chore: require a Bearer token for /api/v1/selected (#22)

djoamersfoort · Feb 10, 2024 · f1809c1 · f1809c1
1 parent 6bc243a
commit f1809c1
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 5 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,12 @@
+# Python related things
 settings.py
 __pycache__/
 *.pyc
+venv/
+
+# Database related things
 db.sqlite3
+corveedb
+
+# IDE related things
 .idea/
-venv/
diff --git a/corvee/settings.py.example b/corvee/settings.py.example
@@ -27,6 +27,8 @@ DEBUG = True
 
 ALLOWED_HOSTS = ['*']
 
+# Token required for the TokenRequiredMixin, used for APIs
+API_TOKEN = "inserttokenhereuwu"
 
 # Application definition
 
@@ -77,7 +79,7 @@ WSGI_APPLICATION = 'corvee.wsgi.application'
 DATABASES = {
     "default": {
         "ENGINE": "django.db.backends.sqlite3",
-        "NAME": "corvee",
+        "NAME": "corveedb",
     }
 }
 

diff --git a/corvee/src/api.py b/corvee/src/api.py
@@ -1,10 +1,10 @@
 from django.http.response import JsonResponse
-from django.views import View
 
 from corvee.src.models import Persoon
+from corvee.src.mixins import TokenRequiredMixin
 
 
-class SelectedV1(View):
+class SelectedV1(TokenRequiredMixin):
     def get(self, request, *args, **kwargs):
         selected = Persoon.objects.filter(selected=True)
         present = Persoon.objects.filter(absent=False)

diff --git a/corvee/src/mixins.py b/corvee/src/mixins.py
@@ -1,4 +1,7 @@
 from django.contrib.auth.mixins import UserPassesTestMixin
+from django.http import HttpResponse
+from django.conf import settings
+from django.views import View
 
 
 class PermissionRequiredMixin(UserPassesTestMixin):
@@ -11,3 +14,13 @@ def check_user(self, user):
 
     def test_func(self):
         return self.check_user(self.request.user)
+
+class TokenRequiredMixin(View):
+    def dispatch(self, request, *args, **kwargs):
+        given_token = request.headers.get("Authorization", "").lower()
+        correct_token = f"Bearer {settings.API_TOKEN}".lower()
+
+        if given_token == correct_token:
+            return super(TokenRequiredMixin, self).dispatch(request, *args, **kwargs)
+
+        return HttpResponse("401 JOCH!", status=401, content_type="text/plain")
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -6,7 +6,7 @@ services:
     ports:
       - 8182:80
     volumes:
-      - /home/corvee/settings.py:/srv/corvee/corvee/settings.py:ro
+      - ./corvee/settings.py:/srv/corvee/corvee/settings.py:ro
     restart: always
     networks:
       - corvee