Skip to content

orendrasingh/game_vault

BranchesTags

Repository files navigation

Games Host (Django)

A beautiful game-hosting portal where you can:

  • Add games with title, description, rating, category, and age suitability.
  • Upload multiple HTML versions for the same game.
  • Add direct external links as game versions.
  • Let players choose which version to play.
  • Show a version switcher bar in the HTML game player page.
  • Display games in a tile-based homepage with pagination.
  • Support likes and comments with CSRF protection and server-side input cleaning.
  • Provide SEO basics (meta tags, sitemap, robots.txt).

1. Setup

cd /Users/orendrasingh/Documents/projects/games_host
source .venv/bin/activate
python manage.py migrate
python manage.py createsuperuser
python manage.py runserver

Open:

2. Add Games and Versions

  1. Open admin and create a Game.
  2. Add one or more GameVersion items.
  3. For each version, provide exactly one source:
    • html_file for uploaded game files, or
    • external_url for direct link redirects.
  4. Set version_order and version_label (for example: v1.0, v2.0, mobile build).

3. How Play Works

  • On the game detail page, users choose a version.
  • If that version is an external link, player is redirected.
  • If that version is an HTML upload, a player shell opens with a top version switcher.

4. Security Notes

  • Comment and like forms use CSRF tokens.
  • Comments are sanitized server-side with strip_tags in form cleaning.
  • Templates use Django auto-escaping by default.
  • Likes are session-scoped and deduplicated per game.

5. Media and Static

  • Uploaded files are stored in media/.
  • UI assets are in static/.
  • Default tile and banner images are used when custom images are missing.

6. Docker Setup

  1. Create environment file:
cp .env.docker.example .env.docker
  1. Build and run:
docker compose up --build
  1. Open app:

7. Security Review

I checked deployment-level Django security with manage.py check --deploy.

  • Fixed by configuration hardening:
    • Secret key now comes from environment variable.
    • Debug mode now comes from environment variable.
    • Allowed hosts and CSRF trusted origins now come from environment variables.
    • Secure cookie / HSTS / SSL redirect settings are environment controlled.
    • WhiteNoise added for safer production static serving.
  • Intentional remaining warning in strict deploy check:
    • security.W019 because X_FRAME_OPTIONS=SAMEORIGIN is required to render uploaded HTML games inside iframe on the play page.

For production behind HTTPS, set these in .env.docker:

DJANGO_SECURE_SSL_REDIRECT=1
DJANGO_SESSION_COOKIE_SECURE=1
DJANGO_CSRF_COOKIE_SECURE=1
DJANGO_SECURE_HSTS_SECONDS=31536000
DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS=1
DJANGO_SECURE_HSTS_PRELOAD=1
DJANGO_BEHIND_PROXY=1

About

.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages