From 431879aea8fcc7e287a14258c120c381f37d6596 Mon Sep 17 00:00:00 2001
From: Kumi <git@kumi.email>
Date: Sun, 23 Jun 2024 15:10:44 +0200
Subject: [PATCH] feat(api): add token management and serializer endpoints

Introduced endpoints for generating and managing API tokens,
enabling users to manage and regenerate their tokens via a
web interface. Added Django forms and templates to support
these functionalities.

Enhanced REST API with new endpoints for creating, updating,
and retrieving identifiers and suffixes, and included necessary
serializers.

Updated settings to include Django REST framework and token
authentication.
---
 freedoi/accounts/forms.py                     |  5 +-
 .../templates/accounts/generate_token.html    | 12 +++
 .../templates/accounts/manage_tokens.html     | 12 +++
 freedoi/accounts/urls.py                      | 14 +++-
 freedoi/accounts/views.py                     | 46 +++++++++++-
 freedoi/resolver/serializers.py               | 23 ++++++
 freedoi/resolver/templates/base_generic.html  | 69 +++++++++---------
 freedoi/resolver/urls.py                      | 36 +++++++++
 freedoi/resolver/views.py                     | 73 +++++++++++++++++++
 freedoi/settings.py                           | 16 +++-
 10 files changed, 266 insertions(+), 40 deletions(-)
 create mode 100644 freedoi/accounts/templates/accounts/generate_token.html
 create mode 100644 freedoi/accounts/templates/accounts/manage_tokens.html
 create mode 100644 freedoi/resolver/serializers.py

diff --git a/freedoi/accounts/forms.py b/freedoi/accounts/forms.py
index 26a01b8..b5dce1a 100644
--- a/freedoi/accounts/forms.py
+++ b/freedoi/accounts/forms.py
@@ -1,4 +1,7 @@
 from django import forms
 
 class EmailForm(forms.Form):
-    email = forms.EmailField()
\ No newline at end of file
+    email = forms.EmailField()
+
+class GenerateTokenForm(forms.Form):
+    pass
\ No newline at end of file
diff --git a/freedoi/accounts/templates/accounts/generate_token.html b/freedoi/accounts/templates/accounts/generate_token.html
new file mode 100644
index 0000000..ac93351
--- /dev/null
+++ b/freedoi/accounts/templates/accounts/generate_token.html
@@ -0,0 +1,12 @@
+{% extends "base_generic.html" %}
+{% block title %}Generate API Token{% endblock title %}
+{% block content %}
+    <div class="container mt-5">
+        <h1>Generate API Token</h1>
+        <form method="post">
+            {% csrf_token %}
+            {{ form.as_p }}
+            <button type="submit" class="btn btn-primary">Generate Token</button>
+        </form>
+    </div>
+{% endblock content %}
diff --git a/freedoi/accounts/templates/accounts/manage_tokens.html b/freedoi/accounts/templates/accounts/manage_tokens.html
new file mode 100644
index 0000000..c3ab136
--- /dev/null
+++ b/freedoi/accounts/templates/accounts/manage_tokens.html
@@ -0,0 +1,12 @@
+{% extends "base_generic.html" %}
+{% block title %}
+    Manage API Tokens
+{% endblock title %}
+{% block content %}
+    <div class="container mt-5">
+        <h1>Manage API Tokens</h1>
+        <p>Your API token:</p>
+        <div class="alert alert-info" role="alert">{{ token.key }}</div>
+        <a class="btn btn-primary" href="{% url 'generate_token' %}">Regenerate Token</a>
+    </div>
+{% endblock content %}
diff --git a/freedoi/accounts/urls.py b/freedoi/accounts/urls.py
index ba0bdaa..6b17a6d 100644
--- a/freedoi/accounts/urls.py
+++ b/freedoi/accounts/urls.py
@@ -1,6 +1,14 @@
 from django.urls import path
 from django.views.generic import TemplateView
-from .views import SendLoginEmailView, LoginView, LogoutView
+from .views import (
+    SendLoginEmailView,
+    LoginView,
+    LogoutView,
+    APICustomObtainAuthToken,
+    APIGenerateTokenView,
+    GenerateTokenView,
+    ManageTokensView,
+)
 
