From 3661eab8eb4f0e66de6d49180f2f0334e7a71556 Mon Sep 17 00:00:00 2001
From: wh1te909 <dcparsi@gmail.com>
Date: Sat, 18 Jan 2020 02:05:29 +0000
Subject: [PATCH] generate a random url for the django admin

---
 api/tacticalrmm/tacticalrmm/local_settings.py.example | 2 ++
 api/tacticalrmm/tacticalrmm/urls.py                   | 3 ++-
 install.sh                                            | 3 +++
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/api/tacticalrmm/tacticalrmm/local_settings.py.example b/api/tacticalrmm/tacticalrmm/local_settings.py.example
index 168066ae..2227d6df 100644
--- a/api/tacticalrmm/tacticalrmm/local_settings.py.example
+++ b/api/tacticalrmm/tacticalrmm/local_settings.py.example
@@ -2,6 +2,8 @@ SECRET_KEY = 'changeme'
 
 ALLOWED_HOSTS = ['api.example.com']
 
+ADMIN_URL = "somerandomstring/"
+
 CORS_ORIGIN_WHITELIST = ["https://rmm.example.com",]
 
 DEBUG = False
diff --git a/api/tacticalrmm/tacticalrmm/urls.py b/api/tacticalrmm/tacticalrmm/urls.py
index 94607978..c0e62f04 100644
--- a/api/tacticalrmm/tacticalrmm/urls.py
+++ b/api/tacticalrmm/tacticalrmm/urls.py
@@ -1,10 +1,11 @@
 from django.contrib import admin
 from django.urls import path, include
+from django.conf import settings
 from knox import views as knox_views
 from accounts.views import LoginView, installer_twofactor
 
 urlpatterns = [
-    path("admin/", admin.site.urls),
+    path(settings.ADMIN_URL, admin.site.urls),
     path("login/", LoginView.as_view()),
     path("logout/", knox_views.LogoutView.as_view()),
     path("logoutall/", knox_views.LogoutAllView.as_view()),
diff --git a/install.sh b/install.sh
index 432c9ac5..5432e523 100755
--- a/install.sh
+++ b/install.sh
@@ -8,6 +8,7 @@ fi
 
 DJANGO_SEKRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 50 | head -n 1)
 SALTPW=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)
+ADMINURL=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 30 | head -n 1)
 
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
@@ -163,6 +164,8 @@ DEBUG = False
 
 ALLOWED_HOSTS = ['${rmmdomain}']
 
+ADMIN_URL = "${ADMINURL}/"
+
 CORS_ORIGIN_WHITELIST = [
     "https://${frontenddomain}"
 ]