move sensitive informations to .env file

.env.dist

@@ -0,0 +1,34 @@
+# Django Settings
+SECRET_KEY=
+DEBUG=False
+
+# e.g.: ALLOWED_HOSTS=localhost,192.168.1.244,domain.tld
+ALLOWED_HOSTS=
+
+# PostgreSQL Database
+DB_USER=
+DB_PASSWORD=
+DB_HOST=
+DB_PORT=
+DB_NAME=
+
+# Object Storage
+S3_ACCESS_ID=
+S3_ACCESS_SECRET=
+S3_BUCKET_NAME=
+S3_ENDPOINT_URL=
+
+# Celery Message Broker
+# e.g.: redis://127.0.0.1:6378/1
+MSG_BROKER_URL=
+MSG_BROKER_PREFIX=
+
+# Celery task work directory to store temporary files
+# use ./worker folder as absolute path: /home/user/app/worker
+TASK_WORKER_DIR=
+
+# Channels Layers Backend (Websocket)
+# HOST and PORT of the Redis Backend
+WS_BACKEND_HOST=
+WS_BACKEND_PORT=
+WS_BACKEND_PREFIX=

config/settings.py

@@ -12,21 +12,30 @@ https://docs.djangoproject.com/en/3.2/ref/settings/
 
 from pathlib import Path
 import os
+import environ
+from macpath import join
+
+env = environ.Env(
+	DEBUG=(bool, False)
+)
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
+environ.Env.read_env(os.path.join(BASE_DIR, '.env'))
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'django-insecure-z465dl_(vk55hxbm0bj*mp-ok3!*=ssw#!$5s2nrxa!9j+67z+'
+SECRET_KEY = env('SECRET_KEY')
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = env('DEBUG')
 
-ALLOWED_HOSTS = ['zierle-training-staging.riezel.com', 'localhost', '127.0.0.1', '192.168.1.244']
+ALLOWED_HOSTS = env('ALLOWED_HOSTS')
+
+CORS_ALLOWED_ORIGINS = env('ALLOWED_HOSTS')
 
 
 # Application definition
@@ -68,13 +77,6 @@ MIDDLEWARE = [
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
 
-CORS_ALLOWED_ORIGINS = [
-    'http://localhost:3000',
-    'http://localhost:8080',
-    'http://192.168.1.244:8080',
-
-]
-
 ROOT_URLCONF = 'config.urls'
 
 TEMPLATES = [
@@ -115,11 +117,11 @@ ASGI_APPLICATION = 'config.asgi.application'
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.postgresql_psycopg2',
-        'NAME': 'zierle_training_db',
+        'NAME': env('DB_NAME'),
-        'USER': 'zierle_training_db_user',
+        'USER': env('DB_USER'),
-        'PASSWORD': 'UI&hWG,El7G{A2c0n=qIULv:b',
+        'PASSWORD': env('DB_PASSWORD'),
-        'HOST': 'localhost',
+        'HOST': env('DB_HOST'),
-        'PORT': '5432',
+        'PORT': env('DB_PORT'),
     }
 }
 
@@ -169,6 +171,11 @@ USE_TZ = True
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
 
+# joins list of strings while making sure there is a slash between each element
+# e.g. joinWithSlash(['a', 'b', 'c']) -> 'a/b/c/'
+def joinWithSlash(stringList):
+	return ''.join([string if string.endswith('/') else string+'/' for string in stringList])
+
 
 MINIO = True
 if MINIO:
@@ -176,13 +183,13 @@ if MINIO:
     DEFAULT_FILE_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'
     #STATICFILES_STORAGE = 'storages.backends.s3boto3.S3StaticStorage'
 
-    AWS_ACCESS_KEY_ID = 'zierle-training'
+    AWS_ACCESS_KEY_ID = env('S3_ACCESS_ID')
-    AWS_SECRET_ACCESS_KEY = 'IMienQKx6B5foJRegqZnSTk9MsUjDvd4'
+    AWS_SECRET_ACCESS_KEY = env('S3_ACCESS_SECRET')
-    AWS_STORAGE_BUCKET_NAME = 'zierle-training'
+    AWS_STORAGE_BUCKET_NAME = env('S3_BUCKET_NAME')
-    AWS_S3_ENDPOINT_URL = 'https://minio.riezel.com'
+    AWS_S3_ENDPOINT_URL = env('S3_ENDPOINT_URL')
     AWS_DEFAULT_ACL = 'public'
     
-    MEDIA_URL = 'https://minio.riezel.com/zierle-training/'
+    MEDIA_URL = joinWithSlash([env('S3_ENDPOINT_URL'), env('S3_BUCKET_NAME')])
     #STATIC_URL = 'https://minio.riezel.com/zierle-training/'
 
     AWS_S3_OBJECT_PARAMETERS = {
@@ -202,10 +209,11 @@ STATIC_ROOT = os.path.join(BASE_DIR, "static/")
 # See https://docs.celeryq.dev/en/stable/django/first-steps-with-django.html
 CELERY_CACHE_BACKEND = 'default'
 
-CELERY_WORK_DIR = '/home/marc/www-staging/celery/'
+CELERY_WORK_DIR = env('TASK_WORKER_DIR')
 
-CELERY_BROKER_URL = 'redis://localhost:6378/1'
+CELERY_BROKER_URL = env.cache_url('MSG_BROKER_URL')
-CELERY_RESULT_BACKEND= 'redis://localhost:6378/1'
+CELERY_RESULT_BACKEND = env.cache_url('MSG_BROKER_URL')
+CELERY_EVENT_QUEUE_PREFIX = env('MSG_BROKER_PREFIX')
 
 CELERY_TIMEZONE = 'CET'
 
@@ -215,16 +223,16 @@ CELERY_BROKER_TRANSPORT_OPTIONS = {
 
 
 # Redis Cache
-# See
+# See https://docs.djangoproject.com/en/4.1/topics/cache/
 
 CACHES = {
     'default': {
         "BACKEND": "django_redis.cache.RedisCache",
-        "LOCATION": "redis://127.0.0.1:6378/1",
+        "LOCATION": env.cache_url('MSG_BROKER_URL'),
         "OPTIONS": {
             "CLIENT_CLASS": "django_redis.client.DefaultClient",
         },
-        "KEY_PREFIX": "zierletraining",
+        "KEY_PREFIX": env('CACHE_KEY_PREFIX'),
     }
 }
 
@@ -237,8 +245,8 @@ CHANNEL_LAYERS = {
     "default": {
         "BACKEND": "channels_redis.core.RedisChannelLayer",
         "CONFIG": {
-            "hosts": [("127.0.0.1", 6378)],
+            "hosts": [(env('WS_BACKEND_HOST'), env('WS_BACKEND_PORT'))],
-            "prefix": "asgi_zierle_training_staging:",
+            "prefix": env('WS_BACKEND_PREFIX'),
             "group_expiry": 7200,
         },
     },

requirements.txt

@@ -87,3 +87,4 @@ vine==5.0.0
 wcwidth==0.2.5
 wrapt==1.14.1
 zope.interface==5.4.0
+django-environ==0.9.0