diff --git a/README.md b/README.md
index 3e0bd53..1787a2f 100644
--- a/README.md
+++ b/README.md
@@ -62,7 +62,7 @@ Now you can initialise our django app.
And you are done! You can now run the debug server just to see everything works as expected by running:
```
-./manage.py runserver 0.0.0.0:8000
+uvicorn etebase_server.asgi:application --port 8000
```
Using the debug server in production is not recommended, so please read the following section for a proper deployment.
diff --git a/django_etebase/admin.py b/django_etebase/admin.py
deleted file mode 100644
index 8c38f3f..0000000
--- a/django_etebase/admin.py
+++ /dev/null
@@ -1,3 +0,0 @@
-from django.contrib import admin
-
-# Register your models here.
diff --git a/django_etebase/drf_msgpack/__init__.py b/django_etebase/drf_msgpack/__init__.py
deleted file mode 100644
index e69de29..0000000
diff --git a/django_etebase/drf_msgpack/apps.py b/django_etebase/drf_msgpack/apps.py
deleted file mode 100644
index 22ea2c1..0000000
--- a/django_etebase/drf_msgpack/apps.py
+++ /dev/null
@@ -1,5 +0,0 @@
-from django.apps import AppConfig
-
-
-class DrfMsgpackConfig(AppConfig):
- name = "drf_msgpack"
diff --git a/django_etebase/drf_msgpack/migrations/__init__.py b/django_etebase/drf_msgpack/migrations/__init__.py
deleted file mode 100644
index e69de29..0000000
diff --git a/django_etebase/drf_msgpack/parsers.py b/django_etebase/drf_msgpack/parsers.py
deleted file mode 100644
index 0504a76..0000000
--- a/django_etebase/drf_msgpack/parsers.py
+++ /dev/null
@@ -1,14 +0,0 @@
-import msgpack
-
-from rest_framework.parsers import BaseParser
-from rest_framework.exceptions import ParseError
-
-
-class MessagePackParser(BaseParser):
- media_type = "application/msgpack"
-
- def parse(self, stream, media_type=None, parser_context=None):
- try:
- return msgpack.unpackb(stream.read(), raw=False)
- except Exception as exc:
- raise ParseError("MessagePack parse error - %s" % str(exc))
diff --git a/django_etebase/drf_msgpack/renderers.py b/django_etebase/drf_msgpack/renderers.py
deleted file mode 100644
index 35a4afa..0000000
--- a/django_etebase/drf_msgpack/renderers.py
+++ /dev/null
@@ -1,15 +0,0 @@
-import msgpack
-
-from rest_framework.renderers import BaseRenderer
-
-
-class MessagePackRenderer(BaseRenderer):
- media_type = "application/msgpack"
- format = "msgpack"
- render_style = "binary"
- charset = None
-
- def render(self, data, media_type=None, renderer_context=None):
- if data is None:
- return b""
- return msgpack.packb(data, use_bin_type=True)
diff --git a/django_etebase/drf_msgpack/views.py b/django_etebase/drf_msgpack/views.py
deleted file mode 100644
index 91ea44a..0000000
--- a/django_etebase/drf_msgpack/views.py
+++ /dev/null
@@ -1,3 +0,0 @@
-from django.shortcuts import render
-
-# Create your views here.
diff --git a/django_etebase/exceptions.py b/django_etebase/exceptions.py
deleted file mode 100644
index 437a71c..0000000
--- a/django_etebase/exceptions.py
+++ /dev/null
@@ -1,12 +0,0 @@
-from rest_framework import serializers, status
-
-
-class EtebaseValidationError(serializers.ValidationError):
- def __init__(self, code, detail, status_code=status.HTTP_400_BAD_REQUEST):
- super().__init__(
- {
- "code": code,
- "detail": detail,
- }
- )
- self.status_code = status_code
diff --git a/django_etebase/parsers.py b/django_etebase/parsers.py
deleted file mode 100644
index ed1e713..0000000
--- a/django_etebase/parsers.py
+++ /dev/null
@@ -1,14 +0,0 @@
-from rest_framework.parsers import FileUploadParser
-
-
-class ChunkUploadParser(FileUploadParser):
- """
- Parser for chunk upload data.
