Modularize domain

backend/pennclubs/settings/base.py

@@ -13,6 +13,9 @@
 import os
 import dj_database_url
 
+FRONTEND_DOMAIN = os.environ.get('FRONTEND_DOMAIN', 'pennclubs.com')
+BACKEND_DOMAIN = os.environ.get('BACKEND_DOMAIN', 'api.pennclubs.com')
+
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
 

backend/pennclubs/settings/development.py

@@ -1,4 +1,5 @@
 from pennclubs.settings.base import *
+import os
 
 
 INSTALLED_APPS += [
@@ -12,4 +13,13 @@
 
 EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 
-PLATFORM_ACCOUNTS['CUSTOM_ADMIN'] = False
+os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
+PLATFORM_ACCOUNTS.update(
+    {
+        'REDIRECT_URI': os.environ.get('LABS_REDIRECT_URI', 'http://localhost:8000/accounts/callback/'),
+        'CLIENT_ID': 'clientid',
+        'CLIENT_SECRET': 'supersecretclientsecret',
+        'PLATFORM_URL': 'https://platform-dev.pennlabs.org',
+        'CUSTOM_ADMIN': False,
+    }
+)

backend/pennclubs/settings/production.py

@@ -24,7 +24,7 @@
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
 # Allow production host headers
-ALLOWED_HOSTS = [os.environ.get('ALLOWED_HOST', 'api.pennclubs.com')]
+ALLOWED_HOSTS = [BACKEND_DOMAIN]
 
 SENTRY_URL = os.environ.get('SENTRY_URL', '')
 
@@ -34,22 +34,19 @@
 )
 
 # Share cookie with frontend
-SESSION_COOKIE_DOMAIN = '.pennclubs.com'
-CSRF_COOKIE_DOMAIN = '.pennclubs.com'
+SESSION_COOKIE_DOMAIN = '.' + FRONTEND_DOMAIN
+CSRF_COOKIE_DOMAIN = '.' + FRONTEND_DOMAIN
 CSRF_COOKIE_SAMESITE = None
 
 # Django CORS Settings
 CORS_ORIGIN_REGEX_WHITELIST = [
-    r'^https://[\w-]+.pennclubs.com$',
-    r'^https://pennclubs.com$',
-    r'^https://[\w-]+.clubs.upenn.club$'
+    rf'^https://[\w-]+.{FRONTEND_DOMAIN}$',
+    rf'^https://{FRONTEND_DOMAIN}$',
 ]
 
 CSRF_TRUSTED_ORIGINS = [
-    '.pennclubs.com',
-    'pennclubs.com',
-    'clubs.upenn.club',
-    '.clubs.upenn.club'
+    '.' + FRONTEND_DOMAIN,
+    FRONTEND_DOMAIN
 ]
 
 # Email client information

backend/pennclubs/settings/staging.py

@@ -0,0 +1,74 @@
+import sentry_sdk
+from sentry_sdk.integrations.django import DjangoIntegration
+
+from pennclubs.settings.base import *
+
+
+SECRET_KEY = os.environ.get('SECRET_KEY')
+
+DEBUG = False
+
+# Disable Django's own staticfiles handling in favour of WhiteNoise, for
+# greater consistency between gunicorn and `./manage.py runserver`. See:
+# http://whitenoise.evans.io/en/stable/django.html#using-whitenoise-in-development
+MIDDLEWARE.remove('django.middleware.security.SecurityMiddleware')
+MIDDLEWARE = [
+    'django.middleware.security.SecurityMiddleware',
+    'whitenoise.middleware.WhiteNoiseMiddleware',
+] + MIDDLEWARE
+
+# Fix MySQL Emoji support
+DATABASES['default']['OPTIONS'] = {'charset': 'utf8mb4'}
+
+# Honour the 'X-Forwarded-Proto' header for request.is_secure()
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
+# Allow production host headers
+ALLOWED_HOSTS = [FRONTEND_DOMAIN]
+
+SENTRY_URL = os.environ.get('SENTRY_URL', '')
+
+sentry_sdk.init(
+    dsn=SENTRY_URL,
+    integrations=[DjangoIntegration()]
+)
+
+# Share cookie with frontend
+SESSION_COOKIE_DOMAIN = '.' + FRONTEND_DOMAIN
+CSRF_COOKIE_DOMAIN = '.' + FRONTEND_DOMAIN
+CSRF_COOKIE_SAMESITE = None
+
+# Django CORS Settings
+CORS_ORIGIN_REGEX_WHITELIST = [
+    rf'^https://[\w-]+.{FRONTEND_DOMAIN}$',
+    rf'^https://{FRONTEND_DOMAIN}$',
+]
+
+CSRF_TRUSTED_ORIGINS = [
+    '.' + FRONTEND_DOMAIN,
+    FRONTEND_DOMAIN,
+]
+
+# Email client information
+EMAIL_HOST = os.getenv('EMAIL_HOST')
+EMAIL_PORT = 587
+EMAIL_HOST_USER = os.getenv('EMAIL_USERNAME')
+EMAIL_HOST_PASSWORD = os.getenv('EMAIL_PASSWORD')
+EMAIL_USE_TLS = True
+
+# Upload file storage
+DEFAULT_FILE_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'
+AWS_ACCESS_KEY_ID = os.getenv('AWS_ACCESS_KEY_ID')
+AWS_ACCESS_SECRET_ID = os.getenv('AWS_SECRET_ACCESS_KEY')
+AWS_STORAGE_BUCKET_NAME = os.getenv('AWS_STORAGE_BUCKET_NAME')
+AWS_QUERYSTRING_AUTH = False
+
+PLATFORM_ACCOUNTS.update(
+    {
+        'REDIRECT_URI': os.environ.get('LABS_REDIRECT_URI', f'http://{FRONTEND_DOMAIN}/accounts/callback/'),
+        'CLIENT_ID': 'clientid',
+        'CLIENT_SECRET': 'supersecretclientsecret',
+        'PLATFORM_URL': 'https://platform-dev.pennlabs.org',
+        'CUSTOM_ADMIN': False,
+    }
+)

k8s/chart/templates/backend-deployment.yaml

@@ -24,8 +24,17 @@ spec:
           ports:
             - containerPort: {{ .Values.backend.port }}
           env:
-            - name: ALLOWED_HOST
+            - name: FRONTEND_DOMAIN
+              value: {{ if .Values.staging }}staging.{{ end }}{{ .Values.frontend.ingress.domain }}
+            - name: BACKEND_DOMAIN
               value: {{ if .Values.staging }}staging.{{ end }}{{ .Values.backend.ingress.domain }}
+{{- if .Values.staging }}
+            - name: DJANGO_SETTINGS_MODULE
+              value: pennclubs.settings.staging
+{{- else }}
+            - name: DJANGO_SETTINGS_MODULE
+              value: pennclubs.settings.production
+{{- end }}
           envFrom:
             - secretRef:
                 name: {{ .Values.backend.secrets.secretEnv }}