Hide door card list behind auth token
This commit is contained in:
		| @@ -317,6 +317,10 @@ class PingView(views.APIView): | |||||||
|  |  | ||||||
| class DoorViewSet(viewsets.ViewSet, List): | class DoorViewSet(viewsets.ViewSet, List): | ||||||
|     def list(self, request): |     def list(self, request): | ||||||
|  |         auth_token = request.META.get('HTTP_AUTHORIZATION', '') | ||||||
|  |         if auth_token != secrets.DOOR_API_TOKEN: | ||||||
|  |             raise exceptions.PermissionDenied() | ||||||
|  |  | ||||||
|         cards = models.Card.objects.filter(active_status='card_active') |         cards = models.Card.objects.filter(active_status='card_active') | ||||||
|         active_member_cards = {} |         active_member_cards = {} | ||||||
|  |  | ||||||
|   | |||||||
| @@ -27,6 +27,12 @@ LDAP_API_URL = '' | |||||||
| # spaceport/ldapserver/secrets.py | # spaceport/ldapserver/secrets.py | ||||||
| LDAP_API_KEY = '' | LDAP_API_KEY = '' | ||||||
|  |  | ||||||
|  | # Door cards API token | ||||||
|  | # Set this to random characters | ||||||
|  | # For example, use the output of this: | ||||||
|  | # head /dev/urandom | base32 | head -c 40 | ||||||
|  | DOOR_API_TOKEN = '' | ||||||
|  |  | ||||||
| # Backup API tokens | # Backup API tokens | ||||||
| # These tokens allow each user to download a backup of member data. | # These tokens allow each user to download a backup of member data. | ||||||
| # Don't mess up the data structure! | # Don't mess up the data structure! | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user