feat(deploy): Implement automated HTTPS and fix critical bugs

This commit introduces a fully automated production startup script and fixes several critical bugs:
- Creates 'start_production.sh' to orchestrate Caddy (for HTTPS) and Waitress with a single command. Camera access over the network is now functional.
- Implements robust, pre-boot IP detection to correctly configure ALLOWED_HOSTS.
- Fixes a NameError crash on the Team Management page.
- Corrects the signup view redirect and template inheritance to resolve multiple crashes and styling issues.

Author: cp099

Caddyfile

@@ -0,0 +1,9 @@
+# Caddyfile for Sherlock (auto-generated)
+
+192.168.31.243:8443, Chirags-Air-4.lan:8443, localhost:8443, 127.0.0.1:8443 {
+    # 'tls internal' goes INSIDE the site block to apply a self-signed certificate.
+    tls internal
+
+    # Forward all traffic to our Waitress server.
+    reverse_proxy 127.0.0.1:8000
+}

inventory/views.py

@@ -40,7 +40,7 @@ def signup(request):
         if form.is_valid():
             user = form.save()
             login(request, user)
-            return redirect('inventory:section_list')
+            return redirect('inventory:dashboard')
     else:
         form = UserCreationForm()
     return render(request, 'registration/signup.html', {'form': form})

run.py

@@ -1,62 +1,18 @@
 # sherlock-python/run.py
-
 """
-Production Server Entry Point for Sherlock.
-
-This script is the main entry point when running the application from a 
-packaged executable (via PyInstaller). It performs two key functions:
-
-1.  Checks if the database exists on first run and, if not,
-    automatically runs the initial Django migrations to create it.
-2.  Starts the production-grade Waitress WSGI server to serve the
-    Sherlock application.
+This script's ONLY job is to start the production Waitress server.
+All configuration and setup is handled by the start_production.sh script.
 """
-
 import os
-import sys
-import socket
 from waitress import serve
+from sherlock.wsgi import application
 
 
-def discover_and_set_host_ip():
-    """Discovers the primary network IP and sets it as an environment variable."""
-    detected_ip = '127.0.0.1'
-    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
-    s.settimeout(0)
-    try:
-        s.connect(('10.254.254.254', 1))
-        detected_ip = s.getsockname()[0]
-        print(f"--- Automatically detected server IP: {detected_ip} ---")
-    except Exception:
-        print("--- Warning: Could not auto-detect network IP. Defaulting to localhost. ---")
-    finally:
-        s.close()
-    os.environ['SHERLOCK_ALLOWED_IP'] = detected_ip
-    return detected_ip
-
-def run_migrations():
-    """Checks if the database exists and runs migrations if it doesn't."""
-    from django.core.management import execute_from_command_line
-    if not os.path.exists(DB_FILE):
-        print("--- Database not found. Running initial setup... ---")
-        args = [sys.argv[0], 'migrate']
-        execute_from_command_line(args)
-        print("--- Database created successfully. ---")
-    else:
-        print("--- Database found. ---")
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'sherlock.settings')
 
-if __name__ == "__main__":
-    server_ip = discover_and_set_host_ip()
-    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'sherlock.settings')
 
-    DB_FILE = 'db.sqlite3'
-    run_migrations()
+HOST = '127.0.0.1'
+PORT = 8000
 
-    from sherlock.wsgi import application
 
-    HOST = '0.0.0.0'
-    PORT = 8000
-    print("--- Starting Sherlock Production Server ---")
-    print(f"Your application should be available at: http://{server_ip}:{PORT}")
-    print("Press Ctrl+C to stop the server.")
-    serve(application, host=HOST, port=PORT)
+serve(application, host=HOST, port=PORT)

sherlock/settings.py

@@ -185,3 +185,11 @@
 
 SESSION_COOKIE_AGE = 1800
 
+if not DEBUG:
+    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'httpss')
+    SESSION_COOKIE_SECURE = True
+    CSRF_COOKIE_SECURE = True
+    
+    CSRF_TRUSTED_ORIGINS = [f'https://{host}:8443' for host in ALLOWED_HOSTS]
+
+    CSRF_TRUSTED_ORIGINS.extend(['https://localhost:8443', 'https://127.0.0.1:8443'])

start_development.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+echo "--- Starting Sherlock in DEVELOPMENT mode (HTTP) ---"
+echo "Access at: http://127.0.0.1:8000"
+python manage.py runserver

start_production.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+
+
+set -e
+
+echo "--- Starting Sherlock in PRODUCTION mode (HTTPS) ---"
+
+
+IP_ADDRESS=$(python -c "import socket;s=socket.socket(socket.AF_INET, socket.SOCK_DGRAM);s.settimeout(0);s.connect(('10.254.254.254', 1));print(s.getsockname()[0]);s.close()")
+HOSTNAME=$(hostname)
+export SHERLOCK_ALLOWED_IP=$IP_ADDRESS
+
+echo "--- Detected IP: $IP_ADDRESS ---"
+echo "--- Detected Hostname: $HOSTNAME ---"
+
+
+echo "--- Generating Caddyfile... ---"
+
+cat > Caddyfile <<- EOM
+# Caddyfile for Sherlock (auto-generated)
+
+$IP_ADDRESS:8443, $HOSTNAME:8443, localhost:8443, 127.0.0.1:8443 {
+    # 'tls internal' goes INSIDE the site block to apply a self-signed certificate.
+    tls internal
+
+    # Forward all traffic to our Waitress server.
+    reverse_proxy 127.0.0.1:8000
+}
+EOM
+
+
+echo "--- Running database migrations... ---"
+python manage.py migrate --noinput
+echo "--- Collecting static files... ---"
+python manage.py collectstatic --noinput
+
+
+cleanup() {
+    echo -e "\n--- Shutting down Caddy server... ---"
+    caddy stop
+    exit
+}
+trap cleanup SIGINT SIGTERM
+
+echo "--- Starting Caddy in the background... ---"
+caddy start
+
+echo "--- Starting Sherlock application server (Waitress)... ---"
+echo
+echo "====================================================================="
+echo "  Sherlock is now running securely!"
+echo "  Access it from any device at: https://$IP_ADDRESS:8443"
+echo "  Or on this machine at:         https://localhost:8443"
+echo "====================================================================="
+echo
+echo "Waitress is running in the foreground. Press Ctrl+C to stop everything."
+
+
+python run.py