mirror of
https://github.com/etesync/server
synced 2024-11-22 08:48:07 +00:00
Remove unused django_etebase code.
This commit is contained in:
parent
0fa2f2da3b
commit
4ceb42780e
@ -62,7 +62,7 @@ Now you can initialise our django app.
|
|||||||
And you are done! You can now run the debug server just to see everything works as expected by running:
|
And you are done! You can now run the debug server just to see everything works as expected by running:
|
||||||
|
|
||||||
```
|
```
|
||||||
./manage.py runserver 0.0.0.0:8000
|
uvicorn etebase_server.asgi:application --port 8000
|
||||||
```
|
```
|
||||||
|
|
||||||
Using the debug server in production is not recommended, so please read the following section for a proper deployment.
|
Using the debug server in production is not recommended, so please read the following section for a proper deployment.
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
from django.contrib import admin
|
|
||||||
|
|
||||||
# Register your models here.
|
|
@ -1,5 +0,0 @@
|
|||||||
from django.apps import AppConfig
|
|
||||||
|
|
||||||
|
|
||||||
class DrfMsgpackConfig(AppConfig):
|
|
||||||
name = "drf_msgpack"
|
|
@ -1,14 +0,0 @@
|
|||||||
import msgpack
|
|
||||||
|
|
||||||
from rest_framework.parsers import BaseParser
|
|
||||||
from rest_framework.exceptions import ParseError
|
|
||||||
|
|
||||||
|
|
||||||
class MessagePackParser(BaseParser):
|
|
||||||
media_type = "application/msgpack"
|
|
||||||
|
|
||||||
def parse(self, stream, media_type=None, parser_context=None):
|
|
||||||
try:
|
|
||||||
return msgpack.unpackb(stream.read(), raw=False)
|
|
||||||
except Exception as exc:
|
|
||||||
raise ParseError("MessagePack parse error - %s" % str(exc))
|
|
@ -1,15 +0,0 @@
|
|||||||
import msgpack
|
|
||||||
|
|
||||||
from rest_framework.renderers import BaseRenderer
|
|
||||||
|
|
||||||
|
|
||||||
class MessagePackRenderer(BaseRenderer):
|
|
||||||
media_type = "application/msgpack"
|
|
||||||
format = "msgpack"
|
|
||||||
render_style = "binary"
|
|
||||||
charset = None
|
|
||||||
|
|
||||||
def render(self, data, media_type=None, renderer_context=None):
|
|
||||||
if data is None:
|
|
||||||
return b""
|
|
||||||
return msgpack.packb(data, use_bin_type=True)
|
|
@ -1,3 +0,0 @@
|
|||||||
from django.shortcuts import render
|
|
||||||
|
|
||||||
# Create your views here.
|
|
@ -1,12 +0,0 @@
|
|||||||
from rest_framework import serializers, status
|
|
||||||
|
|
||||||
|
|
||||||
class EtebaseValidationError(serializers.ValidationError):
|
|
||||||
def __init__(self, code, detail, status_code=status.HTTP_400_BAD_REQUEST):
|
|
||||||
super().__init__(
|
|
||||||
{
|
|
||||||
"code": code,
|
|
||||||
"detail": detail,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
self.status_code = status_code
|
|
@ -1,14 +0,0 @@
|
|||||||
from rest_framework.parsers import FileUploadParser
|
|
||||||
|
|
||||||
|
|
||||||
class ChunkUploadParser(FileUploadParser):
|
|
||||||
"""
|
|
||||||
Parser for chunk upload data.
|
|
||||||
"""
|
|
||||||
|
|
||||||
def get_filename(self, stream, media_type, parser_context):
|
|
||||||
"""
|
|
||||||
Detects the uploaded file name.
|
|
||||||
"""
|
|
||||||
view = parser_context["view"]
|
|
||||||
return parser_context["kwargs"][view.lookup_field]
|
|
@ -1,93 +0,0 @@
|
|||||||
# Copyright © 2017 Tom Hacohen
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU Affero General Public License as
|
|
||||||
# published by the Free Software Foundation, version 3.
|
|
||||||
#
|
|
||||||
# This library is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
from rest_framework import permissions
|
|
||||||
from django_etebase.models import Collection, AccessLevels
|
|
||||||
|
|
||||||
|
|
||||||
def is_collection_admin(collection, user):
|
|
||||||
member = collection.members.filter(user=user).first()
|
|
||||||
return (member is not None) and (member.accessLevel == AccessLevels.ADMIN)
|
|
||||||
|
|
||||||
|
|
||||||
class IsCollectionAdmin(permissions.BasePermission):
|
|
||||||
"""
|
|
||||||
Custom permission to only allow owners of a collection to view it
|
|
||||||
"""
|
|
||||||
|
|
||||||
message = {
|
|
||||||
"detail": "Only collection admins can perform this operation.",
|
|
||||||
"code": "admin_access_required",
|
|
||||||
}
|
|
||||||
|
|
||||||
def has_permission(self, request, view):
|
|
||||||
collection_uid = view.kwargs["collection_uid"]
|
|
||||||
try:
|
|
||||||
collection = view.get_collection_queryset().get(main_item__uid=collection_uid)
|
|
||||||
return is_collection_admin(collection, request.user)
|
|
||||||
except Collection.DoesNotExist:
|
|
||||||
# If the collection does not exist, we want to 404 later, not permission denied.
|
|
||||||
return True
|
|
||||||
|
|
||||||
|
|
||||||
class IsCollectionAdminOrReadOnly(permissions.BasePermission):
|
|
||||||
"""
|
|
||||||
Custom permission to only allow owners of a collection to edit it
|
|
||||||
"""
|
|
||||||
|
|
||||||
message = {
|
|
||||||
"detail": "Only collection admins can edit collections.",
|
|
||||||
"code": "admin_access_required",
|
|
||||||
}
|
|
||||||
|
|
||||||
def has_permission(self, request, view):
|
|
||||||
collection_uid = view.kwargs.get("collection_uid", None)
|
|
||||||
|
|
||||||
# Allow creating new collections
|
|
||||||
if collection_uid is None:
|
|
||||||
return True
|
|
||||||
|
|
||||||
try:
|
|
||||||
collection = view.get_collection_queryset().get(main_item__uid=collection_uid)
|
|
||||||
if request.method in permissions.SAFE_METHODS:
|
|
||||||
return True
|
|
||||||
|
|
||||||
return is_collection_admin(collection, request.user)
|
|
||||||
except Collection.DoesNotExist:
|
|
||||||
# If the collection does not exist, we want to 404 later, not permission denied.
|
|
||||||
return True
|
|
||||||
|
|
||||||
|
|
||||||
class HasWriteAccessOrReadOnly(permissions.BasePermission):
|
|
||||||
"""
|
|
||||||
Custom permission to restrict write
|
|
||||||
"""
|
|
||||||
|
|
||||||
message = {
|
|
||||||
"detail": "You need write access to write to this collection",
|
|
||||||
"code": "no_write_access",
|
|
||||||
}
|
|
||||||
|
|
||||||
def has_permission(self, request, view):
|
|
||||||
collection_uid = view.kwargs["collection_uid"]
|
|
||||||
try:
|
|
||||||
collection = view.get_collection_queryset().get(main_item__uid=collection_uid)
|
|
||||||
if request.method in permissions.SAFE_METHODS:
|
|
||||||
return True
|
|
||||||
else:
|
|
||||||
member = collection.members.get(user=request.user)
|
|
||||||
return member.accessLevel != AccessLevels.READ_ONLY
|
|
||||||
except Collection.DoesNotExist:
|
|
||||||
# If the collection does not exist, we want to 404 later, not permission denied.
|
|
||||||
return True
|
|
@ -1,19 +0,0 @@
|
|||||||
from rest_framework.utils.encoders import JSONEncoder as DRFJSONEncoder
|
|
||||||
from rest_framework.renderers import JSONRenderer as DRFJSONRenderer
|
|
||||||
|
|
||||||
from .serializers import b64encode
|
|
||||||
|
|
||||||
|
|
||||||
class JSONEncoder(DRFJSONEncoder):
|
|
||||||
def default(self, obj):
|
|
||||||
if isinstance(obj, bytes) or isinstance(obj, memoryview):
|
|
||||||
return b64encode(obj)
|
|
||||||
return super().default(obj)
|
|
||||||
|
|
||||||
|
|
||||||
class JSONRenderer(DRFJSONRenderer):
|
|
||||||
"""
|
|
||||||
Renderer which serializes to JSON with support for our base64
|
|
||||||
"""
|
|
||||||
|
|
||||||
encoder_class = JSONEncoder
|
|
@ -1,598 +0,0 @@
|
|||||||
# Copyright © 2017 Tom Hacohen
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU Affero General Public License as
|
|
||||||
# published by the Free Software Foundation, version 3.
|
|
||||||
#
|
|
||||||
# This library is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
import base64
|
|
||||||
|
|
||||||
from django.core.files.base import ContentFile
|
|
||||||
from django.core import exceptions as django_exceptions
|
|
||||||
from django.contrib.auth import get_user_model
|
|
||||||
from django.db import IntegrityError, transaction
|
|
||||||
from rest_framework import serializers, status
|
|
||||||
from . import models
|
|
||||||
from .utils import get_user_queryset, create_user, CallbackContext
|
|
||||||
|
|
||||||
from .exceptions import EtebaseValidationError
|
|
||||||
|
|
||||||
User = get_user_model()
|
|
||||||
|
|
||||||
|
|
||||||
def process_revisions_for_item(item, revision_data):
|
|
||||||
chunks_objs = []
|
|
||||||
chunks = revision_data.pop("chunks_relation")
|
|
||||||
|
|
||||||
revision = models.CollectionItemRevision(**revision_data, item=item)
|
|
||||||
revision.validate_unique() # Verify there aren't any validation issues
|
|
||||||
|
|
||||||
for chunk in chunks:
|
|
||||||
uid = chunk[0]
|
|
||||||
chunk_obj = models.CollectionItemChunk.objects.filter(uid=uid).first()
