Added production settings and support for secret values from env variables (#118)

* Added Django-environ support and Production settings * Option to set db settings in both ways * Added setuptools in req.txt * Minor bug fix --------- Co-authored-by: Horilla <131998600+horilla-opensource@users.noreply.github.com>
2024-03-19 14:14:43 +05:30
parent cfe96a5cae
commit c514599c8a
3 changed files with 91 additions and 16 deletions
--- a/.env.dist
+++ b/.env.dist
@@ -0,0 +1,41 @@
+# Set "DEBUG=False" for production
+DEBUG=True
+
+# Get a secure secret key from https://djecrety.ir
+SECRET_KEY=django-insecure-j8op9)1q8$1&0^s&p*_0%d#pr@w9qj@1o=3#@d=a(^@9@zd@%j
+
+# Don't use "*" for ALLOWED_HOSTS in production
+ALLOWED_HOSTS=www.example.com,example.com,*
+
+# Database URL
+
+DATABASE_URL=postgresql://user:password@localhost:5432/dbname
+
+# ----OR----
+
+# Database Configuration 
+
+DB_ENGINE=django.db.backends.postgresql
+DB_NAME=dbname
+DB_USER=user
+DB_PASSWORD=password
+DB_HOST=localhost
+DB_PORT=5432
+
+
+# Supportted Formats for DATABASE_URL :
+
+# PostgreSQL: ``postgres[ql]?://`` or ``p[g]?sql://``
+# PostGIS: ``postgis://``
+# MySQL: ``mysql://`` or ``mysql2://``
+# MySQL (GIS): ``mysqlgis://``
+# MySQL Connector Python from Oracle: ``mysql-connector://``
+# SQLite: ``sqlite://``
+# SQLite with SpatiaLite for GeoDjango: ``spatialite://``
+# Oracle: ``oracle://``
+# Microsoft SQL Server: ``mssql://``
+# PyODBC: ``pyodbc://``
+# Amazon Redshift: ``redshift://``
+# LDAP: ``ldap://``
+
+
--- a/horilla/settings.py
+++ b/horilla/settings.py
@@ -14,23 +14,33 @@ from pathlib import Path
 import os
 from django.contrib.messages import constants as messages
 from os.path import join
-
+import environ

 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent

-
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/4.1/howto/deployment/checklist/

+env = environ.Env(
+    DEBUG=(bool, True),
+    SECRET_KEY=(
+        str,
+        "django-insecure-j8op9)1q8$1&0^s&p*_0%d#pr@w9qj@1o=3#@d=a(^@9@zd@%j",
+    ),
+    ALLOWED_HOSTS=(list, ["*"]),
+    CSRF_TRUSTED_ORIGINS=(list, ["http://localhost:8000"]),
+)
+
+env.read_env(os.path.join(BASE_DIR, ".env"), overwrite=True)
+
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = "django-insecure-j8op9)1q8$1&0^s&p*_0%d#pr@w9qj@1o=3#@d=a(^@9@zd@%j"
+SECRET_KEY = env("SECRET_KEY")

 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
-
-ALLOWED_HOSTS = ["*"]
+DEBUG = env("DEBUG")

+ALLOWED_HOSTS = env("ALLOWED_HOSTS")

 # Application definition

@@ -103,13 +113,27 @@ WSGI_APPLICATION = "horilla.wsgi.application"
 # Database
 # https://docs.djangoproject.com/en/4.1/ref/settings/#databases

-DATABASES = {
-    "default": {
-        "ENGINE": "django.db.backends.sqlite3",
-        "NAME": BASE_DIR / "TestDB_Horilla.sqlite3",
+if env("DATABASE_URL", default=None):
+    DATABASES = {
+        "default": env.db(),
+    }
+else:
+    DATABASES = {
+        "default": {
+            "ENGINE": env("DB_ENGINE", default="django.db.backends.sqlite3"),
+            "NAME": env(
+                "DB_NAME",
+                default=os.path.join(
+                    BASE_DIR,
+                    "TestDB_Horilla.sqlite3",
+                ),
+            ),
+            "USER": env("DB_USER", default=""),
+            "PASSWORD": env("DB_PASSWORD", default=""),
+            "HOST": env("DB_HOST", default=""),
+            "PORT": env("DB_PORT", default=""),
+        }
    }
-}
-

 # Password validation
 # https://docs.djangoproject.com/en/4.1/ref/settings/#auth-password-validators
@@ -171,10 +195,7 @@ MESSAGE_TAGS = {
 }


-CSRF_TRUSTED_ORIGINS = [
-    "http://localhost:8000",
-]
-
+CSRF_TRUSTED_ORIGINS = env("CSRF_TRUSTED_ORIGINS")

 LOGIN_URL = "/login"

@@ -213,3 +234,15 @@ USE_I18N = True
 USE_L10N = True

 USE_TZ = True
+
+# Production settings
+if not DEBUG:
+    SECURE_BROWSER_XSS_FILTER = True
+    SECURE_SSL_REDIRECT = True
+    SECURE_HSTS_SECONDS = 31536000
+    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+    SECURE_HSTS_PRELOAD = True
+    SECURE_CONTENT_TYPE_NOSNIFF = True
+    SESSION_COOKIE_SECURE = True
+    CSRF_COOKIE_SECURE = True
+    SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
--- a/requirements.txt
+++ b/requirements.txt
@@ -12,6 +12,7 @@ cssselect2
 Django>=4.2
 django-apscheduler
 django-cors-headers
+django-environ
 django-filter
 django-haystack
 django-jsonfield