From 02bd2e3294b21ad3a59604bc48fb0fd2c27b695e Mon Sep 17 00:00:00 2001 From: Taizo 'Tsa6' Simpson Date: Thu, 21 Sep 2017 17:07:42 -0400 Subject: [PATCH 1/4] Added SECRET_KEY to the options file --- EpisodesCommunity/settings.py | 11 ++++++++++- options_example.ini | 3 +++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 options_example.ini diff --git a/EpisodesCommunity/settings.py b/EpisodesCommunity/settings.py index 71bd9a4..f7c0b81 100644 --- a/EpisodesCommunity/settings.py +++ b/EpisodesCommunity/settings.py @@ -11,6 +11,12 @@ https://docs.djangoproject.com/en/1.11/ref/settings/ """ import os +import configparser +import warnings + +config = configparser.ConfigParser() +config.read('options.ini') +options = config['General'] # Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) @@ -20,7 +26,10 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) # See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = '#(5u4*zj+ppjmsa^8mu_e%$0zpou(&9vu^q02g4icb%eu%3qe8' +SECRET_KEY = options.get('secret_key', '5up3r s3cr3t k3y') +if '5up3r s3cr3t k3y' == SECRET_KEY: + warnings.warn("Using a default secret_key, change this in options.ini for production!") + # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True diff --git a/options_example.ini b/options_example.ini new file mode 100644 index 0000000..292ba99 --- /dev/null +++ b/options_example.ini @@ -0,0 +1,3 @@ +[General] +# You MUST change this for production. Not doing so is a major vulnerability +secret_key=5up3r s3cr3t k3y From 090ab138db85651e00eca17dd4b5e8a12349a34a Mon Sep 17 00:00:00 2001 From: Taizo 'Tsa6' Simpson Date: Thu, 21 Sep 2017 17:20:40 -0400 Subject: [PATCH 2/4] Added database to the config file --- EpisodesCommunity/settings.py | 6 ++---- options_example.ini | 6 ++++++ requirements.txt | 1 + 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/EpisodesCommunity/settings.py b/EpisodesCommunity/settings.py index f7c0b81..ec8a8cf 100644 --- a/EpisodesCommunity/settings.py +++ b/EpisodesCommunity/settings.py @@ -10,6 +10,7 @@ For the full list of settings and their values, see https://docs.djangoproject.com/en/1.11/ref/settings/ """ +import dj_database_url import os import configparser import warnings @@ -86,10 +87,7 @@ WSGI_APPLICATION = 'EpisodesCommunity.wsgi.application' # https://docs.djangoproject.com/en/1.11/ref/settings/#databases DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.sqlite3', - 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), - } + 'default': dj_database_url.parse(options.get("database", 'sqlite:///database.db')) } diff --git a/options_example.ini b/options_example.ini index 292ba99..e8b6fc4 100644 --- a/options_example.ini +++ b/options_example.ini @@ -1,3 +1,9 @@ [General] # You MUST change this for production. Not doing so is a major vulnerability secret_key=5up3r s3cr3t k3y + +#Changes where the site stores it's data +#See https://github.com/kennethreitz/dj-database-url +#For configuration details +database=sqlite:///database.sqlite3 + diff --git a/requirements.txt b/requirements.txt index a3f04e5..b52c65d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,3 @@ Django==1.11.4 Pillow=4.2.1 +dj-database-url==0.4.2 From eb94e12f86509c686340c6a689691dd9bc863f76 Mon Sep 17 00:00:00 2001 From: Taizo 'Tsa6' Simpson Date: Thu, 21 Sep 2017 17:27:00 -0400 Subject: [PATCH 3/4] Fix discrepency between default values in settings.py and options.ini --- EpisodesCommunity/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EpisodesCommunity/settings.py b/EpisodesCommunity/settings.py index ec8a8cf..548e7ef 100644 --- a/EpisodesCommunity/settings.py +++ b/EpisodesCommunity/settings.py @@ -87,7 +87,7 @@ WSGI_APPLICATION = 'EpisodesCommunity.wsgi.application' # https://docs.djangoproject.com/en/1.11/ref/settings/#databases DATABASES = { - 'default': dj_database_url.parse(options.get("database", 'sqlite:///database.db')) + 'default': dj_database_url.parse(options.get("database", 'sqlite:///database.sqlite3')) } From 4c186d89b35700f30bf77bd85c22128afadef4f5 Mon Sep 17 00:00:00 2001 From: Taizo 'Tsa6' Simpson Date: Thu, 21 Sep 2017 17:28:50 -0400 Subject: [PATCH 4/4] Add copy instructions for copying options, just to be verbose --- options_example.ini | 2 ++ 1 file changed, 2 insertions(+) diff --git a/options_example.ini b/options_example.ini index e8b6fc4..9d612ba 100644 --- a/options_example.ini +++ b/options_example.ini @@ -1,3 +1,5 @@ +# Copy this file to options.ini to change settings + [General] # You MUST change this for production. Not doing so is a major vulnerability secret_key=5up3r s3cr3t k3y