About

Backend of our project, made using Django Rest Framework. Used to evaluate a fair division using Fairpy implementations as well as to save/restore user sessions using Firebase database.
Deployed with Render.

Running and Installing Guide

• Clone Repository
  git clone https://github.com/FairCoalitionCasesDistributionProject/Backend.git

• Virtual Environment Setup
  It is strongly recommended to use python virtual environment. For more information.

  • Installation
    pip install --user virtualenv

  • Creation
    python -m venv env

  • Activation
    .\env\Scripts\activate

• For Linux
  

  • Install the virtual environment
    pip install virtualenv

  • Creation
    virtualenv env

  • Activation
    source env/bin/activate

• Dependencies installation pip install -r requirements.txt

Environment Variables Setup

This project uses environment variables for all sensitive configuration. You must create a .env file in the project root before running the server.

You can copy the template:

cp env.example .env

Then fill in all required values (see below).

Required Environment Variables

• DJANGO_SECRET_KEY - Django secret key (generate with python generate_secret_key.py)
• DEBUG - Set to False for production
• ALLOWED_HOSTS - Comma-separated list of allowed hosts
• CORS_ALLOWED_ORIGINS - Comma-separated list of allowed CORS origins
• DATABASE_URL - (Optional) Production database URL
• Firebase Configuration:
  • FIREBASE_API_KEY
  • FIREBASE_AUTH_DOMAIN
  • FIREBASE_PROJECT_ID
  • FIREBASE_STORAGE_BUCKET
  • FIREBASE_MESSAGING_SENDER_ID
  • FIREBASE_APP_ID
  • FIREBASE_DATABASE_URL

Never commit your .env file or secrets to version control!

Generating a Secure Secret Key

Run the following script to generate a secure Django secret key:

python generate_secret_key.py

Copy the output and paste it into your .env file as DJANGO_SECRET_KEY.

Running Local Server

Run at the main directory:
python manage.py runserver

Can be viewed at the url:
http://127.0.0.1:8000/api/

At the form send a json using the format:
{"key": "1.1", "items": 3, "mandates": [1, 1], "preferences": [[1, 1, 1], [1, 1, 1]]}

Running Unit Tests at /api/tests.py

At the main directory run:
python manage.py test

Security

• All secrets and sensitive configuration are managed via environment variables.
• CORS and allowed hosts are restricted for security.
• Security headers and rate limiting are enforced.
• Input validation and sanitization are implemented.
• See SECURITY.md for full details and deployment checklist.

Deployment Checklist

• Set all environment variables in your production environment.
• Set DEBUG=False and restrict ALLOWED_HOSTS and CORS_ALLOWED_ORIGINS.
• Use HTTPS in production.
• Review SECURITY.md for more best practices.

---

For any security issues, see SECURITY.md or contact the development team immediately.