From bde1e9828d699e0b6e14f3e16790f1f2c604aeb9 Mon Sep 17 00:00:00 2001 From: Snipher Marube Date: Fri, 2 May 2025 13:07:25 +0300 Subject: [PATCH 1/5] updating the requirements --- requirements.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements.txt b/requirements.txt index bd3d18bd..38a40171 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ -asgiref~=3.8.1 -Django~=5.0.8 -django-browser-reload~=1.13.0 -python-decouple~=3.8 -sqlparse~=0.5.1 +asgiref==3.8.1 +Django==5.2 +django-browser-reload==1.18.0 +python-decouple==3.8 +sqlparse==0.5.3 From e1d6c6fa0de9e4164e43b0b0ca8a07a8d6477133 Mon Sep 17 00:00:00 2001 From: Snipher Marube Date: Fri, 2 May 2025 13:12:30 +0300 Subject: [PATCH 2/5] updating the requirements --- requirements.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements.txt b/requirements.txt index 38a40171..cc1a9874 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ -asgiref==3.8.1 -Django==5.2 -django-browser-reload==1.18.0 -python-decouple==3.8 -sqlparse==0.5.3 +asgiref~=3.8.1 +Django~=5.2 +django-browser-reload~=1.18.0 +python-decouple~=3.8 +sqlparse~=0.5.3 From 0c266e649b6e9e46dd108ddd6c76fa0e7c1cb71b Mon Sep 17 00:00:00 2001 From: Snipher Marube Date: Fri, 2 May 2025 13:56:13 +0300 Subject: [PATCH 3/5] separated the settings for production and development --- .env.example | 11 --- hello_world/settings.py | 142 ---------------------------- hello_world/settings/__init__.py | 8 ++ hello_world/settings/base.py | 78 +++++++++++++++ hello_world/settings/development.py | 30 ++++++ hello_world/settings/production.py | 29 ++++++ manage.py | 6 +- 7 files changed, 150 insertions(+), 154 deletions(-) delete mode 100644 .env.example delete mode 100644 hello_world/settings.py create mode 100644 hello_world/settings/__init__.py create mode 100644 hello_world/settings/base.py create mode 100644 hello_world/settings/development.py create mode 100644 hello_world/settings/production.py diff --git a/.env.example b/.env.example deleted file mode 100644 index a316a018..00000000 --- a/.env.example +++ /dev/null @@ -1,11 +0,0 @@ -SECRET_KEY=my_secret_key -DEBUG=True - -# ALLOWED_HOSTS=yourdomain.com,anotherdomain.com (Each host is separated by a comma) -ALLOWED_HOSTS=* - -DB_HOST=127.0.0.1 -DB_PORT=3306 -DB_DATABASE="" -DB_USERNAME="" -DB_PASSWORD="" diff --git a/hello_world/settings.py b/hello_world/settings.py deleted file mode 100644 index ca3c80a7..00000000 --- a/hello_world/settings.py +++ /dev/null @@ -1,142 +0,0 @@ -""" -Django settings for hello_world project. - -Generated by 'django-admin startproject' using Django 5.0.4. - -For more information on this file, see -https://docs.djangoproject.com/en/5.0/topics/settings/ - -For the full list of settings and their values, see -https://docs.djangoproject.com/en/5.0/topics/settings/ -""" - -import os -from pathlib import Path -from decouple import config - -# Build paths inside the project like this: BASE_DIR / 'subdir'. -BASE_DIR = Path(__file__).resolve().parent.parent - - -# Quick-start development settings - unsuitable for production -# See https://docs.djangoproject.com/en/5.0/howto/deployment/checklist/ - -# SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = config("SECRET_KEY", default='') - -# SECURITY WARNING: don't run with debug turned on in production! -DEBUG = config("DEBUG", default=True) - -ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='').split(',') - -if 'CODESPACE_NAME' in os.environ: - codespace_name = config("CODESPACE_NAME") - codespace_domain = config("GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN") - CSRF_TRUSTED_ORIGINS = [f'https://{codespace_name}-8000.