takahe/api/decorators.py

from collections.abc import Callable
from functools import wraps

from django.http import JsonResponse


def identity_required(function):
    """
    Makes sure the token is tied to an identity, not an app only.
    """

    @wraps(function)
    def inner(request, *args, **kwargs):
        # They need an identity
        if not request.identity:
            return JsonResponse({"error": "identity_token_required"}, status=401)
        return function(request, *args, **kwargs)

    # This is for the API only
    inner.csrf_exempt = True

    return inner


def scope_required(scope: str, requires_identity=True):
    """
    Asserts that the token we're using has the provided scope
    """

    def decorator(function: Callable):
        @wraps(function)
        def inner(request, *args, **kwargs):
            if not request.token:
                if request.identity:
                    # They're just logged in via cookie - give full access
                    pass
                else:
                    return JsonResponse(
                        {"error": "identity_token_required"}, status=401
                    )
            elif not request.token.has_scope(scope):
                return JsonResponse({"error": "out_of_scope_for_token"}, status=403)
            # They need an identity
            if not request.identity and requires_identity:
                return JsonResponse({"error": "identity_token_required"}, status=401)
            return function(request, *args, **kwargs)

        inner.csrf_exempt = True  # type:ignore
        return inner

    return decorator
Check scope on API endpoints 2023-02-19 18:37:02 +00:00			`from collections.abc import Callable`
Timelines working 2022-12-11 07:25:48 +00:00			`from functools import wraps`

			`from django.http import JsonResponse`


			`def identity_required(function):`
			`"""`
UI/Domains Refactor Redoes the UI to remove timelines, promote domains, and a lot of other things to support the refactor. 2023-05-04 04:42:37 +00:00			`Makes sure the token is tied to an identity, not an app only.`
Timelines working 2022-12-11 07:25:48 +00:00			`"""`

			`@wraps(function)`
			`def inner(request, args, *kwargs):`
			`# They need an identity`
			`if not request.identity:`
Check scope on API endpoints 2023-02-19 18:37:02 +00:00			`return JsonResponse({"error": "identity_token_required"}, status=401)`
Timelines working 2022-12-11 07:25:48 +00:00			`return function(request, args, *kwargs)`

Hatchway API Rewrite (#499) Removes django-ninja and replaces it with a new API framework, "hatchway". I plan to move hatchway into its own project very soon. 2023-02-07 19:07:15 +00:00			`# This is for the API only`
			`inner.csrf_exempt = True`

Timelines working 2022-12-11 07:25:48 +00:00			`return inner`
Check scope on API endpoints 2023-02-19 18:37:02 +00:00

			`def scope_required(scope: str, requires_identity=True):`
			`"""`
			`Asserts that the token we're using has the provided scope`
			`"""`

			`def decorator(function: Callable):`
			`@wraps(function)`
			`def inner(request, args, *kwargs):`
			`if not request.token:`
Allow API access with cookies again 2023-03-02 17:22:37 +00:00			`if request.identity:`
			`# They're just logged in via cookie - give full access`
			`pass`
			`else:`
			`return JsonResponse(`
			`{"error": "identity_token_required"}, status=401`
			`)`
			`elif not request.token.has_scope(scope):`
			`return JsonResponse({"error": "out_of_scope_for_token"}, status=403)`
Check scope on API endpoints 2023-02-19 18:37:02 +00:00			`# They need an identity`
			`if not request.identity and requires_identity:`
			`return JsonResponse({"error": "identity_token_required"}, status=401)`
			`return function(request, args, *kwargs)`

			`inner.csrf_exempt = True # type:ignore`
			`return inner`

			`return decorator`