From 6b33e833a328a15f0c16ade1f8c9edcf9913d9b5 Mon Sep 17 00:00:00 2001
From: j <j@mailb.org>
Date: Fri, 8 Dec 2017 22:20:53 +0100
Subject: [PATCH] don't store secret in db

---
 camp/settings.py | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/camp/settings.py b/camp/settings.py
index 66356f4..7088e89 100644
--- a/camp/settings.py
+++ b/camp/settings.py
@@ -19,9 +19,6 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
 
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = ')lzq#s+we0&7f=(@g)e2^9n@_fo5vz7l8q7py%5qx%_2dq-o!#'
-
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
@@ -123,6 +120,7 @@ USE_TZ = True
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.11/howto/static-files/
 STATIC_URL = '/static/'
+STATIC_ROOT = os.path.join(BASE_DIR, 'static')
 
 
 IMAGE_PREFIX = 'http://studio.camp/images/'
@@ -132,3 +130,20 @@ try:
 except:
     pass
 
+# Make this unique, creates random key first at first time.
+try:
+    SECRET_KEY
+except NameError:
+    SECRET_FILE = os.path.join(BASE_DIR, 'secret.txt')
+    try:
+        SECRET_KEY = open(SECRET_FILE).read().strip()
+    except IOError:
+        try:
+            from django.utils.crypto import get_random_string
+            chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
+            SECRET_KEY = get_random_string(50, chars)
+            secret = open(SECRET_FILE, 'w')
+            secret.write(SECRET_KEY)
+            secret.close()
+        except IOError:
+            Exception('Please create a %s file with random characters to generate your secret key!' % SECRET_FILE)