From 25e2799c0f0e46b1a6d78bcc849cc777e67a01f1 Mon Sep 17 00:00:00 2001 From: N3WT DE COMPET Date: Sat, 31 May 2025 17:16:32 +0200 Subject: [PATCH] =?UTF-8?q?fix:=20mise=20=C3=A0=20jour=20settings=20pour?= =?UTF-8?q?=20la=20prod=20/=20correction=20CORS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Back-End/N3wtSchool/error.py | 16 +++++---- Back-End/N3wtSchool/middleware.py | 5 ++- Back-End/N3wtSchool/settings.py | 55 +++++++++++-------------------- 3 files changed, 34 insertions(+), 42 deletions(-) diff --git a/Back-End/N3wtSchool/error.py b/Back-End/N3wtSchool/error.py index 9ed28db..a357692 100644 --- a/Back-End/N3wtSchool/error.py +++ b/Back-End/N3wtSchool/error.py @@ -1,4 +1,5 @@ from typing import Final +from N3wtSchool import settings WRONG_ID: Final = 1 INCOMPLETE: Final = 2 @@ -8,11 +9,14 @@ DIFFERENT_PASWWORD: Final = 5 PROFIL_NOT_EXISTS: Final = 6 MESSAGE_REINIT_PASSWORD: Final = 7 EXPIRED_URL: Final = 8 -PASSWORD_CHANGED: Final = 8 -WRONG_MAIL_FORMAT: Final = 9 -PROFIL_INACTIVE: Final = 10 -MESSAGE_ACTIVATION_PROFILE: Final = 11 -PROFIL_ACTIVE: Final = 12 +PASSWORD_CHANGED: Final = 9 +WRONG_MAIL_FORMAT: Final = 10 +PROFIL_INACTIVE: Final = 11 +MESSAGE_ACTIVATION_PROFILE: Final = 12 +PROFIL_ACTIVE: Final = 13 + +def get_expired_url_message(): + return f"L'URL a expiré. Effectuer à nouveau la demande de réinitialisation de mot de passe : {settings.BASE_URL}/password/new" returnMessage = { WRONG_ID:'Identifiants invalides', @@ -22,7 +26,7 @@ returnMessage = { DIFFERENT_PASWWORD: 'Les mots de passe ne correspondent pas', PROFIL_NOT_EXISTS: 'Aucun profil associé à cet utilisateur', MESSAGE_REINIT_PASSWORD: 'Un mail a été envoyé à l\'adresse \'%s\'', - EXPIRED_URL:'L\'URL a expiré. Effectuer à nouveau la demande de réinitialisation de mot de passe : http://localhost:3000/password/new', + EXPIRED_URL: get_expired_url_message(), PASSWORD_CHANGED: 'Le mot de passe a été réinitialisé', WRONG_MAIL_FORMAT: 'L\'adresse mail est mal formatée', PROFIL_INACTIVE: 'Le profil n\'est pas actif', diff --git a/Back-End/N3wtSchool/middleware.py b/Back-End/N3wtSchool/middleware.py index b923652..2035519 100644 --- a/Back-End/N3wtSchool/middleware.py +++ b/Back-End/N3wtSchool/middleware.py @@ -1,8 +1,11 @@ +from django.conf import settings + + class ContentSecurityPolicyMiddleware: def __init__(self, get_response): self.get_response = get_response def __call__(self, request): response = self.get_response(request) - response['Content-Security-Policy'] = "frame-ancestors 'self' http://localhost:3000" + response['Content-Security-Policy'] = f"frame-ancestors 'self' {settings.BASE_URL}" return response diff --git a/Back-End/N3wtSchool/settings.py b/Back-End/N3wtSchool/settings.py index 0fc37e2..5d609e5 100644 --- a/Back-End/N3wtSchool/settings.py +++ b/Back-End/N3wtSchool/settings.py @@ -32,11 +32,8 @@ LOGIN_REDIRECT_URL = '/Subscriptions/registerForms' # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/5.0/howto/deployment/checklist/ -# SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = 'django-insecure-afjm6kvigncxzx6jjjf(qb0n(*qvi#je79r=gqflcn007d_ve9' - # SECURITY