mirror of
https://github.com/eitchtee/WYGIWYH.git
synced 2026-07-10 06:42:49 +02:00
feat: disable oauth and token creation while on demo mode
This commit is contained in:
+25
-3
@@ -22,10 +22,29 @@ from drf_spectacular.views import (
|
|||||||
SpectacularSwaggerView,
|
SpectacularSwaggerView,
|
||||||
)
|
)
|
||||||
from allauth.socialaccount.providers.openid_connect.views import login, callback
|
from allauth.socialaccount.providers.openid_connect.views import login, callback
|
||||||
|
from apps.common.decorators.demo import disabled_on_demo
|
||||||
from apps.common.oauth_views import (
|
from apps.common.oauth_views import (
|
||||||
authorization_server_metadata,
|
authorization_server_metadata,
|
||||||
dynamic_client_registration,
|
dynamic_client_registration,
|
||||||
)
|
)
|
||||||
|
from oauth2_provider import urls as _dot_urls
|
||||||
|
|
||||||
|
|
||||||
|
def _decorate_included(patterns, decorator):
|
||||||
|
"""Apply ``decorator`` to every view callback inside an included URLconf.
|
||||||
|
|
||||||
|
django.urls does not support decorating ``include()`` directly, so we wrap
|
||||||
|
each URLPattern's callback here. The OAuth2 endpoints issue credentials, so
|
||||||
|
gate them behind the same DEMO-mode guard used elsewhere.
|
||||||
|
"""
|
||||||
|
wrapped = []
|
||||||
|
for pattern in patterns:
|
||||||
|
pattern.callback = decorator(pattern.callback)
|
||||||
|
wrapped.append(pattern)
|
||||||
|
return wrapped
|
||||||
|
|
||||||
|
|
||||||
|
_oauth_patterns = _decorate_included(_dot_urls.urlpatterns, disabled_on_demo)
|
||||||
|
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
@@ -43,15 +62,18 @@ urlpatterns = [
|
|||||||
name="swagger-ui",
|
name="swagger-ui",
|
||||||
),
|
),
|
||||||
path("auth/", include("allauth.urls")), # allauth urls
|
path("auth/", include("allauth.urls")), # allauth urls
|
||||||
path("oauth/", include("oauth2_provider.urls", namespace="oauth2_provider")),
|
path(
|
||||||
|
"oauth/",
|
||||||
|
include((_oauth_patterns, _dot_urls.app_name), namespace="oauth2_provider"),
|
||||||
|
),
|
||||||
path(
|
path(
|
||||||
".well-known/oauth-authorization-server",
|
".well-known/oauth-authorization-server",
|
||||||
authorization_server_metadata,
|
disabled_on_demo(authorization_server_metadata),
|
||||||
name="oauth-authorization-server-metadata",
|
name="oauth-authorization-server-metadata",
|
||||||
),
|
),
|
||||||
path(
|
path(
|
||||||
"oauth/register/",
|
"oauth/register/",
|
||||||
dynamic_client_registration,
|
disabled_on_demo(dynamic_client_registration),
|
||||||
name="oauth-dynamic-client-registration",
|
name="oauth-dynamic-client-registration",
|
||||||
),
|
),
|
||||||
# path("auth/oidc/<str:provider_id>/login/", login, name="openid_connect_login"),
|
# path("auth/oidc/<str:provider_id>/login/", login, name="openid_connect_login"),
|
||||||
|
|||||||
@@ -139,6 +139,7 @@ def _render_api_tokens(request, *, form=None, raw_token=None):
|
|||||||
|
|
||||||
@only_htmx
|
@only_htmx
|
||||||
@htmx_login_required
|
@htmx_login_required
|
||||||
|
@disabled_on_demo
|
||||||
@require_http_methods(["POST"])
|
@require_http_methods(["POST"])
|
||||||
def api_token_add(request):
|
def api_token_add(request):
|
||||||
form = APITokenCreateForm(request.POST)
|
form = APITokenCreateForm(request.POST)
|
||||||
@@ -156,6 +157,7 @@ def api_token_add(request):
|
|||||||
|
|
||||||
@only_htmx
|
@only_htmx
|
||||||
@htmx_login_required
|
@htmx_login_required
|
||||||
|
@disabled_on_demo
|
||||||
@require_http_methods(["DELETE"])
|
@require_http_methods(["DELETE"])
|
||||||
def api_token_revoke(request, token_id):
|
def api_token_revoke(request, token_id):
|
||||||
token = get_object_or_404(APIToken, id=token_id, user=request.user)
|
token = get_object_or_404(APIToken, id=token_id, user=request.user)
|
||||||
|
|||||||
Reference in New Issue
Block a user