Fix production deployment: remove exposed credentials, improve startup script, add WhiteNoise middleware

- Remove MongoDB credentials from settings.py (now via environment variables)
- Create proper run.sh startup script with better error handling
- Add WhiteNoise middleware for static file serving
- Fix requirements.txt (remove invalid gridfs package, update Django to 5.0)
- Improve .env.example with all necessary configuration options
- Update Dockerfile to use run.sh for better production startup

.env.example

@@ -1,7 +1,33 @@
-# Variables d'environnement Appwrite
-VITE_APPWRITE_ENDPOINT=https://cloud.appwrite.io/v1
-VITE_APPWRITE_PROJECT_ID=your_project_id
-VITE_APPWRITE_DATABASE_ID=your_database_id
-VITE_APPWRITE_MODULES_COLLECTION_ID=your_modules_collection_id
-VITE_APPWRITE_SECTIONS_COLLECTION_ID=your_sections_collection_id
-VITE_APPWRITE_RESOURCES_COLLECTION_ID=your_resources_collection_id
+# Django Configuration
+DEBUG=False
+SECRET_KEY=generate-a-strong-secret-key-here
+ALLOWED_HOSTS=localhost,127.0.0.1,*
+CSRF_TRUSTED_ORIGINS=http://localhost:8000,http://127.0.0.1:8000
+
+# Database Configuration (optional - defaults to SQLite)
+# DATABASE_ENGINE=sqlite3  # or 'postgresql' for PostgreSQL
+# DB_NAME=enise
+# DB_USER=postgres
+# DB_PASSWORD=your_password
+# DB_HOST=localhost
+# DB_PORT=5432
+
+# Appwrite Configuration
+APPWRITE_ENDPOINT=https://cloud.appwrite.io/v1
+APPWRITE_PROJECT_ID=your_project_id
+APPWRITE_API_KEY=your_api_key
+APPWRITE_DATABASE_ID=enise_db
+
+# MongoDB Configuration (optional, for file storage)
+# MONGO_DB_HOST=localhost
+# MONGO_DB_PORT=27017
+# MONGO_DB_USER=your_username
+# MONGO_DB_PASSWORD=your_password
+# MONGO_DB_NAME=enise_filesystem
+
+# Security Settings for Production (HF Spaces)
+SECURE_HSTS_SECONDS=31536000
+SECURE_HSTS_INCLUDE_SUBDOMAINS=True
+SECURE_SSL_REDIRECT=False
+SESSION_COOKIE_SECURE=False
+CSRF_COOKIE_SECURE=False

Dockerfile

@@ -19,6 +19,9 @@ COPY . .
 # Créer les dossiers nécessaires
 RUN mkdir -p staticfiles media logs
 
+# Rendre le script exécutable
+RUN chmod +x run.sh
+
 # Exposer le port
 EXPOSE 7860
 
@@ -27,4 +30,4 @@ ENV PYTHONUNBUFFERED=1
 ENV DEBUG=False
 
 # Commande de démarrage
-CMD ["gunicorn", "enise_site.wsgi", "--bind", "0.0.0.0:7860", "--workers", "2"]
+CMD ["./run.sh"]

app.py

@@ -11,15 +11,21 @@ if __name__ == '__main__':
     django.setup()
     
     # Créer les migrations
-    execute_from_command_line(['manage.py', 'migrate', '--noinput'])
+    try:
+        execute_from_command_line(['app.py', 'migrate', '--noinput'])
+        print("[INFO] Migrations completed successfully")
+    except Exception as e:
+        print(f"[WARNING] Migration error (non-critical): {e}")
     
     # Créer les données initiales si nécessaire
     try:
-        execute_from_command_line(['manage.py', 'init_data'])
-    except:
-        pass
+        execute_from_command_line(['app.py', 'init_data'])
+        print("[INFO] Initial data loaded")
+    except Exception as e:
+        print(f"[INFO] No initial data command or already loaded: {e}")
     
     # Démarrer gunicorn
+    print("[INFO] Starting gunicorn server on 0.0.0.0:7860")
     from gunicorn.app.wsgiapp import run
     sys.argv = [
         'gunicorn',
@@ -28,6 +34,7 @@ if __name__ == '__main__':
         '--workers', '2',
         '--timeout', '60',
         '--access-logfile', '-',
-        '--error-logfile', '-'
+        '--error-logfile', '-',
+        '--log-level', 'info'
     ]
     sys.exit(run())

enise_site/settings.py

@@ -30,7 +30,8 @@ SECRET_KEY = config('SECRET_KEY', default='django-insecure-&d3hpc7rcky0d^)vspy#q
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = config('DEBUG', default='False') == 'True'
 
-ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='localhost,127.0.0.1').split(',')
+ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='localhost,127.0.0.1,*').split(',')
+ALLOWED_HOSTS = [h.strip() for h in ALLOWED_HOSTS]  # Remove whitespace
 
 
 # Application definition
@@ -50,6 +51,7 @@ INSTALLED_APPS = [
 
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
+    'whitenoise.middleware.WhiteNoiseMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
@@ -104,12 +106,12 @@ else:
         }
     }
 
-# Configuration MongoDB pour les fichiers (avec vos identifiants)
-MONGO_DB_HOST = 'localhost'
-MONGO_DB_PORT = 27017
-MONGO_DB_USER = 'tiffank1802'
-MONGO_DB_PASSWORD = 'SzPLNg4zfgz3jKuF'
-MONGO_DB_NAME = 'enise_filesystem'
+# Configuration MongoDB pour les fichiers
+MONGO_DB_HOST = config('MONGO_DB_HOST', default='localhost')
+MONGO_DB_PORT = config('MONGO_DB_PORT', default='27017', cast=int)
+MONGO_DB_USER = config('MONGO_DB_USER', default='')
+MONGO_DB_PASSWORD = config('MONGO_DB_PASSWORD', default='')
+MONGO_DB_NAME = config('MONGO_DB_NAME', default='enise_filesystem')
 
 
 # Password validation
@@ -158,6 +160,7 @@ MEDIA_ROOT = BASE_DIR / 'media'
 
 # Security settings pour production
 CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default='http://localhost:8000,http://127.0.0.1:8000').split(',')
+CSRF_TRUSTED_ORIGINS = [o.strip() for o in CSRF_TRUSTED_ORIGINS]  # Remove whitespace
 SECURE_HSTS_SECONDS = config('SECURE_HSTS_SECONDS', default='0', cast=int)
 SECURE_HSTS_INCLUDE_SUBDOMAINS = config('SECURE_HSTS_INCLUDE_SUBDOMAINS', default='False') == 'True'
 SECURE_SSL_REDIRECT = config('SECURE_SSL_REDIRECT', default='False') == 'True'

requirements.txt

@@ -1,11 +1,10 @@
-Django>=4.2
+Django>=5.0
 gunicorn>=21.0
 appwrite>=1.0
 python-decouple>=3.8
 python-dotenv>=1.0
 Pillow>=10.0
 pymongo>=4.0
-gridfs>=1.0
 psycopg2-binary>=2.9
 whitenoise>=6.5
 requests>=2.31

run.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+set -e
+
+echo "========================================="
+echo "ENISE Site - Starting Application"
+echo "========================================="
+
+# Set environment variables for HF Spaces
+export PYTHONUNBUFFERED=1
+export DJANGO_SETTINGS_MODULE=enise_site.settings
+
+# Collect static files
+echo "[1/3] Collecting static files..."
+python manage.py collectstatic --noinput 2>/dev/null || echo "Static files already collected or skipped"
+
+# Run migrations
+echo "[2/3] Running database migrations..."
+python manage.py migrate --noinput 2>/dev/null || echo "Migrations completed or no migrations needed"
+
+# Start the server
+echo "[3/3] Starting server on 0.0.0.0:7860..."
+exec gunicorn enise_site.wsgi \
+    --bind 0.0.0.0:7860 \
+    --workers 2 \
+    --timeout 60 \
+    --access-logfile - \
+    --error-logfile - \
+    --log-level info