IT-Naturschutz/konova
7
1
Fork 0
Code Issues 6 Pull Requests 1 Actions Projects Releases 28 Wiki Activity

#31 API basic implementation Token Authentication

Browse Source 
* adds token checking to AbstractModelAPIView
* adds user accessibility filtering for intervention API v1
* extends fetch_and_serialize() method to take a dict for db filtering instead of a single field and value
* organizes urlnames into supporting formats like "api:v1:intervention"
This commit is contained in:
mpeltriaux 2022-01-21 16:15:16 +01:00
parent 881da38538
commit 3938db1893
6 changed files with 64 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
api/models/token.py
View File

@ -1,4 +1,6 @@
from django.core.exceptions import ObjectDoesNotExist
from django.db import models from django.db import models
from django.utils import timezone
from konova.utils.generators import generate_token from konova.utils.generators import generate_token
@ -21,3 +23,26 @@ class APIUserToken(models.Model):
def __str__(self): def __str__(self):
return self.token return self.token
@staticmethod
def get_user_from_token(token: str):
""" Getter for the related user object
Args:
token (str): The used token
Returns:
user (User): Otherwise None
"""
_today = timezone.now().date()
try:
token_obj = APIUserToken.objects.get(
token=token,
)
if not token_obj.is_active:
raise PermissionError("Token unverified")
if token_obj.valid_until is not None and token_obj.valid_until < _today:
raise PermissionError("Token validity expired")
except ObjectDoesNotExist:
raise PermissionError("Token invalid")
return token_obj.user

8
api/settings.py Normal file
View File

@ -0,0 +1,8 @@
"""
Author: Michel Peltriaux
Organization: Struktur- und Genehmigungsdirektion Nord, Rhineland-Palatinate, Germany
Contact: michel.peltriaux@sgdnord.rlp.de
Created on: 21.01.22
"""
KSP_TOKEN_HEADER_IDENTIFIER = "ksptoken"

2
api/urls/urls.py
View File

@ -10,5 +10,5 @@ from django.urls import path, include
app_name = "api" app_name = "api"
urlpatterns = [ urlpatterns = [
path("v1/", include("api.urls.v1.urls")), path("v1/", include("api.urls.v1.urls", namespace="v1")),
] ]

5
api/urls/v1/urls.py
View File

@ -7,8 +7,9 @@ Created on: 21.01.22
""" """
from django.urls import path from django.urls import path
from api.views.v1.intervention import APIInterventionView from api.views.v1.intervention import APIInterventionViewV1
app_name = "v1"
urlpatterns = [ urlpatterns = [
path("intervention/<identifier>", APIInterventionView.as_view(), name="api-intervention"), path("intervention/<identifier>", APIInterventionViewV1.as_view(), name="intervention"),
] ]

13
api/views/v1/intervention.py
View File

@ -13,15 +13,16 @@ from api.views.v1.general import AbstractModelAPIViewV1
from intervention.models import Intervention from intervention.models import Intervention
class APIInterventionView(AbstractModelAPIViewV1): class APIInterventionViewV1(AbstractModelAPIViewV1):
model = Intervention model = Intervention
fields_to_serialize = {
"identifier",
"title",
}
def get(self, request: HttpRequest, identifier): def get(self, request: HttpRequest, identifier):
data = self.fetch_and_serialize("identifier", identifier) _filter = {
"identifier": identifier,
"users__in": [self.user],
"deleted__isnull": True,
}
data = self.fetch_and_serialize(_filter)
return JsonResponse(data) return JsonResponse(data)
def model_to_json(self, entry: Intervention): def model_to_json(self, entry: Intervention):

27
api/views/views.py
View File

@ -7,8 +7,12 @@ Created on: 21.01.22
""" """
from abc import abstractmethod from abc import abstractmethod
from django.http import JsonResponse
from django.views import View from django.views import View
from api.models import APIUserToken
from api.settings import KSP_TOKEN_HEADER_IDENTIFIER
class AbstractModelAPIView(View): class AbstractModelAPIView(View):
""" Base class for API views """ Base class for API views
@ -19,6 +23,7 @@ class AbstractModelAPIView(View):
""" """
model = None model = None
user = None
class Meta: class Meta:
abstract = True abstract = True
@ -35,21 +40,29 @@ class AbstractModelAPIView(View):
""" """
raise NotImplementedError("Must be implemented in subclasses") raise NotImplementedError("Must be implemented in subclasses")
def fetch_and_serialize(self, lookup_field, lookup_val): def fetch_and_serialize(self, _filter):
""" Serializes the model entry according to the given lookup data """ Serializes the model entry according to the given lookup data
Args: Args:
lookup_field (): Which field used for lookup _filter (dict): Lookup declarations
lookup_val (): Value for lookup
Returns: Returns:
serialized_data (dict) serialized_data (dict)
""" """
_filters = { qs = self.model.objects.filter(**_filter)
lookup_field: lookup_val
}
qs = self.model.objects.filter(**_filters)
serialized_data = {} serialized_data = {}
for entry in qs: for entry in qs:
serialized_data[str(entry.pk)] = self.model_to_json(entry) serialized_data[str(entry.pk)] = self.model_to_json(entry)
return serialized_data return serialized_data
def dispatch(self, request, *args, **kwargs):
try:
self.user = APIUserToken.get_user_from_token(request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None))
except PermissionError as e:
return JsonResponse(
{
"error": e.__str__()
},
status=403
)
return super().dispatch(request, *args, **kwargs)