from django.conf.urls import patterns, include, url
from django.contrib import admin
from home import views
Register your models here.
admin.site.register(Contact)
Related
I'm trying to create a signup page using react with firebase for the backend and this is the error in the console.
When deploying Firebase apps to production, it is advisable to only import
the individual SDK components you intend to use.
For the module builds, these are available in the following manner
(replace <PACKAGE> with the name of a component - i.e. auth, database, etc):
CommonJS Modules:
const firebase = require('firebase/app');
require('firebase/<PACKAGE>');
ES Modules:
import firebase from 'firebase/app';
import 'firebase/<PACKAGE>';
Typescript:
import firebase from 'firebase/app';
import 'firebase/<PACKAGE>';```
To simplify it, when you use require("firebase"); or import firebase from "firebase";, you import EVERYTHING. More often than not you don't use every library listed below.
For testing, importing from the root package "firebase" is fine, but when you deploy to production/compile your app, you shouldn't use it - which is what this error is saying.
Remember: Import what you need and don't import what you don't.
import firebase from "firebase";
is effectively the same as
import firebase from "firebase/app"; // Analytics
import "firebase/analytics"; // Analytics
import "firebase/auth" // Authentication
import "firebase/firestore" // Cloud Firestore
import "firebase/functions" // Cloud Functions for Firebase Client SDK
import "firebase/messaging" // Cloud Messaging
import "firebase/storage" // Cloud Storage
import "firebase/performance" // Performance Monitoring
import "firebase/database" // Realtime Database
import "firebase/remoteConfig" // Remote Config
In most cases for React, you want to import from the React Native Firebase (RNFB) packages like "#react-native-firebase/app", "#react-native-firebase/database" and so on.
To get access to the underlying firebase library for the RNFB libs, you would use:
import firebase from "#react-native-firebase/app";
// or
import database, { firebase } from "#react-native-firebase/database";
I have a project using React (frontend) and Django Rest Framework (backend), and it is currently deployed on PythonAnywhere. I'm using axios to connect to my API and load data from my database onto the React frontend.
During development, I hardcoded the username and password for accessing the database into my index.js file (credentials are obscured below):
import React from 'react';
import ReactDOM from 'react-dom';
import App from './components/App.js';
import axios from 'axios';
import 'semantic-ui-css/semantic.min.css';
import 'lightgallery.js/dist/css/lightgallery.css';
import './styles.css';
import * as serviceWorker from './serviceWorker';
axios.defaults.xsrfHeaderName = "X-CSRFTOKEN";
axios.defaults.xsrfCookieName = "csrftoken";
axios.defaults.withCredentials = true;
axios.post('/login/', { username: [HARD_CODED_USERNAME], password: [HARD_CODED_PASSWORD] }).then(rv => {
console.log('Login', rv)
}).catch(err => {
console.log('Login error', err.response)
});
const updatePhoto = () => {
axios.patch('https://[WEBSITEADDRESS.COM]/api/photos/').then(resp => {
console.log('Update response', resp)
}).catch(error => {
console.log("Update error", error)
})
}
ReactDOM.render(
<App />,
document.getElementById('root')
);
serviceWorker.unregister();
This works, however the username and password are viewable upon inspection in the browser. Not only that, but the Django admin as well as the API is accessible to anyone, because it automatically logs them in using my username and password!
I then tried using an .env file located at the root of my create-react-app project (same level with my package.json file):
REACT_APP_USERNAME=myusername
REACT_APP_PASSWORD=mypassword
And I updated my index.js file to as follows:
const my_user_name = process.env.REACT_APP_USERNAME;
const my_password = process.env.REACT_APP_PASSWORD;
axios.post('/login/', { username: my_user_name, password: my_password }).then(rv => {
console.log('Login', rv)
}).catch(err => {
console.log('Login error', err.response)
});
However, this still does not obscure the credentials from inspection in the browser, and, while it does solve the issue of automatically logging anyone into my Django admin and API, the data from the database is not shown on the website.
My questions are as follows:
How do I properly set up axios to access my API and display data on my website WITHOUT logging someone into my Django admin?
How do I properly set up environment variables in React to hide sensitive data when using the browser's inspection tools?
Any help is much appreciated!
