Add apitoken endpoint

spejstore/settings.py

@@ -14,7 +14,8 @@ import os
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-
+STATIC_ROOT = os.path.join(BASE_DIR, 'build_static')
+PROD = os.getenv('SPEJSTORE_ENV') == 'prod'
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/
@@ -23,7 +24,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 SECRET_KEY = '#hjthi7_udsyt*9eeyb&nwgw5x=%pk_lnz3+u2tg9@=w3p1m*k'
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = not PROD
 
 ALLOWED_HOSTS = ['devinventory', 'inventory.waw.hackerspace.pl', 'i', 'inventory']
 LOGIN_REDIRECT_URL = '/admin/'
@@ -47,6 +48,7 @@ INSTALLED_APPS = [
     'tree',
     'django_select2',
     'rest_framework',
+    'rest_framework.authtoken',
     'django_markdown2',
 
     'storage',
@@ -174,12 +176,18 @@ REST_FRAMEWORK = {
     # Use Django's standard `django.contrib.auth` permissions,
     # or allow read-only access for unauthenticated users.
     'DEFAULT_PERMISSION_CLASSES': [
-        'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
+        'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly',
+    ],
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.BasicAuthentication',
+        'rest_framework.authentication.SessionAuthentication',
+        'rest_framework.authentication.TokenAuthentication',
     ]
 }
 
 SOCIAL_AUTH_HSWAW_KEY = os.getenv('SPEJSTORE_CLIENT_ID')
 SOCIAL_AUTH_HSWAW_SECRET = os.getenv('SPEJSTORE_SECRET')
+SOCIAL_AUTH_REDIRECT_IS_HTTPS = PROD
 
 SOCIAL_AUTH_POSTGRES_JSONFIELD = True
 

storage/urls.py

@@ -1,11 +1,13 @@
 from django.conf.urls import include, url
 from storage.views import (
-    index, search, item_display, label_lookup, ItemSelectView, PropSelectView
+    index, search, item_display, label_lookup, apitoken, ItemSelectView,
+    PropSelectView
 )
 
 urlpatterns = [
     url(r'^$', index),
     url(r'^search$', search),
+    url(r'^apitoken$', apitoken),
     url(r'^item/(?P<pk>.*)$', item_display, name='item-display'),
     url(r'^autocomplete.json$', ItemSelectView.as_view(), name='item-complete'),
     url(r'^autocomplete_prop.json$', PropSelectView.as_view(), name='prop-complete'),

storage/views.py

@@ -2,7 +2,7 @@ import shlex
 
 from django.shortcuts import render, get_object_or_404, redirect
 from django.contrib.postgres.search import SearchVector, TrigramSimilarity
-from django.http import Http404, JsonResponse
+from django.http import Http404, JsonResponse, HttpResponse
 from django.contrib.admin.models import LogEntry
 from django_select2.views import AutoResponseView
 from django.db import connection
@@ -10,6 +10,8 @@ from django.db.models import Q
 
 from storage.models import Item, Label
 
+from django.contrib.auth.decorators import login_required
+from rest_framework.authtoken.models import Token
 
 def apply_smart_search(query, objects):
     general_term = []
@@ -95,6 +97,13 @@ def label_lookup(request, pk):
     return redirect(label.item)
 
 
+@login_required
+def apitoken(request):
+    print(Token)
+    token, created = Token.objects.get_or_create(user=request.user)
+    return HttpResponse(token.key, content_type='text/plain')
+
+
 class ItemSelectView(AutoResponseView):
     def get(self, request, *args, **kwargs):
         self.widget = self.get_widget_or_404()