Merge branch 'master' into pre-release

TheSpaghettiDetective · Oct 21, 2023 · 00bc253 · 00bc253
2 parents 6e08e41 + a1f5f18
commit 00bc253
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 21 deletions.
diff --git a/backend/app/management/commands/gen_site_secret.py b/backend/app/management/commands/gen_site_secret.py
@@ -0,0 +1,18 @@
+import secrets
+from django.core.management.base import BaseCommand
+
+class Command(BaseCommand):
+    help = 'Generate a random site secret. Please note this only display the secret. You need to manually insert '
+
+    def handle(self, *args, **options):
+        print(f'''
+DJANGO_SECRET_KEY={secrets.token_urlsafe()}
+
+Please:
+
+1. Copy the line above into ".env" file in the "obico-server" folder;
+2. Restart the Obico Server.
+3. Run `docker compose exec web ./manage.py resign_media_urls`
+
+For more info, please check https://obico.io/docs/server-guides/configure/#re-generate-django_secret_key
+''')
diff --git a/backend/config/settings.py b/backend/config/settings.py
@@ -22,14 +22,11 @@ def get_bool(key, default):
 
 VERSION = os.environ.get('VERSION', '')
 
-DEFAULT_SECRET_KEY = 'cg#p$g+j9tax!#a3cup@1$8obt2_+&k3q+pmu)5%asj6yjpkag'
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY', None)
-if not SECRET_KEY:
-    SECRET_KEY = DEFAULT_SECRET_KEY
+SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY') or 'cg#p$g+j9tax!#a3cup@1$8obt2_+&k3q+pmu)5%asj6yjpkag'
 
 SESSION_COOKIE_AGE = 60 * 60 * 24 * 60  # User login session is 2 months
 SESSION_SAVE_EVERY_REQUEST = True

diff --git a/backend/lib/site.py b/backend/lib/site.py
@@ -7,20 +7,4 @@ def build_full_url(url):
     protocol = 'https://' if settings.SITE_USES_HTTPS else 'http://'
     domain_name = Site.objects.first().domain
     normalized_url = re.sub(r'^/', '', url)
-    return '{}{}/{}'.format(protocol, domain_name, normalized_url)
-
-
-this_site_url = build_full_url('')
-
-
-def url_points_to_this_site(url: str) -> bool:
-    """
-    Returns True if given 'url' points to this site, else False
-    """
-    # Using a global variable here avoids calling database each time, but requires
-    # restarting the application any time the site domain name is changed.
-    #
-    # Could also cache in redis to avoid need for restarting if desired, but may
-    # add some overhead.
-    global this_site_url
-    return True if url.startswith(this_site_url) else False
+    return '{}{}/{}'.format(protocol, domain_name, normalized_url)