From 493de32998766a3785bc038e21e06440fd76440e Mon Sep 17 00:00:00 2001 From: erjemin Date: Tue, 31 Mar 2026 00:48:34 +0300 Subject: [PATCH] =?UTF-8?q?security:=20=D0=9F=D0=B5=D1=80=D0=B5=D0=B2?= =?UTF-8?q?=D0=B5=D0=B4=D0=B5=D0=BD=D0=B0=20=D0=B0=D0=B4=D0=BC=D0=B8=D0=BD?= =?UTF-8?q?=20=D0=BF=D0=B0=D0=BD=D0=B5=D0=BB=D1=8C=20=D0=BD=D0=B0=20=D0=BF?= =?UTF-8?q?=D0=B5=D1=80=D0=B5=D0=BC=D0=B5=D0=BD=D0=BD=D1=83=D1=8E=20=D0=BE?= =?UTF-8?q?=D0=BA=D1=80=D1=83=D0=B6=D0=B5=D0=BD=D0=B8=D1=8F=20ADMIN=5FURL?= =?UTF-8?q?=20-=20=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB=D0=B5=D0=BD=D0=B0?= =?UTF-8?q?=20=D0=BF=D0=B5=D1=80=D0=B5=D0=BC=D0=B5=D0=BD=D0=BD=D0=B0=D1=8F?= =?UTF-8?q?=20=D0=BE=D0=BA=D1=80=D1=83=D0=B6=D0=B5=D0=BD=D0=B8=D1=8F=20ADM?= =?UTF-8?q?IN=5FURL=20=D0=B4=D0=BB=D1=8F=20=D0=B4=D0=B8=D0=BD=D0=B0=D0=BC?= =?UTF-8?q?=D0=B8=D1=87=D0=B5=D1=81=D0=BA=D0=BE=D0=B3=D0=BE=20=D1=83=D0=BF?= =?UTF-8?q?=D1=80=D0=B0=D0=B2=D0=BB=D0=B5=D0=BD=D0=B8=D1=8F=20URL=20=D0=B0?= =?UTF-8?q?=D0=B4=D0=BC=D0=B8=D0=BD=D0=BA=D0=B8=20-=20=D0=94=D0=B5=D1=84?= =?UTF-8?q?=D0=BE=D0=BB=D1=82=D0=BD=D0=BE=D0=B5=20=D0=B7=D0=BD=D0=B0=D1=87?= =?UTF-8?q?=D0=B5=D0=BD=D0=B8=D0=B5=20=D0=B2=20=D0=BA=D0=BE=D0=B4=D0=B5:?= =?UTF-8?q?=20'admin/'=20(=D1=81=D1=82=D0=B0=D0=BD=D0=B4=D0=B0=D1=80=D1=82?= =?UTF-8?q?=D0=BD=D0=BE=D0=B5,=20=D0=B1=D0=B5=D0=B7=D0=BE=D0=BF=D0=B0?= =?UTF-8?q?=D1=81=D0=BD=D0=BE=D0=B5)=20-=20=D0=9F=D0=BE=D0=BB=D1=8C=D0=B7?= =?UTF-8?q?=D0=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8C=20=D0=BC=D0=BE=D0=B6?= =?UTF-8?q?=D0=B5=D1=82=20=D0=BF=D0=B5=D1=80=D0=B5=D0=BE=D0=BF=D1=80=D0=B5?= =?UTF-8?q?=D0=B4=D0=B5=D0=BB=D0=B8=D1=82=D1=8C=20=D1=87=D0=B5=D1=80=D0=B5?= =?UTF-8?q?=D0=B7=20.env=20=D0=B4=D0=BB=D1=8F=20=D1=81=D0=BA=D1=80=D1=8B?= =?UTF-8?q?=D1=82=D0=B8=D1=8F=20=D0=B2=20production=20-=20=D0=9F=D1=80?= =?UTF-8?q?=D0=B8=D0=BC=D0=B5=D1=87=D0=B0=D0=BD=D0=B8=D0=B5:=20=D0=BD?= =?UTF-8?q?=D0=B8=D0=BA=D0=BE=D0=B3=D0=B4=D0=B0=20=D0=BD=D0=B5=20=D0=BA?= =?UTF-8?q?=D0=BE=D0=BC=D0=BC=D0=B8=D1=82=D1=8C=D1=82=D0=B5=20=D1=80=D0=B5?= =?UTF-8?q?=D0=B0=D0=BB=D1=8C=D0=BD=D1=8B=D0=B5=20=D0=B7=D0=BD=D0=B0=D1=87?= =?UTF-8?q?=D0=B5=D0=BD=D0=B8=D1=8F=20=D1=81=D0=B5=D0=BA=D1=80=D0=B5=D1=82?= =?UTF-8?q?=D0=BE=D0=B2=20=D0=B2=20.env.example=20=D0=AD=D1=82=D0=BE=20?