Started work on API tokens
parent
d35b77014f
commit
7ae8fa576d
|
@ -0,0 +1,41 @@
|
||||||
|
from django.contrib import admin
|
||||||
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
from minecraft_manager.api.models import Token
|
||||||
|
|
||||||
|
|
||||||
|
class TokenActiveFilter(admin.SimpleListFilter):
|
||||||
|
title = _('Active')
|
||||||
|
parameter_name = 'active'
|
||||||
|
|
||||||
|
def lookups(self, request, model_admin):
|
||||||
|
return (
|
||||||
|
('0', _('Active')),
|
||||||
|
('1', _('Inactive')),
|
||||||
|
)
|
||||||
|
|
||||||
|
def queryset(self, request, queryset):
|
||||||
|
if self.value() == '0':
|
||||||
|
return queryset.filter(active=True)
|
||||||
|
if self.value() == '1':
|
||||||
|
return queryset.filter(active=False)
|
||||||
|
|
||||||
|
|
||||||
|
class TokenAdmin(admin.ModelAdmin):
|
||||||
|
list_filter = (TokenActiveFilter,)
|
||||||
|
fieldsets = (
|
||||||
|
(None, {
|
||||||
|
'fields': ('key', 'active')
|
||||||
|
}),
|
||||||
|
('Permissions', {
|
||||||
|
'fields': ('web_get_permission', 'web_post_permission', 'plugin_get_permission', 'plugin_post_permission',
|
||||||
|
'form_get_permission', 'form_post_permission', 'model_get_permission', 'model_post_permission',
|
||||||
|
'stats_get_permission', 'stats_post_permission')
|
||||||
|
})
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
try:
|
||||||
|
admin.site.register(Token, TokenAdmin)
|
||||||
|
except admin.sites.AlreadyRegistered:
|
||||||
|
pass
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
from django.db import models
|
||||||
|
|
||||||
|
|
||||||
|
class Token(models.Model):
|
||||||
|
key = models.CharField("Key", max_length=50, unique=True)
|
||||||
|
active = models.BooleanField("Active", default=True)
|
||||||
|
web_get_permission = models.BooleanField("Web API GET", default=False)
|
||||||
|
web_post_permission = models.BooleanField("Web API POST", default=False)
|
||||||
|
plugin_get_permission = models.BooleanField("Plugin API GET", default=False)
|
||||||
|
plugin_post_permission = models.BooleanField("Plugin API POST", default=False)
|
||||||
|
form_get_permission = models.BooleanField("Form API GET", default=False)
|
||||||
|
form_post_permission = models.BooleanField("Form API POST", default=False)
|
||||||
|
model_get_permission = models.BooleanField("Model API GET", default=False)
|
||||||
|
model_post_permission = models.BooleanField("Model API POST", default=False)
|
||||||
|
stats_get_permission = models.BooleanField("Stats API GET", default=False)
|
||||||
|
stats_post_permission = models.BooleanField("Stats API POST", default=False)
|
30
api/views.py
30
api/views.py
|
@ -7,7 +7,6 @@ from django.apps import apps
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
from django.http import JsonResponse, HttpResponse
|
from django.http import JsonResponse, HttpResponse
|
||||||
from django.urls import reverse
|
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
from django.views.generic import View
|
from django.views.generic import View
|
||||||
from django.forms import modelform_factory
|
from django.forms import modelform_factory
|
||||||
|
@ -15,18 +14,18 @@ from django.forms import modelform_factory
|
||||||
import minecraft_manager.forms as MCMForms
|
import minecraft_manager.forms as MCMForms
|
||||||
from minecraft_manager.models import Player, UserSettings, Application, IP, Ticket, Warning
|
from minecraft_manager.models import Player, UserSettings, Application, IP, Ticket, Warning
|
||||||
import minecraft_manager.api.api as mcm_api
|
import minecraft_manager.api.api as mcm_api
|
||||||
|
from minecraft_manager.api.models import Token
|
||||||
import minecraft_manager.utils as mcm_utils
|
import minecraft_manager.utils as mcm_utils
|
||||||
import minecraft_manager.external.stats as mcm_stats
|
import minecraft_manager.external.stats as mcm_stats
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
def request_allowed(request):
|
def request_allowed(request, permission):
|
||||||
is_authenticated = False
|
is_authenticated = False
|
||||||
if hasattr(request, 'user'):
|
if hasattr(request, 'user'):
|
||||||
if hasattr(request.user, 'is_authenticated'):
|
if hasattr(request.user, 'is_authenticated'):
|
||||||
is_authenticated = request.user.is_authenticated
|
is_authenticated = request.user.is_authenticated
|
||||||
password = getattr(settings, 'API_PASSWORD', None)
|
|
||||||
get = request.GET
|
get = request.GET
|
||||||
post = request.POST
|
post = request.POST
|
||||||
request_password = None
|
request_password = None
|
||||||
|
@ -34,10 +33,11 @@ def request_allowed(request):
|
||||||
request_password = get['api']
|
request_password = get['api']
|
||||||
elif 'api' in post:
|
elif 'api' in post:
|
||||||
request_password = post['api']