 urlpatterns = [
     path("login/<uidb64>/<token>/", LoginView.as_view(), name="login"),
@@ -15,4 +23,8 @@ urlpatterns = [
         TemplateView.as_view(template_name="accounts/email_sent.html"),
         name="email_sent",
     ),
+    path("api/token-auth/", APICustomObtainAuthToken.as_view(), name="api_token_auth"),
+    path("api/generate-token/", APIGenerateTokenView.as_view(), name="generate_token"),
+    path("generate-token/", GenerateTokenView.as_view(), name="generate_token"),
+    path("manage-tokens/", ManageTokensView.as_view(), name="manage_tokens"),
 ]
diff --git a/freedoi/accounts/views.py b/freedoi/accounts/views.py
index 9b1d933..98ecdca 100644
--- a/freedoi/accounts/views.py
+++ b/freedoi/accounts/views.py
@@ -3,11 +3,19 @@ from django.core.mail import send_mail
 from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode
 from django.utils.encoding import force_bytes, force_str
 from django.http import HttpResponse
-from django.shortcuts import redirect
+from django.shortcuts import redirect, render
 from django.views.generic import FormView, View
 from django.contrib.auth.tokens import default_token_generator
 from django.contrib.auth import logout
-from .forms import EmailForm
+from django.contrib.auth.mixins import LoginRequiredMixin
+
+from rest_framework.authtoken.models import Token
+from rest_framework.authtoken.views import ObtainAuthToken
+from rest_framework.response import Response
+from rest_framework.views import APIView
+from rest_framework.permissions import IsAuthenticated
+
+from .forms import EmailForm, GenerateTokenForm
 
 User = get_user_model()
 
