Add admin login API and remove hardcoded secrets
- Add token-based admin login/logout/me endpoints - Bootstrap admin from ADMIN_USERNAME/ADMIN_PASSWORD in Docker entrypoint - Read ALLOWED_HOSTS and CORS from env only (no hardcoded server IPs) - Keep docs/Postman/tests free of real credentials - Cover login and auth flows with 31 local API tests Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
13
api/urls.py
13
api/urls.py
@@ -1,6 +1,13 @@
|
||||
from django.urls import path, include
|
||||
from rest_framework.routers import DefaultRouter
|
||||
from .views import ContactUsViewSet, CompositionViewSet, CampaignViewSet
|
||||
from .views import (
|
||||
ContactUsViewSet,
|
||||
CompositionViewSet,
|
||||
CampaignViewSet,
|
||||
admin_login,
|
||||
admin_logout,
|
||||
admin_me,
|
||||
)
|
||||
|
||||
router = DefaultRouter()
|
||||
router.register(r'contact-us', ContactUsViewSet, basename='contact-us')
|
||||
@@ -8,6 +15,8 @@ router.register(r'compositions', CompositionViewSet, basename='composition')
|
||||
router.register(r'campaigns', CampaignViewSet, basename='campaign')
|
||||
|
||||
urlpatterns = [
|
||||
path('admin/login/', admin_login, name='admin-login'),
|
||||
path('admin/logout/', admin_logout, name='admin-logout'),
|
||||
path('admin/me/', admin_me, name='admin-me'),
|
||||
path('', include(router.urls)),
|
||||
]
|
||||
|
||||
|
||||
Reference in New Issue
Block a user