forked from Minecraft/minecraft_manager
Started work on API tokens
parent
d35b77014f
commit
7ae8fa576d
|
@ -0,0 +1,41 @@
|
|||
from django.contrib import admin
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from minecraft_manager.api.models import Token
|
||||
|
||||
|
||||
class TokenActiveFilter(admin.SimpleListFilter):
|
||||
title = _('Active')
|
||||
parameter_name = 'active'
|
||||
|
||||
def lookups(self, request, model_admin):
|
||||
return (
|
||||
('0', _('Active')),
|
||||
('1', _('Inactive')),
|
||||
)
|
||||
|
||||
def queryset(self, request, queryset):
|
||||
if self.value() == '0':
|
||||
return queryset.filter(active=True)
|
||||
if self.value() == '1':
|
||||
return queryset.filter(active=False)
|
||||
|
||||
|
||||
class TokenAdmin(admin.ModelAdmin):
|
||||
list_filter = (TokenActiveFilter,)
|
||||
fieldsets = (
|
||||
(None, {
|
||||
'fields': ('key', 'active')
|
||||
}),
|
||||
('Permissions', {
|
||||
'fields': ('web_get_permission', 'web_post_permission', 'plugin_get_permission', 'plugin_post_permission',
|
||||
'form_get_permission', 'form_post_permission', 'model_get_permission', 'model_post_permission',
|
||||
'stats_get_permission', 'stats_post_permission')
|
||||
})
|
||||
)
|
||||
|
||||
|
||||
try:
|
||||
admin.site.register(Token, TokenAdmin)
|
||||
except admin.sites.AlreadyRegistered:
|
||||
pass
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
from django.db import models
|
||||
|
||||
|
||||
class Token(models.Model):
|
||||
key = models.CharField("Key", max_length=50, unique=True)
|
||||
active = models.BooleanField("Active", default=True)
|
||||
web_get_permission = models.BooleanField("Web API GET", default=False)
|
||||
web_post_permission = models.BooleanField("Web API POST", default=False)
|
||||
plugin_get_permission = models.BooleanField("Plugin API GET", default=False)
|
||||
plugin_post_permission = models.BooleanField("Plugin API POST", default=False)
|
||||
form_get_permission = models.BooleanField("Form API GET", default=False)
|
||||
form_post_permission = models.BooleanField("Form API POST", default=False)
|
||||
model_get_permission = models.BooleanField("Model API GET", default=False)
|
||||
model_post_permission = models.BooleanField("Model API POST", default=False)
|
||||
stats_get_permission = models.BooleanField("Stats API GET", default=False)
|
||||
stats_post_permission = models.BooleanField("Stats API POST", default=False)
|
32
api/views.py
32
api/views.py
|
@ -7,7 +7,6 @@ from django.apps import apps
|
|||
from django.conf import settings
|
||||
from django.contrib.auth.models import User
|
||||
from django.http import JsonResponse, HttpResponse
|
||||
from django.urls import reverse
|
||||
from django.utils import timezone
|
||||
from django.views.generic import View
|
||||
from django.forms import modelform_factory
|
||||
|
@ -15,29 +14,30 @@ from django.forms import modelform_factory
|
|||
import minecraft_manager.forms as MCMForms
|
||||
from minecraft_manager.models import Player, UserSettings, Application, IP, Ticket, Warning
|
||||
import minecraft_manager.api.api as mcm_api
|
||||
from minecraft_manager.api.models import Token
|
||||
import minecraft_manager.utils as mcm_utils
|
||||
import minecraft_manager.external.stats as mcm_stats
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def request_allowed(request):
|
||||
def request_allowed(request, permission):
|
||||
is_authenticated = False
|
||||
if hasattr(request, 'user'):
|
||||
if hasattr(request.user, 'is_authenticated'):
|
||||
is_authenticated = request.user.is_authenticated
