Skip to main content

Amazon Web services elastic bean Django (Python) + ReactJS in production in Amazon Web Services, Elastic Bean, S3

 

Merging Django & React App Production

 

React App Scenario

1.    In the .env file

·        Add PUBLIC_URL = [s3 url]

This will create absolute path of the CSS and JS files in the index.html of the production build, by default it will be relative links.

S3 URL is the Amazon S3 Bucket URL

2.     Run npm run build at the root of the React app. This will create a production Build

Django App Scenario

1.     pip3 install django-storages (third party app for storage for Django in S3)

2.     Add the following in the settings.py

·         Debug = False

·         Add ‘'storages'’ in the INSTALLED_APPS

Mention the AWS OPTIONS

·         AWS_S3_REGION_NAME  = "us-east-1"

·         AWS_ACCESS_KEY_ID = "DXS6TUMYE4O3OR"

·         AWS_SECRET_ACCESS_KEY = "rcDeN6/Bxb8R01aRRviD2QP/a"

·         AWS_STORAGE_BUCKET_NAME  = 'lithific-s3-storage'

·         STATICFILES_DIRS = [

os.path.join(BASE_DIR, "superclass/build/static"),

]

·         STATICFILES_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'

o   STATIC_ROOT = 'https://lithific-s3-storage.s3.amazonaws.com/'

o   AWS_LOCATION = 'static'

o   STATIC_URL = f'https://{STATIC_ROOT}/{AWS_LOCATION}/'

3.      Create a build folder in any app, Copy paste the React production App build folder into this.

4.     In views.py of any app add

def root(request):

          return render(request, 'build/index.html', {})

def home_path(request, pathname):

          return render(request, 'build/index.html', {})

5.    In the urls.py of your app named as the same as the project_name (workspace)

Add the following in the url_patternns

·        path('', superclass_views.root, name = 'root'),

·       path('<str:pathname>', superclass_views.home_path, name = 'home_path')

 

6.     Run python3 manage.py collectstatic at the root of the Django project. This will upload all the static files into the S3 bucket mentioned in the settings.py

7.     Go to the GitMaster Folder in your local (the code to be pushed into Git & Production)

8.     Copy only the index.html in your build folder of your local Django App to the GitMaster

9.     Push the code & deploy the App.

 

Comments

Post a Comment

Popular posts from this blog

$1337 YouTube Community (Posts) bug

YouTube Community  is a feature that is only available for Channels with  1. Verified Phone numbers 2.  A significant history, more content for years. In the early June I started hunting for Security flaws on YouTube I was roaming around the features but most of the places have been found secure or already potential features had the bugs fixes in place. The Community Tab is now Posts So, I thought to exploit Youtube Community feature. I was trying to delete the Posts using IDOR attacks but it didn't work I was tired of trying various attacks but thought to compromise to the least "Privilege escalation".  The Security flaw... A user (victim) created a YT Community post, later an attacker while being an Admin of the same Channel has saved the HTTP Request that deletes a Community Post / Poll, then the attacker can replay that HTTP Request after he's demoted from Admin to Subtitle Editor  that would delete the Post / Poll. I exploited this flaw I tried after 15 ...
Post a Comment
Read more

Facebook Bug Bounty $$$$ : Crossposting Live Videos | Facebook Live

In the Facebook Page Settings, you could setup the option for Crossposting Live videos from other pages.  The Attacker's page adds a Page (Victim's Page) for crossposting their videos Victim Page's Admin accepts the approval and the default option is Crossposting videos without further approval The Attacker starts live video and selects Victim's Page in the "Crosspost to more pages" Victim visits the Crossposting page in the Page settings and and removes Attacker's Page Attacker selects "Use camera" and clicks on "Go Live". The Victim's Page starts automatically crossposting the live video of Attacker,  Bug Bounty of $500
Post a Comment
Read more

Google form setting Bypass - Making my way to the Google's Hall of Fame !

  G o o g l e ! Bug : Circumventing "Limit to 1 response" of  Google forms  ( Parameter Injection )        Discovered on: 30th, November 2016.            Research Time: 2:00 p.m to 9:30 p.m. Earn more by display ads on blog with  Lithific Ads The setting is "Limit to 1 response" which means only one response per user. Once you filled the form there will be no chance to edit the responses or again fill a new form. If you open the form to fill again, the response would be like the image below. There is no way to edit or fill another form (Hurdle 1). I created a test form and checked "Edit after submit". Once this test form is filled I can change the previous response.  I clicked on the "Edit your  response"and intercepted the request.  I changed the form id and forwarded the request. I was able to see the form that was submitted. When I edited the form and submitted, a blank form ...
1 comment
Read more