Now uses Auth API keys for API access

2025-12-14 14:52:15 +00:00 · 2010-06-15 15:45:10 +01:00
parent dd69956a7c
commit 93eae51933
3 changed files with 52 additions and 2 deletions
--- a/api/handlers.py
+++ b/api/handlers.py
@@ -1,13 +1,36 @@
 import re
+from datetime import datetime

 from piston.handler import BaseHandler
 from piston.utils import rc, throttle

 from django.contrib.auth import login, logout, authenticate
 from django.contrib.auth.models import User
+
+from django.shortcuts import get_object_or_404
+
+from api.models import AuthAPIKey, AuthAPILog
 from eve_api.models import EVEAccount
 from sso.models import ServiceAccount, Service

+def apikey_required(meth):
+    def new(*args, **kwargs):
+
+        if 'request' in kwargs:
+            url = kwargs['request'].META['QUERY_STRING']
+            try:
+                key = AuthAPIKey.objects.get(key=kwargs['request'].GET['apikey'])
+            except AuthAPIKey.DoesNotExist:
+                pass
+
+            if key and key.active:
+                AuthAPILog(key=key, url=url, access_datetime=datetime.utcnow()).save()
+                return meth(*args, **kwargs)
+
+            return rc.NOT_HERE
+
+    return new
+
 class UserHandler(BaseHandler):
    allowed_methods = ('GET')

@@ -57,11 +80,17 @@ class LoginHandler(BaseHandler):
                return rc.NOT_HERE

        d = { 'auth': 'ok', 'id': u.id, 'username': u.username,
-              'password': u.password, 'email': u.email, 'groups': u.groups.all(),
-              'characters': EVEPlayerCharacter.objects.filter(eveaccount__user=u) }
+              'password': u.password, 'email': u.email, 'groups': u.groups.all() }

        if request.GET['pass'] == user.password:
            return d

        return { 'auth': 'failed' }

+class EveAPIHandler(BaseHandler):
+    allowed_methods = ('GET')
+
+    @apikey_required
+    def read(self, request, id=None):
+       return get_object_or_404(EVEAccount, pk=id)
+
--- a/api/models.py
+++ b/api/models.py
@@ -0,0 +1,19 @@
+import re
+import unicodedata
+import logging
+import types
+
+from django.db import models
+
+class AuthAPIKey(models.Model):
+
+    name = models.CharField("Service Name", max_length=200)
+    url = models.CharField("Service URL", max_length=200, blank=True)
+    active = models.BooleanField(default=True)
+    key = models.CharField("API Key", max_length=200)
+
+class AuthAPILog(models.Model):
+
+    access_datetime = models.DateTimeField()
+    key = models.ForeignKey(AuthAPIKey)
+    url = models.CharField("Accessed URL", max_length=200)
--- a/api/urls.py
+++ b/api/urls.py
@@ -9,10 +9,12 @@ noauth = { 'authentication': NoAuthentication() }

 user_resource = Resource(handler=UserHandler, **oauth)
 login_resource = Resource(handler=LoginHandler, **noauth)
+eveapi_resource = Resource(handler=EveAPIHandler, **noauth)

 urlpatterns = patterns('',
    url(r'^user/$', user_resource),
    url(r'^login/$', login_resource),
+    url(r'^eveapi/$', eveapi_resource),
 )

 urlpatterns += patterns('piston.authentication',