- """
-
- def get_filename(self, stream, media_type, parser_context):
- """
- Detects the uploaded file name.
- """
- view = parser_context["view"]
- return parser_context["kwargs"][view.lookup_field]
diff --git a/django_etebase/permissions.py b/django_etebase/permissions.py
deleted file mode 100644
index 3c77d06..0000000
--- a/django_etebase/permissions.py
+++ /dev/null
@@ -1,93 +0,0 @@
-# Copyright © 2017 Tom Hacohen
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, version 3.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-from rest_framework import permissions
-from django_etebase.models import Collection, AccessLevels
-
-
-def is_collection_admin(collection, user):
- member = collection.members.filter(user=user).first()
- return (member is not None) and (member.accessLevel == AccessLevels.ADMIN)
-
-
-class IsCollectionAdmin(permissions.BasePermission):
- """
- Custom permission to only allow owners of a collection to view it
- """
-
- message = {
- "detail": "Only collection admins can perform this operation.",
- "code": "admin_access_required",
- }
-
- def has_permission(self, request, view):
- collection_uid = view.kwargs["collection_uid"]
- try:
- collection = view.get_collection_queryset().get(main_item__uid=collection_uid)
- return is_collection_admin(collection, request.user)
- except Collection.DoesNotExist:
- # If the collection does not exist, we want to 404 later, not permission denied.
- return True
-
-
-class IsCollectionAdminOrReadOnly(permissions.BasePermission):
- """
- Custom permission to only allow owners of a collection to edit it
- """
-
- message = {
- "detail": "Only collection admins can edit collections.",
- "code": "admin_access_required",
- }
-
- def has_permission(self, request, view):
- collection_uid = view.kwargs.get("collection_uid", None)
-
- # Allow creating new collections
- if collection_uid is None:
- return True
-
- try:
- collection = view.get_collection_queryset().get(main_item__uid=collection_uid)
- if request.method in permissions.SAFE_METHODS:
- return True
-
- return is_collection_admin(collection, request.user)
- except Collection.DoesNotExist:
- # If the collection does not exist, we want to 404 later, not permission denied.
- return True
-
-
-class HasWriteAccessOrReadOnly(permissions.BasePermission):
- """
- Custom permission to restrict write
- """
-
- message = {
- "detail": "You need write access to write to this collection",
- "code": "no_write_access",
- }
-
- def has_permission(self, request, view):
- collection_uid = view.kwargs["collection_uid"]
- try:
- collection = view.get_collection_queryset().get(main_item__uid=collection_uid)
- if request.method in permissions.SAFE_METHODS:
- return True
- else:
- member = collection.members.get(user=request.user)
- return member.accessLevel != AccessLevels.READ_ONLY
- except Collection.DoesNotExist:
- # If the collection does not exist, we want to 404 later, not permission denied.
- return True
diff --git a/django_etebase/renderers.py b/django_etebase/renderers.py
deleted file mode 100644
index 0d359d3..0000000
--- a/django_etebase/renderers.py
+++ /dev/null
@@ -1,19 +0,0 @@
-from rest_framework.utils.encoders import JSONEncoder as DRFJSONEncoder
-from rest_framework.renderers import JSONRenderer as DRFJSONRenderer
-
-from .serializers import b64encode
-
-
-class JSONEncoder(DRFJSONEncoder):
- def default(self, obj):
- if isinstance(obj, bytes) or isinstance(obj, memoryview):
- return b64encode(obj)
- return super().default(obj)
-
-
-class JSONRenderer(DRFJSONRenderer):
- """
- Renderer which serializes to JSON with support for our base64
- """
-
- encoder_class = JSONEncoder
diff --git a/django_etebase/serializers.py b/django_etebase/serializers.py
deleted file mode 100644
index 26ac5a7..0000000
--- a/django_etebase/serializers.py
+++ /dev/null
@@ -1,598 +0,0 @@
-# Copyright © 2017 Tom Hacohen
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, version 3.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-import base64
-
-from django.core.files.base import ContentFile
-from django.core import exceptions as django_exceptions
-from django.contrib.auth import get_user_model
-from django.db import IntegrityError, transaction
-from rest_framework import serializers, status
-from . import models
-from .utils import get_user_queryset, create_user, CallbackContext
-
-from .exceptions import EtebaseValidationError
-
-User = get_user_model()
-
-
-def process_revisions_for_item(item, revision_data):
- chunks_objs = []
- chunks = revision_data.pop("chunks_relation")
-
- revision = models.CollectionItemRevision(**revision_data, item=item)
- revision.validate_unique() # Verify there aren't any validation issues
-
- for chunk in chunks:
- uid = chunk[0]
- chunk_obj = models.CollectionItemChunk.objects.filter(uid=uid).first()
- content = chunk[1] if len(chunk) > 1 else None
- # If the chunk already exists we assume it's fine. Otherwise, we upload it.
