2023-06-02 21:54:48 -04:00
|
|
|
from typing import Any, Callable, List, Optional, Tuple, Type
|
2023-08-10 11:27:31 -04:00
|
|
|
|
|
|
|
|
from django.conf import settings
|
2023-06-02 21:54:48 -04:00
|
|
|
from django.db.models import QuerySet
|
2024-05-25 23:38:11 -04:00
|
|
|
from loguru import logger
|
2023-08-10 11:27:31 -04:00
|
|
|
from ninja import NinjaAPI, Schema
|
|
|
|
|
from ninja.pagination import PageNumberPagination as NinjaPageNumberPagination
|
2023-06-02 21:54:48 -04:00
|
|
|
from ninja.security import HttpBearer
|
|
|
|
|
from oauth2_provider.oauth2_backends import OAuthLibCore
|
|
|
|
|
from oauth2_provider.oauth2_validators import OAuth2Validator
|
2023-08-10 11:27:31 -04:00
|
|
|
from oauthlib.oauth2 import Server
|
2023-06-02 21:54:48 -04:00
|
|
|
|
2023-11-02 21:28:11 +01:00
|
|
|
PERMITTED_WRITE_METHODS = ["PUT", "POST", "DELETE", "PATCH"]
|
|
|
|
|
PERMITTED_READ_METHODS = ["GET", "HEAD", "OPTIONS"]
|
|
|
|
|
|
|
|
|
|
|
2023-06-02 21:54:48 -04:00
|
|
|
class OAuthAccessTokenAuth(HttpBearer):
|
2023-11-02 21:28:11 +01:00
|
|
|
def authenticate(self, request, token) -> bool:
|
2023-06-02 21:54:48 -04:00
|
|
|
if not token or not request.user.is_authenticated:
|
2024-05-25 23:38:11 -04:00
|
|
|
logger.debug("API auth: no access token or user not authenticated")
|
2023-06-02 21:54:48 -04:00
|
|
|
return False
|
|
|
|
|
request_scopes = []
|
2023-11-02 21:28:11 +01:00
|
|
|
request_method = request.method
|
|
|
|
|
if request_method in PERMITTED_READ_METHODS:
|
2023-06-02 21:54:48 -04:00
|
|
|
request_scopes = ["read"]
|
2023-11-02 21:28:11 +01:00
|
|
|
elif request_method in PERMITTED_WRITE_METHODS:
|
2023-06-02 21:54:48 -04:00
|
|
|
request_scopes = ["write"]
|
2023-11-02 21:28:11 +01:00
|
|
|
else:
|
|
|
|
|
return False
|
2023-06-02 21:54:48 -04:00
|
|
|
validator = OAuth2Validator()
|
|
|
|
|
core = OAuthLibCore(Server(validator))
|
|
|
|
|
valid, oauthlib_req = core.verify_request(request, scopes=request_scopes)
|
|
|
|
|
if not valid:
|
2024-05-25 23:38:11 -04:00
|
|
|
logger.debug(f"API auth: request scope {request_scopes} not verified")
|
2023-06-02 21:54:48 -04:00
|
|
|
return valid
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class EmptyResult(Schema):
|
|
|
|
|
pass
|
2023-02-15 15:45:57 -05:00
|
|
|
|
2023-02-15 16:22:32 -05:00
|
|
|
|
|
|
|
|
class Result(Schema):
|
2023-06-02 21:54:48 -04:00
|
|
|
message: str | None
|
|
|
|
|
# error: Optional[str]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class RedirectedResult(Schema):
|
|
|
|
|
message: str | None
|
|
|
|
|
url: str
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class PageNumberPagination(NinjaPageNumberPagination):
|
2023-06-03 01:22:19 -04:00
|
|
|
items_attribute = "data"
|
|
|
|
|
|
2023-06-02 21:54:48 -04:00
|
|
|
class Output(Schema):
|
2023-06-03 01:22:19 -04:00
|
|
|
data: List[Any]
|
2023-06-02 21:54:48 -04:00
|
|
|
pages: int
|
|
|
|
|
count: int
|
|
|
|
|
|
|
|
|
|
def paginate_queryset(
|
|
|
|
|
self,
|
|
|
|
|
queryset: QuerySet,
|
|
|
|
|
pagination: NinjaPageNumberPagination.Input,
|
|
|
|
|
**params: Any,
|
2023-06-03 11:10:48 -04:00
|
|
|
):
|
2023-06-02 21:54:48 -04:00
|
|
|
val = super().paginate_queryset(queryset, pagination, **params)
|
2023-06-03 11:10:48 -04:00
|
|
|
return {
|
|
|
|
|
"data": val["items"],
|
|
|
|
|
"count": val["count"],
|
|
|
|
|
"pages": (val["count"] + self.page_size - 1) // self.page_size,
|
|
|
|
|
}
|
2023-02-15 16:22:32 -05:00
|
|
|
|
|
|
|
|
|
2023-02-15 15:45:57 -05:00
|
|
|
api = NinjaAPI(
|
2023-06-02 21:54:48 -04:00
|
|
|
auth=OAuthAccessTokenAuth(),
|
2023-08-10 17:15:00 -04:00
|
|
|
title=f'{settings.SITE_INFO["site_name"]} API',
|
2023-02-15 15:45:57 -05:00
|
|
|
version="1.0.0",
|
2023-07-10 15:29:29 -04:00
|
|
|
description=f"{settings.SITE_INFO['site_name']} API <hr/><a href='{settings.SITE_INFO['site_url']}'>Learn more</a>",
|
2023-02-15 15:45:57 -05:00
|
|
|
)
|
