Codebase hardening: 102 fixes across 35+ files
Deep audit identified 106 findings; 102 fixed, 4 deferred. Covers 8 areas: - Settings & deploy: env-gated DEBUG/SECRET_KEY, HTTPS headers, gunicorn, celery worker - Auth (registered_user): password write_only, request.data fixes, transaction safety, proper HTTP status codes - Workout app: IDOR protection, get_object_or_404, prefetch_related N+1 fixes, transaction.atomic - Video/scripts: path traversal sanitization, HLS trigger guard, auth on cache wipe - Models (exercise/equipment/muscle/superset): null-safe __str__, stable IDs, prefetch support - Generator views: helper for registered_user lookup, logger.exception, bulk_update, transaction wrapping - Generator core (rules/selector/generator): push-pull ratio, type affinity normalization, modality checks, side-pair exact match, word-boundary regex, equipment cache clearing - Generator services (plan_builder/analyzer/normalizer): transaction.atomic, muscle cache, bulk_update, glutes classification fix Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Trey t
25
.env.example
Normal file
25
.env.example
Normal file
@@ -0,0 +1,25 @@
|
||||
# Django core
|
||||
DEBUG=false
|
||||
SECRET_KEY=your-secret-key-here
|
||||
|
||||
# Allowed hosts (comma-separated)
|
||||
ALLOWED_HOSTS=yourdomain.com
|
||||
|
||||
# CORS (comma-separated origins)
|
||||
CORS_ALLOWED_ORIGINS=https://yourdomain.com
|
||||
|
||||
# Database (used when DATABASE_URL is not set)
|
||||
DB_NAME=werkout
|
||||
DB_USER=werkout
|
||||
DB_PASSWORD=your-db-password
|
||||
DB_HOST=db
|
||||
DB_PORT=5432
|
||||
|
||||
# Database URL (overrides individual DB_* vars when set)
|
||||
DATABASE_URL=postgres://user:password@db:5432/werkout
|
||||
|
||||
# Redis
|
||||
REDIS_URL=redis://redis:6379
|
||||
|
||||
# HTTPS redirect (set to false if behind a reverse proxy that handles SSL)
|
||||
SECURE_SSL_REDIRECT=true
|
||||
Reference in New Issue
Block a user