tanner/spaceport
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Hide door card list behind auth token

Browse Source
This commit is contained in:
Tanner Collin 2020-02-27 22:44:55 +00:00
parent ecefa479ee
commit f82c7e4a73
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apiserver/apiserver/api/views.py
View File

@ -317,6 +317,10 @@ class PingView(views.APIView):
class DoorViewSet(viewsets.ViewSet, List): class DoorViewSet(viewsets.ViewSet, List):
def list(self, request): def list(self, request):
auth_token = request.META.get('HTTP_AUTHORIZATION', '')
if auth_token != secrets.DOOR_API_TOKEN:
raise exceptions.PermissionDenied()
cards = models.Card.objects.filter(active_status='card_active') cards = models.Card.objects.filter(active_status='card_active')
active_member_cards = {} active_member_cards = {}

6
apiserver/apiserver/secrets.py.example
View File

@ -27,6 +27,12 @@ LDAP_API_URL = ''
# spaceport/ldapserver/secrets.py # spaceport/ldapserver/secrets.py
LDAP_API_KEY = '' LDAP_API_KEY = ''
# Door cards API token
# Set this to random characters
# For example, use the output of this:
# head /dev/urandom | base32 | head -c 40
DOOR_API_TOKEN = ''
# Backup API tokens # Backup API tokens
# These tokens allow each user to download a backup of member data. # These tokens allow each user to download a backup of member data.
# Don't mess up the data structure! # Don't mess up the data structure!