Programatically enable the debug toolbar.

The django debug toolbar should not be run in a production environment and should only be enabled in remove environments temporarily. It can expose sensitive information and if we're using a clone of the production data in a staging environment, it could expose prod data. References #146
djangonaut-space · Jan 13, 2024 · b334925 · b334925
1 parent e6b8d20
commit b334925
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 3 deletions.
diff --git a/.env.template b/.env.template
@@ -6,3 +6,6 @@ SECRET_KEY=<SECRETKEY>
 ENVIRONMENT='production'
 RECAPTCHA_PUBLIC_KEY='dummy_value'
 RECAPTCHA_PRIVATE_KEY='dummy_value'
+# Only set to a non-empty string value if you want it enabled
+# The toolbar should not be used in a remote environment
+ENABLE_TOOLBAR=""
diff --git a/indymeet/settings/base.py b/indymeet/settings/base.py
@@ -60,7 +60,6 @@
     # azure storage
     "storages",
     # other
-    "debug_toolbar",
     "tailwind",
     "theme",
 ]
@@ -75,7 +74,6 @@
     "django.middleware.security.SecurityMiddleware",
     "whitenoise.middleware.WhiteNoiseMiddleware",
     "wagtail.contrib.redirects.middleware.RedirectMiddleware",
-    "debug_toolbar.middleware.DebugToolbarMiddleware",
 ]
 
 AZURE_IP = os.environ.get("AZURE_IP", False)
@@ -220,3 +218,7 @@
 MIGRATION_MODULES = {"puput": "home.puput_migrations"}
 
 TAILWIND_APP_NAME = "theme"
+
+if os.environ.get("ENABLE_TOOLBAR"):
+    INSTALLED_APPS += ["debug_toolbar"]
+    MIDDLEWARE += ["debug_toolbar.middleware.DebugToolbarMiddleware"]
diff --git a/indymeet/urls.py b/indymeet/urls.py
@@ -1,5 +1,7 @@
 from __future__ import annotations
 
+import os
+
 from django.conf import settings
 from django.contrib import admin
 from django.urls import include
@@ -18,7 +20,6 @@
     path("accounts/", include("accounts.urls")),
     path("", include("home.urls")),
     path("", include("puput.urls")),
-    path("__debug__/", include("debug_toolbar.urls")),
 ]
 
 
@@ -30,6 +31,11 @@
     urlpatterns += staticfiles_urlpatterns()
     urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
 
+    if os.environ.get("ENABLE_TOOLBAR"):
+        urlpatterns += [
+            path("__debug__/", include("debug_toolbar.urls")),
+        ]
+
 urlpatterns = urlpatterns + [
     # For anything not caught by a more specific rule above, hand over to
     # Wagtail's page serving mechanism. This should be the last pattern in