Add admin login API and remove hardcoded secrets
- Add token-based admin login/logout/me endpoints - Bootstrap admin from ADMIN_USERNAME/ADMIN_PASSWORD in Docker entrypoint - Read ALLOWED_HOSTS and CORS from env only (no hardcoded server IPs) - Keep docs/Postman/tests free of real credentials - Cover login and auth flows with 31 local API tests Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -19,14 +19,16 @@ This document provides instructions for running the Zoneco ORG backend using Doc
|
||||
# Copy and modify as needed
|
||||
SECRET_KEY=your-secret-key-here-change-in-production
|
||||
DEBUG=False
|
||||
ALLOWED_HOSTS=localhost,127.0.0.1,185.208.172.158
|
||||
ALLOWED_HOSTS=localhost,127.0.0.1,YOUR_SERVER_IP
|
||||
POSTGRES_DB=Zoneco_ORG
|
||||
POSTGRES_USER=postgres
|
||||
POSTGRES_PASSWORD=postgres
|
||||
POSTGRES_PASSWORD=change-me
|
||||
POSTGRES_HOST=db
|
||||
POSTGRES_PORT=5432
|
||||
DJANGO_PORT=8000
|
||||
CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000,http://127.0.0.1:5173,http://127.0.0.1:3000,http://185.208.172.158:9123,http://185.208.172.158
|
||||
ADMIN_USERNAME=your-admin-username
|
||||
ADMIN_PASSWORD=your-admin-password
|
||||
CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000,http://YOUR_SERVER_IP:9123
|
||||
```
|
||||
|
||||
3. **Build and start the containers:**
|
||||
|
||||
Reference in New Issue
Block a user