|
|
||||||
content = chunk[1] if len(chunk) > 1 else None
|
|
||||||
# If the chunk already exists we assume it's fine. Otherwise, we upload it.
|
|
||||||
if chunk_obj is None:
|
|
||||||
if content is not None:
|
|
||||||
chunk_obj = models.CollectionItemChunk(uid=uid, collection=item.collection)
|
|
||||||
chunk_obj.chunkFile.save("IGNORED", ContentFile(content))
|
|
||||||
chunk_obj.save()
|
|
||||||
else:
|
|
||||||
raise EtebaseValidationError("chunk_no_content", "Tried to create a new chunk without content")
|
|
||||||
|
|
||||||
chunks_objs.append(chunk_obj)
|
|
||||||
|
|
||||||
stoken = models.Stoken.objects.create()
|
|
||||||
revision.stoken = stoken
|
|
||||||
revision.save()
|
|
||||||
|
|
||||||
for chunk in chunks_objs:
|
|
||||||
models.RevisionChunkRelation.objects.create(chunk=chunk, revision=revision)
|
|
||||||
return revision
|
|
||||||
|
|
||||||
|
|
||||||
def b64encode(value):
|
|
||||||
return base64.urlsafe_b64encode(value).decode("ascii").strip("=")
|
|
||||||
|
|
||||||
|
|
||||||
def b64decode(data):
|
|
||||||
data += "=" * ((4 - len(data) % 4) % 4)
|
|
||||||
return base64.urlsafe_b64decode(data)
|
|
||||||
|
|
||||||
|
|
||||||
def b64decode_or_bytes(data):
|
|
||||||
if isinstance(data, bytes):
|
|
||||||
return data
|
|
||||||
else:
|
|
||||||
return b64decode(data)
|
|
||||||
|
|
||||||
|
|
||||||
class BinaryBase64Field(serializers.Field):
|
|
||||||
def to_representation(self, value):
|
|
||||||
return value
|
|
||||||
|
|
||||||
def to_internal_value(self, data):
|
|
||||||
return b64decode_or_bytes(data)
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionEncryptionKeyField(BinaryBase64Field):
|
|
||||||
def get_attribute(self, instance):
|
|
||||||
request = self.context.get("request", None)
|
|
||||||
if request is not None:
|
|
||||||
return instance.members.get(user=request.user).encryptionKey
|
|
||||||
return None
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionTypeField(BinaryBase64Field):
|
|
||||||
def get_attribute(self, instance):
|
|
||||||
request = self.context.get("request", None)
|
|
||||||
if request is not None:
|
|
||||||
collection_type = instance.members.get(user=request.user).collectionType
|
|
||||||
return collection_type and collection_type.uid
|
|
||||||
return None
|
|
||||||
|
|
||||||
|
|
||||||
class UserSlugRelatedField(serializers.SlugRelatedField):
|
|
||||||
def get_queryset(self):
|
|
||||||
view = self.context.get("view", None)
|
|
||||||
return get_user_queryset(super().get_queryset(), context=CallbackContext(view.kwargs))
|
|
||||||
|
|
||||||
def __init__(self, **kwargs):
|
|
||||||
super().__init__(slug_field=User.USERNAME_FIELD, **kwargs)
|
|
||||||
|
|
||||||
def to_internal_value(self, data):
|
|
||||||
return super().to_internal_value(data.lower())
|
|
||||||
|
|
||||||
|
|
||||||
class ChunksField(serializers.RelatedField):
|
|
||||||
def to_representation(self, obj):
|
|
||||||
obj = obj.chunk
|
|
||||||
if self.context.get("prefetch") == "auto":
|
|
||||||
with open(obj.chunkFile.path, "rb") as f:
|
|
||||||
return (obj.uid, f.read())
|
|
||||||
else:
|
|
||||||
return (obj.uid,)
|
|
||||||
|
|
||||||
def to_internal_value(self, data):
|
|
||||||
content = data[1] if len(data) > 1 else None
|
|
||||||
if data[0] is None:
|
|
||||||
raise EtebaseValidationError("no_null", "null is not allowed")
|
|
||||||
return (data[0], b64decode_or_bytes(content) if content is not None else None)
|
|
||||||
|
|
||||||
|
|
||||||
class BetterErrorsMixin:
|
|
||||||
@property
|
|
||||||
def errors(self):
|
|
||||||
nice = []
|
|
||||||
errors = super().errors
|
|
||||||
for error_type in errors:
|
|
||||||
if error_type == "non_field_errors":
|
|
||||||
nice.extend(self.flatten_errors(None, errors[error_type]))
|
|
||||||
else:
|
|
||||||
nice.extend(self.flatten_errors(error_type, errors[error_type]))
|
|
||||||
if nice:
|
|
||||||
return {"code": "field_errors", "detail": "Field validations failed.", "errors": nice}
|
|
||||||
return {}
|
|
||||||
|
|
||||||
def flatten_errors(self, field_name, errors):
|
|
||||||
ret = []
|
|
||||||
if isinstance(errors, dict):
|
|
||||||
for error_key in errors:
|
|
||||||
error = errors[error_key]
|
|
||||||
ret.extend(self.flatten_errors("{}.{}".format(field_name, error_key), error))
|
|
||||||
else:
|
|
||||||
for error in errors:
|
|
||||||
if getattr(error, "messages", None):
|
|
||||||
message = error.messages[0]
|
|
||||||
else:
|
|
||||||
message = str(error)
|
|
||||||
ret.append(
|
|
||||||
{
|
|
||||||
"field": field_name,
|
|
||||||
"code": error.code,
|
|
||||||
"detail": message,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
return ret
|
|
||||||
|
|
||||||
def transform_validation_error(self, prefix, err):
|
|
||||||
if hasattr(err, "error_dict"):
|
|
||||||
errors = self.flatten_errors(prefix, err.error_dict)
|
|
||||||
elif not hasattr(err, "message"):
|
|
||||||
errors = self.flatten_errors(prefix, err.error_list)
|
|
||||||
else:
|
|
||||||
raise EtebaseValidationError(err.code, err.message)
|
|
||||||
|
|
||||||
raise serializers.ValidationError(
|
|
||||||
{
|
|
||||||
"code": "field_errors",
|
|
||||||
"detail": "Field validations failed.",
|
|
||||||
"errors": errors,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionItemChunkSerializer(BetterErrorsMixin, serializers.ModelSerializer):
|
|
||||||
class Meta:
|
|
||||||
model = models.CollectionItemChunk
|
|
||||||
fields = ("uid", "chunkFile")
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionItemRevisionSerializer(BetterErrorsMixin, serializers.ModelSerializer):
|
|
||||||
chunks = ChunksField(
|
|
||||||
source="chunks_relation",
|
|
||||||
queryset=models.RevisionChunkRelation.objects.all(),
|
|
||||||
style={"base_template": "input.html"},
|
|
||||||
many=True,
|
|
||||||
)
|
|
||||||
meta = BinaryBase64Field()
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
model = models.CollectionItemRevision
|
|
||||||
fields = ("chunks", "meta", "uid", "deleted")
|
|
||||||
extra_kwargs = {
|
|
||||||
"uid": {"validators": []}, # We deal with it in the serializers
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionItemSerializer(BetterErrorsMixin, serializers.ModelSerializer):
|
|
||||||
encryptionKey = BinaryBase64Field(required=False, default=None, allow_null=True)
|
|
||||||
etag = serializers.CharField(allow_null=True, write_only=True)
|
|
||||||
content = CollectionItemRevisionSerializer(many=False)
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
model = models.CollectionItem
|
|
||||||
fields = ("uid", "version", "encryptionKey", "content", "etag")
|
|
||||||
|
|
||||||
def create(self, validated_data):
|
|
||||||
"""Function that's called when this serializer creates an item"""
|
|
||||||
validate_etag = self.context.get("validate_etag", False)
|
|
||||||
etag = validated_data.pop("etag")
|
|
||||||
revision_data = validated_data.pop("content")
|
|
||||||
uid = validated_data.pop("uid")
|
|
||||||
|
|
||||||
Model = self.__class__.Meta.model
|
|
||||||
|
|
||||||
with transaction.atomic():
|
|
||||||
instance, created = Model.objects.get_or_create(uid=uid, defaults=validated_data)
|
|
||||||
cur_etag = instance.etag if not created else None
|
|
||||||
|
|
||||||
# If we are trying to update an up to date item, abort early and consider it a success
|
|
||||||
if cur_etag == revision_data.get("uid"):
|
|
||||||
return instance
|
|
||||||
|
|
||||||
if validate_etag and cur_etag != etag:
|
|
||||||
raise EtebaseValidationError(
|
|
||||||
"wrong_etag",
|
|
||||||
"Wrong etag. Expected {} got {}".format(cur_etag, etag),
|
|
||||||
status_code=status.HTTP_409_CONFLICT,
|
|
||||||
)
|
|
||||||
|
|
||||||
if not created:
|
|
||||||
# We don't have to use select_for_update here because the unique constraint on current guards against
|
|
||||||
# the race condition. But it's a good idea because it'll lock and wait rather than fail.
|
|
||||||
current_revision = instance.revisions.filter(current=True).select_for_update().first()
|
|
||||||
|
|
||||||
# If we are just re-uploading the same revision, consider it a succes and return.
|
|
||||||
if current_revision.uid == revision_data.get("uid"):
|
|
||||||
return instance
|
|
||||||
|
|
||||||
current_revision.current = None
|
|
||||||
current_revision.save()
|
|
||||||
|
|
||||||
try:
|
|
||||||
process_revisions_for_item(instance, revision_data)
|
|
||||||
except django_exceptions.ValidationError as e:
|
|
||||||
self.transform_validation_error("content", e)
|
|
||||||
|
|
||||||
return instance
|
|
||||||
|
|
||||||
def update(self, instance, validated_data):
|
|
||||||
# We never update, we always update in the create method
|
|
||||||
raise NotImplementedError()
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionItemDepSerializer(BetterErrorsMixin, serializers.ModelSerializer):
|
|
||||||
etag = serializers.CharField()
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
model = models.CollectionItem
|
|
||||||
fields = ("uid", "etag")
|
|
||||||
|
|
||||||
def validate(self, data):
|
|
||||||
item = self.__class__.Meta.model.objects.get(uid=data["uid"])
|
|
||||||
etag = data["etag"]
|
|
||||||
if item.etag != etag:
|
|
||||||
raise EtebaseValidationError(
|
|
||||||
"wrong_etag",
|
|
||||||
"Wrong etag. Expected {} got {}".format(item.etag, etag),
|
|
||||||
status_code=status.HTTP_409_CONFLICT,
|
|
||||||
)
|
|
||||||
|
|
||||||
return data
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionItemBulkGetSerializer(BetterErrorsMixin, serializers.ModelSerializer):
|
|
||||||
etag = serializers.CharField(required=False)
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
model = models.CollectionItem
|
|
||||||
fields = ("uid", "etag")
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionListMultiSerializer(BetterErrorsMixin, serializers.Serializer):
|
|
||||||
collectionTypes = serializers.ListField(child=BinaryBase64Field())
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionSerializer(BetterErrorsMixin, serializers.ModelSerializer):
|
|
||||||
collectionKey = CollectionEncryptionKeyField()
|
|
||||||
collectionType = CollectionTypeField()
|
|
||||||
accessLevel = serializers.SerializerMethodField("get_access_level_from_context")
|
|
||||||
stoken = serializers.CharField(read_only=True)
|
|
||||||
|
|
||||||
item = CollectionItemSerializer(many=False, source="main_item")
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
model = models.Collection
|
|
||||||
fields = ("item", "accessLevel", "collectionKey", "collectionType", "stoken")
|
|
||||||
|
|
||||||
def get_access_level_from_context(self, obj):
|
|
||||||
request = self.context.get("request", None)
|
|
||||||
if request is not None:
|
|
||||||
return obj.members.get(user=request.user).accessLevel
|
|
||||||
return None
|
|
||||||
|
|
||||||
def create(self, validated_data):
|
|
||||||
"""Function that's called when this serializer creates an item"""
|
|
||||||
collection_key = validated_data.pop("collectionKey")
|
|
||||||
collection_type = validated_data.pop("collectionType")
|
|
||||||
|
|
||||||
user = validated_data.get("owner")
|
|
||||||
main_item_data = validated_data.pop("main_item")
|
|
||||||
uid = main_item_data.get("uid")
|
|
||||||
etag = main_item_data.pop("etag")
|
|
||||||
revision_data = main_item_data.pop("content")
|
|
||||||
|
|
||||||
instance = self.__class__.Meta.model(uid=uid, **validated_data)
|
|
||||||
|
|
||||||
with transaction.atomic():
|
|
||||||
if etag is not None:
|
|
||||||
raise EtebaseValidationError("bad_etag", "etag is not null")
|
|
||||||
|
|
||||||
try:
|
|
||||||
instance.validate_unique()
|
|
||||||
except django_exceptions.ValidationError:
|
|
||||||
raise EtebaseValidationError(
|
|
||||||
"unique_uid", "Collection with this uid already exists", status_code=status.HTTP_409_CONFLICT
|
|
||||||
)
|
|
||||||
instance.save()
|
|
||||||
|
|
||||||
main_item = models.CollectionItem.objects.create(**main_item_data, collection=instance)
|
|
||||||
|
|
||||||
instance.main_item = main_item
|
|
||||||
instance.save()
|
|
||||||
|
|
||||||
process_revisions_for_item(main_item, revision_data)
|
|
||||||
|
|
||||||
collection_type_obj, _ = models.CollectionType.objects.get_or_create(uid=collection_type, owner=user)
|
|
||||||
|
|
||||||
models.CollectionMember(
|
|
||||||
collection=instance,
|
|
||||||
stoken=models.Stoken.objects.create(),
|
|
||||||
user=user,
|
|
||||||
accessLevel=models.AccessLevels.ADMIN,
|
|
||||||
encryptionKey=collection_key,
|
|
||||||
collectionType=collection_type_obj,
|
|
||||||
).save()
|
|
||||||
|
|
||||||
return instance
|
|
||||||
|
|
||||||
def update(self, instance, validated_data):
|
|
||||||
raise NotImplementedError()
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionMemberSerializer(BetterErrorsMixin, serializers.ModelSerializer):
|
|
||||||
username = UserSlugRelatedField(
|
|
||||||
source="user",
|
|
||||||
read_only=True,
|
|
||||||
style={"base_template": "input.html"},
|
|
||||||
)
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
model = models.CollectionMember
|
|
||||||
fields = ("username", "accessLevel")
|
|
||||||
|
|
||||||
def create(self, validated_data):
|
|
||||||
raise NotImplementedError()
|
|
||||||
|
|
||||||
def update(self, instance, validated_data):
|
|
||||||
with transaction.atomic():
|
|
||||||
# We only allow updating accessLevel
|
|
||||||
access_level = validated_data.pop("accessLevel")
|
|
||||||
if instance.accessLevel != access_level:
|
|
||||||
instance.stoken = models.Stoken.objects.create()
|
|
||||||
instance.accessLevel = access_level
|
|
||||||
instance.save()
|
|
||||||
|
|
||||||
return instance
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionInvitationSerializer(BetterErrorsMixin, serializers.ModelSerializer):
|
|
||||||
username = UserSlugRelatedField(
|
|
||||||
source="user",
|
|
||||||
queryset=User.objects,
|
|
||||||
style={"base_template": "input.html"},
|
|
||||||
)
|
|
||||||
collection = serializers.CharField(source="collection.uid")
|
|
||||||
fromUsername = serializers.CharField(source="fromMember.user.username", read_only=True)
|
|
||||||
fromPubkey = BinaryBase64Field(source="fromMember.user.userinfo.pubkey", read_only=True)
|
|
||||||
signedEncryptionKey = BinaryBase64Field()
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
model = models.CollectionInvitation
|
|
||||||
fields = (
|
|
||||||
"username",
|
|
||||||
"uid",
|
|
||||||
"collection",
|
|
||||||
"signedEncryptionKey",
|
|
||||||
"accessLevel",
|
|
||||||
"fromUsername",
|
|
||||||
"fromPubkey",
|
|
||||||
"version",
|
|
||||||
)
|
|
||||||
|
|
||||||
def validate_user(self, value):
|
|
||||||
request = self.context["request"]
|
|
||||||
|
|
||||||
if request.user.username == value.lower():
|
|
||||||
raise EtebaseValidationError("no_self_invite", "Inviting yourself is not allowed")
|
|
||||||
return value
|
|
||||||
|
|
||||||
def create(self, validated_data):
|
|
||||||
request = self.context["request"]
|
|
||||||
collection = validated_data.pop("collection")
|
|
||||||
|
|
||||||
member = collection.members.get(user=request.user)
|
|
||||||
|
|
||||||
with transaction.atomic():
|
|
||||||
try:
|
|
||||||
return type(self).Meta.model.objects.create(**validated_data, fromMember=member)
|
|
||||||
except IntegrityError:
|
|
||||||
raise EtebaseValidationError("invitation_exists", "Invitation already exists")
|
|
||||||
|
|
||||||
def update(self, instance, validated_data):
|
|
||||||
with transaction.atomic():
|
|
||||||
instance.accessLevel = validated_data.pop("accessLevel")
|
|
||||||
instance.signedEncryptionKey = validated_data.pop("signedEncryptionKey")
|
|
||||||
instance.save()
|
|
||||||
|
|
||||||
return instance
|
|
||||||
|
|
||||||
|
|
||||||
class InvitationAcceptSerializer(BetterErrorsMixin, serializers.Serializer):
|
|
||||||
collectionType = BinaryBase64Field()
|
|
||||||
encryptionKey = BinaryBase64Field()
|
|
||||||
|
|
||||||
def create(self, validated_data):
|
|
||||||
|
|
||||||
with transaction.atomic():
|
|
||||||
invitation = self.context["invitation"]
|
|
||||||
encryption_key = validated_data.get("encryptionKey")
|
|
||||||
collection_type = validated_data.pop("collectionType")
|
|
||||||
|
|
||||||
user = invitation.user
|
|
||||||
collection_type_obj, _ = models.CollectionType.objects.get_or_create(uid=collection_type, owner=user)
|
|
||||||
|
|
||||||
member = models.CollectionMember.objects.create(
|
|
||||||
collection=invitation.collection,
|
|
||||||
stoken=models.Stoken.objects.create(),
|
|
||||||
user=user,
|
|
||||||
accessLevel=invitation.accessLevel,
|
|
||||||
encryptionKey=encryption_key,
|
|
||||||
collectionType=collection_type_obj,
|
|
||||||
)
|
|
||||||
|
|
||||||
models.CollectionMemberRemoved.objects.filter(
|
|
||||||
user=invitation.user, collection=invitation.collection
|
|
||||||
).delete()
|
|
||||||
|
|
||||||
invitation.delete()
|
|
||||||
|
|
||||||
return member
|
|
||||||
|
|
||||||
def update(self, instance, validated_data):
|
|
||||||
raise NotImplementedError()
|
|
||||||
|
|
||||||
|
|
||||||
class UserSerializer(BetterErrorsMixin, serializers.ModelSerializer):
|
|
||||||
pubkey = BinaryBase64Field(source="userinfo.pubkey")
|
|
||||||
encryptedContent = BinaryBase64Field(source="userinfo.encryptedContent")
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
model = User
|
|
||||||
fields = (User.USERNAME_FIELD, User.EMAIL_FIELD, "pubkey", "encryptedContent")
|
|
||||||
|
|
||||||
|
|
||||||
class UserInfoPubkeySerializer(BetterErrorsMixin, serializers.ModelSerializer):
|
|
||||||
pubkey = BinaryBase64Field()
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
model = models.UserInfo
|
|
||||||
fields = ("pubkey",)
|
|
||||||
|
|
||||||
|
|
||||||
class UserSignupSerializer(BetterErrorsMixin, serializers.ModelSerializer):
|
|
||||||
class Meta:
|
|
||||||
model = User
|
|
||||||
fields = (User.USERNAME_FIELD, User.EMAIL_FIELD)
|
|
||||||
extra_kwargs = {
|
|
||||||
"username": {"validators": []}, # We specifically validate in SignupSerializer
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
class AuthenticationSignupSerializer(BetterErrorsMixin, serializers.Serializer):
|
|
||||||
"""Used both for creating new accounts and setting up existing ones for the first time.
|
|
||||||
When setting up existing ones the email is ignored."
|
|
||||||
"""
|
|
||||||
|
|
||||||
user = UserSignupSerializer(many=False)
|
|
||||||
salt = BinaryBase64Field()
|
|
||||||
loginPubkey = BinaryBase64Field()
|
|
||||||
pubkey = BinaryBase64Field()
|
|
||||||
encryptedContent = BinaryBase64Field()
|
|
||||||
|
|
||||||
def create(self, validated_data):
|
|
||||||
"""Function that's called when this serializer creates an item"""
|
|
||||||
user_data = validated_data.pop("user")
|
|
||||||
|
|
||||||
with transaction.atomic():
|
|
||||||
view = self.context.get("view", None)
|
|
||||||
try:
|
|
||||||
user_queryset = get_user_queryset(User.objects.all(), context=CallbackContext(view.kwargs))
|
|
||||||
instance = user_queryset.get(**{User.USERNAME_FIELD: user_data["username"].lower()})
|
|
||||||
except User.DoesNotExist:
|
|
||||||
# Create the user and save the casing the user chose as the first name
|
|
||||||
try:
|
|
||||||
instance = create_user(
|
|
||||||
**user_data,
|
|
||||||
password=None,
|
|
||||||
first_name=user_data["username"],
|
|
||||||
context=CallbackContext(view.kwargs)
|
|
||||||
)
|
|
||||||
instance.full_clean()
|
|
||||||
except EtebaseValidationError as e:
|
|
||||||
raise e
|
|
||||||
except django_exceptions.ValidationError as e:
|
|
||||||
self.transform_validation_error("user", e)
|
|
||||||
except Exception as e:
|
|
||||||
raise EtebaseValidationError("generic", str(e))
|
|
||||||
|
|
||||||
if hasattr(instance, "userinfo"):
|
|
||||||
raise EtebaseValidationError("user_exists", "User already exists", status_code=status.HTTP_409_CONFLICT)
|
|
||||||
|
|
||||||
models.UserInfo.objects.create(**validated_data, owner=instance)
|
|
||||||
|
|
||||||
return instance
|
|
||||||
|
|
||||||
def update(self, instance, validated_data):
|
|
||||||
raise NotImplementedError()
|
|
||||||
|
|
||||||
|
|
||||||
class AuthenticationLoginChallengeSerializer(BetterErrorsMixin, serializers.Serializer):
|
|
||||||
username = serializers.CharField(required=True)
|
|
||||||
|
|
||||||
def create(self, validated_data):
|
|
||||||
raise NotImplementedError()
|
|
||||||
|
|
||||||
def update(self, instance, validated_data):
|
|
||||||
raise NotImplementedError()
|
|
||||||
|
|
||||||
|
|
||||||
class AuthenticationLoginSerializer(BetterErrorsMixin, serializers.Serializer):
|
|
||||||
response = BinaryBase64Field()
|
|
||||||
signature = BinaryBase64Field()
|
|
||||||
|
|
||||||
def create(self, validated_data):
|
|
||||||
raise NotImplementedError()
|
|
||||||
|
|
||||||
def update(self, instance, validated_data):
|
|
||||||
raise NotImplementedError()
|
|
||||||
|
|
||||||
|
|
||||||
class AuthenticationLoginInnerSerializer(AuthenticationLoginChallengeSerializer):
|
|
||||||
challenge = BinaryBase64Field()
|
|
||||||
host = serializers.CharField()
|
|
||||||
action = serializers.CharField()
|
|
||||||
|
|
||||||
def create(self, validated_data):
|
|
||||||
raise NotImplementedError()
|
|
||||||
|
|
||||||
def update(self, instance, validated_data):
|
|
||||||
raise NotImplementedError()
|
|
||||||
|
|
||||||
|
|
||||||
class AuthenticationChangePasswordInnerSerializer(AuthenticationLoginInnerSerializer):
|
|
||||||
loginPubkey = BinaryBase64Field()
|
|
||||||
encryptedContent = BinaryBase64Field()
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
model = models.UserInfo
|
|
||||||
fields = ("loginPubkey", "encryptedContent")
|
|
||||||
|
|
||||||
def create(self, validated_data):
|
|
||||||
raise NotImplementedError()
|
|
||||||
|
|
||||||
def update(self, instance, validated_data):
|
|
||||||
with transaction.atomic():
|
|
||||||
instance.loginPubkey = validated_data.pop("loginPubkey")
|
|
||||||
instance.encryptedContent = validated_data.pop("encryptedContent")
|
|
||||||
instance.save()
|
|
||||||
|
|
||||||
return instance
|
|
@ -1,3 +0,0 @@
|
|||||||
from django.test import TestCase
|
|
||||||
|
|
||||||
# Create your tests here.
|
|
@ -1,46 +0,0 @@
|
|||||||
from django.utils import timezone
|
|
||||||
from django.utils.translation import gettext_lazy as _
|
|
||||||
|
|
||||||
from rest_framework import exceptions
|
|
||||||
from rest_framework.authentication import TokenAuthentication as DRFTokenAuthentication
|
|
||||||
|
|
||||||
from .models import AuthToken, get_default_expiry
|
|
||||||
|
|
||||||
|
|
||||||
AUTO_REFRESH = True
|
|
||||||
MIN_REFRESH_INTERVAL = 60
|
|
||||||
|
|
||||||
|
|
||||||
class TokenAuthentication(DRFTokenAuthentication):
|
|
||||||
keyword = "Token"
|
|
||||||
model = AuthToken
|
|
||||||
|
|
||||||
def authenticate_credentials(self, key):
|
|
||||||
msg = _("Invalid token.")
