From 93eae519334ee5ac00f2ed44e612ee4470d4c898 Mon Sep 17 00:00:00 2001 From: Andrew Williams Date: Tue, 15 Jun 2010 15:45:10 +0100 Subject: [PATCH] Now uses Auth API keys for API access --- api/handlers.py | 33 +++++++++++++++++++++++++++++++-- api/models.py | 19 +++++++++++++++++++ api/urls.py | 2 ++ 3 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 api/models.py diff --git a/api/handlers.py b/api/handlers.py index beaaa67..0b75fa7 100644 --- a/api/handlers.py +++ b/api/handlers.py @@ -1,13 +1,36 @@ import re +from datetime import datetime from piston.handler import BaseHandler from piston.utils import rc, throttle from django.contrib.auth import login, logout, authenticate from django.contrib.auth.models import User + +from django.shortcuts import get_object_or_404 + +from api.models import AuthAPIKey, AuthAPILog from eve_api.models import EVEAccount from sso.models import ServiceAccount, Service +def apikey_required(meth): + def new(*args, **kwargs): + + if 'request' in kwargs: + url = kwargs['request'].META['QUERY_STRING'] + try: + key = AuthAPIKey.objects.get(key=kwargs['request'].GET['apikey']) + except AuthAPIKey.DoesNotExist: + pass + + if key and key.active: + AuthAPILog(key=key, url=url, access_datetime=datetime.utcnow()).save() + return meth(*args, **kwargs) + + return rc.NOT_HERE + + return new + class UserHandler(BaseHandler): allowed_methods = ('GET') @@ -57,11 +80,17 @@ class LoginHandler(BaseHandler): return rc.NOT_HERE d = { 'auth': 'ok', 'id': u.id, 'username': u.username, - 'password': u.password, 'email': u.email, 'groups': u.groups.all(), - 'characters': EVEPlayerCharacter.objects.filter(eveaccount__user=u) } + 'password': u.password, 'email': u.email, 'groups': u.groups.all() } if request.GET['pass'] == user.password: return d return { 'auth': 'failed' } +class EveAPIHandler(BaseHandler): + allowed_methods = ('GET') + + @apikey_required + def read(self, request, id=None): + return get_object_or_404(EVEAccount, pk=id) + diff --git a/api/models.py b/api/models.py new file mode 100644 index 0000000..20c82f8 --- /dev/null +++ b/api/models.py @@ -0,0 +1,19 @@ +import re +import unicodedata +import logging +import types + +from django.db import models + +class AuthAPIKey(models.Model): + + name = models.CharField("Service Name", max_length=200) + url = models.CharField("Service URL", max_length=200, blank=True) + active = models.BooleanField(default=True) + key = models.CharField("API Key", max_length=200) + +class AuthAPILog(models.Model): + + access_datetime = models.DateTimeField() + key = models.ForeignKey(AuthAPIKey) + url = models.CharField("Accessed URL", max_length=200) diff --git a/api/urls.py b/api/urls.py index 67862bd..3ad2e40 100644 --- a/api/urls.py +++ b/api/urls.py @@ -9,10 +9,12 @@ noauth = { 'authentication': NoAuthentication() } user_resource = Resource(handler=UserHandler, **oauth) login_resource = Resource(handler=LoginHandler, **noauth) +eveapi_resource = Resource(handler=EveAPIHandler, **noauth) urlpatterns = patterns('', url(r'^user/$', user_resource), url(r'^login/$', login_resource), + url(r'^eveapi/$', eveapi_resource), ) urlpatterns += patterns('piston.authentication',