@@ -53,4 +61,36 @@ class LoginView(View):
 class LogoutView(View):
     def get(self, request):
         logout(request)
-        return redirect("home")
\ No newline at end of file
+        return redirect("home")
+
+
+class APICustomObtainAuthToken(ObtainAuthToken):
+    def post(self, request, *args, **kwargs):
+        response = super().post(request, *args, **kwargs)
+        token, created = Token.objects.get_or_create(user=request.user)
+        return Response({"token": token.key})
+
+
+class APIGenerateTokenView(APIView):
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request, *args, **kwargs):
+        token, created = Token.objects.get_or_create(user=request.user)
+        return Response({"token": token.key})
+
+class GenerateTokenView(LoginRequiredMixin, View):
+    def get(self, request):
+        form = GenerateTokenForm()
+        return render(request, 'accounts/generate_token.html', {'form': form})
+
+    def post(self, request):
+        form = GenerateTokenForm(request.POST)
+        if form.is_valid():
+            token, created = Token.objects.get_or_create(user=request.user)
+            return redirect('manage_tokens')
+        return render(request, 'accounts/generate_token.html', {'form': form})
+
+class ManageTokensView(LoginRequiredMixin, View):
+    def get(self, request):
+        token, created = Token.objects.get_or_create(user=request.user)
+        return render(request, 'accounts/manage_tokens.html', {'token': token})
\ No newline at end of file
diff --git a/freedoi/resolver/serializers.py b/freedoi/resolver/serializers.py
new file mode 100644
index 0000000..45a70a8
--- /dev/null
+++ b/freedoi/resolver/serializers.py
@@ -0,0 +1,23 @@
+from rest_framework import serializers
+from .models import Suffix, Identifier
+
+
+class SuffixSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Suffix
+        fields = [
+            "id",
+            "name",
+            "suffix",
+            "prefix",
+            "description",
+            "approved",
+            "type",
+            "remote_resolver",
+        ]
+
+
+class IdentifierSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Identifier
+        fields = ["id", "suffix", "identifier", "target_url"]
diff --git a/freedoi/resolver/templates/base_generic.html b/freedoi/resolver/templates/base_generic.html
index f68899f..550f223 100644
--- a/freedoi/resolver/templates/base_generic.html
+++ b/freedoi/resolver/templates/base_generic.html
@@ -3,11 +3,11 @@
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>{% block title %}FreeDOI{% endblock %}</title>
-    <link
-      rel="stylesheet"
-      href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"
-    />
+    <title>
+      {% block title %}FreeDOI{% endblock title %}
+    </title>
+    <link rel="stylesheet"
+          href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css" />
     <style>
       body {
         padding-top: 56px;
@@ -18,46 +18,47 @@
     <nav class="navbar navbar-expand-lg navbar-dark bg-dark fixed-top">
       <div class="container">
         <a class="navbar-brand" href="{% url 'home' %}">FreeDOI</a>
-        <button
-          class="navbar-toggler"
-          type="button"
-          data-toggle="collapse"
-          data-target="#navbarResponsive"
-          aria-controls="navbarResponsive"
-          aria-expanded="false"
-          aria-label="Toggle navigation"
-        >
+        <button class="navbar-toggler"
+                type="button"
+                data-toggle="collapse"
+                data-target="#navbarResponsive"
+                aria-controls="navbarResponsive"
+                aria-expanded="false"
+                aria-label="Toggle navigation">
           <span class="navbar-toggler-icon"></span>
         </button>
         <div class="collapse navbar-collapse" id="navbarResponsive">
           <ul class="navbar-nav ml-auto">
             {% if user.is_authenticated %}
-            {% if user.is_superuser or user.prefixes.exists %}
-            <li class="nav-item">
-              <a class="nav-link" href="{% url 'prefix_list' %}">Your Prefixes</a>
-            </li>
-            {% endif %}
-            <li class="nav-item">
-              <a class="nav-link" href="{% url 'suffix_list' %}">Your Suffixes</a>
-            </li>
+              {% if user.is_superuser or user.prefixes.exists %}
+                <li class="nav-item">
+                  <a class="nav-link" href="{% url 'prefix_list' %}">Your Prefixes</a>
+                </li>
+              {% endif %}
+              <li class="nav-item">
+                <a class="nav-link" href="{% url 'suffix_list' %}">Your Suffixes</a>
+              </li>
+              <li class="nav-item">
+                <a class="nav-link" href="{% url 'manage_tokens' %}">API Tokens</a>
+              </li>
             </li>
             <li class="nav-item">
               <a class="nav-link" href="{% url 'logout' %}">Logout</a>
             </li>
-            {% else %}
+          {% else %}
             <li class="nav-item">
               <a class="nav-link" href="{% url 'login' %}">Login / Register</a>
             </li>
-            {% endif %}
-          </ul>
-        </div>
+          {% endif %}
+        </ul>
       </div>
-    </nav>
-
-    <div class="container">{% block content %} {% endblock %}</div>
-
-    <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>
-    <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.5.4/dist/umd/popper.min.js"></script>
-    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
-  </body>
+    </div>
+  </nav>
+  <div class="container">
+    {% block content %}{% endblock content %}
+  </div>
+  <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>
+  <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.5.4/dist/umd/popper.min.js"></script>
+  <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
+</body>
 </html>
diff --git a/freedoi/resolver/urls.py b/freedoi/resolver/urls.py
index ec910d5..020b06b 100644
--- a/freedoi/resolver/urls.py
+++ b/freedoi/resolver/urls.py
@@ -20,6 +20,12 @@ from .views import (
     PermissionCreateView,
     PendingSuffixesListView,
     SuffixApprovalView,
+    APIIdentifierCreateView,
+    APIIdentifierUpdateView,
+    APIIdentifierDetailView,
+    APIOwnedIdentifiersListView,
+    APIOwnedSuffixesListView,
+    APISuffixDetailView,
 )
 
 urlpatterns = [
@@ -73,4 +79,34 @@ urlpatterns = [
         SuffixApprovalView.as_view(),
         name="suffix_approval",
     ),
+    path(
+        "api/identifiers/create/",
+        APIIdentifierCreateView.as_view(),
+        name="api_identifier_create",
+    ),
+    path(
+        "api/identifiers/<int:pk>/update/",
+        APIIdentifierUpdateView.as_view(),
+        name="api_identifier_update",
+    ),
+    path(
+        "api/suffixes/",
+        APIOwnedSuffixesListView.as_view(),
+        name="api_owned_suffixes_list",
+    ),
+    path(
+        "api/suffixes/<int:pk>/",
+        APISuffixDetailView.as_view(),
+        name="api_suffix_detail",
+    ),
+    path(
+        "api/identifiers/",
+        APIOwnedIdentifiersListView.as_view(),
+        name="api_owned_identifiers_list",
+    ),
+    path(
+        "api/identifiers/<int:pk>/",
+        APIIdentifierDetailView.as_view(),
+        name="api_identifier_detail",
+    ),
 ]
diff --git a/freedoi/resolver/views.py b/freedoi/resolver/views.py
index 75533c3..dff9f02 100644
--- a/freedoi/resolver/views.py
+++ b/freedoi/resolver/views.py
@@ -10,6 +10,9 @@ from django.views.generic import (
 )
 from django.shortcuts import get_object_or_404, redirect
 from django.http import HttpResponseBadRequest, Http404
+from rest_framework import generics, permissions
+from rest_framework.exceptions import PermissionDenied
+from .serializers import SuffixSerializer, IdentifierSerializer
 from .models import Prefix, Suffix, Identifier, Permission
 from .forms import (
     PrefixForm,
@@ -303,3 +306,73 @@ class PermissionCreateView(LoginRequiredMixin, CreateView):
 
