Commit 1c5f0843 authored by Hubert Denkmair's avatar Hubert Denkmair
Browse files

implement key management

parent 8b69bf4a
{% extends 'core/base.html' %}
{% load static %}
{% block content %}
<h1>API Keys</h1>
<table>
<thead>
<tr>
<th>API Key</th>
<th>Description</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
{% for key in user.apikey_set.all %}
<tr>
<td>{{ key.key }}</td>
<td>{{ key.comment }}</td>
<td>
<form action="{% url "api_key_delete" key_id=key.id %}" method="post">
{% csrf_token %}
<td><button type="submit">Revoke</button></td>
</form>
</td>
</tr>
{% endfor %}
<form action="{% url "api_key_create" %}" method="post">
{% csrf_token %}
<tr>
<td></td>
<td><input name="comment"></td>
<td><button type="submit">Create</button></td>
</tr>
</form>
</tbody>
</table>
{% endblock %}
......@@ -4,4 +4,11 @@ from . import views
urlpatterns = [
path('version', views.version, name='version'),
path('version/<int:version_id>', views.get_version, name='get_version'),
path('version/active', views.get_active_version, name='get_active_version'),
path('version/activate/<int:version_id>', views.activate_version, name='activate_version'),
path('viewer_key', views.get_viewer_key, name='get_viewer_key'),
path('keys', views.list_api_keys, name='api_keys_list'),
path('keys/create', views.create_api_key, name='api_key_create'),
path('keys/delete/<int:key_id>', views.delete_api_key, name='api_key_delete'),
]
import json
from core.models import ApiKey, SnakeVersion
from django.http import JsonResponse, HttpResponseBadRequest, HttpResponseNotAllowed
from core.models import ApiKey, SnakeVersion, UserProfile
from django.http import JsonResponse, HttpResponseBadRequest
from django.forms import ModelForm
from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404
from django.shortcuts import render, redirect, get_object_or_404
from django.contrib.auth.decorators import login_required
from django.views.decorators.http import require_http_methods
def get_user(request):
......@@ -24,6 +27,11 @@ def get_user(request):
raise PermissionDenied('invalid API key')
def get_user_profile(user):
profile, _ = UserProfile.objects.get_or_create(user=user)
return profile
def version_dict(v):
return {
'id': v.id,
......@@ -41,26 +49,24 @@ def full_version_dict(v):
return d
@require_http_methods(['GET', 'POST', 'PUT'])
def version(request):
if request.method in ['PUT', 'POST']:
return put_version(request)
elif request.method == 'GET':
return JsonResponse({ 'versions': [version_dict(v) for v in SnakeVersion.objects.filter(user=get_user(request))]})
return HttpResponseNotAllowed(permitted_methods=['GET', 'PUT', 'POST'])
else:
return JsonResponse({'versions': [version_dict(v) for v in SnakeVersion.objects.filter(user=get_user(request))]})
@require_http_methods(['GET'])
def get_version(request, version_id):
user = get_user(request)
v = get_object_or_404(SnakeVersion, user=user, id=version_id)
return JsonResponse(full_version_dict(v))
@require_http_methods(['POST', 'PUT'])
def put_version(request):
user = get_user(request)
permitted_methods = ['PUT', 'POST']
if request.method not in permitted_methods:
return HttpResponseNotAllowed(permitted_methods=permitted_methods)
data = json.loads(request.body)
if not isinstance(data, dict):
return HttpResponseBadRequest('need to send a json dict as request body')
......@@ -74,3 +80,64 @@ def put_version(request):
return HttpResponseBadRequest('need to provide lua script in code field');
v.save()
return get_version(request, version_id=v.id)
@require_http_methods(['GET'])
def get_active_version(request, version_id):
user = get_user(request)
up = get_user_profile(user)
v = up.active_snake
if v:
return get_version(request, version_id=v.id)
else:
return JsonResponse({})
@require_http_methods(['POST'])
def activate_version(request, version_id):
user = get_user(request)
v = get_object_or_404(SnakeVersion, user=user, id=version_id)
up = get_user_profile(user)
up.active_snake = v
up.save()
return JsonResponse(version_dict(v))
@require_http_methods(['GET'])
def get_viewer_key(request):
user = get_user(request)
up = get_user_profile(user)
return JsonResponse({'viewer_key': up.viewer_key})
@require_http_methods(['GET'])
@login_required()
def list_api_keys(request):
return render(request, 'api/list_api_keys.html', {
'user': request.user
})
class CreateKeyForm(ModelForm):
class Meta:
model = ApiKey
fields = ['comment']
@require_http_methods(['POST'])
@login_required()
def create_api_key(request):
form = CreateKeyForm(request.POST or None)
if form.is_valid():
key = ApiKey(user=request.user)
key.comment = form.cleaned_data.get('comment', None)
key.save()
return redirect('api_keys_list')
@require_http_methods(['POST', 'DELETE'])
@login_required()
def delete_api_key(request, key_id):
key = get_object_or_404(ApiKey, user=request.user, id=key_id)
key.delete()
return redirect('api_keys_list')
......@@ -14,6 +14,6 @@ class Migration(migrations.Migration):
migrations.AddField(
model_name='userprofile',
name='viewer_key',
field=models.BigIntegerField(default=core.models.create_viewer_key, unique=True),
field=models.BigIntegerField(default=None, unique=True),
),
]
import random
import uuid
from django.db import models
from django.utils.timezone import now
from django.contrib.auth.models import User
def create_viewer_key():
return None
class SnakeVersion(models.Model):
class Meta:
get_latest_by = "created"
......@@ -88,7 +85,10 @@ class ServerCommand(models.Model):
result_msg = models.TextField(blank=True, null=True, editable=False)
def create_key():
return str(uuid.uuid4())
class ApiKey(models.Model):
user = models.ForeignKey(User, on_delete=models.CASCADE)
key = models.CharField(max_length=100)
comment = models.CharField(max_length=255)
key = models.CharField(max_length=100, default=create_key())
comment = models.CharField(max_length=255, null=True, blank=True)
from datetime import datetime
import json
from django.contrib.auth.decorators import login_required
from django.core.exceptions import PermissionDenied
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment