Rework CSRF and improved .woodpecker.yml

.dockerignore

@@ -3,4 +3,5 @@ chrome/
 dumps/
 media/
 TODO.md
-.env
+.env
+documentation/

.env.sample

@@ -39,6 +39,7 @@ REDIS_PORT = '6379'
 # Celery
 CELERY_BROKER = 'redis://redis:6379/0'
 CELERY_RESULT_BACKEND = 'redis://redis:6379/0'
+CELERY_FLOWER_PORT = 5555
 
 # Stripe
 STRIPE_SECRET_KEY = ''
@@ -49,7 +50,7 @@ SERVE_MEDIA = 'False'
 BACKEND_ADDRESS = 'localhost'
 BACKEND_PORT = 8000
 FRONTEND_ADDRESS = 'localhost'
-FRONTEND_PORT = 4200
+FRONTEND_PORT = 4200 # Set this to 443 in production (HTTPS)
 USE_HTTPS = 'False'
 TIMEZONE = 'Asia/Manila'
 

.woodpecker.yml

@@ -7,7 +7,7 @@ steps:
       - event: push
     commands:
       - docker build . -t git.keannu1.duckdns.org/keannu125/drf_template
-      - echo "$REGISTRY_PASSWORD" | docker login --password-stdin -u "$REGISTRY_USERNAME" -- "$CI_REGISTRY"
+      - echo "$REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" --password-stdin -u "$REGISTRY_USERNAME"
       - docker push git.keannu1.duckdns.org/keannu125/drf_template
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
@@ -23,7 +23,7 @@ steps:
       - chmod 600 /root/.ssh/id_rsa
       - echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > /root/.ssh/config
       - ssh root@10.0.10.4 '
-        cd /mnt/sdb1/files/docker projects/DRF-Template;
+        cd $PROJECT_DIR;
         docker-compose down;
         docker image rm git.keannu1.duckdns.org/keannu125/drf_template;
         docker volume rm git.keannu1.duckdns.org/keannu125/drf_template_db_data;

README.md

@@ -1,5 +1,7 @@
 ## DRF-Template
 
+![Build Status](https://woodpecker.06222001.xyz/api/badges/3/status.svg)
+
 This is a Django template that I personally use for my projects. This covers the following
 
 - Emails (and templated email designs)

backend/config/settings.py

@@ -35,17 +35,20 @@ def get_secret(secret_name):
 
 
 # URL Prefixes
-USE_HTTPS = (get_secret('USE_HTTPS') == 'True')
+URL_SCHEME = 'https' if (get_secret('USE_HTTPS') == 'True') else 'http'
-URL_PREFIX = 'https://' if USE_HTTPS else 'http://'
+# Backend
-BACKEND_URL = URL_PREFIX + \
+BACKEND_ADDRESS = get_secret('BACKEND_ADDRESS')
-    get_secret('BACKEND_ADDRESS') + ':' + get_secret('BACKEND_PORT')
+BACKEND_PORT = get_secret('BACKEND_PORT')
-FRONTEND_URL = URL_PREFIX + \
+# Frontend
-    get_secret('FRONTEND_ADDRESS') + ':' + get_secret('FRONTEND_PORT')
+FRONTEND_ADDRESS = get_secret('FRONTEND_ADDRESS')
+FRONTEND_PORT = get_secret('FRONTEND_PORT')
 
 ALLOWED_HOSTS = ['*']
 CSRF_TRUSTED_ORIGINS = [
-    BACKEND_URL,
+    # Frontend
-    FRONTEND_URL
+    f'{URL_SCHEME}://{FRONTEND_ADDRESS}:{FRONTEND_PORT}',
+    # Backend
+    f'{URL_SCHEME}://{BACKEND_ADDRESS}:{BACKEND_PORT}',
     # You can also set up https://*.name.xyz for wildcards here
 ]
 

backend/payments/views.py

@@ -1,4 +1,4 @@
-from config.settings import STRIPE_SECRET_KEY, STRIPE_SECRET_WEBHOOK, FRONTEND_URL
+from config.settings import STRIPE_SECRET_KEY, STRIPE_SECRET_WEBHOOK, URL_SCHEME, FRONTEND_ADDRESS, FRONTEND_PORT
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.views import APIView
 from rest_framework.response import Response
@@ -87,9 +87,10 @@ class StripeCheckoutView(APIView):
                     'error': 'Regular users cannot avail prorated plans'
                 }, status=status.HTTP_403_FORBIDDEN)
 