|
|
||||||
model = self.get_model()
|
|
||||||
try:
|
|
||||||
token = model.objects.select_related("user").get(key=key)
|
|
||||||
except model.DoesNotExist:
|
|
||||||
raise exceptions.AuthenticationFailed(msg)
|
|
||||||
|
|
||||||
if not token.user.is_active:
|
|
||||||
raise exceptions.AuthenticationFailed(_("User inactive or deleted."))
|
|
||||||
|
|
||||||
if token.expiry is not None:
|
|
||||||
if token.expiry < timezone.now():
|
|
||||||
token.delete()
|
|
||||||
raise exceptions.AuthenticationFailed(msg)
|
|
||||||
|
|
||||||
if AUTO_REFRESH:
|
|
||||||
self.renew_token(token)
|
|
||||||
|
|
||||||
return (token.user, token)
|
|
||||||
|
|
||||||
def renew_token(self, auth_token):
|
|
||||||
current_expiry = auth_token.expiry
|
|
||||||
new_expiry = get_default_expiry()
|
|
||||||
# Throttle refreshing of token to avoid db writes
|
|
||||||
delta = (new_expiry - current_expiry).total_seconds()
|
|
||||||
if delta > MIN_REFRESH_INTERVAL:
|
|
||||||
auth_token.expiry = new_expiry
|
|
||||||
auth_token.save(update_fields=("expiry",))
|
|
@ -1,30 +0,0 @@
|
|||||||
from django.conf import settings
|
|
||||||
from django.conf.urls import include
|
|
||||||
from django.urls import path
|
|
||||||
|
|
||||||
from rest_framework_nested import routers
|
|
||||||
|
|
||||||
from django_etebase import views
|
|
||||||
|
|
||||||
router = routers.DefaultRouter()
|
|
||||||
router.register(r"collection", views.CollectionViewSet)
|
|
||||||
router.register(r"authentication", views.AuthenticationViewSet, basename="authentication")
|
|
||||||
router.register(r"invitation/incoming", views.InvitationIncomingViewSet, basename="invitation_incoming")
|
|
||||||
router.register(r"invitation/outgoing", views.InvitationOutgoingViewSet, basename="invitation_outgoing")
|
|
||||||
|
|
||||||
collections_router = routers.NestedSimpleRouter(router, r"collection", lookup="collection")
|
|
||||||
collections_router.register(r"item", views.CollectionItemViewSet, basename="collection_item")
|
|
||||||
collections_router.register(r"member", views.CollectionMemberViewSet, basename="collection_member")
|
|
||||||
|
|
||||||
item_router = routers.NestedSimpleRouter(collections_router, r"item", lookup="collection_item")
|
|
||||||
item_router.register(r"chunk", views.CollectionItemChunkViewSet, basename="collection_items_chunk")
|
|
||||||
|
|
||||||
if settings.DEBUG:
|
|
||||||
router.register(r"test/authentication", views.TestAuthenticationViewSet, basename="test_authentication")
|
|
||||||
|
|
||||||
app_name = "django_etebase"
|
|
||||||
urlpatterns = [
|
|
||||||
path("v1/", include(router.urls)),
|
|
||||||
path("v1/", include(collections_router.urls)),
|
|
||||||
path("v1/", include(item_router.urls)),
|
|
||||||
]
|
|
@ -1,861 +0,0 @@
|
|||||||
# Copyright © 2017 Tom Hacohen
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU Affero General Public License as
|
|
||||||
# published by the Free Software Foundation, version 3.
|
|
||||||
#
|
|
||||||
# This library is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
import msgpack
|
|
||||||
|
|
||||||
from django.conf import settings
|
|
||||||
from django.contrib.auth import get_user_model, user_logged_in, user_logged_out
|
|
||||||
from django.core.exceptions import PermissionDenied
|
|
||||||
from django.db import transaction, IntegrityError
|
|
||||||
from django.db.models import Q
|
|
||||||
from django.http import HttpResponseBadRequest, HttpResponse, Http404
|
|
||||||
from django.shortcuts import get_object_or_404
|
|
||||||
|
|
||||||
from rest_framework import status
|
|
||||||
from rest_framework import viewsets
|
|
||||||
from rest_framework.decorators import action as action_decorator
|
|
||||||
from rest_framework.response import Response
|
|
||||||
from rest_framework.parsers import JSONParser, FormParser, MultiPartParser
|
|
||||||
from rest_framework.renderers import BrowsableAPIRenderer
|
|
||||||
from rest_framework.exceptions import AuthenticationFailed
|
|
||||||
from rest_framework.permissions import IsAuthenticated
|
|
||||||
|
|
||||||
import nacl.encoding
|
|
||||||
import nacl.signing
|
|
||||||
import nacl.secret
|
|
||||||
import nacl.hash
|
|
||||||
|
|
||||||
from .sendfile import sendfile
|
|
||||||
from .token_auth.models import AuthToken
|
|
||||||
|
|
||||||
from .drf_msgpack.parsers import MessagePackParser
|
|
||||||
from .drf_msgpack.renderers import MessagePackRenderer
|
|
||||||
|
|
||||||
from . import app_settings, permissions
|
|
||||||
from .renderers import JSONRenderer
|
|
||||||
from .models import (
|
|
||||||
Collection,
|
|
||||||
CollectionItem,
|
|
||||||
CollectionItemRevision,
|
|
||||||
CollectionMember,
|
|
||||||
CollectionMemberRemoved,
|
|
||||||
CollectionInvitation,
|
|
||||||
Stoken,
|
|
||||||
UserInfo,
|
|
||||||
)
|
|
||||||
from .serializers import (
|
|
||||||
AuthenticationChangePasswordInnerSerializer,
|
|
||||||
AuthenticationSignupSerializer,
|
|
||||||
AuthenticationLoginChallengeSerializer,
|
|
||||||
AuthenticationLoginSerializer,
|
|
||||||
AuthenticationLoginInnerSerializer,
|
|
||||||
CollectionSerializer,
|
|
||||||
CollectionItemSerializer,
|
|
||||||
CollectionItemBulkGetSerializer,
|
|
||||||
CollectionItemDepSerializer,
|
|
||||||
CollectionItemRevisionSerializer,
|
|
||||||
CollectionItemChunkSerializer,
|
|
||||||
CollectionListMultiSerializer,
|
|
||||||
CollectionMemberSerializer,
|
|
||||||
CollectionInvitationSerializer,
|
|
||||||
InvitationAcceptSerializer,
|
|
||||||
UserInfoPubkeySerializer,
|
|
||||||
UserSerializer,
|
|
||||||
)
|
|
||||||
from .utils import get_user_queryset, CallbackContext
|
|
||||||
from .exceptions import EtebaseValidationError
|
|
||||||
from .parsers import ChunkUploadParser
|
|
||||||
from .signals import user_signed_up
|
|
||||||
|
|
||||||
User = get_user_model()
|
|
||||||
|
|
||||||
|
|
||||||
def msgpack_encode(content):
|
|
||||||
return msgpack.packb(content, use_bin_type=True)
|
|
||||||
|
|
||||||
|
|
||||||
def msgpack_decode(content):
|
|
||||||
return msgpack.unpackb(content, raw=False)
|
|
||||||
|
|
||||||
|
|
||||||
class BaseViewSet(viewsets.ModelViewSet):
|
|
||||||
authentication_classes = tuple(app_settings.API_AUTHENTICATORS)
|
|
||||||
permission_classes = tuple(app_settings.API_PERMISSIONS)
|
|
||||||
renderer_classes = [JSONRenderer, MessagePackRenderer] + ([BrowsableAPIRenderer] if settings.DEBUG else [])
|
|
||||||
parser_classes = [JSONParser, MessagePackParser, FormParser, MultiPartParser]
|
|
||||||
stoken_annotation = None
|
|
||||||
|
|
||||||
def get_serializer_class(self):
|
|
||||||
serializer_class = self.serializer_class
|
|
||||||
|
|
||||||
if self.request.method == "PUT":
|
|
||||||
serializer_class = getattr(self, "serializer_update_class", serializer_class)
|
|
||||||
|
|
||||||
return serializer_class
|
|
||||||
|
|
||||||
def get_collection_queryset(self, queryset=Collection.objects):
|
|
||||||
user = self.request.user
|
|
||||||
return queryset.filter(members__user=user)
|
|
||||||
|
|
||||||
def get_stoken_obj_id(self, request):
|
|
||||||
return request.GET.get("stoken", None)
|
|
||||||
|
|
||||||
def get_stoken_obj(self, request):
|
|
||||||
stoken = self.get_stoken_obj_id(request)
|
|
||||||
|
|
||||||
if stoken is not None:
|
|
||||||
try:
|
|
||||||
return Stoken.objects.get(uid=stoken)
|
|
||||||
except Stoken.DoesNotExist:
|
|
||||||
raise EtebaseValidationError("bad_stoken", "Invalid stoken.", status_code=status.HTTP_400_BAD_REQUEST)
|
|
||||||
|
|
||||||
return None
|
|
||||||
|
|
||||||
def filter_by_stoken(self, request, queryset):
|
|
||||||
stoken_rev = self.get_stoken_obj(request)
|
|
||||||
|
|
||||||
queryset = queryset.annotate(max_stoken=self.stoken_annotation).order_by("max_stoken")
|
|
||||||
|
|
||||||
if stoken_rev is not None:
|
|
||||||
queryset = queryset.filter(max_stoken__gt=stoken_rev.id)
|
|
||||||
|
|
||||||
return queryset, stoken_rev
|
|
||||||
|
|
||||||
def get_queryset_stoken(self, queryset):
|
|
||||||
maxid = -1
|
|
||||||
for row in queryset:
|
|
||||||
rowmaxid = getattr(row, "max_stoken") or -1
|
|
||||||
maxid = max(maxid, rowmaxid)
|
|
||||||
new_stoken = (maxid >= 0) and Stoken.objects.get(id=maxid)
|
|
||||||
|
|
||||||
return new_stoken or None
|
|
||||||
|
|
||||||
def filter_by_stoken_and_limit(self, request, queryset):
|
|
||||||
limit = int(request.GET.get("limit", 50))
|
|
||||||
|
|
||||||
queryset, stoken_rev = self.filter_by_stoken(request, queryset)
|
|
||||||
|
|
||||||
result = list(queryset[: limit + 1])
|
|
||||||
if len(result) < limit + 1:
|
|
||||||
done = True
|
|
||||||
else:
|
|
||||||
done = False
|
|
||||||
result = result[:-1]
|
|
||||||
|
|
||||||
new_stoken_obj = self.get_queryset_stoken(result) or stoken_rev
|
|
||||||
|
|
||||||
return result, new_stoken_obj, done
|
|
||||||
|
