From 382e89abb73331b96b04df83db5d49901785e1fd Mon Sep 17 00:00:00 2001
From: simon <simobilleter@gmail.com>
Date: Tue, 11 Jan 2022 14:15:36 +0700
Subject: [PATCH] implement api token auth

---
 tubearchivist/api/models.py                     |  4 +---
 tubearchivist/api/urls.py                       |  9 ++++-----
 tubearchivist/api/views.py                      |  7 +++++++
 tubearchivist/config/settings.py                |  1 +
 tubearchivist/home/templates/home/settings.html |  4 ++++
 tubearchivist/home/views.py                     | 14 ++++++++++++--
 6 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/tubearchivist/api/models.py b/tubearchivist/api/models.py
index 500340a..b225e99 100644
--- a/tubearchivist/api/models.py
+++ b/tubearchivist/api/models.py
@@ -1,5 +1,3 @@
 """api models"""
 
-from django.db import models  # noqa: F401
-
-# Create your models here.
+# from django.db import models
diff --git a/tubearchivist/api/urls.py b/tubearchivist/api/urls.py
index 7f48576..6c471c1 100644
--- a/tubearchivist/api/urls.py
+++ b/tubearchivist/api/urls.py
@@ -6,28 +6,27 @@ from api.views import (
     PlaylistApiView,
     VideoApiView,
 )
-from django.contrib.auth.decorators import login_required
 from django.urls import path
 
 urlpatterns = [
     path(
         "video/<slug:video_id>/",
-        login_required(VideoApiView.as_view()),
+        VideoApiView.as_view(),
         name="api-video",
     ),
     path(
         "channel/<slug:channel_id>/",
-        login_required(ChannelApiView.as_view()),
+        ChannelApiView.as_view(),
         name="api-channel",
     ),
     path(
         "playlist/<slug:playlist_id>/",
-        login_required(PlaylistApiView.as_view()),
+        PlaylistApiView.as_view(),
         name="api-playlist",
     ),
     path(
         "download/<slug:video_id>/",
-        login_required(DownloadApiView.as_view()),
+        DownloadApiView.as_view(),
         name="api-download",
     ),
 ]
diff --git a/tubearchivist/api/views.py b/tubearchivist/api/views.py
index f250bd3..3fa5c9f 100644
--- a/tubearchivist/api/views.py
+++ b/tubearchivist/api/views.py
@@ -2,6 +2,11 @@
 
 import requests
 from home.src.config import AppConfig
+from rest_framework.authentication import (
+    SessionAuthentication,
+    TokenAuthentication,
+)
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
@@ -9,6 +14,8 @@ from rest_framework.views import APIView
 class ApiBaseView(APIView):
     """base view to inherit from"""
 
+    authentication_classes = [SessionAuthentication, TokenAuthentication]
+    permission_classes = [IsAuthenticated]
     search_base = False
 
     def __init__(self):
diff --git a/tubearchivist/config/settings.py b/tubearchivist/config/settings.py
index 21074b3..cb12ad6 100644
--- a/tubearchivist/config/settings.py
+++ b/tubearchivist/config/settings.py
@@ -45,6 +45,7 @@ INSTALLED_APPS = [
     "django.contrib.staticfiles",
     "django.contrib.humanize",
     "rest_framework",
+    "rest_framework.authtoken",
     "api",
 ]
 
diff --git a/tubearchivist/home/templates/home/settings.html b/tubearchivist/home/templates/home/settings.html
index 6e728ea..2f35467 100644
--- a/tubearchivist/home/templates/home/settings.html
+++ b/tubearchivist/home/templates/home/settings.html
@@ -97,6 +97,10 @@
         </div>
         <div class="settings-group">
             <h2 id="integrations">Integrations</h2>
+            <div class="settings-item">
+                <p>API token:</p>
+                <p>{{ api_token }}</p>
+            </div>
             <div class="settings-item">
                 <p>Integrate with <a href="https://returnyoutubedislike.com/">returnyoutubedislike.com</a> to get dislikes and average ratings back: <span class="settings-current">{{ config.downloads.integrate_ryd }}</span></p>
                 <i>Before activating that, make sure you have a scraping sleep interval of at least 3 secs set to avoid ratelimiting issues.</i><br>
diff --git a/tubearchivist/home/views.py b/tubearchivist/home/views.py
index ff48714..d71cea6 100644
--- a/tubearchivist/home/views.py
+++ b/tubearchivist/home/views.py
@@ -31,6 +31,7 @@ from home.src.index import YoutubePlaylist
 from home.src.index_management import get_available_backups
 from home.src.searching import Pagination, SearchHandler
 from home.tasks import extrac_dl, subscribe_to
+from rest_framework.authtoken.models import Token
 
 
 class ArchivistViewConfig(View):
@@ -682,8 +683,7 @@ class SettingsView(View):
     take post request from the form to update settings
     """
 
-    @staticmethod
-    def get(request):
+    def get(self, request):
         """read and display current settings"""
         config_handler = AppConfig(request.user.id)
         colors = config_handler.colors
@@ -692,10 +692,12 @@ class SettingsView(View):
         user_form = UserSettingsForm()
         app_form = ApplicationSettingsForm()
         scheduler_form = SchedulerSettingsForm()
+        token = self.get_token(request)
 
         context = {
             "title": "Settings",
             "config": config_handler.config,
+            "api_token": token,
             "colors": colors,
             "available_backups": available_backups,
             "user_form": user_form,
@@ -705,6 +707,14 @@ class SettingsView(View):
 
         return render(request, "home/settings.html", context)
 
+    @staticmethod
+    def get_token(request):
+        """get existing or create new token of user"""
+        # pylint: disable=no-member
+        token = Token.objects.get_or_create(user=request.user)[0]
+        print(token)
+        return token
+
     @staticmethod
     def post(request):
         """handle form post to update settings"""