{codespace_domain}'] - -# Application definition - -INSTALLED_APPS = [ - "django.contrib.admin", - "django.contrib.auth", - "django.contrib.contenttypes", - "django.contrib.sessions", - "django.contrib.messages", - "django.contrib.staticfiles", - "django_browser_reload", -] - -MIDDLEWARE = [ - "django.middleware.security.SecurityMiddleware", - "django.contrib.sessions.middleware.SessionMiddleware", - "django.middleware.common.CommonMiddleware", - "django.middleware.csrf.CsrfViewMiddleware", - "django.contrib.auth.middleware.AuthenticationMiddleware", - "django.contrib.messages.middleware.MessageMiddleware", - "django.middleware.clickjacking.XFrameOptionsMiddleware", - "django_browser_reload.middleware.BrowserReloadMiddleware", -] - -X_FRAME_OPTIONS = "ALLOW-FROM preview.app.github.dev" - -ROOT_URLCONF = "hello_world.urls" - -TEMPLATES = [ - { - "BACKEND": "django.template.backends.django.DjangoTemplates", - "DIRS": [BASE_DIR / "hello_world" / "templates"], - "APP_DIRS": True, - "OPTIONS": { - "context_processors": [ - "django.template.context_processors.debug", - "django.template.context_processors.request", - "django.contrib.auth.context_processors.auth", - "django.contrib.messages.context_processors.messages", - ], - }, - }, -] - -WSGI_APPLICATION = "hello_world.wsgi.application" - - -# Database -# https://docs.djangoproject.com/en/5.0/ref/settings/#databases - -DATABASES = { - "default": { - "ENGINE": "django.db.backends.sqlite3", - "NAME": BASE_DIR / "db.sqlite3", - } -} - - -# Password validation -# https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators - -AUTH_PASSWORD_VALIDATORS = [ - { - "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", - }, -] - - -# Internationalization -# https://docs.djangoproject.com/en/5.0/topics/i18n/ - -LANGUAGE_CODE = "en-us" - -TIME_ZONE = "UTC" - -USE_I18N = True - -USE_TZ = True - - -# Static files (CSS, JavaScript, Images) -# https://docs.djangoproject.com/en/5.0/howto/static-files/ - -STATICFILES_DIRS = [ - BASE_DIR / "hello_world" / "static", -] - -STATIC_URL = "static/" -STATIC_ROOT = BASE_DIR / "hello_world" / "staticfiles" - -MEDIA_URL = "media/" -MEDIA_ROOT = BASE_DIR / "hello_world" / "media" - - -# Default primary key field type -# https://docs.djangoproject.com/en/5.0/ref/settings/#default-auto-field - -DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField" diff --git a/hello_world/settings/__init__.py b/hello_world/settings/__init__.py new file mode 100644 index 00000000..0b43ce1a --- /dev/null +++ b/hello_world/settings/__init__.py @@ -0,0 +1,8 @@ +import os + +settings_module = os.getenv('DJANGO_SETTINGS_MODULE') + +if settings_module == 'hello_world.settings.production': + from .production import * +elif settings_module == 'hello_world.settings.development': + from .development import * \ No newline at end of file diff --git a/hello_world/settings/base.py b/hello_world/settings/base.py new file mode 100644 index 00000000..5b090e01 --- /dev/null +++ b/hello_world/settings/base.py @@ -0,0 +1,78 @@ +""" +Base Django settings for hello_world project (shared across all environments). +""" + +import os +from pathlib import Path +from decouple import config + +BASE_DIR = Path(__file__).resolve().parent.parent + +SECRET_KEY = config("SECRET_KEY", default="your-secret-key") + +# Can be overridden in dev/prod settings +ALLOWED_HOSTS = config("ALLOWED_HOSTS", default="").split(",") + +INSTALLED_APPS = [ + "django.contrib.admin", + "django.contrib.auth", + "django.contrib.contenttypes", + "django.contrib.sessions", + "django.contrib.messages", + "django.contrib.staticfiles", + "django_browser_reload", +] + +MIDDLEWARE = [ + "django.middleware.security.SecurityMiddleware", + "django.contrib.sessions.middleware.SessionMiddleware", + "django.middleware.common.CommonMiddleware", + "django.middleware.csrf.CsrfViewMiddleware", + "django.contrib.auth.middleware.AuthenticationMiddleware", + "django.contrib.messages.middleware.MessageMiddleware", + "django.middleware.clickjacking.XFrameOptionsMiddleware", + "django_browser_reload.middleware.BrowserReloadMiddleware", +] + +X_FRAME_OPTIONS = "ALLOW-FROM preview.app.github.dev" + +ROOT_URLCONF = "hello_world.urls" + +TEMPLATES = [ + { + "BACKEND": "django.template.backends.django.DjangoTemplates", + "DIRS": [BASE_DIR / "templates"], + "APP_DIRS": True, + "OPTIONS": { + "context_processors": [ + "django.template.context_processors.debug", + "django.template.context_processors.request", + "django.contrib.auth.context_processors.auth", + "django.contrib.messages.context_processors.messages", + ], + }, + }, +] + +WSGI_APPLICATION = "hello_world.wsgi.application" + +AUTH_PASSWORD_VALIDATORS = [ + {"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"}, + {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"}, + {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"}, + {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"}, +] + +LANGUAGE_CODE = "en-us" +TIME_ZONE = "UTC" +USE_I18N = True +USE_TZ = True + +STATICFILES_DIRS = [BASE_DIR / "static"] +STATIC_URL = "static/" +STATIC_ROOT = BASE_DIR / "staticfiles" + +MEDIA_URL = "media/" +MEDIA_ROOT = BASE_DIR / "media" + +DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField" diff --git a/hello_world/settings/development.py b/hello_world/settings/development.py new file mode 100644 index 00000000..b8a20d2d --- /dev/null +++ b/hello_world/settings/development.py @@ -0,0 +1,30 @@ +from .base import * +import os + +DEBUG = True + +ALLOWED_HOSTS = ["localhost", "127.0.0.1"] +CSRF_TRUSTED_ORIGINS = ["http://localhost:8000", "http://127.0.0.1"] + +# Support for GitHub Codespaces +if 'CODESPACE_NAME' in os.environ: + from decouple import config + codespace_name = config("CODESPACE_NAME") + domain = config("GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN") + codespace_host = f"{codespace_name}-8000.{domain}" + ALLOWED_HOSTS.append(codespace_host) + CSRF_TRUSTED_ORIGINS.append(f"https://{codespace_host}") + +DATABASES = { + "default": { + "ENGINE": "django.db.backends.sqlite3", + "NAME": BASE_DIR / "db.sqlite3", + "OPTIONS": { + "timeout": 20, + }, + } +} + +SECURE_SSL_REDIRECT = False +SESSION_COOKIE_SECURE = False +CSRF_COOKIE_SECURE = False diff --git a/hello_world/settings/production.py b/hello_world/settings/production.py new file mode 100644 index 00000000..32a71608 --- /dev/null +++ b/hello_world/settings/production.py @@ -0,0 +1,29 @@ +from .base import * +from decouple import config + +DEBUG = False + +ALLOWED_HOSTS = config("ALLOWED_HOSTS", default="yourdomain.com").split(",") +CSRF_TRUSTED_ORIGINS = config("CSRF_TRUSTED_ORIGINS", default="https://yourdomain.com").split(",") + +DATABASES = { + "default": { + "ENGINE": "django.db.backends.postgresql", + "NAME": config("DB_NAME"), + "USER": config("DB_USER"), + "PASSWORD": config("DB_PASSWORD"), + "HOST": config("DB_HOST", default="localhost"), + "PORT": config("DB_PORT", default="5432"), + } +} + +SECURE_SSL_REDIRECT = True +SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") +SECURE_HSTS_SECONDS = 31536000 +SECURE_HSTS_INCLUDE_SUBDOMAINS = True +SECURE_HSTS_PRELOAD = True +SECURE_BROWSER_XSS_FILTER = True +SECURE_CONTENT_TYPE_NOSNIFF = True +SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin" +SESSION_COOKIE_SECURE = True +CSRF_COOKIE_SECURE = True diff --git a/manage.py b/manage.py index d76e03f4..7b66f72f 100755 --- a/manage.py +++ b/manage.py @@ -6,7 +6,11 @@ def main(): """Run administrative tasks.""" - os.environ.setdefault("DJANGO_SETTINGS_MODULE", "hello_world.settings") + from hello_world.settings import development as settings + if settings.DEBUG: + os.environ.setdefault("DJANGO_SETTINGS_MODULE", "hello_world.settings.development") + else: + os.environ.setdefault("DJANGO_SETTINGS_MODULE", "hello_world.settings.production") try: from django.core.management import execute_from_command_line except ImportError as exc: From 298823a92d44aaa15348241303d09f508b64a431 Mon Sep 17 00:00:00 2001 From: Snipher Marube Date: Fri, 2 May 2025 14:00:26 +0300 Subject: [PATCH 4/5] separated the settings for production and development --- .env.example | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .env.example diff --git a/.env.example b/.env.example new file mode 100644 index 00000000..28c2689c --- /dev/null +++ b/.env.example @@ -0,0 +1,13 @@ +SECRET_KEY=my_secret_key +DEBUG=True + +CODESPACE_NAME=yourcodespacename +GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN=preview.app.github.dev + + + +DB_HOST=127.0.0.1 +DB_PORT=3306 +DB_DATABASE="" +DB_USERNAME="" +DB_PASSWORD="" From 7c5628a9402707afb495bdb0c8bd41616e89b094 Mon Sep 17 00:00:00 2001 From: Snipher Marube Date: Fri, 2 May 2025 14:02:59 +0300 Subject: [PATCH 5/5] separated the settings for production and development --- .env.example | 2 -- 1 file changed, 2 deletions(-) diff --git a/.env.example b/.env.example index 28c2689c..3fb6beba 100644 --- a/.env.example +++ b/.env.example @@ -4,8 +4,6 @@ DEBUG=True CODESPACE_NAME=yourcodespacename GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN=preview.app.github.dev - - DB_HOST=127.0.0.1 DB_PORT=3306 DB_DATABASE=""