Project specification

Full specification available in the tech info document

Technical requirements

The following standing requirements should apply to all features and changes introduced to the project:

Performance

All pages should respond within 2 seconds (including API and HTMX)

Reliability

Pages and API should always respond with a non-5xx status code

Code

style: Code should adhere to the Code Style.

Test

coverage: All code paths (Python, HTML templates, java script) need to be covered by tests;

Documentation

All functions and public class methods should have docstrings

Ringfencing

Users must never be able to see or access data belonging to another organization, even by manipulating urls

Authentication

All pages containing client data should require authentication

Encryption

All data sent into and from the server, including third party API calls must be encrypted via TLS (HTTPS)

Limits and restrictions

Maximum request size: 100 Mb

Maximum request size is set by WSGI_LIMIT_REQUEST_BODY on web-server level. There is also a Django setting set by DATA_UPLOAD_MAX_MEMORY_SIZE.

There is no limit on individual field size, but overall submission must fit within this limit.

Request timeout: 10 min

Request timeout is a time limit the server can take to respond. Requests longer than the limit are aborted due to timeout.

Timeout is set by the following variables: WSGI_SOCKET_TIMEOUT, WSGI_REQUEST_TIMEOUT

Client requirements

Web browser

Browser with support for ES9 is required to use this site. Supported web browsers:

  • Chrome Version 88 or newer

  • Firefox Version 86 or newer

  • Safari Version 14 or newer

  • Microsoft Edge Version 89 or newer

E-mail

encoding

MEG uses UTF-8 encoding for sent and received e-mail messages.

Other encoding formats (e.g. iso-8859-1) are also supported as long as the message is correctly encoded by the sender’s e-mail client.

Network

The following domains (and their subdomains) should be whitelisted to use MEG:

  • megit.com

The following ports are used to communicate with MEG QMS:

  • HTTP (80)

  • HTTPS (443)

Note

While port 80 is open, in production it is used only to redirect to a secure https connection. This is controlled by SECURE_SSL_REDIRECT.

Server requirements

Minimum requirements

The following are the minimum requirements for running the project.

Minimum requirements

Service

RAM (GiB)

CPU (cores)

Storage (GiB)

CMS

0.4

0.5

50

Celery worker

0.4

0.1

Celery beat

0.4

0.05

Redis

0.25

0.05

1.0

Postgres

2.0

2.0

2.0

Third party dependencies

Direct dependencies

argon2-cffi==23.1.0
dealer==2.1.0
diff-match-patch==20241021
django-bootstrap3==25.1
django-bootstrap-daterangepicker==1.1.0
django-bootstrap-datepicker-plus==5.0.5
django-cors-headers==4.7.0
django-permissions-policy==4.26.0
django-debug-toolbar==6.1.0
django-dotenv==1.4.2
django-extensions==3.2.3
django-getenv==1.3.2
django-import-export==3.3.9
django-colorful==1.3
django-reversion==5.1.0
django-impersonate==1.9.5
django-cte==2.0.0
python-dateutil==2.9.0
django-multiupload==0.6.1
django==5.2.12
redis==5.3.0
celery[redis]==5.4.0
django-celery-beat==2.8.1
model-bakery==1.20.5
pillow==12.1.1
psycopg[binary]==3.2.3
xlwt==1.3.0
django-countries==7.6.1
django-sendgrid-v5==1.3.0
django-ipware==7.0.1
django-analytical==3.1.0
django-ckeditor==6.7.2
django-csp==3.8
django-maintenance-mode==0.22.0
djangorestframework==3.16.0
rest-condition==1.0.3
drf-extra-fields==3.7.0
django-filter==25.1
django-imagekit==5.0.0
django-json-widget==2.0.1
django-object-actions==4.2.0
django-modeltranslation==0.18.13
django-jchart==0.4.2
openpyxl==3.1.2
requests==2.32.4
requests-mock==1.12.1
aiohttp==3.13.3
aioresponses==0.7.8
django-two-factor-auth[phonenumberslite]==1.17
twilio==6.42.0
django-ical==1.9.2
drf-yasg==1.21.11
exrex==0.11.0
python-pptx==0.6.23
django-taggit==5.0.1
pdfminer.six==20251230
pydub==0.25.1
python3-saml==1.16.0
django-referrer-policy==1.0
tablib[xlsx,xls,html]==3.5.0
django-user-agents==0.4.0
user-agents==2.2.0
django-redis==5.4.0
hiredis==2.3.2
django_mptt==0.17.0
sentry-sdk==2.8.0
pandas==2.2.2
django-pandas==0.6.7
colour==0.1.5
BeautifulSoup4==4.12.3
more-itertools==10.2.0
django-downloadview==2.5.0
django-redisboard==8.4.0
urbanairship==6.3.0
django-controlcenter==0.3.2
django-htmx==1.17.3
xmltodict==0.13.0
azure-cognitiveservices-speech==1.37.0
email-reply-parser==0.5.12
ldap3==2.9.1
azure-monitor-opentelemetry==1.6.4
opentelemetry-sdk==1.29.0
opentelemetry-instrumentation-django==0.50b0
opentelemetry-instrumentation-psycopg==0.50b0
opentelemetry-instrumentation-redis==0.50b0
opentelemetry-instrumentation-celery==0.50b0
django-autocomplete-light==3.11.0
pymongo==4.7.2
hl7==0.4.5
django-dbbackup==4.3.0
weasyprint==68.0
django-weasyprint==2.3.0
pypdf==6.7.5
python-redmine==2.5.0
dnspython==2.7.0
jinja2==3.1.6
django-lifecycle==1.2.3
openai==1.35.10
django-summernote==0.8.20.0
babel==2.16.0
scipy==1.14.1
scim2-filter-parser[django-query]==0.7.0
markdown2==2.5.3
python-docx==1.2.0
gunicorn==23.0
google-genai==1.52.0

Transitive dependencies

Some third party packages may require further dependencies. Latest versions of those dependencies are used.

The following packages are pinned down to a specific version:

sqlparse==0.5.4
sendgrid==6.11
python-http-client==3.3.7
urllib3==2.6.3
icalendar==4.1.0
django-otp==1.6.1
defusedxml==0.7.1
numpy==1.26.4
reportlab==4.2.0
django-phonenumber-field==7.3.0
django-recurrence==1.11.1
idna==3.7
isodate==0.6.1
django-appconf==1.0.6
inflection==0.5.1
django-js-asset==2.2.0
redis==5.3.0
lxml==5.2.2
cryptography==46.0.5
pilkit==3.0
xmlsec==1.3.14
setuptools==78.1.1
bleach==6.1.0
httpx==0.28.1
snowballstemmer==2.2.0
pyopenssl==25.1.0
brotli==1.2.0