Add apitoken endpoint

2019-02-02 13:21:15 +01:00 · 2019-02-02 13:21:15 +01:00 · fedf3dca80
parent 3f58a080f4
commit fedf3dca80
3 changed files with 24 additions and 5 deletions
--- a/spejstore/settings.py
+++ b/spejstore/settings.py
@ -14,7 +14,8 @@ import os

 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-
+STATIC_ROOT = os.path.join(BASE_DIR, 'build_static')
+PROD = os.getenv('SPEJSTORE_ENV') == 'prod'

 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/
@ -23,7 +24,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 SECRET_KEY = '#hjthi7_udsyt*9eeyb&nwgw5x=%pk_lnz3+u2tg9@=w3p1m*k'

 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = not PROD

 ALLOWED_HOSTS = ['devinventory', 'inventory.waw.hackerspace.pl', 'i', 'inventory']
 LOGIN_REDIRECT_URL = '/admin/'
@ -47,6 +48,7 @@ INSTALLED_APPS = [
    'tree',
    'django_select2',
    'rest_framework',
+    'rest_framework.authtoken',
    'django_markdown2',

    'storage',
@ -174,12 +176,18 @@ REST_FRAMEWORK = {
    # Use Django's standard `django.contrib.auth` permissions,
    # or allow read-only access for unauthenticated users.
    'DEFAULT_PERMISSION_CLASSES': [
-        'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
+        'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly',
+    ],
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.BasicAuthentication',
+        'rest_framework.authentication.SessionAuthentication',
+        'rest_framework.authentication.TokenAuthentication',
    ]
 }

 SOCIAL_AUTH_HSWAW_KEY = os.getenv('SPEJSTORE_CLIENT_ID')
 SOCIAL_AUTH_HSWAW_SECRET = os.getenv('SPEJSTORE_SECRET')
+SOCIAL_AUTH_REDIRECT_IS_HTTPS = PROD

 SOCIAL_AUTH_POSTGRES_JSONFIELD = True

--- a/storage/urls.py
+++ b/storage/urls.py
@ -1,11 +1,13 @@
 from django.conf.urls import include, url
 from storage.views import (
-    index, search, item_display, label_lookup, ItemSelectView, PropSelectView
+    index, search, item_display, label_lookup, apitoken, ItemSelectView,
+    PropSelectView
 )

 urlpatterns = [
    url(r'^$', index),
    url(r'^search$', search),
+    url(r'^apitoken$', apitoken),
    url(r'^item/(?P<pk>.*)$', item_display, name='item-display'),
    url(r'^autocomplete.json$', ItemSelectView.as_view(), name='item-complete'),
    url(r'^autocomplete_prop.json$', PropSelectView.as_view(), name='prop-complete'),
--- a/storage/views.py
+++ b/storage/views.py
@ -2,7 +2,7 @@ import shlex

 from django.shortcuts import render, get_object_or_404, redirect
 from django.contrib.postgres.search import SearchVector, TrigramSimilarity
-from django.http import Http404, JsonResponse
+from django.http import Http404, JsonResponse, HttpResponse
 from django.contrib.admin.models import LogEntry
 from django_select2.views import AutoResponseView
 from django.db import connection
@ -10,6 +10,8 @@ from django.db.models import Q

 from storage.models import Item, Label

+from django.contrib.auth.decorators import login_required
+from rest_framework.authtoken.models import Token

 def apply_smart_search(query, objects):
    general_term = []
@ -95,6 +97,13 @@ def label_lookup(request, pk):
    return redirect(label.item)


+@login_required
+def apitoken(request):
+    print(Token)
+    token, created = Token.objects.get_or_create(user=request.user)
+    return HttpResponse(token.key, content_type='text/plain')
+
+
 class ItemSelectView(AutoResponseView):
    def get(self, request, *args, **kwargs):
        self.widget = self.get_widget_or_404()