-
Notifications
You must be signed in to change notification settings - Fork 103
/
Copy pathmodels.py
131 lines (100 loc) Β· 3.6 KB
/
models.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
from typing import Tuple
from django.core.exceptions import ValidationError
from django.db import models
from django.utils import timezone
from .crypto import concatenate, KeyGenerator, split
class BaseAPIKeyManager(models.Manager):
key_generator = KeyGenerator()
def assign_key(self, obj: "AbstractAPIKey") -> str:
try:
key, prefix, hashed_key = self.key_generator.generate()
except TypeError: # Compatibility with < 1.4
key, hashed_key = self.key_generator.generate()
prefix, hashed_key = split(hashed_key)
obj.prefix = prefix
obj.hashed_key = hashed_key
return key
def create_key(self, **kwargs) -> Tuple["AbstractAPIKey", str]:
# Prevent from manually setting the primary key.
kwargs.pop("id", None)
obj = self.model(**kwargs) # type: AbstractAPIKey
key = self.assign_key(obj)
obj.save()
return obj, key
def get_usable_keys(self) -> models.QuerySet:
return self.filter(revoked=False)
def is_valid(self, key: str) -> bool:
prefix, _, _ = key.partition(".")
queryset = self.get_usable_keys()
try:
api_key = queryset.get(prefix=prefix) # type: AbstractAPIKey
except self.model.DoesNotExist:
return False
if not api_key.is_valid(key):
return False
if api_key.has_expired:
return False
return True
class APIKeyManager(BaseAPIKeyManager):
pass
class AbstractAPIKey(models.Model):
objects = APIKeyManager()
prefix = models.CharField(max_length=8, unique=True, editable=False)
hashed_key = models.CharField(max_length=100, editable=False)
created = models.DateTimeField(auto_now_add=True, db_index=True)
name = models.CharField(
max_length=50,
blank=False,
default=None,
help_text=(
"A free-form name for the API key. "
"Need not be unique. "
"50 characters max."
),
)
revoked = models.BooleanField(
blank=True,
default=False,
help_text=(
"If the API key is revoked, clients cannot use it anymore. "
"(This cannot be undone.)"
),
)
expiry_date = models.DateTimeField(
blank=True,
null=True,
verbose_name="Expires",
help_text="Once API key expires, clients cannot use it anymore.",
)
class Meta: # noqa
abstract = True
ordering = ("-created",)
verbose_name = "API key"
verbose_name_plural = "API keys"
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
# Store the initial value of `revoked` to detect changes.
self._initial_revoked = self.revoked
def _has_expired(self) -> bool:
if self.expiry_date is None:
return False
return self.expiry_date < timezone.now()
_has_expired.short_description = "Has expired"
_has_expired.boolean = True
has_expired = property(_has_expired)
def is_valid(self, key: str) -> bool:
return type(self).objects.key_generator.verify(key, self.hashed_key)
def clean(self):
self._validate_revoked()
def save(self, *args, **kwargs):
self._validate_revoked()
super().save(*args, **kwargs)
def _validate_revoked(self):
if self._initial_revoked and not self.revoked:
raise ValidationError(
"The API key has been revoked, which cannot be undone."
)
def __str__(self) -> str:
return str(self.name)
class APIKey(AbstractAPIKey):
pass