From 44a6c59bb3f81fbb54dab2116cc9368581585ba9 Mon Sep 17 00:00:00 2001 From: ViolanteCodes Date: Fri, 9 Oct 2020 14:06:45 -0400 Subject: [PATCH 1/4] Added secrets.json to /src. Moved SECRET_KEY to secrets.json and added define_secrets function in settings.py to call SECRET_KEY from src.secrets.json. Updated readme and added secondary command to launch venv. --- README.md | 7 ++++--- src/lobby/settings.py | 18 +++++++++++++++++- src/secrets.json | 3 +++ 3 files changed, 24 insertions(+), 4 deletions(-) create mode 100644 src/secrets.json diff --git a/README.md b/README.md index 14c72c8..646e97f 100644 --- a/README.md +++ b/README.md @@ -15,13 +15,14 @@ We currently run a trial instance of this project on # To run it locally You need to start by setting the `SECRET_KEY` variable in -`src/lobby/settings.py`. This value can be an arbitrary string, and you should -never commit changes to `settings.py`. +`src/secrets.json'. This value can be an arbitrary string, and you should +never commit changes to `settings.py`. Secrets.json is currently added to +the .gitignore to avoid commits. Then run the following commands: ``` -$ virtualenv -p python3.7 .env +$ virtualenv -p python3.7 .env $ source .env/bin/activate $ pip install -r requirements.txt $ python src/manage.py makemigrations diff --git a/src/lobby/settings.py b/src/lobby/settings.py index 1a1490c..2369a96 100644 --- a/src/lobby/settings.py +++ b/src/lobby/settings.py @@ -1,8 +1,24 @@ import os +import json +from django.core.exceptions import ImproperlyConfigured # Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) +# Assign secrets.json to variable secrets_filepath +secrets_filepath = os.path.join(BASE_DIR,'secrets.json') + +# Retrieve secrets from secrets json dictionary and load into memory +with open(secrets_filepath) as secrets_contents: + secrets = json.load(secrets_contents) + +def get_secret(setting, secrets=secrets): + """Get secret setting from json, or fail with ImproperlyConfigured""" + try: + return secrets[setting] + except KeyError: + raise ImproperlyConfigured(f"You have not set the {setting} setting") + # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/ @@ -100,7 +116,7 @@ ALLOWED_HOSTS = ["localhost"] DEBUG = True # SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = "" +SECRET_KEY = get_secret('SECRET_KEY') # SECURITY WARNING: Gitlab credentials. GITLAB_URL = "https://gitlab.torproject.org/" diff --git a/src/secrets.json b/src/secrets.json new file mode 100644 index 0000000..3cba4bb --- /dev/null +++ b/src/secrets.json @@ -0,0 +1,3 @@ +{ + "SECRET_KEY": "" +} \ No newline at end of file -- GitLab From fd5095ee81ed5ff0a342b7b11eb0dba0fa5f9f53 Mon Sep 17 00:00:00 2001 From: ViolanteCodes Date: Fri, 9 Oct 2020 14:36:52 -0400 Subject: [PATCH 2/4] Added secrets.json to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 9870abf..7d682dc 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ src/static/ src/core/migrations .env +src/secrets.json \ No newline at end of file -- GitLab From 595f08e23d6c5ea607b6c7c156f9644d89404a72 Mon Sep 17 00:00:00 2001 From: ViolanteCodes Date: Mon, 12 Oct 2020 10:32:22 -0400 Subject: [PATCH 3/4] Added GITLAB_SECRET_TOKEN and AUTO_ACCEPT_LIST to secrets.json --- src/lobby/settings.py | 4 ++-- src/secrets.json | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/lobby/settings.py b/src/lobby/settings.py index 2369a96..f39340b 100644 --- a/src/lobby/settings.py +++ b/src/lobby/settings.py @@ -120,7 +120,7 @@ SECRET_KEY = get_secret('SECRET_KEY') # SECURITY WARNING: Gitlab credentials. GITLAB_URL = "https://gitlab.torproject.org/" -GITLAB_SECRET_TOKEN = "" +GITLAB_SECRET_TOKEN = get_secret('GITLAB_SECRET_TOKEN') # SECURITY: List of suffixes to automatic approve for email accounts. -AUTO_ACCEPT_LIST = ["riseup.net"] +AUTO_ACCEPT_LIST = get_secret('AUTO_ACCEPT_LIST') diff --git a/src/secrets.json b/src/secrets.json index 3cba4bb..4414254 100644 --- a/src/secrets.json +++ b/src/secrets.json @@ -1,3 +1,5 @@ { - "SECRET_KEY": "" + "SECRET_KEY":"", + "GITLAB_SECRET_TOKEN":"", + "AUTO_ACCEPT_LIST":"" } \ No newline at end of file -- GitLab From b2243c6d2b874ac851b684fca00aa582383ba153 Mon Sep 17 00:00:00 2001 From: ViolanteCodes Date: Mon, 12 Oct 2020 10:37:08 -0400 Subject: [PATCH 4/4] Re-added src/secrets.json to gitignore --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 7d682dc..06c9993 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,4 @@ src/static/ src/core/migrations .env -src/secrets.json \ No newline at end of file +src/secrets.json -- GitLab