From 6b33e833a328a15f0c16ade1f8c9edcf9913d9b5 Mon Sep 17 00:00:00 2001 From: j Date: Fri, 8 Dec 2017 22:20:53 +0100 Subject: [PATCH] don't store secret in db --- camp/settings.py | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/camp/settings.py b/camp/settings.py index 66356f4..7088e89 100644 --- a/camp/settings.py +++ b/camp/settings.py @@ -19,9 +19,6 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/ -# SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = ')lzq#s+we0&7f=(@g)e2^9n@_fo5vz7l8q7py%5qx%_2dq-o!#' - # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True @@ -123,6 +120,7 @@ USE_TZ = True # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/1.11/howto/static-files/ STATIC_URL = '/static/' +STATIC_ROOT = os.path.join(BASE_DIR, 'static') IMAGE_PREFIX = 'http://studio.camp/images/' @@ -132,3 +130,20 @@ try: except: pass +# Make this unique, creates random key first at first time. +try: + SECRET_KEY +except NameError: + SECRET_FILE = os.path.join(BASE_DIR, 'secret.txt') + try: + SECRET_KEY = open(SECRET_FILE).read().strip() + except IOError: + try: + from django.utils.crypto import get_random_string + chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' + SECRET_KEY = get_random_string(50, chars) + secret = open(SECRET_FILE, 'w') + secret.write(SECRET_KEY) + secret.close() + except IOError: + Exception('Please create a %s file with random characters to generate your secret key!' % SECRET_FILE)