Hide door card list behind auth token
This commit is contained in:
parent
ecefa479ee
commit
f82c7e4a73
|
@ -317,6 +317,10 @@ class PingView(views.APIView):
|
|||
|
||||
class DoorViewSet(viewsets.ViewSet, List):
|
||||
def list(self, request):
|
||||
auth_token = request.META.get('HTTP_AUTHORIZATION', '')
|
||||
if auth_token != secrets.DOOR_API_TOKEN:
|
||||
raise exceptions.PermissionDenied()
|
||||
|
||||
cards = models.Card.objects.filter(active_status='card_active')
|
||||
active_member_cards = {}
|
||||
|
||||
|
|
|
@ -27,6 +27,12 @@ LDAP_API_URL = ''
|
|||
# spaceport/ldapserver/secrets.py
|
||||
LDAP_API_KEY = ''
|
||||
|
||||
# Door cards API token
|
||||
# Set this to random characters
|
||||
# For example, use the output of this:
|
||||
# head /dev/urandom | base32 | head -c 40
|
||||
DOOR_API_TOKEN = ''
|
||||
|
||||
# Backup API tokens
|
||||
# These tokens allow each user to download a backup of member data.
|
||||
# Don't mess up the data structure!
|
||||
|
|
Loading…
Reference in New Issue
Block a user