-            success_url = FRONTEND_URL + \
+            success_url = f'{URL_SCHEME}://{FRONTEND_ADDRESS}:{FRONTEND_PORT}' + \
                 '/user/subscription/payment?success=true&agency=False&session_id={CHECKOUT_SESSION_ID}'
-            cancel_url = FRONTEND_URL + '/user/subscription/payment?success=false&user_group=False'
+            cancel_url = f'{URL_SCHEME}://{FRONTEND_ADDRESS}:{FRONTEND_PORT}' + \
+                '/user/subscription/payment?success=false&user_group=False'
 
             checkout_session = stripe.checkout.Session.create(
                 line_items=[

docker-compose.yml

@@ -59,7 +59,7 @@ services:
       - RUN_TYPE=monitor
     image: drf_template:latest
     ports:
-      - "5555:5555"
+      - "${CELERY_FLOWER_PORT}:5555"
     volumes:
       - .:/code
     depends_on:

start.sh

@@ -1,36 +1,32 @@
 #!/bin/bash
-set -e
+# read .env values
+awk -F= '$1 == "BACKEND_DEBUG" {print $2}' .env
+awk -F= '$1 == "BACKEND_PORT" {print $2}' .env
+awk -F= '$1 == "CELERY_FLOWER_PORT" {print $2}' .env
 
 echo "Running as: $RUN_TYPE"
+cd backend/
 if [ "$RUN_TYPE" = "web" ]; then
-    python backend/manage.py spectacular --color --file backend/schema.yml
+    python manage.py graph_models -o ../documentation/erd/app_models.png
-    python backend/manage.py migrate
+    python manage.py spectacular --color --file schema.yml
-    if [ ! -d "backend/static" ]; then
+    python manage.py migrate
+    if [ ! -d "static" ]; then
         echo "Generating static files"
-        python backend/manage.py collectstatic --noinput
+        python manage.py collectstatic --noinput
+    fi
+    if [ "$BACKEND_DEBUG" = 'True' ]; then   
+        python manage.py runserver "0.0.0.0:${BACKEND_PORT:-8000}"
+    else
+        python -m granian --host 0.0.0.0 --port "${BACKEND_PORT:-8000}" --workers 8 --interface wsgi config.wsgi:application
     fi
-    python backend/manage.py graph_models -o documentation/erd/app_models.png
-    cd backend
-    # python manage.py runserver 0.0.0.0:8000
-    python -m granian --host 0.0.0.0 --workers 8 --interface wsgi config.wsgi:application
 elif [ "$RUN_TYPE" = "worker" ]; then
-    cd backend && celery -A config worker -l INFO -E --concurrency 1
+    celery -A config worker -l INFO -E --concurrency 1
 elif [ "$RUN_TYPE" = "beat" ]; then
     sleep 15
-    cd backend && celery -A config beat -l INFO --scheduler django_celery_beat.schedulers:DatabaseScheduler
+    celery -A config beat -l INFO --scheduler django_celery_beat.schedulers:DatabaseScheduler
 elif [ "$RUN_TYPE" = "monitor" ]; then
-    cd backend && celery -A config flower --port=5555
+    celery -A config flower --port="${CELERY_FLOWER_PORT:-5555}"
 else
-    echo "No RUN_TYPE value set. Defaulting to web mode"
+    echo "No RUN_TYPE value set. Exiting"
-    echo "No value specified, defaulting to web"
+    exit 1
-    python backend/manage.py spectacular --color --file backend/schema.yml
-    python backend/manage.py migrate
-    if [ ! -d "backend/static" ]; then
-        echo "Generating static files"
-        python backend/manage.py collectstatic --noinput
-    fi
-    python backend/manage.py graph_models -o documentation/erd/app_models.png
-    cd backend
-    # python manage.py runserver 0.0.0.0:8000
-    python -m granian --host 0.0.0.0 --workers 8 --interface wsgi config.wsgi:application
 fi