This repository contains my TFG code about HaloFiles, a web application built with Django that works as a GUI to share & commit information about biological microorganism data.
This project has been recently updated with critical security fixes and improvements.
- ✅ Django updated to 5.2.9 (fixes 10 CVEs)
- ✅ All dependencies updated with fixed versions
- ✅ SECRET_KEY moved to environment variables
- ✅ Enhanced security configurations
- ✅ Improved error handling and logging
- ✅ Docker configuration improved
📖 See MIGRATION_GUIDE.md for detailed migration instructions.
- Python 3.12 or higher
- pip (Python package manager)
- virtualenv (recommended)
- Docker & Docker Compose (optional, for containerized deployment)
git clone https://github.com/MiquelMontero02/TFG.git
cd TFGcd Halo_WebCreate a virtual environment to isolate dependencies. You can name it anything, but we'll use "halo_env" in this example.
python -m venv halo_envFor more information on virtual environments, check the Python venv documentation.
Windows:
halo_env\Scripts\activateLinux / macOS:
source halo_env/bin/activatepip install -r requirements.txtCopy the example environment file and configure it:
copy .env.example .env # Windows
# or
cp .env.example .env # Linux/macOSEdit the .env file with your configuration:
# Environment (DEV or PROD)
ENV=DEV
# Django Secret Key (IMPORTANT: Generate a new one!)
SECRET_KEY=your-secret-key-here
# Database API URL
DB_PATH=https://your-backend-api-url.com/api/
# Email Configuration
EMAIL_HOST=smtp.outlook.com
EMAIL_PORT=587
EMAIL_HOST_USER=your-email@example.com
EMAIL_HOST_PASSWORD=your-email-password
EMAIL_USE_TLS=True
DEFAULT_FROM_EMAIL=no-reply@example.comRun the provided script to generate a secure SECRET_KEY:
python generate_secret_key.pyCopy the generated key to your .env file.
python manage.py makemigrations
python manage.py migratepython manage.py createsuperuserpython manage.py collectstatic --noinputpython manage.py runserverThe application should now be running at http://127.0.0.1:8000/
-
Configure your
.envfile (as described above) -
Build and run the containers:
docker-compose build
docker-compose up -d- Run migrations inside the container:
docker-compose exec web python manage.py migrate
docker-compose exec web python manage.py createsuperuser- Access the application:
- Web:
http://localhost:8000/ - Admin:
http://localhost:8000/admin/
docker-compose downHalo_Web/
├── Forms/ # Main Django app
│ ├── middleware.py # Authentication middleware
│ ├── models.py # Database models
│ ├── utils.py # Utility functions
│ ├── views/ # View controllers
│ │ ├── views_auth.py # Authentication views
│ │ ├── views_api.py # API views
│ │ └── ...
│ ├── static/ # Static files (CSS, JS)
│ └── templates/ # HTML templates
├── Halo_Web/ # Django project settings
│ ├── settings.py # Configuration
│ ├── urls.py # URL routing
│ └── wsgi.py # WSGI config
├── logs/ # Application logs
├── requirements.txt # Python dependencies
├── .env.example # Environment template
├── docker-compose.yaml # Docker Compose config
├── Dockerfile # Docker image definition
├── manage.py # Django management script
└── MIGRATION_GUIDE.md # Migration instructions
- 🔐 User Authentication - Login, registration, and email verification
- 👤 User Profiles - Manage user information
- 📊 Data Management - Handle biological microorganism data
- 🔗 REST API - External API integration
- 📧 Email Notifications - Automated email system
- 🎨 Bootstrap UI - Modern, responsive interface
- 🐳 Docker Support - Easy deployment
- 🔒 Security - HTTPS, CSRF protection, secure sessions
/api/get/public/<query_params>/- Public API access (no auth required)/api/get/<query_params>/- Protected API access (auth required)/api/put/<src>/- Update resources/api/put_file/<src>/- Upload files/api/get_file/<src>/- Download files
| Variable | Description | Default |
|---|---|---|
ENV |
Environment (DEV/PROD) | DEV |
SECRET_KEY |
Django secret key | (required) |
DB_PATH |
Backend API URL | (required) |
EMAIL_HOST |
SMTP server | smtp.outlook.com |
EMAIL_PORT |
SMTP port | 587 |
EMAIL_HOST_USER |
Email username | (required) |
EMAIL_HOST_PASSWORD |
Email password | (required) |
EMAIL_USE_TLS |
Use TLS | True |
This application implements several security measures:
- ✅ HTTPS enforcement in production
- ✅ HSTS headers
- ✅ Secure cookies
- ✅ CSRF protection
- ✅ XSS protection
- ✅ Content-Type sniffing prevention
- ✅ Session security
- ✅ File upload limits
-
ModuleNotFoundError for django_redis
pip install django-redis
-
SECRET_KEY not found
- Make sure you have a
.envfile withSECRET_KEYconfigured
- Make sure you have a
-
Database errors
python manage.py migrate
-
Static files not loading
python manage.py collectstatic --noinput
For more help, check the logs in logs/django.log
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is part of a Final Degree Project (TFG).
For questions or support, please open an issue in the repository.
Last Updated: February 14, 2026
Django Version: 5.2.9
Python Version: 3.12+