Production-ready Django backend for the Nora Uzbekistan e-commerce app with catalog, cart, orders, payments via PayTechUZ, Telegram-only authentication, and reviews system.

• Catalog: Categories, products, variants (color/size), stock management, images
• Cart & Checkout: Anonymous cart support with device ID, seamless user login merge
• Orders & Payments: PayTechUZ integration (Payme, Click, Atmos), webhook handling
• Telegram Authentication: OTP-based auth using raw Telegram Bot API (no libraries)
• Reviews: Star ratings + text + up to 5 photos, admin moderation
• User Profile: View/edit profile, wishlist, order history
• Bilingual: UZ (default) and RU support, currency in UZS
• Admin Interface: Full Django Admin for all models

• Python 3.11
• Django 5.x + Django REST Framework
• PostgreSQL 15+
• JWT authentication
• uv for dependency management
• Docker multi-stage build
• S3-compatible storage option

# Clone repository
git clone <your-repo-url>
cd nora-backend

# Install dependencies with uv
uv sync

# Set environment variables (see Environment Variables section)
export DJANGO_DEBUG=true
export TELEGRAM_BOT_TOKEN=your_bot_token
# ... other variables

# Run migrations
cd src
python manage.py migrate

# Create superuser
python manage.py createsuperuser

# Run development server
python manage.py runserver

# Build image
docker build -t nora-backend .

# Run with environment file
docker run -p 8000:8000 --env-file .env nora-backend

Create a .env file with the following variables:

# Django
DJANGO_SECRET_KEY=your-secret-key-here
DJANGO_DEBUG=false
ALLOWED_HOSTS=api.nora.uz,localhost,127.0.0.1

# Database
DB_NAME=nora_backend
DB_USER=postgres
DB_PASSWORD=your-db-password
DB_HOST=localhost
DB_PORT=5432

# Storage
MEDIA_BACKEND=local  # or 's3' for production
AWS_S3_BUCKET=your-bucket
AWS_ACCESS_KEY_ID=your-access-key
AWS_SECRET_ACCESS_KEY=your-secret-key
AWS_S3_REGION=us-east-1

# Telegram Bot
TELEGRAM_BOT_TOKEN=your-bot-token
TELEGRAM_BOT_WEBHOOK_SECRET=random-secret-for-webhook-path
TELEGRAM_OTP_TTL_SECONDS=60
TELEGRAM_OTP_RATE_PER_HOUR=5

# JWT
JWT_SECRET=your-jwt-secret
JWT_ACCESS_TTL=900  # 15 minutes
JWT_REFRESH_TTL=2592000  # 30 days

# PayTechUZ
PAYTECHUZ_MODE=test  # or 'prod'
PAYME_ID=your-payme-id
PAYME_KEY=your-payme-key
CLICK_SERVICE_ID=your-click-service-id
CLICK_MERCHANT_ID=your-click-merchant-id
CLICK_MERCHANT_USER_ID=your-click-merchant-user-id
CLICK_SECRET_KEY=your-click-secret-key
WEBHOOK_BASE_URL=https://api.nora.uz

# CORS
CORS_ALLOWED_ORIGINS=https://app.nora.uz,https://nora.uz

• POST /api/v1/auth/telegram/request-code - Request OTP
• POST /api/v1/auth/telegram/confirm - Confirm OTP & get JWT
• POST /api/v1/auth/telegram/bot-webhook/<secret>/ - Telegram webhook

• GET /api/v1/categories - List categories (nested tree)
• GET /api/v1/products - List products with filters
• GET /api/v1/products/{slug} - Product details
• GET /api/v1/products/{slug}/variants - Product variants

• GET /api/v1/cart - Get cart
• POST /api/v1/cart/items - Add item to cart
• PATCH /api/v1/cart/items/{id} - Update cart item
• DELETE /api/v1/cart/items/{id} - Remove cart item

• POST /api/v1/checkout - Create order from cart
• POST /api/v1/checkout/payment-intent - Create payment intent
• GET /api/v1/orders - List user orders (auth required)
• GET /api/v1/orders/{number} - Order details

• GET /api/v1/products/{slug}/reviews - Product reviews
• POST /api/v1/products/{slug}/reviews - Create review (auth required)

• GET /api/v1/me - Get profile
• PATCH /api/v1/me - Update profile
• GET /api/v1/me/orders - User orders
• GET /api/v1/me/wishlist - Wishlist
• POST /api/v1/me/wishlist - Add to wishlist
• DELETE /api/v1/me/wishlist/{id} - Remove from wishlist

• POST /api/v1/payments/webhook/payme - Payme webhook
• POST /api/v1/payments/webhook/click - Click webhook
• POST /api/v1/payments/webhook/atmos - Atmos webhook

1. Create a bot with @BotFather
2. Get the bot token and set TELEGRAM_BOT_TOKEN
3. Set webhook URL to: https://your-domain.com/api/v1/auth/telegram/bot-webhook/<secret>/

curl -X POST "https://api.telegram.org/bot<TOKEN>/setWebhook" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://api.nora.uz/api/v1/auth/telegram/bot-webhook/your-secret/"}'

# Install dev dependencies
uv sync --group dev

# Run linting
ruff check .
black --check .

# Format code
black .
ruff check --fix .

1. Set DJANGO_DEBUG=false
2. Use PostgreSQL database
3. Set up S3 for media storage (MEDIA_BACKEND=s3)
4. Configure proper ALLOWED_HOSTS and CORS_ALLOWED_ORIGINS
5. Set up SSL/TLS termination
6. Use environment-specific settings: DJANGO_SETTINGS_MODULE=config.settings.prod

Access Django Admin at /admin/ after creating a superuser. All models are available for management including:

• Users & Telegram OTPs
• Categories, Products, Variants, Images
• Orders, Payments
• Reviews with photo moderation
• Carts and Wishlist items

MIT License