implement api token auth

2022-01-11 14:15:36 +07:00 · 2022-01-11 14:15:36 +07:00 · 382e89abb7
parent 917e73ec4d
commit 382e89abb7
6 changed files with 29 additions and 10 deletions
--- a/tubearchivist/api/models.py
+++ b/tubearchivist/api/models.py
@ -1,5 +1,3 @@
 """api models"""

-from django.db import models  # noqa: F401
-
-# Create your models here.
+# from django.db import models
--- a/tubearchivist/api/urls.py
+++ b/tubearchivist/api/urls.py
@ -6,28 +6,27 @@ from api.views import (
    PlaylistApiView,
    VideoApiView,
 )
-from django.contrib.auth.decorators import login_required
 from django.urls import path

 urlpatterns = [
    path(
        "video/<slug:video_id>/",
-        login_required(VideoApiView.as_view()),
+        VideoApiView.as_view(),
        name="api-video",
    ),
    path(
        "channel/<slug:channel_id>/",
-        login_required(ChannelApiView.as_view()),
+        ChannelApiView.as_view(),
        name="api-channel",
    ),
    path(
        "playlist/<slug:playlist_id>/",
-        login_required(PlaylistApiView.as_view()),
+        PlaylistApiView.as_view(),
        name="api-playlist",
    ),
    path(
        "download/<slug:video_id>/",
-        login_required(DownloadApiView.as_view()),
+        DownloadApiView.as_view(),
        name="api-download",
    ),
 ]
--- a/tubearchivist/api/views.py
+++ b/tubearchivist/api/views.py
@ -2,6 +2,11 @@

 import requests
 from home.src.config import AppConfig
+from rest_framework.authentication import (
+    SessionAuthentication,
+    TokenAuthentication,
+)
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView

@ -9,6 +14,8 @@ from rest_framework.views import APIView
 class ApiBaseView(APIView):
    """base view to inherit from"""

+    authentication_classes = [SessionAuthentication, TokenAuthentication]
+    permission_classes = [IsAuthenticated]
    search_base = False

    def __init__(self):
--- a/tubearchivist/config/settings.py
+++ b/tubearchivist/config/settings.py
@ -45,6 +45,7 @@ INSTALLED_APPS = [
    "django.contrib.staticfiles",
    "django.contrib.humanize",
    "rest_framework",
+    "rest_framework.authtoken",
    "api",
 ]

--- a/tubearchivist/home/templates/home/settings.html
+++ b/tubearchivist/home/templates/home/settings.html
@ -97,6 +97,10 @@
        </div>
        <div class="settings-group">
            <h2 id="integrations">Integrations</h2>
+            <div class="settings-item">
+                <p>API token:</p>
+                <p>{{ api_token }}</p>
+            </div>
            <div class="settings-item">
                <p>Integrate with <a href="https://returnyoutubedislike.com/">returnyoutubedislike.com</a> to get dislikes and average ratings back: <span class="settings-current">{{ config.downloads.integrate_ryd }}</span></p>
                <i>Before activating that, make sure you have a scraping sleep interval of at least 3 secs set to avoid ratelimiting issues.</i><br>
--- a/tubearchivist/home/views.py
+++ b/tubearchivist/home/views.py
@ -31,6 +31,7 @@ from home.src.index import YoutubePlaylist
 from home.src.index_management import get_available_backups
 from home.src.searching import Pagination, SearchHandler
 from home.tasks import extrac_dl, subscribe_to
+from rest_framework.authtoken.models import Token


 class ArchivistViewConfig(View):
@ -682,8 +683,7 @@ class SettingsView(View):
    take post request from the form to update settings
    """

-    @staticmethod
-    def get(request):
+    def get(self, request):
        """read and display current settings"""
        config_handler = AppConfig(request.user.id)
        colors = config_handler.colors
@ -692,10 +692,12 @@ class SettingsView(View):
        user_form = UserSettingsForm()
        app_form = ApplicationSettingsForm()
        scheduler_form = SchedulerSettingsForm()
+        token = self.get_token(request)

        context = {
            "title": "Settings",
            "config": config_handler.config,
+            "api_token": token,
            "colors": colors,
            "available_backups": available_backups,
            "user_form": user_form,
@ -705,6 +707,14 @@ class SettingsView(View):

        return render(request, "home/settings.html", context)

+    @staticmethod
+    def get_token(request):
+        """get existing or create new token of user"""
+        # pylint: disable=no-member
+        token = Token.objects.get_or_create(user=request.user)[0]
+        print(token)
+        return token
+
    @staticmethod
    def post(request):
        """handle form post to update settings"""