|
||||
password = getattr(settings, 'API_PASSWORD', None)
|
||||
get = request.GET
|
||||
post= request.POST
|
||||
post = request.POST
|
||||
request_password = None
|
||||
if 'api' in get:
|
||||
request_password = get['api']
|
||||
elif 'api' in post:
|
||||
request_password = post['api']
|
||||
correct_password = False
|
||||
if password and request_password:
|
||||
correct_password = request_password == password
|
||||
return is_authenticated or correct_password
|
||||
token_permission = False
|
||||
if Token.objects.filter(active=True, key=request_password).exists():
|
||||
token = Token.objects.get(active=True, key=request_password)
|
||||
token_permission = getattr(token, permission, False)
|
||||
return is_authenticated or token_permission
|
||||
|
||||
|
||||
def clean(model, data):
|
||||
|
@ -60,7 +60,7 @@ class WebAPI(View):
|
|||
def get(self, request, keyword):
|
||||
get = request.GET
|
||||
data = {'success': False, 'message': 'API failed'}
|
||||
if request_allowed(request):
|
||||
if request_allowed(request, 'web_get_permission'):
|
||||
keyword = keyword.lower()
|
||||
if keyword == 'log':
|
||||
html_global = ""
|
||||
|
@ -102,7 +102,7 @@ class WebAPI(View):
|
|||
def post(self, request, keyword):
|
||||
post = request.POST
|
||||
data = {}
|
||||
if request_allowed(request):
|
||||
if request_allowed(request, 'web_post_permission'):
|
||||
keyword = keyword.lower()
|
||||
if keyword == 'settings' and request.user.usersettings:
|
||||
for s in [a for a in dir(UserSettings) if not a.startswith('__') and not callable(getattr(UserSettings,a))]:
|
||||
|
@ -155,7 +155,7 @@ class PluginAPI(View):
|
|||
|
||||
def get(self, request, keyword):
|
||||
json = {'status': True, 'message': '', 'extra': ''}
|
||||
if request_allowed(request):
|
||||
if request_allowed(request, 'plugin_get_permission'):
|
||||
get = request.GET
|
||||
keyword = keyword.lower()
|
||||
|
||||
|
@ -163,7 +163,7 @@ class PluginAPI(View):
|
|||
|
||||
def post(self, request, keyword):
|
||||
json = {'status': True, 'message': '', 'extra': ''}
|
||||
if request_allowed(request):
|
||||
if request_allowed(request, 'plugin_post_permission'):
|
||||
post = request.POST
|
||||
keyword = keyword.lower()
|
||||
if "application" == keyword:
|
||||
|
@ -323,7 +323,7 @@ class FormAPI(View):
|
|||
|
||||
def get(self, request, request_model):
|
||||
html = ""
|
||||
if request_allowed(request):
|
||||
if request_allowed(request, 'form_get_permission'):
|
||||
get = request.GET
|
||||
model = None
|
||||
for m in apps.get_app_config('minecraft_manager').get_models():
|
||||
|
@ -346,7 +346,7 @@ class FormAPI(View):
|
|||
|
||||
def post(self, request, request_model):
|
||||
html = ""
|
||||
if request_allowed(request):
|
||||
if request_allowed(request, 'form_post_permission'):
|
||||
post = request.POST
|
||||
model = None
|
||||
for m in apps.get_app_config('minecraft_manager').get_models():
|
||||
|
@ -376,7 +376,7 @@ class ModelAPI(View):
|
|||
|
||||
def get(self, request, request_model):
|
||||
json = []
|
||||
if request_allowed(request):
|
||||
if request_allowed(request, 'model_get_permission'):
|
||||
get = request.GET
|
||||
model = None
|
||||
for m in apps.get_app_config('minecraft_manager').get_models():
|
||||
|
@ -404,7 +404,7 @@ class StatsAPI(View):
|
|||
|
||||
def get(self, request):
|
||||
json = []
|
||||
if request_allowed(request):
|
||||
if request_allowed(request, 'stats_get_permission'):
|
||||
get = request.GET
|
||||
if 'stat' in get:
|
||||
if 'uuid' in get:
|
||||
|
|
Loading…
Reference in New Issue