WARNING: don't run with debug turned on in production! -DEBUG = True +DEBUG = os.getenv('DJANGO_DEBUG', True) ALLOWED_HOSTS = ['*'] @@ -212,8 +209,6 @@ USE_I18N = True # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/5.0/howto/static-files/ -DEBUG = True - STATIC_URL = 'static/' STATICFILES_DIRS = [ @@ -233,33 +228,18 @@ DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' ######################################################################## - -DJANGO_SUPERUSER_PASSWORD='admin' -DJANGO_SUPERUSER_USERNAME='admin' -DJANGO_SUPERUSER_EMAIL='admin@n3wtschool.com' # Configuration de l'email de l'application -smtp_config_file = 'N3wtSchool/Configuration/application.json' - -if os.path.exists(smtp_config_file): - try: - with open(smtp_config_file, 'r') as f: - smtpSettings = json.load(f) - EMAIL_HOST = smtpSettings.get('hostSMTP', '') - EMAIL_PORT = smtpSettings.get('portSMTP', 587) - EMAIL_HOST_USER = smtpSettings.get('username', '') - EMAIL_HOST_PASSWORD = smtpSettings.get('password', '') - EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' - EMAIL_USE_TLS = smtpSettings.get('useTLS', True) - EMAIL_USE_SSL = smtpSettings.get('useSSL', False) - except Exception as e: - logger.error(f"Erreur lors de la lecture du fichier de configuration SMTP : {e}") -else: - logger.error(f"Fichier de configuration SMTP introuvable : {smtp_config_file}") +EMAIL_HOST = os.getenv('EMAIL_HOST', 'smtp.example.com') +EMAIL_PORT = os.getenv('EMAIL_PORT', 587) +EMAIL_HOST_USER = os.getenv('EMAIL_HOST_USER', '') +EMAIL_HOST_PASSWORD = os.getenv('EMAIL_HOST_PASSWORD', '') +EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' +EMAIL_USE_TLS = os.getenv('EMAIL_USE_TLS', True) +EMAIL_USE_SSL = os.getenv('EMAIL_USE_SSL', False) DOCUMENT_DIR = 'documents' # Configuration CORS temporaire pour debug -CORS_ALLOW_ALL_HEADERS = True CORS_ALLOW_CREDENTIALS = True # Configuration CORS spécifique pour la production @@ -298,14 +278,19 @@ CSRF_COOKIE_NAME = 'csrftoken' USE_TZ = True TZ_APPLI = 'Europe/Paris' +DB_NAME = os.getenv('DB_NAME', 'school') +DB_USER = os.getenv('DB_USER', 'postgres') +DB_PASSWORD = os.getenv('DB_PASSWORD', 'postgres') +DB_HOST = os.getenv('DB_HOST', 'database') +DB_PORT = os.getenv('DB_PORT', '5432') DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', - "NAME": "school", - "USER": "postgres", - "PASSWORD": "postgres", - "HOST": "database", - "PORT": "5432", + "NAME": DB_NAME, + "USER": DB_USER, + "PASSWORD": DB_PASSWORD, + "HOST": DB_HOST, + "PORT": DB_PORT, } } @@ -340,14 +325,14 @@ CELERY_RESULT_SERIALIZER = 'json' CELERY_TIMEZONE = 'Europe/Paris' CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP = True -URL_DJANGO = 'http://localhost:8080/' +URL_DJANGO = os.getenv('URL_DJANGO', 'http://localhost:8080/') REDIS_HOST = 'redis' REDIS_PORT = 6379 REDIS_DB = 0 REDIS_PASSWORD = None -SECRET_KEY = 'QWQ8bYlCz1NpQ9G0vR5kxMnvWszfH2y3' +SECRET_KEY = os.getenv('SECRET_KEY', 'QWQ8bYlCz1NpQ9G0vR5kxMnvWszfH2y3') SIMPLE_JWT = { 'ACCESS_TOKEN_LIFETIME': timedelta(minutes=15), 'REFRESH_TOKEN_LIFETIME': timedelta(days=1),