From 89b3ea6e4fef70c9f182cbb2a0ff4e69fab1478e Mon Sep 17 00:00:00 2001
From: Tanner Collin <git@tannercollin.com>
Date: Thu, 7 May 2020 04:18:42 +0000
Subject: [PATCH] Obfuscate admin page url

---
 apiserver/apiserver/secrets.py.example | 6 ++++++
 apiserver/apiserver/urls.py            | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/apiserver/apiserver/secrets.py.example b/apiserver/apiserver/secrets.py.example
index cc0a1af..2e0cca7 100644
--- a/apiserver/apiserver/secrets.py.example
+++ b/apiserver/apiserver/secrets.py.example
@@ -1,5 +1,11 @@
 # Spaceport secrets file, don't commit to version control!
 
+# /admin/ route obfuscation
+# Set this to random characters
+# For example, use the output of this:
+# head /dev/urandom | base32 | head -c 16
+ADMIN_RANDOM = ''
+
 # /ipn/ route obfuscation
 # Set this to random characters
 # For example, use the output of this:
diff --git a/apiserver/apiserver/urls.py b/apiserver/apiserver/urls.py
index fec6352..4192cb9 100644
--- a/apiserver/apiserver/urls.py
+++ b/apiserver/apiserver/urls.py
@@ -7,6 +7,7 @@ from .api import views
 from . import secrets
 
 IPN_ROUTE = r'^ipn/{}/'.format(secrets.IPN_RANDOM)
+ADMIN_ROUTE = '{}/admin/'.format(secrets.ADMIN_RANDOM)
 
 router = routers.DefaultRouter()
 router.register(r'door', views.DoorViewSet, basename='door')
@@ -26,7 +27,7 @@ router.register(r'charts/signupcount', views.SignupCountViewSet, basename='signu
 
 urlpatterns = [
     path('', include(router.urls)),
-    path('admin/', admin.site.urls),
+    path(ADMIN_ROUTE, admin.site.urls),
     path('api-auth/', include('rest_framework.urls')),
     url(r'^rest-auth/', include('rest_auth.urls')),
     url(r'^registration/', views.RegistrationView.as_view(), name='rest_name_register'),