|
13 | 13 | import os |
14 | 14 | from django.utils.translation import gettext_lazy as _ |
15 | 15 |
|
16 | | -# Patreon OAuth Configuration for Paid Plugins |
17 | | -# SECURITY: Environment variables take precedence. Hardcoded values are fallback for this server only. |
18 | | -# For repository version, use empty defaults and set via environment variables. |
19 | | -PATREON_CLIENT_ID = os.environ.get('PATREON_CLIENT_ID', 'LFXeXUcfrM8MeVbUcmGbB7BgeJ9RzZi2v_H9wL4d9vG6t1dV4SUnQ4ibn9IYzvt7') |
20 | | -PATREON_CLIENT_SECRET = os.environ.get('PATREON_CLIENT_SECRET', 'APuJ5qoL3TLFmNnGDVkgl-qr3sCzp2CQsKfslBbp32hhnhlD0y6-ZcSCkb_FaUJv') |
| 16 | +# Patreon OAuth (optional): for paid-plugin verification via Patreon membership. |
| 17 | +# Set these only if you use Patreon-gated plugins; leave unset otherwise. |
| 18 | +# Use environment variables; no defaults so the repo stays generic and safe to push to GitHub. |
| 19 | +PATREON_CLIENT_ID = os.environ.get('PATREON_CLIENT_ID', '') |
| 20 | +PATREON_CLIENT_SECRET = os.environ.get('PATREON_CLIENT_SECRET', '') |
21 | 21 | PATREON_CREATOR_ID = os.environ.get('PATREON_CREATOR_ID', '') |
22 | | -PATREON_MEMBERSHIP_TIER_ID = os.environ.get('PATREON_MEMBERSHIP_TIER_ID', '27789984') # CyberPanel Paid Plugin tier |
23 | | -PATREON_CREATOR_ACCESS_TOKEN = os.environ.get('PATREON_CREATOR_ACCESS_TOKEN', 'niAHRiI9SgrRCMmaf5exoXXphy3RWXWsX4kO5Yv9SQI') |
24 | | -PATREON_CREATOR_REFRESH_TOKEN = os.environ.get('PATREON_CREATOR_REFRESH_TOKEN', 'VZlCQoPwJUr4NLni1N82-K_CpJHTAOYUOCx2PujdjQg') |
| 22 | +PATREON_MEMBERSHIP_TIER_ID = os.environ.get('PATREON_MEMBERSHIP_TIER_ID', '') |
| 23 | +PATREON_CREATOR_ACCESS_TOKEN = os.environ.get('PATREON_CREATOR_ACCESS_TOKEN', '') |
| 24 | +PATREON_CREATOR_REFRESH_TOKEN = os.environ.get('PATREON_CREATOR_REFRESH_TOKEN', '') |
25 | 25 |
|
26 | 26 | # Build paths inside the project like this: os.path.join(BASE_DIR, ...) |
27 | 27 | BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) |
|
37 | 37 |
|
38 | 38 | ALLOWED_HOSTS = ['*'] |
39 | 39 |
|
| 40 | +# When the panel is behind a reverse proxy (e.g. https://panel.example.com -> http://backend:port), |
| 41 | +# the browser sends Origin/Referer with the public domain while the proxy may send Host as the |
| 42 | +# backend address. Django then fails CSRF (Referer vs Host mismatch) and POSTs get 403. |
| 43 | +# Set CSRF_TRUSTED_ORIGINS to your public origin(s) so CSRF passes. Optional; leave unset if |
| 44 | +# you access the panel by IP:port only. |
| 45 | +# Example: export CSRF_TRUSTED_ORIGINS="https://panel.example.com,http://panel.example.com" |
| 46 | +_csrf_origins_env = os.environ.get('CSRF_TRUSTED_ORIGINS', '') |
| 47 | +_csrf_origins_list = [o.strip() for o in _csrf_origins_env.split(',') if o.strip()] |
| 48 | +# Add default trusted origins for common CyberPanel domains |
| 49 | +_default_origins = [ |
| 50 | + 'https://cyberpanel.newstargeted.com', |
| 51 | + 'http://cyberpanel.newstargeted.com', |
| 52 | +] |
| 53 | +# Merge environment and default origins, avoiding duplicates |
| 54 | +CSRF_TRUSTED_ORIGINS = list(dict.fromkeys(_csrf_origins_list + _default_origins)) |
| 55 | + |
40 | 56 | # Application definition |
41 | 57 |
|
42 | 58 | INSTALLED_APPS = [ |
|
0 commit comments