From edbd28b67a14dd7f007bbf45f2856859ab2026dc Mon Sep 17 00:00:00 2001 From: x11x <28614156+x11x@users.noreply.github.com> Date: Sun, 18 Feb 2018 13:35:23 +1000 Subject: [PATCH 1/5] Change requirements.txt to allow updating to latest patch version Also, allow any version of pytz --- requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index 71ee320..78f52df 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ -Django==1.11.7 -djangorestframework==3.7.1 +Django>=1.11,<1.11.999 +djangorestframework>=3.7,<3.7.999 drf-nested-routers==0.90.0 -pytz==2017.3 +pytz git+git://github.com/etesync/journal-manager@v0.4.1 From 276a926fcbd2a03fb8775fad27ca8e2b9d5261eb Mon Sep 17 00:00:00 2001 From: x11x <28614156+x11x@users.noreply.github.com> Date: Sun, 18 Feb 2018 13:43:29 +1000 Subject: [PATCH 2/5] Use secret.txt file auto-generated in project root as default SECRET_KEY Also add it to .gitignore --- .gitignore | 2 ++ etesync_server/settings.py | 11 ++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 10f1650..aa7817e 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,8 @@ Session.vim /.venv /.coverage /htmlcov +/secret.txt +/static __pycache__ .*.swp diff --git a/etesync_server/settings.py b/etesync_server/settings.py index fd1ae53..ad433cb 100644 --- a/etesync_server/settings.py +++ b/etesync_server/settings.py @@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/1.10/ref/settings/ """ import os +from django.core.management import utils # Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) @@ -20,7 +21,15 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) # See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = '' +SECRET_KEY_FILE = os.path.join(BASE_DIR, "secret.txt") + +try: + with open(SECRET_KEY_FILE, "r") as f: + SECRET_KEY = f.read().strip() +except EnvironmentError: + with open(SECRET_KEY_FILE, "w") as f: + SECRET_KEY = utils.get_random_secret_key() + f.write(SECRET_KEY) # SECURITY WARNING: don't run with debug turned on in production! DEBUG = False From 69655008e07ec0818c5293289fd08676d6d6e131 Mon Sep 17 00:00:00 2001 From: x11x <28614156+x11x@users.noreply.github.com> Date: Sun, 18 Feb 2018 14:19:29 +1000 Subject: [PATCH 3/5] Refactor out the secret.txt file handling to a utils module --- etesync_server/settings.py | 14 ++++---------- etesync_server/utils.py | 11 +++++++++++ 2 files changed, 15 insertions(+), 10 deletions(-) create mode 100644 etesync_server/utils.py diff --git a/etesync_server/settings.py b/etesync_server/settings.py index ad433cb..fe65225 100644 --- a/etesync_server/settings.py +++ b/etesync_server/settings.py @@ -11,7 +11,7 @@ https://docs.djangoproject.com/en/1.10/ref/settings/ """ import os -from django.core.management import utils +from .utils import get_secret_from_file # Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) @@ -21,15 +21,9 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) # See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY_FILE = os.path.join(BASE_DIR, "secret.txt") - -try: - with open(SECRET_KEY_FILE, "r") as f: - SECRET_KEY = f.read().strip() -except EnvironmentError: - with open(SECRET_KEY_FILE, "w") as f: - SECRET_KEY = utils.get_random_secret_key() - f.write(SECRET_KEY) +# See secret.py for how this is generated; uses a file 'secret.txt' in the root +# directory +SECRET_KEY = get_secret_from_file(os.path.join(BASE_DIR, "secret.txt")) # SECURITY WARNING: don't run with debug turned on in production! DEBUG = False diff --git a/etesync_server/utils.py b/etesync_server/utils.py new file mode 100644 index 0000000..8f85f10 --- /dev/null +++ b/etesync_server/utils.py @@ -0,0 +1,11 @@ +from django.core.management import utils + +def get_secret_from_file(path): + try: + with open(path, "r") as f: + return f.read().strip() + except EnvironmentError: + with open(path, "w") as f: + secret_key = utils.get_random_secret_key() + f.write(secret_key) + return secret_key From 3ee704bfb101cbb40b962da5e55b1cb13d0054b1 Mon Sep 17 00:00:00 2001 From: x11x <28614156+x11x@users.noreply.github.com> Date: Sun, 18 Feb 2018 14:20:29 +1000 Subject: [PATCH 4/5] README: elaborate on settings, provide docs links, explain 'secret.txt' Also describe how to update to latest patch-level versions. --- README.md | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 51a3c07..571fc4d 100644 --- a/README.md +++ b/README.md @@ -17,8 +17,20 @@ source .venv/bin/activate pip install -r requirements.txt ``` -Set the django ```SECRET_KEY``` and ```ALLOWED_HOSTS``` in [the settings file](etesync_server/settings.py). -For more information on these please refer to the [django deployment checklist](https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/). +Edit the [settings file](etesync_server/settings.py). Please refer to the +[Django deployment +checklist](https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/) +for full instructions on how to configure a Django app for production. Some +particular settings that should be edited are: + * [`ALLOWED_HOSTS`](https://docs.djangoproject.com/en/1.11/ref/settings/#std:setting-ALLOWED_HOSTS) + -- this is the list of host/domain names or addresses on which the app +will be served + * [`DEBUG`](https://docs.djangoproject.com/en/1.11/ref/settings/#debug) + -- handy for debugging, set to `False` for production + * [`SECRET_KEY`](https://docs.djangoproject.com/en/1.11/ref/settings/#std:setting-SECRET_KEY) + -- an ephemeral secret used for various cryptographic signing and token +generation purposes. See below for how default configuration of +`SECRET_KEY` works for this project. Now you can initialise our django app @@ -50,6 +62,26 @@ That's it! Now all that's left is to open the EteSync app, add an account, and set your custom server address under the "advance" section. +# `SECRET_KEY` and `secret.txt` + +The default configuration creates a file “`secret.txt`” in the project’s +base directory, which is used as the value of the Django `SECRET_KEY` +setting. You can revoke this key by deleting the `secret.txt` file and the +next time the app is run, a new one will be generated. Make sure you keep +the `secret.txt` file secret (don’t accidentally commit it to version +control, exclude it from your backups, etc.). If you want to change to a +more secure system for storing secrets, edit `etesync_server/settings.py` +and implement your own method for setting `SECRET_KEY` (remove the line +where it uses the `get_secret_from_file` function). Read the Django docs +for more information about the `SECRET_KEY` and its uses. + +# Updating + +Inside the virtualenv, run `pip install -U -r requirements.txt` to update +dependencies to latest compatible versions of Django and +djangorestframework (it will only update to latest patch level which should +be API-compatible). + # Supporting EteSync Please consider registering an account even if you self-host in order to support the development of EteSync, or help by spreading the word. From c93fde3ddc39c55abc2151e11d8d2c949f5ff406 Mon Sep 17 00:00:00 2001 From: x11x <28614156+x11x@users.noreply.github.com> Date: Sun, 18 Feb 2018 14:30:50 +1000 Subject: [PATCH 5/5] README: update Django docs link version to 1.11 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 571fc4d..2f80211 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ pip install -r requirements.txt Edit the [settings file](etesync_server/settings.py). Please refer to the [Django deployment -checklist](https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/) +checklist](https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/) for full instructions on how to configure a Django app for production. Some particular settings that should be edited are: * [`ALLOWED_HOSTS`](https://docs.djangoproject.com/en/1.11/ref/settings/#std:setting-ALLOWED_HOSTS)