Files
site_backend/ENV_TEMPLATE.txt
Shayan Azadi 50c9cf613f Add admin login API and remove hardcoded secrets
- Add token-based admin login/logout/me endpoints
- Bootstrap admin from ADMIN_USERNAME/ADMIN_PASSWORD in Docker entrypoint
- Read ALLOWED_HOSTS and CORS from env only (no hardcoded server IPs)
- Keep docs/Postman/tests free of real credentials
- Cover login and auth flows with 31 local API tests

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-16 17:29:47 +03:30

38 lines
1.1 KiB
Plaintext

# Environment Variables Template
# Copy this file to .env and fill in your values
# DO NOT commit .env to version control
# Django Settings
SECRET_KEY=your-secret-key-here-change-in-production
# Generate a secret key with:
# python -c "from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())"
DEBUG=False
# Comma-separated hostnames/IPs for this server (no hardcoded defaults in code)
# Example: ALLOWED_HOSTS=YOUR_SERVER_IP,your-domain.com
ALLOWED_HOSTS=127.0.0.1,localhost
# Database Configuration
POSTGRES_DB=Zoneco_ORG
POSTGRES_USER=postgres
POSTGRES_PASSWORD=change-me
POSTGRES_HOST=db
POSTGRES_PORT=5432
DATABASE_URL=postgresql://postgres:change-me@db:5432/Zoneco_ORG
# Django Port
DJANGO_PORT=8000
# CORS Settings (comma-separated origins)
# Example: CORS_ALLOWED_ORIGINS=http://YOUR_SERVER_IP:9123,https://your-frontend.com
CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000
# Admin bootstrap (used by Docker entrypoint on server)
# Leave empty locally if you create the user manually
ADMIN_USERNAME=
ADMIN_PASSWORD=
# Gunicorn Settings (optional)
GUNICORN_WORKERS=3
GUNICORN_TIMEOUT=120