|
||||||
# Change how our list works by default
|
|
||||||
def list(self, request, collection_uid=None, *args, **kwargs):
|
|
||||||
queryset = self.get_queryset()
|
|
||||||
serializer = self.get_serializer(queryset, many=True)
|
|
||||||
|
|
||||||
ret = {
|
|
||||||
"data": serializer.data,
|
|
||||||
"done": True, # we always return all the items, so it's always done
|
|
||||||
}
|
|
||||||
|
|
||||||
return Response(ret)
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionViewSet(BaseViewSet):
|
|
||||||
allowed_methods = ["GET", "POST"]
|
|
||||||
permission_classes = BaseViewSet.permission_classes + (permissions.IsCollectionAdminOrReadOnly,)
|
|
||||||
queryset = Collection.objects.all()
|
|
||||||
serializer_class = CollectionSerializer
|
|
||||||
lookup_field = "uid"
|
|
||||||
lookup_url_kwarg = "uid"
|
|
||||||
stoken_annotation = Collection.stoken_annotation
|
|
||||||
|
|
||||||
def get_queryset(self, queryset=None):
|
|
||||||
if queryset is None:
|
|
||||||
queryset = type(self).queryset
|
|
||||||
return self.get_collection_queryset(queryset)
|
|
||||||
|
|
||||||
def get_serializer_context(self):
|
|
||||||
context = super().get_serializer_context()
|
|
||||||
prefetch = self.request.query_params.get("prefetch", "auto")
|
|
||||||
context.update({"request": self.request, "prefetch": prefetch})
|
|
||||||
return context
|
|
||||||
|
|
||||||
def destroy(self, request, uid=None, *args, **kwargs):
|
|
||||||
# FIXME: implement
|
|
||||||
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
|
|
||||||
|
|
||||||
def partial_update(self, request, uid=None, *args, **kwargs):
|
|
||||||
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
|
|
||||||
|
|
||||||
def update(self, request, *args, **kwargs):
|
|
||||||
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
|
|
||||||
|
|
||||||
def create(self, request, *args, **kwargs):
|
|
||||||
serializer = self.get_serializer(data=request.data)
|
|
||||||
serializer.is_valid(raise_exception=True)
|
|
||||||
serializer.save(owner=self.request.user)
|
|
||||||
|
|
||||||
return Response({}, status=status.HTTP_201_CREATED)
|
|
||||||
|
|
||||||
def list(self, request, *args, **kwargs):
|
|
||||||
queryset = self.get_queryset()
|
|
||||||
return self.list_common(request, queryset, *args, **kwargs)
|
|
||||||
|
|
||||||
@action_decorator(detail=False, methods=["POST"])
|
|
||||||
def list_multi(self, request, *args, **kwargs):
|
|
||||||
serializer = CollectionListMultiSerializer(data=request.data)
|
|
||||||
serializer.is_valid(raise_exception=True)
|
|
||||||
|
|
||||||
collection_types = serializer.validated_data["collectionTypes"]
|
|
||||||
|
|
||||||
queryset = self.get_queryset()
|
|
||||||
# FIXME: Remove the isnull part once we attach collection types to all objects ("collection-type-migration")
|
|
||||||
queryset = queryset.filter(
|
|
||||||
Q(members__collectionType__uid__in=collection_types) | Q(members__collectionType__isnull=True)
|
|
||||||
)
|
|
||||||
|
|
||||||
return self.list_common(request, queryset, *args, **kwargs)
|
|
||||||
|
|
||||||
def list_common(self, request, queryset, *args, **kwargs):
|
|
||||||
result, new_stoken_obj, done = self.filter_by_stoken_and_limit(request, queryset)
|
|
||||||
new_stoken = new_stoken_obj and new_stoken_obj.uid
|
|
||||||
|
|
||||||
serializer = self.get_serializer(result, many=True)
|
|
||||||
|
|
||||||
ret = {
|
|
||||||
"data": serializer.data,
|
|
||||||
"stoken": new_stoken,
|
|
||||||
"done": done,
|
|
||||||
}
|
|
||||||
|
|
||||||
stoken_obj = self.get_stoken_obj(request)
|
|
||||||
if stoken_obj is not None:
|
|
||||||
# FIXME: honour limit? (the limit should be combined for data and this because of stoken)
|
|
||||||
remed_qs = CollectionMemberRemoved.objects.filter(user=request.user, stoken__id__gt=stoken_obj.id)
|
|
||||||
if not ret["done"]:
|
|
||||||
# We only filter by the new_stoken if we are not done. This is because if we are done, the new stoken
|
|
||||||
# can point to the most recent collection change rather than most recent removed membership.
|
|
||||||
remed_qs = remed_qs.filter(stoken__id__lte=new_stoken_obj.id)
|
|
||||||
|
|
||||||
remed = remed_qs.values_list("collection__uid", flat=True)
|
|
||||||
if len(remed) > 0:
|
|
||||||
ret["removedMemberships"] = [{"uid": x} for x in remed]
|
|
||||||
|
|
||||||
return Response(ret)
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionItemViewSet(BaseViewSet):
|
|
||||||
allowed_methods = ["GET", "POST", "PUT"]
|
|
||||||
permission_classes = BaseViewSet.permission_classes + (permissions.HasWriteAccessOrReadOnly,)
|
|
||||||
queryset = CollectionItem.objects.all()
|
|
||||||
serializer_class = CollectionItemSerializer
|
|
||||||
lookup_field = "uid"
|
|
||||||
stoken_annotation = CollectionItem.stoken_annotation
|
|
||||||
|
|
||||||
def get_queryset(self):
|
|
||||||
collection_uid = self.kwargs["collection_uid"]
|
|
||||||
try:
|
|
||||||
collection = self.get_collection_queryset(Collection.objects).get(uid=collection_uid)
|
|
||||||
except Collection.DoesNotExist:
|
|
||||||
raise Http404("Collection does not exist")
|
|
||||||
# XXX Potentially add this for performance: .prefetch_related('revisions__chunks')
|
|
||||||
queryset = type(self).queryset.filter(collection__pk=collection.pk, revisions__current=True)
|
|
||||||
|
|
||||||
return queryset
|
|
||||||
|
|
||||||
def get_serializer_context(self):
|
|
||||||
context = super().get_serializer_context()
|
|
||||||
prefetch = self.request.query_params.get("prefetch", "auto")
|
|
||||||
context.update({"request": self.request, "prefetch": prefetch})
|
|
||||||
return context
|
|
||||||
|
|
||||||
def create(self, request, collection_uid=None, *args, **kwargs):
|
|
||||||
# We create using batch and transaction
|
|
||||||
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
|
|
||||||
|
|
||||||
def destroy(self, request, collection_uid=None, uid=None, *args, **kwargs):
|
|
||||||
# We can't have destroy because we need to get data from the user (in the body) such as hmac.
|
|
||||||
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
|
|
||||||
|
|
||||||
def update(self, request, collection_uid=None, uid=None, *args, **kwargs):
|
|
||||||
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
|
|
||||||
|
|
||||||
def partial_update(self, request, collection_uid=None, uid=None, *args, **kwargs):
|
|
||||||
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
|
|
||||||
|
|
||||||
def list(self, request, collection_uid=None, *args, **kwargs):
|
|
||||||
queryset = self.get_queryset()
|
|
||||||
|
|
||||||
if not self.request.query_params.get("withCollection", False):
|
|
||||||
queryset = queryset.filter(parent__isnull=True)
|
|
||||||
|
|
||||||
result, new_stoken_obj, done = self.filter_by_stoken_and_limit(request, queryset)
|
|
||||||
new_stoken = new_stoken_obj and new_stoken_obj.uid
|
|
||||||
|
|
||||||
serializer = self.get_serializer(result, many=True)
|
|
||||||
|
|
||||||
ret = {
|
|
||||||
"data": serializer.data,
|
|
||||||
"stoken": new_stoken,
|
|
||||||
"done": done,
|
|
||||||
}
|
|
||||||
return Response(ret)
|
|
||||||
|
|
||||||
@action_decorator(detail=True, methods=["GET"])
|
|
||||||
def revision(self, request, collection_uid=None, uid=None, *args, **kwargs):
|
|
||||||
col = get_object_or_404(self.get_collection_queryset(Collection.objects), uid=collection_uid)
|
|
||||||
item = get_object_or_404(col.items, uid=uid)
|
|
||||||
|
|
||||||
limit = int(request.GET.get("limit", 50))
|
|
||||||
iterator = request.GET.get("iterator", None)
|
|
||||||
|
|
||||||
queryset = item.revisions.order_by("-id")
|
|
||||||
|
|
||||||
if iterator is not None:
|
|
||||||
iterator = get_object_or_404(queryset, uid=iterator)
|
|
||||||
queryset = queryset.filter(id__lt=iterator.id)
|
|
||||||
|
|
||||||
result = list(queryset[: limit + 1])
|
|
||||||
if len(result) < limit + 1:
|
|
||||||
done = True
|
|
||||||
else:
|
|
||||||
done = False
|
|
||||||
result = result[:-1]
|
|
||||||
|
|
||||||
serializer = CollectionItemRevisionSerializer(result, context=self.get_serializer_context(), many=True)
|
|
||||||
|
|
||||||
iterator = serializer.data[-1]["uid"] if len(result) > 0 else None
|
|
||||||
|
|
||||||
ret = {
|
|
||||||
"data": serializer.data,
|
|
||||||
"iterator": iterator,
|
|
||||||
"done": done,
|
|
||||||
}
|
|
||||||
return Response(ret)
|
|
||||||
|
|
||||||
# FIXME: rename to something consistent with what the clients have - maybe list_updates?
|
|
||||||
@action_decorator(detail=False, methods=["POST"])
|
|
||||||
def fetch_updates(self, request, collection_uid=None, *args, **kwargs):
|
|
||||||
queryset = self.get_queryset()
|
|
||||||
|
|
||||||
serializer = CollectionItemBulkGetSerializer(data=request.data, many=True)
|
|
||||||
serializer.is_valid(raise_exception=True)