|
request_password = post['api']
|
||||||
correct_password = False
|
token_permission = False
|
||||||
if password and request_password:
|
if Token.objects.filter(active=True, key=request_password).exists():
|
||||||
correct_password = request_password == password
|
token = Token.objects.get(active=True, key=request_password)
|
||||||
return is_authenticated or correct_password
|
token_permission = getattr(token, permission, False)
|
||||||
|
return is_authenticated or token_permission
|
||||||
|
|
||||||
|
|
||||||
def clean(model, data):
|
def clean(model, data):
|
||||||
|
@ -60,7 +60,7 @@ class WebAPI(View):
|
||||||
def get(self, request, keyword):
|
def get(self, request, keyword):
|
||||||
get = request.GET
|
get = request.GET
|
||||||
data = {'success': False, 'message': 'API failed'}
|
data = {'success': False, 'message': 'API failed'}
|
||||||
if request_allowed(request):
|
if request_allowed(request, 'web_get_permission'):
|
||||||
keyword = keyword.lower()
|
keyword = keyword.lower()
|
||||||
if keyword == 'log':
|
if keyword == 'log':
|
||||||
html_global = ""
|
html_global = ""
|
||||||
|
@ -102,7 +102,7 @@ class WebAPI(View):
|
||||||
def post(self, request, keyword):
|
def post(self, request, keyword):
|
||||||
post = request.POST
|
post = request.POST
|
||||||
data = {}
|
data = {}
|
||||||
if request_allowed(request):
|
if request_allowed(request, 'web_post_permission'):
|
||||||
keyword = keyword.lower()
|
keyword = keyword.lower()
|
||||||
if keyword == 'settings' and request.user.usersettings:
|
if keyword == 'settings' and request.user.usersettings:
|
||||||
for s in [a for a in dir(UserSettings) if not a.startswith('__') and not callable(getattr(UserSettings,a))]:
|
for s in [a for a in dir(UserSettings) if not a.startswith('__') and not callable(getattr(UserSettings,a))]:
|
||||||
|
@ -155,7 +155,7 @@ class PluginAPI(View):
|
||||||
|
|
||||||
def get(self, request, keyword):
|
def get(self, request, keyword):
|
||||||
json = {'status': True, 'message': '', 'extra': ''}
|
json = {'status': True, 'message': '', 'extra': ''}
|
||||||
if request_allowed(request):
|
if request_allowed(request, 'plugin_get_permission'):
|
||||||
get = request.GET
|
get = request.GET
|
||||||
keyword = keyword.lower()
|
keyword = keyword.lower()
|
||||||
|
|
||||||
|
@ -163,7 +163,7 @@ class PluginAPI(View):
|
||||||
|
|
||||||
def post(self, request, keyword):
|
def post(self, request, keyword):
|
||||||
json = {'status': True, 'message': '', 'extra': ''}
|
json = {'status': True, 'message': '', 'extra': ''}
|
||||||
if request_allowed(request):
|
if request_allowed(request, 'plugin_post_permission'):
|
||||||
post = request.POST
|
post = request.POST
|
||||||
keyword = keyword.lower()
|
keyword = keyword.lower()
|
||||||
if "application" == keyword:
|
if "application" == keyword:
|
||||||
|
@ -323,7 +323,7 @@ class FormAPI(View):
|
||||||
|
|
||||||
def get(self, request, request_model):
|
def get(self, request, request_model):
|
||||||
html = ""
|
html = ""
|
||||||
if request_allowed(request):
|
if request_allowed(request, 'form_get_permission'):
|
||||||
get = request.GET
|
get = request.GET
|
||||||
model = None
|
model = None
|
||||||
for m in apps.get_app_config('minecraft_manager').get_models():
|
for m in apps.get_app_config('minecraft_manager').get_models():
|
||||||
|
@ -346,7 +346,7 @@ class FormAPI(View):
|
||||||
|
|
||||||
def post(self, request, request_model):
|
def post(self, request, request_model):
|
||||||
html = ""
|
html = ""
|
||||||
if request_allowed(request):
|
if request_allowed(request, 'form_post_permission'):
|
||||||
post = request.POST
|
post = request.POST
|
||||||
model = None
|
model = None
|
||||||
for m in apps.get_app_config('minecraft_manager').get_models():
|
for m in apps.get_app_config('minecraft_manager').get_models():
|
||||||
|
@ -376,7 +376,7 @@ class ModelAPI(View):
|
||||||
|
|
||||||
def get(self, request, request_model):
|
def get(self, request, request_model):
|
||||||
json = []
|
json = []
|
||||||
if request_allowed(request):
|
if request_allowed(request, 'model_get_permission'):
|
||||||
get = request.GET
|
get = request.GET
|
||||||
model = None
|
model = None
|
||||||
for m in apps.get_app_config('minecraft_manager').get_models():
|
for m in apps.get_app_config('minecraft_manager').get_models():
|
||||||
|
@ -404,7 +404,7 @@ class StatsAPI(View):
|
||||||
|
|
||||||
def get(self, request):
|
def get(self, request):
|
||||||
json = []
|
json = []
|
||||||
if request_allowed(request):
|
if request_allowed(request, 'stats_get_permission'):
|
||||||
get = request.GET
|
get = request.GET
|
||||||
if 'stat' in get:
|
if 'stat' in get:
|
||||||
if 'uuid' in get:
|
if 'uuid' in get:
|
||||||
|
|
Loading…
Reference in New Issue