django: track the base production settings

This makes the production.example.py file inherit from production_base.py, which we then can edit in the future

admin_panel/admin_panel/settings/base.py

@@ -16,6 +16,11 @@
 
 SECRET_KEY = None
 
+# WARNING: DO NOT ADD EXTERNAL HOSTS HERE!!
+# If you want to expose your admin panel online, please follow this tutorial:
+# https://github.com/Ballsdex-Team/BallsDex-DiscordBot/wiki/Serving-the-admin-panel-online
+# THIS HAS SECURITY IMPLICATIONS, ENABLES PRIVILEGE ESCALATION AND REMOTE CODE EXECUTION
+
 ALLOWED_HOSTS = [
     "localhost",
     "127.0.0.1",

admin_panel/admin_panel/settings/production.example.py

@@ -1,16 +1,7 @@
 # Copy this file as "production.py" and set the environment variable
-# DJANGO_SETTINGS_MODULE="admin_panel.settings.production" to enable serving over the internet
+# DJANGO_SETTINGS_MODULE=admin_panel.settings.production to enable serving over the internet
 
-from .base import *
-
-DEBUG = False
-
-# Force python-social-auth (Discord OAuth2) to use https redirection
-SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
-
-# Correctly read the headers when using a proxy like nginx
-# Failing to configure this setting will result in CSRF errors in HTTPS
-SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+from .production_base import *
 
 # Generate a long random string here for your secret key. It is important to keep it secret,
 # leaking it could allow attackers to do privilege escalation.

admin_panel/admin_panel/settings/production_base.py

@@ -0,0 +1,10 @@
+from .base import *
+
+DEBUG = False
+
+# Force python-social-auth (Discord OAuth2) to use https redirection
+SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
+
+# Correctly read the headers when using a proxy like nginx
+# Failing to configure this setting will result in CSRF errors in HTTPS
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")