|
|
||||||
# FIXME: make configurable?
|
|
||||||
item_limit = 200
|
|
||||||
|
|
||||||
if len(serializer.validated_data) > item_limit:
|
|
||||||
content = {"code": "too_many_items", "detail": "Request has too many items. Limit: {}".format(item_limit)}
|
|
||||||
return Response(content, status=status.HTTP_400_BAD_REQUEST)
|
|
||||||
|
|
||||||
queryset, stoken_rev = self.filter_by_stoken(request, queryset)
|
|
||||||
|
|
||||||
uids, etags = zip(*[(item["uid"], item.get("etag")) for item in serializer.validated_data])
|
|
||||||
revs = CollectionItemRevision.objects.filter(uid__in=etags, current=True)
|
|
||||||
queryset = queryset.filter(uid__in=uids).exclude(revisions__in=revs)
|
|
||||||
|
|
||||||
new_stoken_obj = self.get_queryset_stoken(queryset)
|
|
||||||
new_stoken = new_stoken_obj and new_stoken_obj.uid
|
|
||||||
stoken = stoken_rev and getattr(stoken_rev, "uid", None)
|
|
||||||
new_stoken = new_stoken or stoken
|
|
||||||
|
|
||||||
serializer = self.get_serializer(queryset, many=True)
|
|
||||||
|
|
||||||
ret = {
|
|
||||||
"data": serializer.data,
|
|
||||||
"stoken": new_stoken,
|
|
||||||
"done": True, # we always return all the items, so it's always done
|
|
||||||
}
|
|
||||||
return Response(ret)
|
|
||||||
|
|
||||||
@action_decorator(detail=False, methods=["POST"])
|
|
||||||
def batch(self, request, collection_uid=None, *args, **kwargs):
|
|
||||||
return self.transaction(request, collection_uid, validate_etag=False)
|
|
||||||
|
|
||||||
@action_decorator(detail=False, methods=["POST"])
|
|
||||||
def transaction(self, request, collection_uid=None, validate_etag=True, *args, **kwargs):
|
|
||||||
stoken = request.GET.get("stoken", None)
|
|
||||||
with transaction.atomic(): # We need this for locking on the collection object
|
|
||||||
collection_object = get_object_or_404(
|
|
||||||
self.get_collection_queryset(Collection.objects).select_for_update(), # Lock writes on the collection
|
|
||||||
uid=collection_uid,
|
|
||||||
)
|
|
||||||
|
|
||||||
if stoken is not None and stoken != collection_object.stoken:
|
|
||||||
content = {"code": "stale_stoken", "detail": "Stoken is too old"}
|
|
||||||
return Response(content, status=status.HTTP_409_CONFLICT)
|
|
||||||
|
|
||||||
items = request.data.get("items")
|
|
||||||
deps = request.data.get("deps", None)
|
|
||||||
# FIXME: It should just be one serializer
|
|
||||||
context = self.get_serializer_context()
|
|
||||||
context.update({"validate_etag": validate_etag})
|
|
||||||
serializer = self.get_serializer_class()(data=items, context=context, many=True)
|
|
||||||
deps_serializer = CollectionItemDepSerializer(data=deps, context=context, many=True)
|
|
||||||
|
|
||||||
ser_valid = serializer.is_valid()
|
|
||||||
deps_ser_valid = deps is None or deps_serializer.is_valid()
|
|
||||||
if ser_valid and deps_ser_valid:
|
|
||||||
items = serializer.save(collection=collection_object)
|
|
||||||
|
|
||||||
ret = {}
|
|
||||||
return Response(ret, status=status.HTTP_200_OK)
|
|
||||||
|
|
||||||
return Response(
|
|
||||||
{
|
|
||||||
"items": serializer.errors,
|
|
||||||
"deps": deps_serializer.errors if deps is not None else [],
|
|
||||||
},
|
|
||||||
status=status.HTTP_409_CONFLICT,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionItemChunkViewSet(viewsets.ViewSet):
|
|
||||||
allowed_methods = ["GET", "PUT"]
|
|
||||||
authentication_classes = BaseViewSet.authentication_classes
|
|
||||||
permission_classes = BaseViewSet.permission_classes
|
|
||||||
renderer_classes = BaseViewSet.renderer_classes
|
|
||||||
parser_classes = (ChunkUploadParser,)
|
|
||||||
serializer_class = CollectionItemChunkSerializer
|
|
||||||
lookup_field = "uid"
|
|
||||||
|
|
||||||
def get_serializer_class(self):
|
|
||||||
return self.serializer_class
|
|
||||||
|
|
||||||
def get_collection_queryset(self, queryset=Collection.objects):
|
|
||||||
user = self.request.user
|
|
||||||
return queryset.filter(members__user=user)
|
|
||||||
|
|
||||||
def update(self, request, *args, collection_uid=None, collection_item_uid=None, uid=None, **kwargs):
|
|
||||||
col = get_object_or_404(self.get_collection_queryset(), uid=collection_uid)
|
|
||||||
# IGNORED FOR NOW: col_it = get_object_or_404(col.items, uid=collection_item_uid)
|
|
||||||
|
|
||||||
data = {
|
|
||||||
"uid": uid,
|
|
||||||
"chunkFile": request.data["file"],
|
|
||||||
}
|
|
||||||
|
|
||||||
serializer = self.get_serializer_class()(data=data)
|
|
||||||
serializer.is_valid(raise_exception=True)
|
|
||||||
try:
|
|
||||||
serializer.save(collection=col)
|
|
||||||
except IntegrityError:
|
|
||||||
return Response(
|
|
||||||
{"code": "chunk_exists", "detail": "Chunk already exists."}, status=status.HTTP_409_CONFLICT
|
|
||||||
)
|
|
||||||
|
|
||||||
return Response({}, status=status.HTTP_201_CREATED)
|
|
||||||
|
|
||||||
@action_decorator(detail=True, methods=["GET"])
|
|
||||||
def download(self, request, collection_uid=None, collection_item_uid=None, uid=None, *args, **kwargs):
|
|
||||||
col = get_object_or_404(self.get_collection_queryset(), uid=collection_uid)
|
|
||||||
chunk = get_object_or_404(col.chunks, uid=uid)
|
|
||||||
|
|
||||||
filename = chunk.chunkFile.path
|
|
||||||
return sendfile(request, filename)
|
|
||||||
|
|
||||||
|
|
||||||
class CollectionMemberViewSet(BaseViewSet):
|
|
||||||
allowed_methods = ["GET", "PUT", "DELETE"]
|
|
||||||
our_base_permission_classes = BaseViewSet.permission_classes
|
|
||||||
permission_classes = our_base_permission_classes + (permissions.IsCollectionAdmin,)
|
|
||||||
queryset = CollectionMember.objects.all()
|
|
||||||
serializer_class = CollectionMemberSerializer
|
|
||||||
lookup_field = f"user__{User.USERNAME_FIELD}__iexact"
|
|
||||||
lookup_url_kwarg = "username"
|
|
||||||
stoken_annotation = CollectionMember.stoken_annotation
|
|
||||||
|
|
||||||
# FIXME: need to make sure that there's always an admin, and maybe also don't let an owner remove adm access
|
|
||||||
# (if we want to transfer, we need to do that specifically)
|
|
||||||
|
|
||||||
def get_queryset(self, queryset=None):
|
|
||||||
collection_uid = self.kwargs["collection_uid"]
|
|
||||||
try:
|
|
||||||
collection = self.get_collection_queryset(Collection.objects).get(uid=collection_uid)
|
|
||||||
except Collection.DoesNotExist:
|
|
||||||
raise Http404("Collection does not exist")
|
|
||||||
|
|
||||||
if queryset is None:
|
|
||||||
queryset = type(self).queryset
|
|
||||||
|
|
||||||
return queryset.filter(collection=collection)
|
|
||||||
|
|
||||||
# We override this method because we expect the stoken to be called iterator
|
|
||||||
def get_stoken_obj_id(self, request):
|
|
||||||
return request.GET.get("iterator", None)
|
|
||||||
|
|
||||||
def list(self, request, collection_uid=None, *args, **kwargs):
|
|
||||||
queryset = self.get_queryset().order_by("id")
|
|
||||||
result, new_stoken_obj, done = self.filter_by_stoken_and_limit(request, queryset)
|
|
||||||
new_stoken = new_stoken_obj and new_stoken_obj.uid
|
|
||||||
serializer = self.get_serializer(result, many=True)
|
|
||||||
|
|
||||||
ret = {
|
|
||||||
"data": serializer.data,
|
|
||||||
"iterator": new_stoken, # Here we call it an iterator, it's only stoken for collection/items
|
|
||||||
"done": done,
|
|
||||||
}
|
|
||||||
|
|
||||||
return Response(ret)
|
|
||||||
|
|
||||||
def create(self, request, *args, **kwargs):
|
|
||||||
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
|
|
||||||
|
|
||||||
# FIXME: block leaving if we are the last admins - should be deleted / assigned in this case depending if there
|
|
||||||
# are other memebers.
|
|
||||||
def perform_destroy(self, instance):
|
|
||||||
instance.revoke()
|
|
||||||
|
|
||||||
@action_decorator(detail=False, methods=["POST"], permission_classes=our_base_permission_classes)
|
|
||||||
def leave(self, request, collection_uid=None, *args, **kwargs):
|
|
||||||
collection_uid = self.kwargs["collection_uid"]
|
|
||||||
col = get_object_or_404(self.get_collection_queryset(Collection.objects), uid=collection_uid)
|
|
||||||
|
|
||||||
member = col.members.get(user=request.user)
|
|
||||||
self.perform_destroy(member)
|
|
||||||
|
|
||||||
return Response({})
|
|
||||||
|
|
||||||
|
|
||||||
class InvitationBaseViewSet(BaseViewSet):
|
|
||||||
queryset = CollectionInvitation.objects.all()
|
|
||||||
serializer_class = CollectionInvitationSerializer
|
|
||||||
lookup_field = "uid"
|
|
||||||
lookup_url_kwarg = "invitation_uid"
|
|
||||||
|
|
||||||
def list(self, request, collection_uid=None, *args, **kwargs):
|
|
||||||
limit = int(request.GET.get("limit", 50))
|
|
||||||
iterator = request.GET.get("iterator", None)
|
|
||||||
|
|
||||||
queryset = self.get_queryset().order_by("id")
|
|
||||||
|
|
||||||
if iterator is not None:
|
|
||||||
iterator = get_object_or_404(queryset, uid=iterator)
|
|
||||||
queryset = queryset.filter(id__gt=iterator.id)
|
|
||||||
|
|
||||||
result = list(queryset[: limit + 1])
|
|
||||||
if len(result) < limit + 1:
|
|
||||||
done = True
|
|
||||||
else:
|
|
||||||
done = False
|
|
||||||
result = result[:-1]
|
|
||||||
|
|
||||||
serializer = self.get_serializer(result, many=True)
|
|
||||||
|
|
||||||
iterator = serializer.data[-1]["uid"] if len(result) > 0 else None
|
|
||||||
|
|
||||||
ret = {
|
|
||||||
"data": serializer.data,
|
|
||||||
"iterator": iterator,
|
|
||||||
"done": done,
|
|
||||||
}
|
|
||||||
|
|
||||||
return Response(ret)
|
|
||||||
|
|
||||||
|
|
||||||
class InvitationOutgoingViewSet(InvitationBaseViewSet):
|
|
||||||
allowed_methods = ["GET", "POST", "PUT", "DELETE"]
|
|
||||||
|
|
||||||
def get_queryset(self, queryset=None):
|
|
||||||
if queryset is None:
|
|
||||||
queryset = type(self).queryset
|
|
||||||
|
|
||||||
return queryset.filter(fromMember__user=self.request.user)
|
|
||||||
|
|
||||||
def create(self, request, *args, **kwargs):
|
|
||||||
serializer = self.get_serializer(data=request.data)
|
|
||||||
serializer.is_valid(raise_exception=True)
|
|
||||||
collection_uid = serializer.validated_data.get("collection", {}).get("uid")
|
|
||||||
|
|
||||||
try:
|
|
||||||
collection = self.get_collection_queryset(Collection.objects).get(uid=collection_uid)
|
|
||||||
except Collection.DoesNotExist:
|
|
||||||
raise Http404("Collection does not exist")
|
|
||||||
|
|
||||||
if request.user == serializer.validated_data.get("user"):
|
|
||||||
content = {"code": "self_invite", "detail": "Inviting yourself is invalid"}
|
|
||||||
return Response(content, status=status.HTTP_400_BAD_REQUEST)
|
|
||||||
|
|
||||||
if not permissions.is_collection_admin(collection, request.user):
|
|
||||||
raise PermissionDenied(
|
|
||||||
{"code": "admin_access_required", "detail": "User is not an admin of this collection"}
|
|
||||||
)
|
|
||||||
|
|
||||||
serializer.save(collection=collection)
|
|
||||||
|
|
||||||
return Response({}, status=status.HTTP_201_CREATED)
|
|
||||||
|
|
||||||
@action_decorator(detail=False, allowed_methods=["GET"], methods=["GET"])
|
|
||||||
def fetch_user_profile(self, request, *args, **kwargs):
|
|
||||||
username = request.GET.get("username")
|
|
||||||
kwargs = {User.USERNAME_FIELD: username.lower()}