 class HomeView(TemplateView):
     template_name = "resolver/home.html"
+
+
+class APIIdentifierCreateView(generics.CreateAPIView):
+    queryset = Identifier.objects.all()
+    serializer_class = IdentifierSerializer
+    permission_classes = [permissions.IsAuthenticated]
+
+    def perform_create(self, serializer):
+        suffix = serializer.validated_data["suffix"]
+        if suffix.owner != self.request.user:
+            raise PermissionDenied(
+                "You do not have permission to create identifiers for this suffix."
+            )
+        serializer.save()
+
+
+class APIIdentifierUpdateView(generics.UpdateAPIView):
+    queryset = Identifier.objects.all()
+    serializer_class = IdentifierSerializer
+    permission_classes = [permissions.IsAuthenticated]
+
+    def perform_update(self, serializer):
+        identifier = self.get_object()
+        if identifier.suffix.owner != self.request.user:
+            raise PermissionDenied(
+                "You do not have permission to update identifiers for this suffix."
+            )
+        serializer.save()
+
+
+class APIOwnedSuffixesListView(generics.ListAPIView):
+    serializer_class = SuffixSerializer
+    permission_classes = [permissions.IsAuthenticated]
+
+    def get_queryset(self):
+        return Suffix.objects.filter(owner=self.request.user)
+
+
+class APISuffixDetailView(generics.RetrieveAPIView):
+    queryset = Suffix.objects.all()
+    serializer_class = SuffixSerializer
+    permission_classes = [permissions.IsAuthenticated]
+
+    def get_object(self):
+        suffix = super().get_object()
+        if suffix.owner != self.request.user:
+            raise PermissionDenied("You do not have permission to view this suffix.")
+        return suffix
+
+
+class APIOwnedIdentifiersListView(generics.ListAPIView):
+    serializer_class = IdentifierSerializer
+    permission_classes = [permissions.IsAuthenticated]
+
+    def get_queryset(self):
+        return Identifier.objects.filter(suffix__owner=self.request.user)
+
+
+class APIIdentifierDetailView(generics.RetrieveAPIView):
+    queryset = Identifier.objects.all()
+    serializer_class = IdentifierSerializer
+    permission_classes = [permissions.IsAuthenticated]
+
+    def get_object(self):
+        identifier = super().get_object()
+        if identifier.suffix.owner != self.request.user:
+            raise PermissionDenied(
+                "You do not have permission to view this identifier."
+            )
+        return identifier
diff --git a/freedoi/settings.py b/freedoi/settings.py
index 8fd6ba6..094ae70 100644
--- a/freedoi/settings.py
+++ b/freedoi/settings.py
@@ -34,6 +34,8 @@ INSTALLED_APPS = [
     "two_factor",
     "crispy_forms",
     "crispy_bootstrap5",
+    "rest_framework",
+    "rest_framework.authtoken",
 ]
 
 MIDDLEWARE = [
@@ -152,4 +154,16 @@ DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
 
 # Crispy Forms
 
-CRISPY_TEMPLATE_PACK = "bootstrap5"
\ No newline at end of file
+CRISPY_TEMPLATE_PACK = "bootstrap5"
+
+# REST Framework
+
+REST_FRAMEWORK = {
+    "DEFAULT_AUTHENTICATION_CLASSES": [
+        "rest_framework.authentication.TokenAuthentication",
+        "rest_framework.authentication.SessionAuthentication",
+    ],
+    "DEFAULT_PERMISSION_CLASSES": [
+        "rest_framework.permissions.IsAuthenticated",
+    ],
+}