www-bocal/api/views.py

import datetime
import json

from django.core.exceptions import ValidationError
from django.http import response
from django.views.decorators.csrf import csrf_exempt

import mainsite.models as mainModels

from . import models


def authentify(data, payload):
    """returns whether the request's authentification is correct"""
    required = ["keyId", "timestamp", "hmac"]
    for field in required:
        if field not in data:
            return response.HttpResponseForbidden(
                'Missing required field "{}"'.format(field)
            )
    try:
        key = models.ApiKey.objects.get(id=data["keyId"])
    except models.ApiKey.DoesNotExist:
        return response.HttpResponseForbidden("Bad authentication")

    if not key.isCorrect(data["timestamp"], data["hmac"], payload):
        return response.HttpResponseForbidden("Bad authentication")


def apiView(required=[]):
    def decorator(fct):
        @csrf_exempt
        def wrap(request, *args, **kwargs):
            try:
                data = json.loads(request.body.decode("utf-8"))
            except TypeError:
                return response.HttpResponseBadRequest("Bad packet format")
            except json.decoder.JSONDecodeError:
                return response.HttpResponseBadRequest("Bad json")

            try:
                authData = data["auth"]
                reqDataOrig = data["req"]
            except KeyError:
                return response.HttpResponseBadRequest("Bad request format")

            try:
                reqData = json.loads(reqDataOrig)
            except TypeError:
                return response.HttpResponseBadRequest("Bad packet format")
            except json.decoder.JSONDecodeError:
                return response.HttpResponseBadRequest("Bad inner json")

            for field in required:
                if field not in reqData:
                    return response.HttpResponseBadRequest(
                        "Missing field {}".format(field)
                    )

            authVal = authentify(authData, reqDataOrig)
            if authVal is not None:
                return authVal

            return fct(request, reqData, *args, **kwargs)

        return wrap

    return decorator


@apiView(required=["id", "url", "date"])
def publishApiView(request, data):
    """Publish a BOcal, and create the corresponding year if needed"""
    if mainModels.Publication.objects.filter(num=data["id"]).count() > 0:
        return response.HttpResponseBadRequest(
            "Un BOcal du même numéro est déjà présent ! Ajoutez celui-ci à la "
            "main si vous voulez vraiment faire ça."
        )

    try:
        year, month, day = [int(x) for x in data["date"].split("-")]
        date = datetime.date(year, month, day)
    except Exception:
        return response.HttpResponseBadRequest("Bad date")

    pub = mainModels.Publication(num=data["id"], url=data["url"], date=date)
    try:
        pub.full_clean()
    except ValidationError as e:
        return response.HttpResponseBadRequest("Invalid data: {}".format(e))
    pub.save()

    pub.createPubYear()

    return response.HttpResponse("OK")
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`import datetime`
			`import json`

Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00			`from django.core.exceptions import ValidationError`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`from django.http import response`
Fix publish API, add basic client 2017-09-24 18:20:10 +02:00			`from django.views.decorators.csrf import csrf_exempt`
Init api 2017-09-23 21:40:45 +02:00
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00			`import mainsite.models as mainModels`

chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`from . import models`

Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00
Fix publish API, add basic client 2017-09-24 18:20:10 +02:00			`def authentify(data, payload):`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`"""returns whether the request's authentification is correct"""`
			`required = ["keyId", "timestamp", "hmac"]`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00			`for field in required:`
			`if field not in data:`
			`return response.HttpResponseForbidden(`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`'Missing required field "{}"'.format(field)`
			`)`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00			`try:`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`key = models.ApiKey.objects.get(id=data["keyId"])`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00			`except models.ApiKey.DoesNotExist:`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`return response.HttpResponseForbidden("Bad authentication")`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`if not key.isCorrect(data["timestamp"], data["hmac"], payload):`
			`return response.HttpResponseForbidden("Bad authentication")`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00

Fix publish API, add basic client 2017-09-24 18:20:10 +02:00			`def apiView(required=[]):`
			`def decorator(fct):`
			`@csrf_exempt`
			`def wrap(request, args, *kwargs):`
			`try:`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`data = json.loads(request.body.decode("utf-8"))`
Change API protocol to fix json normalization A dictionnary's order is not deterministic (eg. when switching python versions), thus the previous protocol would often fail to authenticate a legitimate request. 2017-10-16 20:02:36 +02:00			`except TypeError:`
			`return response.HttpResponseBadRequest("Bad packet format")`
			`except json.decoder.JSONDecodeError:`
Fix publish API, add basic client 2017-09-24 18:20:10 +02:00			`return response.HttpResponseBadRequest("Bad json")`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00
Fix publish API, add basic client 2017-09-24 18:20:10 +02:00			`try:`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`authData = data["auth"]`
			`reqDataOrig = data["req"]`
Fix publish API, add basic client 2017-09-24 18:20:10 +02:00			`except KeyError:`
			`return response.HttpResponseBadRequest("Bad request format")`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00
Change API protocol to fix json normalization A dictionnary's order is not deterministic (eg. when switching python versions), thus the previous protocol would often fail to authenticate a legitimate request. 2017-10-16 20:02:36 +02:00			`try:`
			`reqData = json.loads(reqDataOrig)`
			`except TypeError:`
			`return response.HttpResponseBadRequest("Bad packet format")`
			`except json.decoder.JSONDecodeError:`
			`return response.HttpResponseBadRequest("Bad inner json")`

Fix publish API, add basic client 2017-09-24 18:20:10 +02:00			`for field in required:`
			`if field not in reqData:`
			`return response.HttpResponseBadRequest(`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`"Missing field {}".format(field)`
			`)`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00
Change API protocol to fix json normalization A dictionnary's order is not deterministic (eg. when switching python versions), thus the previous protocol would often fail to authenticate a legitimate request. 2017-10-16 20:02:36 +02:00			`authVal = authentify(authData, reqDataOrig)`
Fix publish API, add basic client 2017-09-24 18:20:10 +02:00			`if authVal is not None:`
			`return authVal`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00
Fix publish API, add basic client 2017-09-24 18:20:10 +02:00			`return fct(request, reqData, args, *kwargs)`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00
Fix publish API, add basic client 2017-09-24 18:20:10 +02:00			`return wrap`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00
Fix publish API, add basic client 2017-09-24 18:20:10 +02:00			`return decorator`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00

			`@apiView(required=["id", "url", "date"])`
			`def publishApiView(request, data):`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`"""Publish a BOcal, and create the corresponding year if needed"""`
			`if mainModels.Publication.objects.filter(num=data["id"]).count() > 0:`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00			`return response.HttpResponseBadRequest(`
			`"Un BOcal du même numéro est déjà présent ! Ajoutez celui-ci à la "`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`"main si vous voulez vraiment faire ça."`
			`)`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00
			`try:`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`year, month, day = [int(x) for x in data["date"].split("-")]`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00			`date = datetime.date(year, month, day)`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`except Exception:`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00			`return response.HttpResponseBadRequest("Bad date")`

chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`pub = mainModels.Publication(num=data["id"], url=data["url"], date=date)`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00			`try:`
			`pub.full_clean()`
			`except ValidationError as e:`
chore: Run formatters and fix lint errors 2024-10-23 11:06:57 +02:00			`return response.HttpResponseBadRequest("Invalid data: {}".format(e))`
Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00			`pub.save()`

Create PublicationYear on API request Closes #3 2017-09-24 18:41:31 +02:00			`pub.createPubYear()`

Add API publish view [UNTESTED] 2017-09-24 00:42:36 +02:00			`return response.HttpResponse("OK")`