Cafw/yitao-ren-gallery
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: integrate python-decouple for environment-based configuration

Browse Source 
Replace hardcoded SECRET_KEY, DEBUG, ALLOWED_HOSTS, SITE_NAME, COPYRIGHT_TEXT
with decouple.config() calls; add CSRF_TRUSTED_ORIGINS support via .env.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Cafw
2026-02-25 17:03:59 +08:00
parent 8b57a7b66a
commit 528225300a
3 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.env.example
View File

@@ -13,8 +13,8 @@ EMAIL_HOST_USER=
EMAIL_HOST_PASSWORD= EMAIL_HOST_PASSWORD=
# Security Settings (for production) # Security Settings (for production)
# ALLOWED_HOSTS=yourdomain.com,www.yourdomain.com ALLOWED_HOSTS=yourdomain.com,www.yourdomain.com
# CSRF_TRUSTED_ORIGINS=https://yourdomain.com,https://www.yourdomain.com CSRF_TRUSTED_ORIGINS=https://yourdomain.com,https://www.yourdomain.com
# File Upload Settings # File Upload Settings
FILE_UPLOAD_MAX_MEMORY_SIZE=5242880 FILE_UPLOAD_MAX_MEMORY_SIZE=5242880

3
requirements.txt
View File

@@ -3,4 +3,5 @@ Pillow==10.0.0
django-cleanup==8.0.0 django-cleanup==8.0.0
django-imagekit==4.1.0 django-imagekit==4.1.0
django-taggit==4.0.0 django-taggit==4.0.0
python-slugify==8.0.1 python-slugify==8.0.1
python-decouple==3.8

13
yitao_gallery/settings.py
View File

@@ -12,6 +12,7 @@ https://docs.djangoproject.com/en/4.2/ref/settings/
import os import os
from pathlib import Path from pathlib import Path
from decouple import config, Csv
# Build paths inside the project like this: BASE_DIR / 'subdir'. # Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent BASE_DIR = Path(__file__).resolve().parent.parent
@@ -21,12 +22,14 @@ BASE_DIR = Path(__file__).resolve().parent.parent
# See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/ # See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret! # SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'django-insecure-!@#$%^&*()_+yitao-ren-gallery-secret-key-change-in-production' SECRET_KEY = config('SECRET_KEY')
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True DEBUG = config('DEBUG', default=False, cast=bool)
ALLOWED_HOSTS = ["localhost", "106.15.60.252", "gallery.lizexua.com"] ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='localhost', cast=Csv())
CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default='', cast=Csv())
# Application definition # Application definition
@@ -148,8 +151,8 @@ IMAGE_MAX_HEIGHT = 1080
THUMBNAIL_SIZE = (400, 400) THUMBNAIL_SIZE = (400, 400)
# Site settings # Site settings
SITE_NAME = "YITAO-REN GALLERY" SITE_NAME = config('SITE_NAME', default='YITAO-REN GALLERY')
COPYRIGHT_TEXT = "© 2026 Yitao-Ren Gallery & iTao TV" COPYRIGHT_TEXT = config('COPYRIGHT_TEXT', default='© 2026 Yitao-Ren Gallery & iTao TV')
# Security settings for production (commented out for development) # Security settings for production (commented out for development)
# SECURE_SSL_REDIRECT = True # SECURE_SSL_REDIRECT = True