Merge pull request #31 from dishansa/main

Replace hardcoded sensitive data with environment variables

.devcontainer/devcontainer.json

@@ -5,7 +5,7 @@
   },
   "waitFor": "onCreateCommand",
   "updateContentCommand": "pip install -r requirements.txt && python manage.py migrate",
-  "postCreateCommand": "",
+  "postCreateCommand": "cp .env.example .env",
   "postAttachCommand": {
     "server": "python manage.py runserver"
   },

.env.example

@@ -0,0 +1,11 @@
+SECRET_KEY=my_secret_key
+DEBUG=True
+
+# ALLOWED_HOSTS=yourdomain.com,anotherdomain.com (Each host is separated by a comma)
+ALLOWED_HOSTS=*
+
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE=""
+DB_USERNAME=""
+DB_PASSWORD=""

.gitignore

@@ -1,5 +1,5 @@
 db.sqlite3
 __pycache__/
 staticfiles/
-.env/
+.env
 venv/

README.md

@@ -10,7 +10,6 @@ To collect static files:
 ```python
 python manage.py collectstatic
 ```
-
 To run this application:
 
 ```python

hello_world/settings.py

@@ -11,6 +11,9 @@
 """
 import os
 from pathlib import Path
+from dotenv import load_dotenv
+
+load_dotenv()
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
@@ -20,12 +23,12 @@
 # See https://docs.djangoproject.com/en/4.1/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = "django-insecure-rc@04_mry_3-$@2sq$b9%-9jp6q2eyxf4bsw9&&esj++aw&r)p"
+SECRET_KEY = os.getenv("SECRET_KEY")
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = os.getenv("DEBUG")
 
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '').split(',')
 
 if 'CODESPACE_NAME' in os.environ:
     codespace_name = os.getenv("CODESPACE_NAME")

requirements.txt

@@ -1,2 +1,3 @@
 Django==4.1.13
 django-browser-reload==1.6.0
+python-dotenv==1.0.0