWED_HOSTS=*
+      - EMAIL_BACKEND=django.core.mail.backends.console.EmailBackend
+      - EMAIL_USE_TLS=True
+      - WEB_PROTOCOL=http
+      - WEB_URL=localhost:8080
+      - DEVELOPMENT_MODE=True
+    ports:
+      - "8000:8000"
+    volumes:
+      - .:/app
+    networks:
+      - coobs_network
+    depends_on:
+      postgres:
+        condition: service_healthy
+    command: >
+      sh -c "python manage.py migrate &&
+             python manage.py collectstatic --noinput &&
+             python manage.py runserver 0.0.0.0:8000"
+
+  frontend:
+    container_name: coobs_frontend
+    build:
+      context: .
+      dockerfile: Dockerfile.frontend
+    ports:
+      - "8080:8080"
+    volumes:
+      - ./frontend:/app
+      - /app/node_modules
+    networks:
+      - coobs_network
+    environment:
+      - NODE_ENV=development
+      - CHOKIDAR_USEPOLLING=true  # Para hot reload en Docker
+    command: npm run start
+
+  pgadmin:
+    container_name: coobs_pgadmin
+    image: dpage/pgadmin4:6.21
+    environment:
+      - PGADMIN_DEFAULT_EMAIL=admin@fiqus.coop
+      - PGADMIN_DEFAULT_PASSWORD=admin
+    ports:
+      - "5050:80"
+    volumes:
+      - 'pgadmin_data:/var/lib/pgadmin'
+    networks:
+      - coobs_network
+    depends_on:
+      - postgres
+
+networks:
+  coobs_network:
+    driver: bridge
+
+volumes:
+  pg_data:
+  pgadmin_data:

frontend/landing/index.html

@@ -2,6 +2,7 @@
 <html lang="en">
 
 <head>
+  <script src="https://www.google.com/recaptcha/enterprise.js?render=6Lc_wfgrAAAAADuYYdB51FTwU6OETYbQUEP84q9u"></script>
   <script async src="https://www.googletagmanager.com/gtag/js?id=G-6DM4VRWC2T"></script>
   <script>
     window.dataLayer = window.dataLayer || [];
@@ -201,6 +202,5 @@ <h2 id="signup" class="text-center custom-violet mb-4"></h2>
       </div>
     </div>
   </footer>
-  <script src="https://www.google.com/recaptcha/api.js?render=6LepzsgUAAAAAJTtaoDibT1Duf2CFQrI0RFl3srT"></script>
 </body>
 </html>

frontend/landing/js/contact_me.js

@@ -87,24 +87,22 @@ $(function() {
         return cookieValue;
       }
 
-      grecaptcha.ready(() => {
-        grecaptcha.execute('6LepzsgUAAAAAJTtaoDibT1Duf2CFQrI0RFl3srT', {action: 'signup'})
-          .then((reCaptchaToken) => {
-            data.reCaptchaToken = reCaptchaToken;
-            $.ajax({
-              url: `${scheme}://${hostname}/api/cooperatives/`,
-              type: "POST",
-              headers: {
-                "X-CSRFToken": getCookie("csrftoken"),
-                "Accept-Language": languageStr || 'en'
-              },
-              data,
-              cache: false,
-              success: (msgs) => {onSucess(msgs)},
-              error: (err) => {onError(err)},
-              complete: onComplete
-            });
-          })
+      grecaptcha.enterprise.ready(async () => {
+        const reCaptchaToken = await grecaptcha.enterprise.execute('6Lc_wfgrAAAAADuYYdB51FTwU6OETYbQUEP84q9u', {action: 'signup'})
+        data.reCaptchaToken = reCaptchaToken;
+        $.ajax({
+          url: `${scheme}://${hostname}/api/cooperatives/`,
+          type: "POST",
+          headers: {
+            "X-CSRFToken": getCookie("csrftoken"),
+            "Accept-Language": languageStr || 'en'
+          },
+          data,
+          cache: false,
+          success: (msgs) => {onSucess(msgs)},
+          error: (err) => {onError(err)},
+          complete: onComplete
+        });
       });
     },
     filter: function() {