diff --git a/backend/.env b/backend/.env index f2039b3..e090a4d 100644 --- a/backend/.env +++ b/backend/.env @@ -1,3 +1,5 @@ MONGO_URL="mongodb://localhost:27017" DB_NAME="test_database" -CORS_ORIGINS="*" \ No newline at end of file +CORS_ORIGINS="*" +JWT_SECRET_KEY="8f3a9c2e1d7b4f6a5c8e2d9a7b3f5c1e4a6d8b2c9e5f7a3d1c4b6e8a2f5d7c9b" +ADMIN_DEFAULT_PASSWORD="Joker1974!!!" \ No newline at end of file diff --git a/backend/auth.py b/backend/auth.py index f898dad..d2f279f 100644 --- a/backend/auth.py +++ b/backend/auth.py @@ -5,9 +5,15 @@ from passlib.context import CryptContext from fastapi import HTTPException, Security, Depends from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials import os +from dotenv import load_dotenv +from pathlib import Path + +# Load environment variables +ROOT_DIR = Path(__file__).parent +load_dotenv(ROOT_DIR / '.env') # JWT Configuration -SECRET_KEY = os.environ.get("JWT_SECRET_KEY", "your-secret-key-change-in-production-epic-travel-2025") +SECRET_KEY = os.environ['JWT_SECRET_KEY'] ALGORITHM = "HS256" ACCESS_TOKEN_EXPIRE_MINUTES = 1440 # 24 hours diff --git a/backend/routes/destination_routes.py b/backend/routes/destination_routes.py index 6dfd979..fe08919 100644 --- a/backend/routes/destination_routes.py +++ b/backend/routes/destination_routes.py @@ -28,7 +28,7 @@ async def get_destinations(category: Optional[str] = None, search: Optional[str] {"location": {"$regex": search, "$options": "i"}} ] - destinations = await db.destinations.find(query).to_list(1000) + destinations = await db.destinations.find(query, {'_id': 0}).limit(100).to_list(100) # Convert MongoDB _id to id for response for dest in destinations: diff --git a/backend/routes/special_routes.py b/backend/routes/special_routes.py index 9fc328f..8116e91 100644 --- a/backend/routes/special_routes.py +++ b/backend/routes/special_routes.py @@ -17,7 +17,7 @@ def set_db(database): @router.get("", response_model=List[Special]) async def get_specials(): """Get all weekly specials""" - specials = await db.specials.find().to_list(1000) + specials = await db.specials.find({}, {'_id': 0}).limit(100).to_list(100) # Convert MongoDB _id to id for response for special in specials: diff --git a/backend/server.py b/backend/server.py index e801aa9..78518c8 100644 --- a/backend/server.py +++ b/backend/server.py @@ -64,7 +64,7 @@ async def startup_db_client(): admin_data = { "id": "admin-1", "email": "admin@epictravel.com", - "password_hash": hash_password("Joker1974!!!"), + "password_hash": hash_password(os.environ['ADMIN_DEFAULT_PASSWORD']), "created_at": datetime.utcnow() } await db.admin_users.insert_one(admin_data) diff --git a/frontend/src/pages/AdminLogin.jsx b/frontend/src/pages/AdminLogin.jsx index daa151f..adc8c68 100644 --- a/frontend/src/pages/AdminLogin.jsx +++ b/frontend/src/pages/AdminLogin.jsx @@ -25,7 +25,7 @@ const AdminLogin = () => { navigate('/admin/dashboard'); } catch (error) { console.error('Login error:', error); - toast.error('Invalid credentials. Try: admin@epictravel.com / admin123'); + toast.error('Invalid email or password. Please try again.'); } finally { setLoading(false); }