smoothschedule/smoothschedule/config/urls.py

from django.conf import settings
from django.conf.urls.static import static
from django.contrib import admin
from django.urls import include
from django.urls import path
from django.views import defaults as default_views
from django.views.decorators.csrf import csrf_exempt
from django.views.generic import TemplateView
from drf_spectacular.views import SpectacularAPIView
from drf_spectacular.views import SpectacularSwaggerView
from rest_framework.authtoken.views import obtain_auth_token

from smoothschedule.users.api_views import (
    login_view, current_user_view, logout_view, send_verification_email, verify_email,
    hijack_acquire_view, hijack_release_view,
    staff_invitations_view, cancel_invitation_view, resend_invitation_view,
    invitation_details_view, accept_invitation_view, decline_invitation_view
)
from smoothschedule.users.mfa_api_views import (
    mfa_status, send_phone_verification, verify_phone, enable_sms_mfa,
    setup_totp, verify_totp_setup, generate_backup_codes, backup_codes_status,
    disable_mfa, mfa_login_send_code, mfa_login_verify,
    list_trusted_devices, revoke_trusted_device, revoke_all_trusted_devices
)
from schedule.api_views import (
    current_business_view, update_business_view,
    oauth_settings_view, oauth_credentials_view,
    custom_domains_view, custom_domain_detail_view,
    custom_domain_verify_view, custom_domain_set_primary_view,
    sandbox_status_view, sandbox_toggle_view, sandbox_reset_view
)

urlpatterns = [
    # Django Admin, use {% url 'admin:index' %}
    path(settings.ADMIN_URL, admin.site.urls),
    # User management
    path("users/", include("smoothschedule.users.urls", namespace="users")),
    path("accounts/", include("allauth.urls")),
    # Django Hijack (masquerade) - for admin interface
    path("hijack/", include("hijack.urls")),
    # Your stuff: custom urls includes go here
    # ...
    # Media files
    *static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT),
]

