django, reactjs, ngnix: deploy prosses

Question

I have few question about django rest development. I'm building project with DRF, wsgi, ngnix on the backend side, and reactjs on front.

Questions: 1) bloking endpoints for user and other services beside of react frontend: we have such situation: now evry each person can get data from endpoint if he or she write correct url adress. How can I stop it. So the goal is that now one can see it, only react

2) how to setup ngnix that ngnix is gona serve fronted add in react, regardles where django api is?

Thank You

Answer 1

1. You can't protect it, it's just a matter of making it slightly more difficult for an average Joe. Some options to explore: use CSRF token, check Referer HTTP header, make it available only for authenticated users (registration with email, captcha, credit card, etc), throttling and blacklist by IP (+browser fingerprint), sky is the limit.

2. Are you asking how to move your react sources out of django's /static/ folder? You can just map your frontend folder in nginx directly, so you won't be using collectstatic to deploy anymore and can simply link frontend url in your templates directly <script src='/frontend/react.js'></script> (you can load it from another server if you want).

   server {
       listen      80;
   
       # where django static files are, like for admin app
       location /static {
           alias /var/www/static;
       }
   
       # where your frontend js files are
       location /frontend {
           alias /home/user/frontend;
       }
   
       # regular uwsgi 
       location / {
           uwsgi_pass  unix:/home/user/app.sock;
           include     uwsgi_params;
       }
   
   }