09. Django Opzet gevoelige sleutels in environment variabelen

Django Opzet environment variabelen

Dotenv

Dotenv is een manier om geheime sleutels (publieke als secret) en wachtwoorden op te slaan in environment variabelen.

Deze worden opgeslagen in een .env bestand. het bestand .gitignore moet het bestand .env bevatten zodat dit bestand niet opgeladen wordt in github dit om te voorkomen dat deze sleutels openbaar worden !

Om gebruik te kunnen maken van dotenv moet het python pakket python-dotenv geinstalleerd worden.

pip install python-dotenv

.env bestand

export DJANGO_SETTINGS_MODULE=django_project_naam.settings.prod
export SECRET_KEY='
mijn_secret_key'
export EMAIL_HOST_PASSWORD='geheim_wachtwoord '
export STRIPE_LIVE_PUBLIC_KEY='live_publieke_sleutel'
export STRIPE_LIVE_SECRET_KEY='live_geheime_sleutel '
export STRIPE_PUBLIC_KEY='test_publieke_sleutel '

'
export STRIPE_SECRET_KEY='test_geheime_sleutel '

django_project_naam = naam van je django project gemaakt met de django-admin tool

settings.prod ofwel settings

mijn_secret_key = kan opnieuw gegenereerd  worden op website : https://miniwebtool.com/django-secret-key-generator/

wsgi.py

import os
from dotenv import load_dotenv

project_folder = os.path.expanduser('~/mijn_project_naam')

load_dotenv(os.path.join(project_folder, '.env'))
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()

mijn_project_naam = naam van je django naam folder-map

postactivate   in  ~/local/share/virtualenvs/env_django_project_naam/bin/

#!/bin/bash
# This hook is sourced after this virtualenv is activated.

set -a; source ~/mijn_project_naam/.env;
 

settings/base.py

SECRET_KEY = os.environ['SECRET_KEY']

...

INSTALLED_APPS = [

    'accounts.apps.AccountsConfig',  
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'django.contrib.sites',
    'django.contrib.sitemaps',
    'django.contrib.humanize',
    'django_extensions',
    'land',
    'ckeditor',
    'ckeditor_uploader',
    'robots'
    'base',

   ]

...

LANGUAGE_CODE = 'nl'

TIME_ZONE = 'Europe/Brussels'

...

STATIC_URL = '/static/'

MEDIA_URL = '/media/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'media/')

CKEDITOR_CONFIGS = {
    'default': {
        # Editor Width Adaptation
        'width':'auto',
        'height':'250px',
        # tab key conversion space number
        'tabSpaces': 4,
        # Toolbar Style
        'toolbar': 'full',
        # 'Custom',
        # Toolbar buttons
        # 'toolbar_Custom': [
        #     # Emotional Code Block
        #     ['Smiley', 'CodeSnippet'],
        #     # Font Style
        #     ['Bold', 'Italic', 'Underline', 'RemoveFormat', 'Blockquote'],
        #     # Font color
        #     ['TextColor', 'BGColor'],
        #     # Link link
        #     ['Link', 'Unlink'],
        #     # List of items
        #     ['NumberedList', 'BulletedList'],
        #     # Maximization
        #     ['Maximize']
        # ],
        # Add Prism related plug-ins
        'extraPlugins': ','.join(['codesnippet', 'widget', 'lineutils']),
    }
}

CKEDITOR_UPLOAD_PATH = 'upload/'
CKEDITOR_IMAGE_BACKEND = 'pillow'

LOGIN_URL = '/accounts/login/'
LOGIN_REDIRECT_URL = "/"
LOGOUT_REDIRECT_URL = "/"


EMAIL_USE_TLS= True
EMAIL_HOST= 'smtp.gmail.com'
EMAIL_PORT= 587
DEFAULT_FROM_EMAIL = 'ulefr01.pythonanywhere.com'
EMAIL_HOST_USER= 'ulefr01@gmail.com'
EMAIL_HOST_PASSWORD=
os.environ['EMAIL_HOST_PASSWORD']
EMAIL_BACKEND='django.core.mail.backends.smtp.EmailBackend'

LOG_DIR = os.path.join(BASE_DIR, 'log')

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    # Debugger is active
    'handlers': {
        'django_all': {
            'class': 'logging.FileHandler',
            'filename': os.path.join(LOG_DIR, 'django.log'),
        },
        'land_all': {
            'class': 'logging.FileHandler',
            'filename': os.path.join(LOG_DIR, 'land.log'),
        },
    },
    'loggers': {
        'django.server': {
            'handlers': ['django_all'],
            'level': 'DEBUG',
        },
        'django.request': {
            'handlers': ['django_all'],
            'level': 'INFO',
        },
        # 'django.db.backends': {
        #     'handlers': ['django_all'],
        #     'level': 'DEBUG',
        # },
        'adres': {
            'handlers': ['land_all'],
            'level': 'INFO',
        },
    },
}

settings/dev.py

from .base import *

DEBUG = True

ALLOWED_HOSTS = [
    '127.0.0.2',
    
]

# met gunicorn en gebruik van  .env
STATIC_ROOT = 'django_project_naam /static'

STATICFILES_DIRS = [
     os.path.join(BASE_DIR, 'static/'),

]

# met gunicorn volgende twee lijnen niet commentareren 

STRIPE_PUBLIC_KEY = os.environ['STRIPE_PUBLIC_KEY]'
STRIPE_SECRET_KEY  = os.environ['STRIPE_SECRET_KEY]'

# ofwel met ./manage-py runserver_plus    zonder  .env  volgende twee lijnen 

# STRIPE_PUBLIC_KEY = 'pk_test_....'
# STRIPE_SECRET_KEY = 'sk_test_....'

 

settings/prod.py

from .base import *

DEBUG = False

ALLOWED_HOSTS = [
    'ulefr03.eu.pythonanywhere.com'
    ]

# ./manage.py collectstatic (production only)
STATIC_ROOT = '
django_project_naam/static'

STRIPE_LIVE_PUBLIC_KEY = os.environ['STRIPE_LIVE_PUBLIC_KEY]'
STRIPE_LIVE_SECRET_KEY = os.environ['STRIPE_LIVE_SECRET_KEY]'

# secure in production
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
SECURE_SSL_REDIRECT = True
SECURE_REFERRER_POLICY = 'strict-origin'
SECURE_BROWSER_XSS_FILTER = True

test_opzet_environment_variabelen

dev.py aanpassen

start een virtuele omgeving

vf  activate  env_django_project_naam 

enkel in test  (fish) :   source  .env

gunicorn  -b  127.0.0.2:8000  -w 5  django_project_naam .wsgi

            of

gunicorn  --bind = 127.0.0.2:8000  --workers = 5  django_project_naam .wsgi

probleem /favicon.ico not found

chrome probleem : Fix for Google Chrome favicon loading in Django. You may have noticed that Chrome has issues loading the appropriate favicon on Django if you have it in a different path other than just '/favicon.ico'.

toevoegen in urls.py : 

        from django.views.generic.base import RedirectView

    path('favicon.ico/', RedirectView.as_view(url='/static/css/favicon.ico')),