team-3/src/c3nav/api/api.py

from django.conf import settings
from ninja import Router as APIRouter
from ninja import Schema

from c3nav.api.auth import APIAuthMethod, auth_responses
from c3nav.api.utils import NonEmptyStr
from c3nav.control.models import UserPermissions

auth_api_router = APIRouter(tags=["auth"])


class AuthStatusSchema(Schema):
    """
    Current auth state and permissions
    """
    method: APIAuthMethod
    readonly: bool
    scopes: list[str]


@auth_api_router.get('/status/', summary="get status",
                     description="Returns details about the current authentication",
                     response={200: AuthStatusSchema, **auth_responses})
def get_status(request):
    permissions = UserPermissions.get_for_user(request.user)
    scopes = [
        *(p for p in ("editor_access", "grant_permissions", "mesh_control") if getattr(permissions, p)),
        *([] if request.auth.readonly else ["write"]),
    ]
    return AuthStatusSchema(
        method=request.auth.method,
        readonly=request.auth.readonly,
        scopes=scopes,
    )


class APITokenSchema(Schema):
    """
    An API token to be used with Bearer authentication
    """
    token: NonEmptyStr


@auth_api_router.get('/session/', response=APITokenSchema, auth=None,
                     summary="get session-bound token")
def session_token(request):
    session_id = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None)
    return {"token": "anonymous" if session_id is None else f"session:{session_id}"}
add v2 session auth api 2023-11-14 17:54:56 +01:00			`from django.conf import settings`
			`from ninja import Router as APIRouter`
			`from ninja import Schema`

rename newapi to api 2023-12-03 21:55:08 +01:00			`from c3nav.api.auth import APIAuthMethod, auth_responses`
some more documentation in the API and in the API code 2023-11-19 00:12:10 +01:00			`from c3nav.api.utils import NonEmptyStr`
add auth status api endpoint 2023-12-02 01:31:58 +01:00			`from c3nav.control.models import UserPermissions`
some more documentation in the API and in the API code 2023-11-19 00:12:10 +01:00
add v2 session auth api 2023-11-14 17:54:56 +01:00			`auth_api_router = APIRouter(tags=["auth"])`


add auth status api endpoint 2023-12-02 01:31:58 +01:00			`class AuthStatusSchema(Schema):`
			`"""`
			`Current auth state and permissions`
			`"""`
			`method: APIAuthMethod`
			`readonly: bool`
			`scopes: list[str]`


improve api documentation for redoc 2023-12-03 19:04:23 +01:00			`@auth_api_router.get('/status/', summary="get status",`
			`description="Returns details about the current authentication",`
add auth status api endpoint 2023-12-02 01:31:58 +01:00			`response={200: AuthStatusSchema, **auth_responses})`
			`def get_status(request):`
			`permissions = UserPermissions.get_for_user(request.user)`
			`scopes = [`
			`*(p for p in ("editor_access", "grant_permissions", "mesh_control") if getattr(permissions, p)),`
			`*([] if request.auth.readonly else ["write"]),`
			`]`
			`return AuthStatusSchema(`
			`method=request.auth.method,`
			`readonly=request.auth.readonly,`
			`scopes=scopes,`
			`)`


add v2 session auth api 2023-11-14 17:54:56 +01:00			`class APITokenSchema(Schema):`
some more documentation in the API and in the API code 2023-11-19 00:12:10 +01:00			`"""`
			`An API token to be used with Bearer authentication`
			`"""`
			`token: NonEmptyStr`
add v2 session auth api 2023-11-14 17:54:56 +01:00

update api endpoints to use new auth 2023-11-14 18:29:21 +01:00			`@auth_api_router.get('/session/', response=APITokenSchema, auth=None,`
improve api documentation for redoc 2023-12-03 19:04:23 +01:00			`summary="get session-bound token")`
add v2 session auth api 2023-11-14 17:54:56 +01:00			`def session_token(request):`
update api endpoints to use new auth 2023-11-14 18:29:21 +01:00			`session_id = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None)`
			`return {"token": "anonymous" if session_id is None else f"session:{session_id}"}`