= =?UTF-8?q?=D0=BF=D0=BE=D0=B7=D0=B2=D0=BE=D0=BB=D1=8F=D0=B5=D1=82:=20-=20?= =?UTF-8?q?=D0=9B=D0=B5=D0=B3=D0=BA=D0=BE=20=D1=81=D0=BA=D1=80=D1=8B=D0=B2?= =?UTF-8?q?=D0=B0=D1=82=D1=8C=20=D0=B0=D0=B4=D0=BC=D0=B8=D0=BD=D0=BA=D1=83?= =?UTF-8?q?=20=D0=BE=D1=82=20=D0=B0=D0=B2=D1=82=D0=BE=D0=BC=D0=B0=D1=82?= =?UTF-8?q?=D0=B8=D1=87=D0=B5=D1=81=D0=BA=D0=B8=D1=85=20=D1=81=D0=BA=D0=B0?= =?UTF-8?q?=D0=BD=D0=B5=D1=80=D0=BE=D0=B2=20-=20=D0=98=D1=81=D0=BF=D0=BE?= =?UTF-8?q?=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D1=8C=20=D1=80=D0=B0?= =?UTF-8?q?=D0=B7=D0=BD=D1=8B=D0=B5=20URL=20=D0=B4=D0=BB=D1=8F=20dev/produ?= =?UTF-8?q?ction=20-=20=D0=9D=D0=B5=20=D1=85=D1=80=D0=B0=D0=BD=D0=B8=D1=82?= =?UTF-8?q?=D1=8C=20=D1=81=D0=B5=D0=BA=D1=80=D0=B5=D1=82=D1=8B=20=D0=B2=20?= =?UTF-8?q?=D0=BA=D0=BE=D0=B4=D0=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env.example | 5 +++++ rosmorport_tsts/rosmorport_tsts/urls.py | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.env.example b/.env.example index 503797d..3e1a245 100644 --- a/.env.example +++ b/.env.example @@ -5,6 +5,11 @@ DEBUG=True ALLOWED_HOSTS=localhost,127.0.0.1,0.0.0.0 SECRET_KEY=django-insecure-dev-secret-key-change-in-production-12345678 +# Скрытый URL для админ панели (обфускированный для безопасности) +# Рекомендуется использовать что-то сложное, например случайную строку +# НИКОГДА не используй 'admin/' в production! +ADMIN_URL=hidden-admin-panel/ + # ======================================== # База данных - SQLite (для разработки) # ======================================== diff --git a/rosmorport_tsts/rosmorport_tsts/urls.py b/rosmorport_tsts/rosmorport_tsts/urls.py index 09e774f..49ccf00 100644 --- a/rosmorport_tsts/rosmorport_tsts/urls.py +++ b/rosmorport_tsts/rosmorport_tsts/urls.py @@ -21,8 +21,12 @@ from django.conf.urls.static import static from rosmorport_tsts.settings import * from rosmorport_tsts import views +# Получаем URL админ панели из переменной окружения для безопасности +ADMIN_URL = os.getenv('ADMIN_URL', 'admin/') + urlpatterns = [ - path('a-d-m-in/', admin.site.urls), + # Админ панель со скрытым URL + path(ADMIN_URL, admin.site.urls), re_path(r'^$', views.index), re_path(r'^logout$', views.my_logout),