Skip to content

Dev kalyani #94

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Dev kalyani #94

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
42b3cca
Update Dockerfile
Kalyani-Bambal Jul 22, 2025
e59dbcb
Update settings.py
Kalyani-Bambal Jul 22, 2025
72dbca7
Update Dockerfile
Kalyani-Bambal Jul 22, 2025
07285e8
Code modified
ashubambal Jul 22, 2025
de1341e
Code modified
ashubambal Jul 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,20 +1,25 @@
# Use official Python base image
FROM python:3.9

# Set working directory
WORKDIR /app/backend

# Copy requirements and install system dependencies
COPY requirements.txt /app/backend
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y gcc default-libmysqlclient-dev pkg-config \
&& apt-get install -y gcc default-libmysqlclient-dev pkg-config net-tools iproute2 \
Copy link

@coderabbitai coderabbitai bot Jul 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Remove MySQL dependencies - inconsistent with SQLite switch.

The Dockerfile still installs MySQL-related packages (default-libmysqlclient-dev, mysqlclient) despite the settings.py switching to SQLite. This creates unnecessary container bloat and potential confusion.

Remove MySQL-specific dependencies:

-    && apt-get install -y gcc default-libmysqlclient-dev pkg-config net-tools iproute2 \
+    && apt-get install -y gcc pkg-config net-tools iproute2 \
-RUN pip install mysqlclient
 RUN pip install --no-cache-dir -r requirements.txt

Also applies to: 15-15

🤖 Prompt for AI Agents 
In Dockerfile at lines 11 and 15, remove the MySQL-specific packages such as
default-libmysqlclient-dev and mysqlclient from the apt-get install commands to
align with the switch to SQLite in settings.py. This will reduce unnecessary
dependencies and container size. Ensure only SQLite-related packages remain
installed.

&& rm -rf /var/lib/apt/lists/*


# Install app dependencies
# Install Python dependencies
RUN pip install mysqlclient
RUN pip install --no-cache-dir -r requirements.txt

# Copy the rest of the application code
COPY . /app/backend

# Expose Django default port
EXPOSE 8000
#RUN python manage.py migrate
#RUN python manage.py makemigrations

# Run Django development server bound to 0.0.0.0 so it's accessible externally
CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]
Copy link

@coderabbitai coderabbitai bot Jul 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security Risk: Using development server in container.

The Django development server (runserver) is not suitable for production use as it's single-threaded and lacks security hardening. Additionally, binding to 0.0.0.0 exposes the service to all network interfaces.

Consider these improvements for production readiness:

-CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]
+# Add a non-root user
+RUN groupadd -r django && useradd -r -g django django
+RUN chown -R django:django /app
+USER django
+
+# Use a production WSGI server
+CMD ["gunicorn", "--bind", "0.0.0.0:8000", "--workers", "3", "notesapp.wsgi:application"]

You'll also need to add gunicorn to your requirements.txt.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]
# … previous Dockerfile instructions …
# Add a non-root user
RUN groupadd -r django && useradd -r -g django django
RUN chown -R django:django /app
USER django
# Use a production WSGI server
CMD ["gunicorn", "--bind", "0.0.0.0:8000", "--workers", "3", "notesapp.wsgi:application"]
🤖 Prompt for AI Agents 
In Dockerfile at line 25, replace the Django development server command with a
production-ready WSGI server like Gunicorn to improve security and performance.
Update the CMD instruction to run Gunicorn binding to 0.0.0.0 on port 8000, and
ensure gunicorn is added to requirements.txt for installation. This change
avoids using the single-threaded development server and properly handles
multiple requests in production.

60 changes: 6 additions & 54 deletions notesapp/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,36 +1,18 @@
"""
Django settings for notesapp project.
Generated by 'django-admin startproject' using Django 4.1.5.
For more information on this file, see
https://docs.djangoproject.com/en/4.1/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/4.1/ref/settings/
"""

import os
from pathlib import Path

# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent


# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/4.1/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'django-insecure-&dzi#zsb(hz6p(s#anunt&#-a%ohr2hld71*i72*^exvw-yq$y'

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True

ALLOWED_HOSTS = ['*']


# Application definition

INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
Expand All @@ -40,16 +22,16 @@
'django.contrib.staticfiles',
'api.apps.ApiConfig',
'rest_framework',
'corsheaders'
'corsheaders',
]

MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'corsheaders.middleware.CorsMiddleware',
"whitenoise.middleware.WhiteNoiseMiddleware",
'whitenoise.middleware.WhiteNoiseMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
#'django.middleware.csrf.CsrfViewMiddleware',
# 'django.middleware.csrf.CsrfViewMiddleware',
Copy link

@coderabbitai coderabbitai bot Jul 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security Risk: CSRF protection disabled.

The CSRF middleware is commented out, which disables important security protection against cross-site request forgery attacks.

Unless there's a specific reason to disable CSRF protection, uncomment this middleware:

-    # 'django.middleware.csrf.CsrfViewMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# 'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
🤖 Prompt for AI Agents 
In notesapp/settings.py at line 34, the CSRF middleware is commented out,
disabling CSRF protection and posing a security risk. Uncomment the line
containing 'django.middleware.csrf.CsrfViewMiddleware' to re-enable CSRF
protection unless there is a justified reason to keep it disabled.

'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
Expand Down Expand Up @@ -83,26 +65,14 @@

WSGI_APPLICATION = 'notesapp.wsgi.application'


# Database
# https://docs.djangoproject.com/en/4.1/ref/settings/#databases

# ✅ Use SQLite for local/Docker testing
DATABASES = {

'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': os.getenv("DB_NAME"),
'USER': os.getenv("DB_USER"),
'PASSWORD': os.getenv("DB_PASSWORD"),
'HOST': os.getenv("DB_HOST"),
'PORT': os.getenv("DB_PORT"),
'ENGINE': 'django.db.backends.sqlite3',
'NAME': BASE_DIR / 'db.sqlite3',
}
}


# Password validation
# https://docs.djangoproject.com/en/4.1/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
Expand All @@ -118,35 +88,17 @@
},
]


# Internationalization
# https://docs.djangoproject.com/en/4.1/topics/i18n/

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'UTC'

USE_I18N = True

USE_TZ = True


# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/4.1/howto/static-files/

STATIC_URL = 'static/'

# STATICFILES_DIRS = [
# BASE_DIR / 'mynotes/build/static'
# ]

STATICFILES_DIRS = [os.path.join(BASE_DIR, 'mynotes/build/static')]

STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')

# Default primary key field type
# https://docs.djangoproject.com/en/4.1/ref/settings/#default-auto-field

DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'

CORS_ORIGIN_ALLOW_ALL = True