* Store keys in env variables

* Cleanup
2024-04-27 19:54:30 +04:00 · 2024-04-27 19:54:30 +04:00 · 7d9f13b7d5
commit 7d9f13b7d5
parent 94870a7183
4 changed files with 40 additions and 7 deletions
--- a/.env
+++ b/.env
@ -1 +1,19 @@
-APP_HOME=/var/www/phzhik-poizonstore/
+APP_HOME=/var/www/poizonstore-stage
+
+# === Keys ===
+# Django
+SECRET_KEY=""
+
+# Telegram bot
+TG_BOT_TOKEN=""
+
+# External API settings
+CDEK_CLIENT_ID=""
+CDEK_CLIENT_SECRET=""
+POIZON_TOKEN=""
+CURRENCY_GETGEOIP_API_KEY=""
+
+# Let's Encrypt
+LETSENCRYPT_EMAIL="phzhitnikov@gmail.com"
+
+ALLOWED_HOSTS=.crm-poizonstore.ru,127.0.0.1,localhost,45.84.227.72
--- a/.gitignore
+++ b/.gitignore
@ -7,6 +7,7 @@ media/**/*
 assets/**/*

 env
+*.env
 .idea
 .DS_Store
 db.sqlite3
--- a/_docs/source3.jpeg
+++ b/_docs/source3.jpeg
--- a/poizonstore/settings.py
+++ b/poizonstore/settings.py
@ -13,33 +13,47 @@ import os
 from pathlib import Path

 import sentry_sdk
+from django.core.exceptions import ImproperlyConfigured

 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent


+def get_secret(setting):
+    """Get the secret variable or return explicit exception."""
+    try:
+        return os.environ[setting]
+    except KeyError:
+        error_msg = f'Set the {setting} environment variable'
+        raise ImproperlyConfigured(error_msg)
+
+
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/

 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '***REMOVED***'
+SECRET_KEY = get_secret("SECRET_KEY")
+

 # External API settings
-CDEK_CLIENT_ID = '***REMOVED***'
-CDEK_CLIENT_SECRET = '***REMOVED***'
+CDEK_CLIENT_ID = get_secret("CDEK_CLIENT_ID")
+CDEK_CLIENT_SECRET = get_secret("CDEK_CLIENT_SECRET")

-POIZON_TOKEN = '***REMOVED***'
+POIZON_TOKEN = get_secret("POIZON_TOKEN")

-CURRENCY_GETGEOIP_API_KEY = '***REMOVED***'
+CURRENCY_GETGEOIP_API_KEY = get_secret("CURRENCY_GETGEOIP_API_KEY")

 EXTERNAL_API_TIMEOUT_SEC = 60

+# Telegram bot
+TG_BOT_TOKEN = get_secret("TG_BOT_TOKEN")
+
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = bool(int(os.environ.get("DJANGO_DEBUG") or 0))
 DISABLE_PERMISSIONS = False
 DISABLE_CORS = True

-ALLOWED_HOSTS = ["crm-poizonstore.ru", "127.0.0.1", "localhost", "45.84.227.72"]
+ALLOWED_HOSTS = get_secret('ALLOWED_HOSTS').split(',')

 INTERNAL_IPS = ["127.0.0.1", 'localhost']