# API URLS
urlpatterns += [
    # Stripe Webhooks (dj-stripe built-in handler)
    # This is the URL you register with Stripe: https://yourdomain.com/api/stripe/webhook/
    path("api/stripe/", include("djstripe.urls", namespace="djstripe")),
    # Public API v1 (for third-party integrations)
    path("api/v1/", include("smoothschedule.public_api.urls", namespace="public_api")),
    # Schedule API (internal)
    path("api/", include("schedule.urls")),
    # Payments API
    path("api/payments/", include("payments.urls")),
    # Tickets API
    path("api/tickets/", include("tickets.urls")),
    # Notifications API
    path("api/notifications/", include("notifications.urls")),
    # Platform API
    path("api/platform/", include("platform_admin.urls", namespace="platform")),
    # OAuth Email Integration API
    path("api/oauth/", include("core.oauth_urls", namespace="oauth")),
    path("api/auth/oauth/", include("core.oauth_urls", namespace="auth_oauth")),
    # Auth API
    path("api/auth-token/", csrf_exempt(obtain_auth_token), name="obtain_auth_token"),
    path("api/auth/login/", login_view, name="login"),
    path("api/auth/me/", current_user_view, name="current_user"),
    path("api/auth/logout/", logout_view, name="logout"),
    path("api/auth/email/verify/send/", send_verification_email, name="send_verification_email"),
    path("api/auth/email/verify/", verify_email, name="verify_email"),
    # Hijack (masquerade) API
    path("api/auth/hijack/acquire/", hijack_acquire_view, name="hijack_acquire"),
    path("api/auth/hijack/release/", hijack_release_view, name="hijack_release"),
    # Staff Invitations API
    path("api/staff/invitations/", staff_invitations_view, name="staff_invitations"),
    path("api/staff/invitations/<int:invitation_id>/", cancel_invitation_view, name="cancel_invitation"),
    path("api/staff/invitations/<int:invitation_id>/resend/", resend_invitation_view, name="resend_invitation"),
    path("api/staff/invitations/token/<str:token>/", invitation_details_view, name="invitation_details"),
    path("api/staff/invitations/token/<str:token>/accept/", accept_invitation_view, name="accept_invitation"),
    path("api/staff/invitations/token/<str:token>/decline/", decline_invitation_view, name="decline_invitation"),
    # Business API
    path("api/business/current/", current_business_view, name="current_business"),
    path("api/business/current/update/", update_business_view, name="update_business"),
    path("api/business/oauth-settings/", oauth_settings_view, name="oauth_settings"),
    path("api/business/oauth-credentials/", oauth_credentials_view, name="oauth_credentials"),
    # Custom Domains API
    path("api/business/domains/", custom_domains_view, name="custom_domains"),
    path("api/business/domains/<int:domain_id>/", custom_domain_detail_view, name="custom_domain_detail"),
    path("api/business/domains/<int:domain_id>/verify/", custom_domain_verify_view, name="custom_domain_verify"),
    path("api/business/domains/<int:domain_id>/set-primary/", custom_domain_set_primary_view, name="custom_domain_set_primary"),
    # Sandbox Mode API
    path("api/sandbox/status/", sandbox_status_view, name="sandbox_status"),
    path("api/sandbox/toggle/", sandbox_toggle_view, name="sandbox_toggle"),
    path("api/sandbox/reset/", sandbox_reset_view, name="sandbox_reset"),
    # MFA (Two-Factor Authentication) API
    path("api/auth/mfa/status/", mfa_status, name="mfa_status"),
    path("api/auth/mfa/phone/send/", send_phone_verification, name="mfa_phone_send"),
    path("api/auth/mfa/phone/verify/", verify_phone, name="mfa_phone_verify"),
    path("api/auth/mfa/sms/enable/", enable_sms_mfa, name="mfa_sms_enable"),
    path("api/auth/mfa/totp/setup/", setup_totp, name="mfa_totp_setup"),
    path("api/auth/mfa/totp/verify/", verify_totp_setup, name="mfa_totp_verify"),
    path("api/auth/mfa/backup-codes/", generate_backup_codes, name="mfa_backup_codes"),
    path("api/auth/mfa/backup-codes/status/", backup_codes_status, name="mfa_backup_codes_status"),
    path("api/auth/mfa/disable/", disable_mfa, name="mfa_disable"),
    path("api/auth/mfa/login/send/", mfa_login_send_code, name="mfa_login_send"),
    path("api/auth/mfa/login/verify/", mfa_login_verify, name="mfa_login_verify"),
    path("api/auth/mfa/devices/", list_trusted_devices, name="mfa_devices_list"),
    path("api/auth/mfa/devices/<int:device_id>/", revoke_trusted_device, name="mfa_device_revoke"),
    path("api/auth/mfa/devices/revoke-all/", revoke_all_trusted_devices, name="mfa_devices_revoke_all"),
    # API Docs
    path("api/schema/", SpectacularAPIView.as_view(), name="api-schema"),
    path(
        "api/docs/",
        SpectacularSwaggerView.as_view(url_name="api-schema"),
        name="api-docs",
    ),
]

if settings.DEBUG:
    urlpatterns += [
        path(
            "400/",
            default_views.bad_request,
            kwargs={"exception": Exception("Bad Request!")},
        ),
        path(
            "403/",
            default_views.permission_denied,
            kwargs={"exception": Exception("Permission Denied")},
        ),
        path(
            "404/",
            default_views.page_not_found,
            kwargs={"exception": Exception("Page not Found")},
        ),
        path("500/", default_views.server_error),
    ]
    if "debug_toolbar" in settings.INSTALLED_APPS:
        import debug_toolbar

        urlpatterns = [
            path("__debug__/", include(debug_toolbar.urls)),
            *urlpatterns,
        ]