From 06e90ec2d0c7a9f889662a95b58a8a07118e2db6 Mon Sep 17 00:00:00 2001 From: MarcZierle Date: Sun, 30 Oct 2022 15:05:49 +0100 Subject: [PATCH] move sensitive informations to .env file --- .env.dist | 34 ++++++++++++++++++++++++ config/settings.py | 64 ++++++++++++++++++++++++++-------------------- requirements.txt | 1 + worker/.gitkeep | 0 4 files changed, 71 insertions(+), 28 deletions(-) create mode 100644 .env.dist create mode 100644 worker/.gitkeep diff --git a/.env.dist b/.env.dist new file mode 100644 index 0000000..16833b8 --- /dev/null +++ b/.env.dist @@ -0,0 +1,34 @@ +# Django Settings +SECRET_KEY= +DEBUG=False + +# e.g.: ALLOWED_HOSTS=localhost,192.168.1.244,domain.tld +ALLOWED_HOSTS= + +# PostgreSQL Database +DB_USER= +DB_PASSWORD= +DB_HOST= +DB_PORT= +DB_NAME= + +# Object Storage +S3_ACCESS_ID= +S3_ACCESS_SECRET= +S3_BUCKET_NAME= +S3_ENDPOINT_URL= + +# Celery Message Broker +# e.g.: redis://127.0.0.1:6378/1 +MSG_BROKER_URL= +MSG_BROKER_PREFIX= + +# Celery task work directory to store temporary files +# use ./worker folder as absolute path: /home/user/app/worker +TASK_WORKER_DIR= + +# Channels Layers Backend (Websocket) +# HOST and PORT of the Redis Backend +WS_BACKEND_HOST= +WS_BACKEND_PORT= +WS_BACKEND_PREFIX= diff --git a/config/settings.py b/config/settings.py index 2893830..286427f 100755 --- a/config/settings.py +++ b/config/settings.py @@ -12,21 +12,30 @@ https://docs.djangoproject.com/en/3.2/ref/settings/ from pathlib import Path import os +import environ +from macpath import join + +env = environ.Env( + DEBUG=(bool, False) +) # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent +environ.Env.read_env(os.path.join(BASE_DIR, '.env')) # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = 'django-insecure-z465dl_(vk55hxbm0bj*mp-ok3!*=ssw#!$5s2nrxa!9j+67z+' +SECRET_KEY = env('SECRET_KEY') # SECURITY WARNING: don't run with debug turned on in production! -DEBUG = True +DEBUG = env('DEBUG') -ALLOWED_HOSTS = ['zierle-training-staging.riezel.com', 'localhost', '127.0.0.1', '192.168.1.244'] +ALLOWED_HOSTS = env('ALLOWED_HOSTS') + +CORS_ALLOWED_ORIGINS = env('ALLOWED_HOSTS') # Application definition @@ -68,13 +77,6 @@ MIDDLEWARE = [ 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] -CORS_ALLOWED_ORIGINS = [ - 'http://localhost:3000', - 'http://localhost:8080', - 'http://192.168.1.244:8080', - -] - ROOT_URLCONF = 'config.urls' TEMPLATES = [ @@ -115,11 +117,11 @@ ASGI_APPLICATION = 'config.asgi.application' DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql_psycopg2', - 'NAME': 'zierle_training_db', - 'USER': 'zierle_training_db_user', - 'PASSWORD': 'UI&hWG,El7G{A2c0n=qIULv:b', - 'HOST': 'localhost', - 'PORT': '5432', + 'NAME': env('DB_NAME'), + 'USER': env('DB_USER'), + 'PASSWORD': env('DB_PASSWORD'), + 'HOST': env('DB_HOST'), + 'PORT': env('DB_PORT'), } } @@ -169,6 +171,11 @@ USE_TZ = True DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' +# joins list of strings while making sure there is a slash between each element +# e.g. joinWithSlash(['a', 'b', 'c']) -> 'a/b/c/' +def joinWithSlash(stringList): + return ''.join([string if string.endswith('/') else string+'/' for string in stringList]) + MINIO = True if MINIO: @@ -176,13 +183,13 @@ if MINIO: DEFAULT_FILE_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage' #STATICFILES_STORAGE = 'storages.backends.s3boto3.S3StaticStorage' - AWS_ACCESS_KEY_ID = 'zierle-training' - AWS_SECRET_ACCESS_KEY = 'IMienQKx6B5foJRegqZnSTk9MsUjDvd4' - AWS_STORAGE_BUCKET_NAME = 'zierle-training' - AWS_S3_ENDPOINT_URL = 'https://minio.riezel.com' + AWS_ACCESS_KEY_ID = env('S3_ACCESS_ID') + AWS_SECRET_ACCESS_KEY = env('S3_ACCESS_SECRET') + AWS_STORAGE_BUCKET_NAME = env('S3_BUCKET_NAME') + AWS_S3_ENDPOINT_URL = env('S3_ENDPOINT_URL') AWS_DEFAULT_ACL = 'public' - MEDIA_URL = 'https://minio.riezel.com/zierle-training/' + MEDIA_URL = joinWithSlash([env('S3_ENDPOINT_URL'), env('S3_BUCKET_NAME')]) #STATIC_URL = 'https://minio.riezel.com/zierle-training/' AWS_S3_OBJECT_PARAMETERS = { @@ -202,10 +209,11 @@ STATIC_ROOT = os.path.join(BASE_DIR, "static/") # See https://docs.celeryq.dev/en/stable/django/first-steps-with-django.html CELERY_CACHE_BACKEND = 'default' -CELERY_WORK_DIR = '/home/marc/www-staging/celery/' +CELERY_WORK_DIR = env('TASK_WORKER_DIR') -CELERY_BROKER_URL = 'redis://localhost:6378/1' -CELERY_RESULT_BACKEND= 'redis://localhost:6378/1' +CELERY_BROKER_URL = env.cache_url('MSG_BROKER_URL') +CELERY_RESULT_BACKEND = env.cache_url('MSG_BROKER_URL') +CELERY_EVENT_QUEUE_PREFIX = env('MSG_BROKER_PREFIX') CELERY_TIMEZONE = 'CET' @@ -215,16 +223,16 @@ CELERY_BROKER_TRANSPORT_OPTIONS = { # Redis Cache -# See +# See https://docs.djangoproject.com/en/4.1/topics/cache/ CACHES = { 'default': { "BACKEND": "django_redis.cache.RedisCache", - "LOCATION": "redis://127.0.0.1:6378/1", + "LOCATION": env.cache_url('MSG_BROKER_URL'), "OPTIONS": { "CLIENT_CLASS": "django_redis.client.DefaultClient", }, - "KEY_PREFIX": "zierletraining", + "KEY_PREFIX": env('CACHE_KEY_PREFIX'), } } @@ -237,8 +245,8 @@ CHANNEL_LAYERS = { "default": { "BACKEND": "channels_redis.core.RedisChannelLayer", "CONFIG": { - "hosts": [("127.0.0.1", 6378)], - "prefix": "asgi_zierle_training_staging:", + "hosts": [(env('WS_BACKEND_HOST'), env('WS_BACKEND_PORT'))], + "prefix": env('WS_BACKEND_PREFIX'), "group_expiry": 7200, }, }, diff --git a/requirements.txt b/requirements.txt index 59a3bd8..668b345 100755 --- a/requirements.txt +++ b/requirements.txt @@ -87,3 +87,4 @@ vine==5.0.0 wcwidth==0.2.5 wrapt==1.14.1 zope.interface==5.4.0 +django-environ==0.9.0 diff --git a/worker/.gitkeep b/worker/.gitkeep new file mode 100644 index 0000000..e69de29