|
|
||||||
user = get_object_or_404(get_user_queryset(User.objects.all(), CallbackContext(self.kwargs)), **kwargs)
|
|
||||||
user_info = get_object_or_404(UserInfo.objects.all(), owner=user)
|
|
||||||
serializer = UserInfoPubkeySerializer(user_info)
|
|
||||||
return Response(serializer.data)
|
|
||||||
|
|
||||||
|
|
||||||
class InvitationIncomingViewSet(InvitationBaseViewSet):
|
|
||||||
allowed_methods = ["GET", "DELETE"]
|
|
||||||
|
|
||||||
def get_queryset(self, queryset=None):
|
|
||||||
if queryset is None:
|
|
||||||
queryset = type(self).queryset
|
|
||||||
|
|
||||||
return queryset.filter(user=self.request.user)
|
|
||||||
|
|
||||||
@action_decorator(detail=True, allowed_methods=["POST"], methods=["POST"])
|
|
||||||
def accept(self, request, invitation_uid=None, *args, **kwargs):
|
|
||||||
invitation = get_object_or_404(self.get_queryset(), uid=invitation_uid)
|
|
||||||
context = self.get_serializer_context()
|
|
||||||
context.update({"invitation": invitation})
|
|
||||||
|
|
||||||
serializer = InvitationAcceptSerializer(data=request.data, context=context)
|
|
||||||
serializer.is_valid(raise_exception=True)
|
|
||||||
serializer.save()
|
|
||||||
return Response(status=status.HTTP_201_CREATED)
|
|
||||||
|
|
||||||
|
|
||||||
class AuthenticationViewSet(viewsets.ViewSet):
|
|
||||||
allowed_methods = ["POST"]
|
|
||||||
authentication_classes = BaseViewSet.authentication_classes
|
|
||||||
renderer_classes = BaseViewSet.renderer_classes
|
|
||||||
parser_classes = BaseViewSet.parser_classes
|
|
||||||
|
|
||||||
def get_encryption_key(self, salt):
|
|
||||||
key = nacl.hash.blake2b(settings.SECRET_KEY.encode(), encoder=nacl.encoding.RawEncoder)
|
|
||||||
return nacl.hash.blake2b(
|
|
||||||
b"",
|
|
||||||
key=key,
|
|
||||||
salt=salt[: nacl.hash.BLAKE2B_SALTBYTES],
|
|
||||||
person=b"etebase-auth",
|
|
||||||
encoder=nacl.encoding.RawEncoder,
|
|
||||||
)
|
|
||||||
|
|
||||||
def get_queryset(self):
|
|
||||||
return get_user_queryset(User.objects.all(), CallbackContext(self.kwargs))
|
|
||||||
|
|
||||||
def get_serializer_context(self):
|
|
||||||
return {"request": self.request, "format": self.format_kwarg, "view": self}
|
|
||||||
|
|
||||||
def login_response_data(self, user):
|
|
||||||
return {
|
|
||||||
"token": AuthToken.objects.create(user=user).key,
|
|
||||||
"user": UserSerializer(user).data,
|
|
||||||
}
|
|
||||||
|
|
||||||
def list(self, request, *args, **kwargs):
|
|
||||||
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
|
|
||||||
|
|
||||||
@action_decorator(detail=False, methods=["POST"])
|
|
||||||
def signup(self, request, *args, **kwargs):
|
|
||||||
serializer = AuthenticationSignupSerializer(data=request.data, context=self.get_serializer_context())
|
|
||||||
serializer.is_valid(raise_exception=True)
|
|
||||||
user = serializer.save()
|
|
||||||
|
|
||||||
user_signed_up.send(sender=user.__class__, request=request, user=user)
|
|
||||||
|
|
||||||
data = self.login_response_data(user)
|
|
||||||
return Response(data, status=status.HTTP_201_CREATED)
|
|
||||||
|
|
||||||
def get_login_user(self, username):
|
|
||||||
kwargs = {User.USERNAME_FIELD + "__iexact": username.lower()}
|
|
||||||
try:
|
|
||||||
user = self.get_queryset().get(**kwargs)
|
|
||||||
if not hasattr(user, "userinfo"):
|
|
||||||
raise AuthenticationFailed({"code": "user_not_init", "detail": "User not properly init"})
|
|
||||||
return user
|
|
||||||
except User.DoesNotExist:
|
|
||||||
raise AuthenticationFailed({"code": "user_not_found", "detail": "User not found"})
|
|
||||||
|
|
||||||
def validate_login_request(self, request, validated_data, response_raw, signature, expected_action):
|
|
||||||
from datetime import datetime
|
|
||||||
|
|
||||||
username = validated_data.get("username")
|
|
||||||
user = self.get_login_user(username)
|
|
||||||
host = validated_data["host"]
|
|
||||||
challenge = validated_data["challenge"]
|
|
||||||
action = validated_data["action"]
|
|
||||||
|
|
||||||
salt = bytes(user.userinfo.salt)
|
|
||||||
enc_key = self.get_encryption_key(salt)
|
|
||||||
box = nacl.secret.SecretBox(enc_key)
|
|
||||||
|
|
||||||
challenge_data = msgpack_decode(box.decrypt(challenge))
|
|
||||||
now = int(datetime.now().timestamp())
|
|
||||||
if action != expected_action:
|
|
||||||
content = {"code": "wrong_action", "detail": 'Expected "{}" but got something else'.format(expected_action)}
|
|
||||||
return Response(content, status=status.HTTP_400_BAD_REQUEST)
|
|
||||||
elif now - challenge_data["timestamp"] > app_settings.CHALLENGE_VALID_SECONDS:
|
|
||||||
content = {"code": "challenge_expired", "detail": "Login challange has expired"}
|
|
||||||
return Response(content, status=status.HTTP_400_BAD_REQUEST)
|
|
||||||
elif challenge_data["userId"] != user.id:
|
|
||||||
content = {"code": "wrong_user", "detail": "This challenge is for the wrong user"}
|
|
||||||
return Response(content, status=status.HTTP_400_BAD_REQUEST)
|
|
||||||
elif not settings.DEBUG and host.split(":", 1)[0] != request.get_host().split(":", 1)[0]:
|
|
||||||
detail = 'Found wrong host name. Got: "{}" expected: "{}"'.format(host, request.get_host())
|
|
||||||
content = {"code": "wrong_host", "detail": detail}
|
|
||||||
return Response(content, status=status.HTTP_400_BAD_REQUEST)
|
|
||||||
|
|
||||||
verify_key = nacl.signing.VerifyKey(bytes(user.userinfo.loginPubkey), encoder=nacl.encoding.RawEncoder)
|
|
||||||
|
|
||||||
try:
|
|
||||||
verify_key.verify(response_raw, signature)
|
|
||||||
except nacl.exceptions.BadSignatureError:
|
|
||||||
return Response(
|
|
||||||
{"code": "login_bad_signature", "detail": "Wrong password for user."},
|
|
||||||
status=status.HTTP_401_UNAUTHORIZED,
|
|
||||||
)
|
|
||||||
|
|
||||||
return None
|
|
||||||
|
|
||||||
@action_decorator(detail=False, methods=["GET"])
|
|
||||||
def is_etebase(self, request, *args, **kwargs):
|
|
||||||
return Response({}, status=status.HTTP_200_OK)
|
|
||||||
|
|
||||||
@action_decorator(detail=False, methods=["POST"])
|
|
||||||
def login_challenge(self, request, *args, **kwargs):
|
|
||||||
from datetime import datetime
|
|
||||||
|
|
||||||
serializer = AuthenticationLoginChallengeSerializer(data=request.data)
|
|
||||||
serializer.is_valid(raise_exception=True)
|
|
||||||
username = serializer.validated_data.get("username")
|
|
||||||
user = self.get_login_user(username)
|
|
||||||
|
|
||||||
salt = bytes(user.userinfo.salt)
|
|
||||||
enc_key = self.get_encryption_key(salt)
|
|
||||||
box = nacl.secret.SecretBox(enc_key)
|
|
||||||
|
|
||||||
challenge_data = {
|
|
||||||
"timestamp": int(datetime.now().timestamp()),
|
|
||||||
"userId": user.id,
|
|
||||||
}
|
|
||||||
challenge = box.encrypt(msgpack_encode(challenge_data), encoder=nacl.encoding.RawEncoder)
|
|
||||||
|
|
||||||
ret = {
|
|
||||||
"salt": salt,
|
|
||||||
"challenge": challenge,
|
|
||||||
"version": user.userinfo.version,
|
|
||||||
}
|
|
||||||
return Response(ret, status=status.HTTP_200_OK)
|
|
||||||
|
|
||||||
@action_decorator(detail=False, methods=["POST"])
|
|
||||||
def login(self, request, *args, **kwargs):
|
|
||||||
outer_serializer = AuthenticationLoginSerializer(data=request.data)
|
|
||||||
outer_serializer.is_valid(raise_exception=True)
|
|
||||||
|
|
||||||
response_raw = outer_serializer.validated_data["response"]
|
|
||||||
response = msgpack_decode(response_raw)
|
|
||||||
signature = outer_serializer.validated_data["signature"]
|
|
||||||
|
|
||||||
context = {"host": request.get_host()}
|
|
||||||
serializer = AuthenticationLoginInnerSerializer(data=response, context=context)
|
|
||||||
serializer.is_valid(raise_exception=True)
|
|
||||||
|
|
||||||
bad_login_response = self.validate_login_request(
|
|
||||||
request, serializer.validated_data, response_raw, signature, "login"
|
|
||||||
)
|
|
||||||
if bad_login_response is not None:
|
|
||||||
return bad_login_response
|
|
||||||
|
|
||||||
username = serializer.validated_data.get("username")
|
|
||||||
user = self.get_login_user(username)
|
|
||||||
|
|
||||||
data = self.login_response_data(user)
|
|
||||||
|
|
||||||
user_logged_in.send(sender=user.__class__, request=request, user=user)
|
|
||||||
|
|
||||||
return Response(data, status=status.HTTP_200_OK)
|
|
||||||
|
|
||||||
@action_decorator(detail=False, methods=["POST"], permission_classes=[IsAuthenticated])
|
|
||||||
def logout(self, request, *args, **kwargs):
|
|
||||||
request.auth.delete()
|
|
||||||
user_logged_out.send(sender=request.user.__class__, request=request, user=request.user)
|
|
||||||
return Response(status=status.HTTP_204_NO_CONTENT)
|
|
||||||
|
|
||||||
@action_decorator(detail=False, methods=["POST"], permission_classes=BaseViewSet.permission_classes)
|
|
||||||
def change_password(self, request, *args, **kwargs):
|
|
||||||
outer_serializer = AuthenticationLoginSerializer(data=request.data)
|
|
||||||
outer_serializer.is_valid(raise_exception=True)
|
|
||||||
|
|
||||||
response_raw = outer_serializer.validated_data["response"]
|
|
||||||
response = msgpack_decode(response_raw)
|
|
||||||
signature = outer_serializer.validated_data["signature"]
|
|
||||||
|
|
||||||
context = {"host": request.get_host()}
|
|
||||||
serializer = AuthenticationChangePasswordInnerSerializer(request.user.userinfo, data=response, context=context)
|
|
||||||
serializer.is_valid(raise_exception=True)
|
|
||||||
|
|
||||||
bad_login_response = self.validate_login_request(
|
|
||||||
request, serializer.validated_data, response_raw, signature, "changePassword"
|
|
||||||
)
|
|
||||||
if bad_login_response is not None:
|
|
||||||
return bad_login_response
|
|
||||||
|
|
||||||
serializer.save()
|
|
||||||
|
|
||||||
return Response({}, status=status.HTTP_200_OK)
|
|
||||||
|
|
||||||
@action_decorator(detail=False, methods=["POST"], permission_classes=[IsAuthenticated])
|
|
||||||
def dashboard_url(self, request, *args, **kwargs):
|
|
||||||
get_dashboard_url = app_settings.DASHBOARD_URL_FUNC
|
|
||||||
if get_dashboard_url is None:
|
|
||||||
raise EtebaseValidationError(
|
|
||||||
"not_supported", "This server doesn't have a user dashboard.", status_code=status.HTTP_400_BAD_REQUEST
|
|
||||||
)
|
|
||||||
|
|
||||||
ret = {
|
|
||||||
"url": get_dashboard_url(request, *args, **kwargs),
|
|
||||||
}
|
|
||||||
return Response(ret)
|
|
||||||
|
|
||||||
|
|
||||||
class TestAuthenticationViewSet(viewsets.ViewSet):
|
|
||||||
allowed_methods = ["POST"]
|
|
||||||
renderer_classes = BaseViewSet.renderer_classes
|
|
||||||
parser_classes = BaseViewSet.parser_classes
|
|
||||||
|
|
||||||
def get_serializer_context(self):
|
|
||||||
return {"request": self.request, "format": self.format_kwarg, "view": self}
|
|
||||||
|
|
||||||
def list(self, request, *args, **kwargs):
|
|
||||||
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
|
|
||||||
|
|
||||||
@action_decorator(detail=False, methods=["POST"])
|
|
||||||
def reset(self, request, *args, **kwargs):
|
|
||||||
# Only run when in DEBUG mode! It's only used for tests
|
|
||||||
if not settings.DEBUG:
|
|
||||||
return HttpResponseBadRequest("Only allowed in debug mode.")
