Protospace lockout authorization server
Provides an API to the web client and web server to serve tool data and authenticate users on tools.
Setup
$ virtualenv -p python3 env
$ . env/bin/activate
(env) $ pip install -r requirements.txt
(env) $ python manage.py migrate --run-syncdb
(env) $ python manage.py createsuperuser --email admin@example.com --username admin
(env) $ python manage.py runserver
API
The API is RESTful and returns hyperlinked json data. URLs require a trailing slash.
Authentication
Authentication is token-based and done against the Protospace member portal. Upon successful login, the auth server will automatically register the user and create them a profile.
POST /login/
POST data username and password. Upon successful login, a 200 status and a token will be returned.
Example request:
curl -d username=tanner.collin -d password=supersecret http://tools-auth.protospace.ca/login/
Example response:
{
    "token": "9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b"
}
In subsequent requests, the token key should be included in the Authorization HTTP header. The key should be prefixed by the string literal "Token", with whitespace separating the two strings. For example:
Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b
For anonymous users
GET /tooldata/
Returns all the info about the shop and its tools. Tools are split into categories.
Example response:
{
    "categories": [
        {
            "url": "http://127.0.0.1:8000/category/wood-shop/",
            "tools": [
                {
                    "url": "http://127.0.0.1:8000/tool/table-saw/",
                    "category": "http://127.0.0.1:8000/category/wood-shop/",
                    "name": "Table Saw",
                    "slug": "table-saw",
                    "info": "scary tool",
                    "wiki_id": 123,
                    "photo": "http://127.0.0.1:8000/media/floodgf.jpg"
                },
                {
                    "url": "http://127.0.0.1:8000/tool/jointer/",
                    "category": "http://127.0.0.1:8000/category/wood-shop/",
                    "name": "Jointer",
                    "slug": "jointer",
                    "info": "goes buzz buzz",
                    "wiki_id": 1,
                    "photo": "http://127.0.0.1:8000/media/uq4ldzsp4bu01.jpg"
                }
            ],
            "name": "Wood Shop",
            "slug": "wood-shop",
            "info": "protospace wood shop",
            "photo": "http://127.0.0.1:8000/media/photo_2018-05-06_13-26-59.jpg"
        },
        {
            "url": "http://127.0.0.1:8000/category/metal-shop/",
            "tools": [
                {
                    "url": "http://127.0.0.1:8000/tool/metal-lathe/",
                    "category": "http://127.0.0.1:8000/category/metal-shop/",
                    "name": "Metal Lathe",
                    "slug": "metal-lathe",
                    "info": "spins fast",
                    "wiki_id": 42,
                    "photo": "http://127.0.0.1:8000/media/intro-metal-shop-vali-steele-97.jpeg"
                }
            ],
            "name": "Metal Shop",
            "slug": "metal-shop",
            "info": "protospace metal shop",
            "photo": "http://127.0.0.1:8000/media/photo_2018-05-08_17-57-02.jpg"
        }
    ]
}
For authenticated users
GET /user/
Returns info about the logged in user, including which tools they are authorized on. Note the top-level array (a quirk of django-rest-framework).
Example response:
[
    {
        "username": "admin",
        "profile": {
            "url": "http://127.0.0.1:8000/profile/1/",
            "user": "admin",
            "authorized_tools": [
                "table-saw",
                "jointer"
            ],
            "lockout_admin": true
        }
    }
]
For lockout admins
Ensure images are square and 1280x1280 px large. Slugs should be lowercase and one word (replace spaces with hyphens).
GET, POST /tool/
Get a list of tools, or post a new tool to the database.
GET, PUT, DELETE /tool/[slug]/
Get a specific tool, modify or delete an existing one.
GET, POST /category/
Get a list of categories, or post a new category to the database.
GET, PUT, DELETE /category/[slug]/
Get a specific category, modify or delete an existing one.
Note: you can only delete a category that has no tools.
GET /profile/
Get a list of all profiles.
GET, PUT /profile/[id]/
Get a specific profile, or modify an existing one.
Here you can authorize users on tools or make them another lockout admin.