mirror of
https://github.com/eitchtee/WYGIWYH.git
synced 2026-07-04 20:11:45 +02:00
4273c541c5
- Personal API tokens (model, user-settings UI, admin, management command, DRF auth class) for non-interactive API access from automations like n8n. Raw token shown once; only a SHA-256 hash is stored; last_used_at writes are throttled. - OAuth2 authorization server via django-oauth-toolkit with authorization server metadata and optional, off-by-default Dynamic Client Registration (RFC 7591), so remote OAuth/MCP clients can authenticate and self-register. - Tests for token auth, DCR gating and the management commands, plus .env.example and README documentation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
37 lines
1.8 KiB
Python
37 lines
1.8 KiB
Python
# Generated by Django 5.2.15 on 2026-06-24 09:21
|
|
|
|
import django.db.models.deletion
|
|
from django.conf import settings
|
|
from django.db import migrations, models
|
|
|
|
|
|
class Migration(migrations.Migration):
|
|
|
|
dependencies = [
|
|
('users', '0025_alter_usersettings_default_account'),
|
|
]
|
|
|
|
operations = [
|
|
migrations.CreateModel(
|
|
name='APIToken',
|
|
fields=[
|
|
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
|
|
('name', models.CharField(max_length=255, verbose_name='Name')),
|
|
('token_key', models.CharField(db_index=True, max_length=16, unique=True, verbose_name='Token key')),
|
|
('token_hash', models.CharField(max_length=255, verbose_name='Token hash')),
|
|
('last_used_at', models.DateTimeField(blank=True, null=True, verbose_name='Last used at')),
|
|
('expires_at', models.DateTimeField(blank=True, null=True, verbose_name='Expires at')),
|
|
('revoked_at', models.DateTimeField(blank=True, null=True, verbose_name='Revoked at')),
|
|
('created_at', models.DateTimeField(auto_now_add=True, verbose_name='Created at')),
|
|
('updated_at', models.DateTimeField(auto_now=True, verbose_name='Updated at')),
|
|
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='api_tokens', to=settings.AUTH_USER_MODEL, verbose_name='User')),
|
|
],
|
|
options={
|
|
'verbose_name': 'API token',
|
|
'verbose_name_plural': 'API tokens',
|
|
'ordering': ['-created_at'],
|
|
'indexes': [models.Index(fields=['user', 'revoked_at'], name='users_apito_user_id_73edec_idx'), models.Index(fields=['expires_at'], name='users_apito_expires_2b737c_idx')],
|
|
},
|
|
),
|
|
]
|