theluyuan/shynet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move token to User model + add API setting view

Browse Source
This commit is contained in:
Paweł Jastrzębski 2021-11-17 11:00:52 +01:00
parent d62d48c7b4
commit 787ce1775f
11 changed files with 94 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
shynet/api/admin.py
View File

@ -1,9 +1 @@
from django.contrib import admin # from django.contrib import admin
from api.models import ApiToken
class ApiTokenAdmin(admin.ModelAdmin):
list_display = ("name", "user", "value")
admin.site.register(ApiToken, ApiTokenAdmin)

30
shynet/api/migrations/0001_initial.py
View File

@ -1,30 +0,0 @@
# Generated by Django 3.2.5 on 2021-10-11 09:31
import api.models
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
initial = True
dependencies = [
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
]
operations = [
migrations.CreateModel(
name='ApiToken',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(max_length=64)),
('value', models.TextField(default=api.models._default_token_value, unique=True)),
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='api_tokens', to=settings.AUTH_USER_MODEL)),
],
options={
'ordering': ['name', 'value'],
},
),
]

9
shynet/api/mixins.py
View File

@ -1,6 +1,7 @@
from django.http import JsonResponse from django.http import JsonResponse
from django.contrib.auth.models import AnonymousUser from django.contrib.auth.models import AnonymousUser
from .models import ApiToken
from core.models import User
class ApiTokenRequiredMixin: class ApiTokenRequiredMixin:
@ -10,11 +11,9 @@ class ApiTokenRequiredMixin:
return AnonymousUser() return AnonymousUser()
token = token.split(' ')[1] token = token.split(' ')[1]
api_token = ApiToken.objects.filter(value=token).first() user = User.objects.filter(api_token=token).first()
if not api_token:
return AnonymousUser()
return api_token.user return user if user else AnonymousUser()
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
request.user = self._get_user_by_token(request) request.user = self._get_user_by_token(request)

20
shynet/api/models.py
View File

@ -1,19 +1 @@
from django.db import models # from django.db import models
from core.models import User
from secrets import token_urlsafe
def _default_token_value():
return token_urlsafe(32)
class ApiToken(models.Model):
name = models.CharField(max_length=64)
value = models.TextField(default=_default_token_value, unique=True)
user = models.ForeignKey(User, on_delete=models.CASCADE, related_name="api_tokens")
class Meta:
ordering = ["name", "value"]
def __str__(self):
return self.name

24
shynet/core/migrations/0009_auto_20211117_0217.py Normal file
View File

@ -0,0 +1,24 @@
# Generated by Django 3.2.5 on 2021-11-17 07:17
import core.models
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('core', '0008_auto_20200628_1403'),
]
operations = [
migrations.AddField(
model_name='user',
name='api_token',
field=models.TextField(default=core.models._default_api_token, unique=True),
),
migrations.AlterField(
model_name='user',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
]

8
shynet/core/models.py
View File

@ -1,8 +1,9 @@
import ipaddress import ipaddress
import json
import re import re
import uuid import uuid
from secrets import token_urlsafe
from django.apps import apps from django.apps import apps
from django.conf import settings from django.conf import settings
from django.contrib.auth.models import AbstractUser from django.contrib.auth.models import AbstractUser
@ -43,9 +44,14 @@ def _parse_network_list(networks: str):
return [ipaddress.ip_network(network.strip()) for network in networks.split(",")] return [ipaddress.ip_network(network.strip()) for network in networks.split(",")]
def _default_api_token():
return token_urlsafe(32)
class User(AbstractUser): class User(AbstractUser):
username = models.TextField(default=_default_uuid, unique=True) username = models.TextField(default=_default_uuid, unique=True)
email = models.EmailField(unique=True) email = models.EmailField(unique=True)
api_token = models.TextField(default=_default_api_token, unique=True)
def __str__(self): def __str__(self):
return self.email return self.email

