- Add token-based admin login/logout/me endpoints - Bootstrap admin from ADMIN_USERNAME/ADMIN_PASSWORD in Docker entrypoint - Read ALLOWED_HOSTS and CORS from env only (no hardcoded server IPs) - Keep docs/Postman/tests free of real credentials - Cover login and auth flows with 31 local API tests Co-authored-by: Cursor <cursoragent@cursor.com>
38 lines
1.1 KiB
Plaintext
38 lines
1.1 KiB
Plaintext
# Environment Variables Template
|
|
# Copy this file to .env and fill in your values
|
|
# DO NOT commit .env to version control
|
|
|
|
# Django Settings
|
|
SECRET_KEY=your-secret-key-here-change-in-production
|
|
# Generate a secret key with:
|
|
# python -c "from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())"
|
|
DEBUG=False
|
|
|
|
# Comma-separated hostnames/IPs for this server (no hardcoded defaults in code)
|
|
# Example: ALLOWED_HOSTS=YOUR_SERVER_IP,your-domain.com
|
|
ALLOWED_HOSTS=127.0.0.1,localhost
|
|
|
|
# Database Configuration
|
|
POSTGRES_DB=Zoneco_ORG
|
|
POSTGRES_USER=postgres
|
|
POSTGRES_PASSWORD=change-me
|
|
POSTGRES_HOST=db
|
|
POSTGRES_PORT=5432
|
|
DATABASE_URL=postgresql://postgres:change-me@db:5432/Zoneco_ORG
|
|
|
|
# Django Port
|
|
DJANGO_PORT=8000
|
|
|
|
# CORS Settings (comma-separated origins)
|
|
# Example: CORS_ALLOWED_ORIGINS=http://YOUR_SERVER_IP:9123,https://your-frontend.com
|
|
CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000
|
|
|
|
# Admin bootstrap (used by Docker entrypoint on server)
|
|
# Leave empty locally if you create the user manually
|
|
ADMIN_USERNAME=
|
|
ADMIN_PASSWORD=
|
|
|
|
# Gunicorn Settings (optional)
|
|
GUNICORN_WORKERS=3
|
|
GUNICORN_TIMEOUT=120
|