UPDATE: SOLUTION
Based on #Lior_Pollak's comment on his answer below, I managed to solve both of my issues by creating a public, read-only API endpoint on the backend. Anyone can view the API but cannot post, update, or delete data, nor can they access the Django admin. And no sensitive data is displayed in the browser's inspection tool, yet all my photos are displayed on the website. :)
In case anyone else stumbles across this question, I've provided the code I've used successfully below (both backend and frontend):
Frontend: index.js
import React from 'react';
import ReactDOM from 'react-dom';
import App from './components/App.js';
import 'semantic-ui-css/semantic.min.css';
import 'lightgallery.js/dist/css/lightgallery.css';
import './styles.css';
import * as serviceWorker from './serviceWorker';
/*Removed all code related to axios; was not needed here*/
ReactDOM.render(
<App />,
document.getElementById('root')
);
serviceWorker.unregister();
Backend: views.py
from django.views.generic import View
from django.http import HttpResponse
from django.conf import settings
from rest_framework import generics
from rest_framework import permissions
from .models import Photo
from .serializers import PhotoSerializer
import logging
import os
class PhotoList(generics.ListCreateAPIView):
permission_classes = [permissions.IsAuthenticatedOrReadOnly]
queryset = Photo.objects.filter(show=True).order_by('order')
serializer_class = PhotoSerializer
class FrontendAppView(View):
def get(self, request):
print (os.path.join(settings.REACT_APP_DIR, 'build', 'index.html'))
try:
with open(os.path.join(settings.REACT_APP_DIR, 'build', 'index.html')) as f:
return HttpResponse(f.read())
except FileNotFoundError:
logging.exception('Production build of app not found')
return HttpResponse(status=501)
Backend: urls.py
from django.conf.urls import include, url
from rest_framework import routers
from backend import views
router = routers.DefaultRouter()
urlpatterns = [
url(r'^api/', include(router.urls)),
url(r'^api/photos/$', views.PhotoList.as_view()),
]
You are trying to obscure client data, which (for obvious reasons) resides in the client.
So you can't really obscure it.
You can force the user to login with their credentials, which is how authentication using username and password is done.
I am getting the error below
import { Home, Services, Contact} from "./containers";
every time I try to import like this
Module not found: Can't resolve './containers' in 'C:\Users\Admin\source\Project\src
however if I do the below it works without problem.
import Home from "./containers/Home/index.js";
import Servicesfrom "./containers/Servicesfrom/index.js";
import Contactfrom "./containers/Contact/index.js";
inside containers there is
Home/index.js, Servicesfrom/index.js and Contact/index.js
It would be better if there is a "index.js" file in your containers folder that exports the other components as so
index.js
import Home from "./containers/Home/index.js";
import Servicesfrom "./containers/Servicesfrom/index.js";
import Contactfrom "./containers/Contact/index.js";
export {
Home,Servicesfrom, Contactfrom
}
I've to use bootstrap-select, bootstrap, jquery, popper, isotope, wow and a script file that uses all these libs with Gatsby. I did like this in layout.js:
import React from "react"
import { StaticQuery, graphql } from 'gatsby'
import "bootstrap/dist/css/bootstrap.min.css"
import "./vendors/themify-icon/themify-icons.css"
import "font-awesome/css/font-awesome.min.css"
import "./vendors/flaticon/flaticon.css"
import "animate.css/animate.min.css"
import "./vendors/magnify-pop/magnific-popup.css"
import "./layout.css"
import "./responsive.css"
import "jquery/dist/jquery.min.js"
import "popper.js/dist/popper"
import "bootstrap/dist/js/bootstrap.min.js"
import "bootstrap-select/dist/js/bootstrap-select.min.js"
import "wowjs/dist/wow.min.js"
import "jquery.scroll-parallax/dist/js/jquery.scrollParallax.js"
import "./vendors/isotope/isotope-min.js"
import "./vendors/magnify-pop/jquery.magnific-popup.min.js"
import Loader from "./loader"
import Header from "./header"
import Breadcrumb from "./breadcrumb"
Is this a correct way to import all these dependencies ?
During gatsby develop I am not sure it works or not but I am not getting any errors. During gatsby build it failed. So, I copied all these files to static and build passed.
Then I checked for all these files in common.js but not a single file code is there. How do I use all these dependencies with Gatsby ?
I am trying to import Dashboard from LoginPage component.
I tried
import Dashboard from './scenes/Dashboard
import Dashboard from './Dashboard
import Dashboard from '../../Dashboard
but they all didn't work.
What is the correct way to import it?
If the component name is 'DashboardComponent' exported using export default, you can import by,
import DashboardComponent from '../Dashboard/DashboardComponent'
if it is not default export, it can be imported using {} as,
import {DashboardComponent} from '../Dashboard/DashboardComponent'