From 3f31c7a1ddd958ac1762b73ca68158c008a0e35c Mon Sep 17 00:00:00 2001
From: Larry La <larryquocla@gmail.com>
Date: Tue, 1 Apr 2025 17:43:50 -0700
Subject: [PATCH 1/3] chore: edit security config

---
 backend/bitmatch/settings.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/backend/bitmatch/settings.py b/backend/bitmatch/settings.py
index 2f5345b..81202f4 100644
--- a/backend/bitmatch/settings.py
+++ b/backend/bitmatch/settings.py
@@ -25,12 +25,17 @@
 # See https://docs.djangoproject.com/en/5.1/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'django-insecure-b4wn$=0zp6j)8%uejmc)hp&3$j3myn$(&i_69(c@shw1i285*v'
+SECRET_KEY = os.getenv("DJANGO_SECRET_KEY")
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DJANGO_ENV = os.getenv("DJANGO_ENV", "DEV").upper()  
 
-ALLOWED_HOSTS = ["*"]
+DEBUG = DJANGO_ENV == "DEV"
+
+if DJANGO_ENV == "PROD":
+    ALLOWED_HOSTS = ["bitmatchapp.com", "www.bitmatchapp.com"]
+else:
+    ALLOWED_HOSTS = ["localhost", "127.0.0.1"]
 
 REST_FRAMEWORK = {
     "DEFAULT_AUTHENTICATION_CLASSES": (

From bb7dcc5e318fd1fdb6f5643d95dee7b7025edfaf Mon Sep 17 00:00:00 2001
From: Larry La <larryquocla@gmail.com>
Date: Tue, 1 Apr 2025 17:53:02 -0700
Subject: [PATCH 2/3] chore: add www

---
 backend/bitmatch/settings.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/bitmatch/settings.py b/backend/bitmatch/settings.py
index 81202f4..8c29feb 100644
--- a/backend/bitmatch/settings.py
+++ b/backend/bitmatch/settings.py
@@ -183,6 +183,7 @@
     "http://localhost:5173", 
     "http://localhost:5174", 
     "https://bitmatchapp.com",
+    "https://www.bitmatchapp.com",
     "https://api.bitmatchapp.com",
 ]
 

From 9aba9bae1b8f1f739d8b57ef575defe9fa16c50a Mon Sep 17 00:00:00 2001
From: Larry La <larryquocla@gmail.com>
Date: Tue, 1 Apr 2025 18:39:57 -0700
Subject: [PATCH 3/3] chore: resolve env error

---
 .github/workflows/django-tests.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/django-tests.yml b/.github/workflows/django-tests.yml
index 293c02a..0eebed1 100644
--- a/.github/workflows/django-tests.yml
+++ b/.github/workflows/django-tests.yml
@@ -19,6 +19,7 @@ jobs:
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       AWS_STORAGE_BUCKET_NAME: ${{ secrets.AWS_STORAGE_BUCKET_NAME }}
+      DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }}
 
     steps:
       - name: Checkout code