From 6617c5f7a3906746d7739647c9591b2eb4271aa1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Valentin=20Mogu=C3=A9rou?= <valentin@mp2i-vms.fr>
Date: Sun, 5 May 2024 22:37:50 +0200
Subject: [PATCH] Add API Authentication mechanism

---
 colloscope/viewsets.py | 14 +++++++++++++-
 kholles_web/urls.py    |  8 +++++++-
 requirements.txt       |  2 ++
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/colloscope/viewsets.py b/colloscope/viewsets.py
index bfd0a1d..a7f8426 100644
--- a/colloscope/viewsets.py
+++ b/colloscope/viewsets.py
@@ -1,12 +1,14 @@
 from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet
 
+from rest_framework.permissions import IsAuthenticated
+
 from colloscope.models import *
 from colloscope.serializers import *
 
 
 class SchoolViewset(ReadOnlyModelViewSet):
-
     serializer_class = SchoolSerializer
+    permission_classes = [IsAuthenticated]
 
     def get_queryset(self):
         return School.objects.all()
@@ -14,6 +16,7 @@ class SchoolViewset(ReadOnlyModelViewSet):
 
 class ClassViewset(ReadOnlyModelViewSet):
     serializer_class = ClassSerializer
+    permission_classes = [IsAuthenticated]
 
     def get_queryset(self):
         return Class.objects.all()
@@ -21,6 +24,7 @@ class ClassViewset(ReadOnlyModelViewSet):
 
 class TermViewset(ReadOnlyModelViewSet):
     serializer_class = TermSerializer
+    permission_classes = [IsAuthenticated]
 
     def get_queryset(self):
         return Term.objects.all()
@@ -28,6 +32,7 @@ class TermViewset(ReadOnlyModelViewSet):
 
 class SubjectViewset(ReadOnlyModelViewSet):
     serializer_class = SubjectSerializer
+    permission_classes = [IsAuthenticated]
 
     def get_queryset(self):
         return Subject.objects.all()
@@ -35,6 +40,7 @@ class SubjectViewset(ReadOnlyModelViewSet):
 
 class GroupTypeViewset(ReadOnlyModelViewSet):
     serializer_class = GroupTypeSerializer
+    permission_classes = [IsAuthenticated]
 
     def get_queryset(self):
         return GroupType.objects.all()
@@ -42,6 +48,7 @@ class GroupTypeViewset(ReadOnlyModelViewSet):
 
 class GroupViewset(ReadOnlyModelViewSet):
     serializer_class = GroupSerializer
+    permission_classes = [IsAuthenticated]
 
     def get_queryset(self):
         return Group.objects.all()
@@ -49,6 +56,7 @@ class GroupViewset(ReadOnlyModelViewSet):
 
 class StudentViewset(ReadOnlyModelViewSet):
     serializer_class = StudentSerializer
+    permission_classes = [IsAuthenticated]
 
     def get_queryset(self):
         return Student.objects.all()
@@ -56,6 +64,7 @@ class StudentViewset(ReadOnlyModelViewSet):
 
 class ColleurViewset(ReadOnlyModelViewSet):
     serializer_class = ColleurSerializer
+    permission_classes = [IsAuthenticated]
 
     def get_queryset(self):
         return Colleur.objects.all()
@@ -63,6 +72,7 @@ class ColleurViewset(ReadOnlyModelViewSet):
 
 class SlotViewset(ReadOnlyModelViewSet):
     serializer_class = SlotSerializer
+    permission_classes = [IsAuthenticated]
 
     def get_queryset(self):
         return Slot.objects.all()
@@ -70,6 +80,7 @@ class SlotViewset(ReadOnlyModelViewSet):
 
 class ColleViewset(ReadOnlyModelViewSet):
     serializer_class = ColleSerializer
+    permission_classes = [IsAuthenticated]
 
     def get_queryset(self):
         return Colle.objects.all()
@@ -77,6 +88,7 @@ class ColleViewset(ReadOnlyModelViewSet):
 
 class CalendarLinkViewset(ReadOnlyModelViewSet):
     serializer_class = CalendarLinkSerializer
+    permission_classes = [IsAuthenticated]
 
     def get_queryset(self):
         return CalendarLink.objects.all()
diff --git a/kholles_web/urls.py b/kholles_web/urls.py
index 2829a1e..95ae1f8 100644
--- a/kholles_web/urls.py
+++ b/kholles_web/urls.py
@@ -18,6 +18,10 @@ from django.contrib import admin, auth
 from django.urls import include, path
 from django.contrib.staticfiles import views as vstatic
 from rest_framework import routers
+from rest_framework_simplejwt.views import (
+    TokenObtainPairView,
+    TokenRefreshView,
+)
 from drf_spectacular.views import SpectacularAPIView, SpectacularRedocView, SpectacularSwaggerView
 
 from colloscope.views import home_redirect
@@ -40,9 +44,11 @@ router.register("calendarlink", CalendarLinkViewset, basename='calendarlink')
 urlpatterns = [
     path('', home_redirect, name="home"),
     path('api-auth/', include('rest_framework.urls')),
-    path("api/", include(router.urls)),
+    path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
+    path('api/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
     path('api/schema/', SpectacularAPIView.as_view(), name='schema'),
     path('api/doc/', SpectacularSwaggerView.as_view(url_name='schema'), name='api-doc'),
+    path("api/", include(router.urls)),
 
     path("oauth2/", include('oauth2_provider.urls', namespace='oauth2_provider')),
     path("favicon.ico", lambda req: vstatic.serve(req, "favicon.ico")),
diff --git a/requirements.txt b/requirements.txt
index 43e7b32..afa23bc 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -17,6 +17,7 @@ django-cors-headers==4.3.1
 django-oauth-toolkit==2.3.0
 django-smtp-ssl==1.0
 djangorestframework==3.15.1
+djangorestframework-simplejwt==5.3.1
 drf-spectacular==0.27.2
 fonttools==4.51.0
 fpdf2==2.7.8
@@ -37,6 +38,7 @@ pillow==10.3.0
 pyasn1==0.6.0
 pyasn1_modules==0.4.0
 pycparser==2.22
+PyJWT==2.8.0
 pyOpenSSL==24.1.0
 python-dateutil==2.9.0.post0
 pytz==2024.1