Refactoring: fix env variables usage + small fixes

2025-06-26 04:50:36 +03:00 · 2024-02-26 10:06:38 +03:00 · 2024-02-26 10:06:38 +03:00 · de1ad538d0
commit de1ad538d0
parent 51c2d2bde6
6 changed files with 23 additions and 15 deletions
--- a/README.md
+++ b/README.md
@ -141,6 +141,7 @@ This readme file is used mostly to document project dependencies
 ## Production build

 - provide secrets: 'secrets/db_password.txt', 'django_key.txt', 'email_host.txt', 'email_password.txt', 'email_user.txt'
+- check if you need to change SSL/TLS and PORT in 'rsconcept\backend\.env.prod'
 - setup domain names for application and API in configs: 'frontend\env\.env.production', 'rsconcept\backend\.env.dev', 'nginx\production.conf'
 - provide privacy policy document in PDF: 'frontend/public/privacy.pdf'
 - use certbot to obtain certificates via 'docker compose -f "docker-compose-prod.yml" run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d portal.acconcept.ru api.portal.acconcept.ru'
--- a/docker-compose-prod.yml
+++ b/docker-compose-prod.yml
@ -77,7 +77,7 @@ services:
      - db_password
    env_file: ./postgresql/.env.prod
    environment:
-      POSTGRES_PASSWORD: /run/secrets/db_password
+      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
    volumes:
      - postgres_volume:/var/lib/postgresql/data

--- a/rsconcept/backend/.env.prod
+++ b/rsconcept/backend/.env.prod
@ -1,7 +1,7 @@
 # Application settings

 # SECRET_KEY=
-ALLOWED_HOSTS=portal.acconcept.ru;api.portal.acconcept.ru;localhost
+ALLOWED_HOSTS=portal.acconcept.ru;api.portal.acconcept.ru
 CSRF_TRUSTED_ORIGINS=https://portal.acconcept.ru;https://api.portal.acconcept.ru
 CORS_ALLOWED_ORIGINS=https://portal.acconcept.ru
 CSRF_COOKIE_DOMAIN=.portal.acconcept.ru
@ -16,9 +16,9 @@ MEDIA_ROOT=/home/app/web/media
 # EMAIL_HOST=
 # EMAIL_HOST_USER=
 # EMAIL_HOST_PASSWORD=
-EMAIL_PORT=443
-EMAIL_SSL=True
-EMAIL_TLS=False
+EMAIL_PORT=587
+EMAIL_SSL=False
+EMAIL_TLS=True


 # Database settings
--- a/rsconcept/backend/apps/users/urls.py
+++ b/rsconcept/backend/apps/users/urls.py
@ -1,9 +1,9 @@
 ''' Routing: User profile and Authorization. '''
-from django.urls import path, include
+from django.urls import path
+from django_rest_passwordreset.views import reset_password_confirm # type: ignore
+from django_rest_passwordreset.views import reset_password_request_token # type: ignore
+from django_rest_passwordreset.views import reset_password_validate_token # type: ignore
 from . import views
-from django_rest_passwordreset.views import reset_password_confirm, \
-    reset_password_request_token, \
-    reset_password_validate_token


 urlpatterns = [
--- a/rsconcept/backend/project/settings.py
+++ b/rsconcept/backend/project/settings.py
@ -13,6 +13,13 @@ https://docs.djangoproject.com/en/4.1/ref/settings/
 import os
 from pathlib import Path

+def _get_secret(key: str, default):
+    value = os.environ.get(key, default)
+    if os.path.isfile(value):
+        with open(value, mode='r', encoding='utf-8') as f:
+            return f.read()
+    return value
+
 _TRUE_VARIANTS = [True, 'True', '1']

 # Build paths inside the project like this: BASE_DIR / 'subdir'.
@ -23,7 +30,7 @@ BASE_DIR = Path(__file__).resolve().parent.parent
 # See https://docs.djangoproject.com/en/4.1/howto/deployment/checklist/

 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = os.environ.get('SECRET_KEY', 'not-a-secret')
+SECRET_KEY = _get_secret('SECRET_KEY', 'not-a-secret')

 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = os.environ.get('DEBUG', True) in _TRUE_VARIANTS
@ -32,12 +39,12 @@ ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', '*').split(';')
 INTERNAL_IPS = ['127.0.0.1'] if DEBUG else []

 # MAIL SETUP
-EMAIL_HOST = os.environ.get('EMAIL_HOST', '')
+EMAIL_HOST = _get_secret('EMAIL_HOST', '')
 EMAIL_PORT = int(os.environ.get('EMAIL_PORT', '1025'))
 EMAIL_USE_SSL = os.environ.get('EMAIL_SSL', False) in _TRUE_VARIANTS
 EMAIL_USE_TLS = os.environ.get('EMAIL_TLS', False) in _TRUE_VARIANTS
-EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER', '')
-EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD', '')
+EMAIL_HOST_USER = _get_secret('EMAIL_HOST_USER', '')
+EMAIL_HOST_PASSWORD = _get_secret('EMAIL_HOST_PASSWORD', '')
 EMAIL_BACKEND = \
    'django.core.mail.backends.smtp.EmailBackend' \
    if EMAIL_HOST != '' else \
@ -143,7 +150,7 @@ DATABASES = {
        'ENGINE': os.environ.get('DB_ENGINE', 'django.db.backends.sqlite3'),
        'NAME': os.environ.get('DB_NAME', BASE_DIR / 'db.sqlite3'),
        'USER': os.environ.get('DB_USER'),
-        'PASSWORD': os.environ.get('DB_PASSWORD'),
+        'PASSWORD': _get_secret('DB_PASSWORD', ''),
        'HOST': os.environ.get('DB_HOST'),
        'DB_PORT': os.environ.get('DB_PORT'),
    }
--- a/rsconcept/frontend/src/components/InfoError.tsx
+++ b/rsconcept/frontend/src/components/InfoError.tsx
@ -50,7 +50,7 @@ function DescribeError({ error }: { error: ErrorData }) {

 function InfoError({ error }: InfoErrorProps) {
  return (
-    <AnimateFade className='px-3 py-2 min-w-[15rem] text-sm font-semibold select-text clr-text-warning'>
+    <AnimateFade className='px-3 py-2 min-w-[25rem] w-full text-sm font-semibold select-text clr-text-warning'>
      <DescribeError error={error} />
    </AnimateFade>
  );