|
|
||||||
|
|
||||||
with transaction.atomic():
|
|
||||||
user_queryset = get_user_queryset(User.objects.all(), CallbackContext(self.kwargs))
|
|
||||||
user = get_object_or_404(user_queryset, username=request.data.get("user").get("username"))
|
|
||||||
|
|
||||||
# Only allow test users for extra safety
|
|
||||||
if not getattr(user, User.USERNAME_FIELD).startswith("test_user"):
|
|
||||||
return HttpResponseBadRequest("Endpoint not allowed for user.")
|
|
||||||
|
|
||||||
if hasattr(user, "userinfo"):
|
|
||||||
user.userinfo.delete()
|
|
||||||
|
|
||||||
serializer = AuthenticationSignupSerializer(data=request.data, context=self.get_serializer_context())
|
|
||||||
serializer.is_valid(raise_exception=True)
|
|
||||||
serializer.save()
|
|
||||||
|
|
||||||
# Delete all of the journal data for this user for a clear test env
|
|
||||||
user.collection_set.all().delete()
|
|
||||||
user.collectionmember_set.all().delete()
|
|
||||||
user.incoming_invitations.all().delete()
|
|
||||||
|
|
||||||
# FIXME: also delete chunk files!!!
|
|
||||||
|
|
||||||
return HttpResponse()
|
|
@ -18,16 +18,14 @@ from fastapi import APIRouter, Depends, status, Request
|
|||||||
from fastapi.security import APIKeyHeader
|
from fastapi.security import APIKeyHeader
|
||||||
|
|
||||||
from django_etebase import app_settings, models
|
from django_etebase import app_settings, models
|
||||||
from django_etebase.exceptions import EtebaseValidationError
|
|
||||||
from django_etebase.models import UserInfo
|
from django_etebase.models import UserInfo
|
||||||
from django_etebase.signals import user_signed_up
|
from django_etebase.signals import user_signed_up
|
||||||
from django_etebase.token_auth.models import AuthToken
|
from django_etebase.token_auth.models import AuthToken
|
||||||
from django_etebase.token_auth.models import get_default_expiry
|
from django_etebase.token_auth.models import get_default_expiry
|
||||||
from django_etebase.utils import create_user, get_user_queryset, CallbackContext
|
from django_etebase.utils import create_user, get_user_queryset, CallbackContext
|
||||||
from django_etebase.views import msgpack_encode, msgpack_decode
|
|
||||||
from .exceptions import AuthenticationFailed, transform_validation_error, HttpError
|
from .exceptions import AuthenticationFailed, transform_validation_error, HttpError
|
||||||
from .msgpack import MsgpackRoute
|
from .msgpack import MsgpackRoute
|
||||||
from .utils import BaseModel, permission_responses
|
from .utils import BaseModel, permission_responses, msgpack_encode, msgpack_decode
|
||||||
|
|
||||||
User = get_user_model()
|
User = get_user_model()
|
||||||
token_scheme = APIKeyHeader(name="Authorization")
|
token_scheme = APIKeyHeader(name="Authorization")
|
||||||
@ -293,7 +291,7 @@ def signup_save(data: SignupIn, request: Request) -> User:
|
|||||||
context=CallbackContext(request.path_params),
|
context=CallbackContext(request.path_params),
|
||||||
)
|
)
|
||||||
instance.full_clean()
|
instance.full_clean()
|
||||||
except EtebaseValidationError as e:
|
except HttpError as e:
|
||||||
raise e
|
raise e
|
||||||
except django_exceptions.ValidationError as e:
|
except django_exceptions.ValidationError as e:
|
||||||
transform_validation_error("user", e)
|
transform_validation_error("user", e)
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
import dataclasses
|
import dataclasses
|
||||||
import typing as t
|
import typing as t
|
||||||
|
import msgpack
|
||||||
|
|
||||||
from fastapi import status, Query, Depends
|
from fastapi import status, Query, Depends
|
||||||
from pydantic import BaseModel as PyBaseModel
|
from pydantic import BaseModel as PyBaseModel
|
||||||
@ -44,6 +45,14 @@ def is_collection_admin(collection, user):
|
|||||||
return (member is not None) and (member.accessLevel == AccessLevels.ADMIN)
|
return (member is not None) and (member.accessLevel == AccessLevels.ADMIN)
|
||||||
|
|
||||||
|
|
||||||
|
def msgpack_encode(content):
|
||||||
|
return msgpack.packb(content, use_bin_type=True)
|
||||||
|
|
||||||
|
|
||||||
|
def msgpack_decode(content):
|
||||||
|
return msgpack.unpackb(content, raw=False)
|
||||||
|
|
||||||
|
|
||||||
PERMISSIONS_READ = [Depends(x) for x in app_settings.API_PERMISSIONS_READ]
|
PERMISSIONS_READ = [Depends(x) for x in app_settings.API_PERMISSIONS_READ]
|
||||||
PERMISSIONS_READWRITE = PERMISSIONS_READ + [Depends(x) for x in app_settings.API_PERMISSIONS_WRITE]
|
PERMISSIONS_READWRITE = PERMISSIONS_READ + [Depends(x) for x in app_settings.API_PERMISSIONS_WRITE]
|
||||||
|
|
||||||
|
@ -53,8 +53,6 @@ INSTALLED_APPS = [
|
|||||||
"django.contrib.sessions",
|
"django.contrib.sessions",
|
||||||
"django.contrib.messages",
|
"django.contrib.messages",
|
||||||
"django.contrib.staticfiles",
|
"django.contrib.staticfiles",
|
||||||
"corsheaders",
|
|
||||||
"rest_framework",
|
|
||||||
"myauth.apps.MyauthConfig",
|
"myauth.apps.MyauthConfig",
|
||||||
"django_etebase.apps.DjangoEtebaseConfig",
|
"django_etebase.apps.DjangoEtebaseConfig",
|
||||||
"django_etebase.token_auth.apps.TokenAuthConfig",
|
"django_etebase.token_auth.apps.TokenAuthConfig",
|
||||||
@ -63,7 +61,6 @@ INSTALLED_APPS = [
|
|||||||
MIDDLEWARE = [
|
MIDDLEWARE = [
|
||||||
"django.middleware.security.SecurityMiddleware",
|
"django.middleware.security.SecurityMiddleware",
|
||||||
"django.contrib.sessions.middleware.SessionMiddleware",
|
"django.contrib.sessions.middleware.SessionMiddleware",
|
||||||
"corsheaders.middleware.CorsMiddleware",
|
|
||||||
"django.middleware.common.CommonMiddleware",
|
"django.middleware.common.CommonMiddleware",
|
||||||
"django.middleware.csrf.CsrfViewMiddleware",
|
"django.middleware.csrf.CsrfViewMiddleware",
|
||||||
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
"django.contrib.auth.middleware.AuthenticationMiddleware",
|
||||||
@ -124,9 +121,6 @@ USE_L10N = True
|
|||||||
|
|
||||||
USE_TZ = True
|
USE_TZ = True
|
||||||
|
|
||||||
# Cors
|
|
||||||
CORS_ORIGIN_ALLOW_ALL = True
|
|
||||||
|
|
||||||
# Static files (CSS, JavaScript, Images)
|
# Static files (CSS, JavaScript, Images)
|
||||||
# https://docs.djangoproject.com/en/3.0/howto/static-files/
|
# https://docs.djangoproject.com/en/3.0/howto/static-files/
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
import os
|
import os
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.conf.urls import include, url
|
from django.conf.urls import url
|
||||||
from django.contrib import admin
|
from django.contrib import admin
|
||||||
from django.urls import path, re_path
|
from django.urls import path, re_path
|
||||||
from django.views.generic import TemplateView
|
from django.views.generic import TemplateView
|
||||||
@ -9,15 +9,11 @@ from django.views.static import serve
|
|||||||
from django.contrib.staticfiles import finders
|
from django.contrib.staticfiles import finders
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
url(r"^api/", include("django_etebase.urls")),
|
|
||||||
url(r"^admin/", admin.site.urls),
|
url(r"^admin/", admin.site.urls),
|
||||||
path("", TemplateView.as_view(template_name="success.html")),
|
path("", TemplateView.as_view(template_name="success.html")),
|
||||||
]
|
]
|
||||||
|
|
||||||
if settings.DEBUG:
|
if settings.DEBUG:
|
||||||
urlpatterns += [
|
|
||||||
url(r"^api-auth/", include("rest_framework.urls", namespace="rest_framework")),
|
|
||||||
]
|
|
||||||
|
|
||||||
def serve_static(request, path):
|
def serve_static(request, path):
|
||||||
filename = finders.find(path)
|
filename = finders.find(path)
|
||||||
|
@ -1,9 +1,5 @@
|
|||||||
django
|
django
|
||||||
django-cors-headers
|
|
||||||
djangorestframework
|
|
||||||
drf-nested-routers
|
|
||||||
msgpack
|
msgpack
|
||||||
psycopg2-binary
|
|
||||||
pynacl
|
pynacl
|
||||||
fastapi
|
fastapi
|
||||||
uvicorn
|
uvicorn
|
@ -7,14 +7,10 @@
|
|||||||
asgiref==3.3.1 # via django
|
asgiref==3.3.1 # via django
|
||||||
cffi==1.14.4 # via pynacl
|
cffi==1.14.4 # via pynacl
|
||||||
click==7.1.2 # via uvicorn
|
click==7.1.2 # via uvicorn
|
||||||
django-cors-headers==3.6.0 # via -r requirements.in/base.txt
|
django==3.1.4 # via -r requirements.in/base.txt
|
||||||
django==3.1.4 # via -r requirements.in/base.txt, django-cors-headers, djangorestframework, drf-nested-routers
|
|
||||||
djangorestframework==3.12.2 # via -r requirements.in/base.txt, drf-nested-routers
|
|
||||||
drf-nested-routers==0.92.5 # via -r requirements.in/base.txt
|
|
||||||
fastapi==0.63.0 # via -r requirements.in/base.txt
|
fastapi==0.63.0 # via -r requirements.in/base.txt
|
||||||
h11==0.11.0 # via uvicorn
|
h11==0.11.0 # via uvicorn
|
||||||
msgpack==1.0.2 # via -r requirements.in/base.txt
|
msgpack==1.0.2 # via -r requirements.in/base.txt
|
||||||
psycopg2-binary==2.8.6 # via -r requirements.in/base.txt
|
|
||||||
pycparser==2.20 # via cffi
|
pycparser==2.20 # via cffi
|
||||||
pydantic==1.7.3 # via fastapi
|
pydantic==1.7.3 # via fastapi
|
||||||
pynacl==1.4.0 # via -r requirements.in/base.txt
|
pynacl==1.4.0 # via -r requirements.in/base.txt
|
||||||
|
Loading…
Reference in New Issue
Block a user