3
shynet/dashboard/templates/base.html
View File

@ -88,6 +88,9 @@
{% url 'account_set_password' as url %} {% url 'account_set_password' as url %}
{% include 'dashboard/includes/sidebar_portal.html' with label="Security" url=url %} {% include 'dashboard/includes/sidebar_portal.html' with label="Security" url=url %}
{% url 'dashboard:api_settings' as url %}
{% include 'dashboard/includes/sidebar_portal.html' with label="API" url=url %}
{% url 'account_logout' as url %} {% url 'account_logout' as url %}
{% include 'dashboard/includes/sidebar_portal.html' with label="Sign Out" url=url %} {% include 'dashboard/includes/sidebar_portal.html' with label="Sign Out" url=url %}

22
shynet/dashboard/templates/dashboard/pages/api_settings.html Normal file
View File

@ -0,0 +1,22 @@
{% extends "base.html" %}
{% block content %}
<section class="max-w-xl content">
<h1>API</h1>
<div class="card ~neutral !low p-0" method="POST">
<div class="section ~neutral !normal p-4">
<div>
<p class="label">Token</p>
<div class="flex justify-between">
<span class='chip ~info !normal'>
{{request.user.api_token}}
</span>
<a class="href" href="{% url 'dashboard:api_token_refresh' %}">
<button type="submit" class="button ~warning !high">Refresh token</button>
</a>
</div>
</div>
</div>
</div>
</section>
{% endblock %}

7
shynet/dashboard/templates/dashboard/pages/service_update.html
View File

@ -30,5 +30,12 @@
</div> </div>
</div> </div>
</form> </form>
<hr class="sep h-4">
<div>
<p class="label">API Token</p>
<span class='chip ~info !normal'>
{{request.user.api_token}}
</span>
</div>
</div> </div>
{% endblock %} {% endblock %}

14
shynet/dashboard/urls.py
View File

@ -1,6 +1,4 @@
from django.contrib import admin from django.urls import path
from django.urls import include, path
from django.views.generic import RedirectView
from . import views from . import views
@ -28,4 +26,14 @@ urlpatterns = [
views.ServiceSessionView.as_view(), views.ServiceSessionView.as_view(),
name="service_session", name="service_session",
), ),
path(
"api-settings/",
views.ApiSettingsView.as_view(),
name="api_settings",
),
path(
"api-token-refresh/",
views.RefreshApiTokenView.as_view(),
name="api_token_refresh",
),
] ]

17
shynet/dashboard/views.py
View File

@ -3,8 +3,7 @@ from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.messages.views import SuccessMessageMixin from django.contrib.messages.views import SuccessMessageMixin
from django.core.cache import cache from django.core.cache import cache
from django.db.models import Q from django.db.models import Q
from django.shortcuts import get_object_or_404, reverse from django.shortcuts import get_object_or_404, reverse, redirect
from django.utils import timezone
from django.views.generic import ( from django.views.generic import (
CreateView, CreateView,
DeleteView, DeleteView,
@ -12,11 +11,12 @@ from django.views.generic import (
ListView, ListView,
TemplateView, TemplateView,
UpdateView, UpdateView,
View,
) )
from rules.contrib.views import PermissionRequiredMixin from rules.contrib.views import PermissionRequiredMixin
from analytics.models import Session from analytics.models import Session
from core.models import Service from core.models import Service, _default_api_token
from .forms import ServiceForm from .forms import ServiceForm
from .mixins import DateRangeMixin from .mixins import DateRangeMixin
@ -155,3 +155,14 @@ class ServiceSessionView(LoginRequiredMixin, PermissionRequiredMixin, DetailView
data = super().get_context_data(**kwargs) data = super().get_context_data(**kwargs)
data["object"] = get_object_or_404(Service, pk=self.kwargs.get("pk")) data["object"] = get_object_or_404(Service, pk=self.kwargs.get("pk"))
return data return data
class ApiSettingsView(LoginRequiredMixin, TemplateView):
template_name = "dashboard/pages/api_settings.html"
class RefreshApiTokenView(LoginRequiredMixin, View):
def get(self, request):
request.user.api_token = _default_api_token()
request.user.save()
return redirect('dashboard:api_settings')