- if chunk_obj is None:
- if content is not None:
- chunk_obj = models.CollectionItemChunk(uid=uid, collection=item.collection)
- chunk_obj.chunkFile.save("IGNORED", ContentFile(content))
- chunk_obj.save()
- else:
- raise EtebaseValidationError("chunk_no_content", "Tried to create a new chunk without content")
-
- chunks_objs.append(chunk_obj)
-
- stoken = models.Stoken.objects.create()
- revision.stoken = stoken
- revision.save()
-
- for chunk in chunks_objs:
- models.RevisionChunkRelation.objects.create(chunk=chunk, revision=revision)
- return revision
-
-
-def b64encode(value):
- return base64.urlsafe_b64encode(value).decode("ascii").strip("=")
-
-
-def b64decode(data):
- data += "=" * ((4 - len(data) % 4) % 4)
- return base64.urlsafe_b64decode(data)
-
-
-def b64decode_or_bytes(data):
- if isinstance(data, bytes):
- return data
- else:
- return b64decode(data)
-
-
-class BinaryBase64Field(serializers.Field):
- def to_representation(self, value):
- return value
-
- def to_internal_value(self, data):
- return b64decode_or_bytes(data)
-
-
-class CollectionEncryptionKeyField(BinaryBase64Field):
- def get_attribute(self, instance):
- request = self.context.get("request", None)
- if request is not None:
- return instance.members.get(user=request.user).encryptionKey
- return None
-
-
-class CollectionTypeField(BinaryBase64Field):
- def get_attribute(self, instance):
- request = self.context.get("request", None)
- if request is not None:
- collection_type = instance.members.get(user=request.user).collectionType
- return collection_type and collection_type.uid
- return None
-
-
-class UserSlugRelatedField(serializers.SlugRelatedField):
- def get_queryset(self):
- view = self.context.get("view", None)
- return get_user_queryset(super().get_queryset(), context=CallbackContext(view.kwargs))
-
- def __init__(self, **kwargs):
- super().__init__(slug_field=User.USERNAME_FIELD, **kwargs)
-
- def to_internal_value(self, data):
- return super().to_internal_value(data.lower())
-
-
-class ChunksField(serializers.RelatedField):
- def to_representation(self, obj):
- obj = obj.chunk
- if self.context.get("prefetch") == "auto":
- with open(obj.chunkFile.path, "rb") as f:
- return (obj.uid, f.read())
- else:
- return (obj.uid,)
-
- def to_internal_value(self, data):
- content = data[1] if len(data) > 1 else None
- if data[0] is None:
- raise EtebaseValidationError("no_null", "null is not allowed")
- return (data[0], b64decode_or_bytes(content) if content is not None else None)
-
-
-class BetterErrorsMixin:
- @property
- def errors(self):
- nice = []
- errors = super().errors
- for error_type in errors:
- if error_type == "non_field_errors":
- nice.extend(self.flatten_errors(None, errors[error_type]))
- else:
- nice.extend(self.flatten_errors(error_type, errors[error_type]))
- if nice:
- return {"code": "field_errors", "detail": "Field validations failed.", "errors": nice}
- return {}
-
- def flatten_errors(self, field_name, errors):
- ret = []
- if isinstance(errors, dict):
- for error_key in errors:
- error = errors[error_key]
- ret.extend(self.flatten_errors("{}.{}".format(field_name, error_key), error))
- else:
- for error in errors:
- if getattr(error, "messages", None):
- message = error.messages[0]
- else:
- message = str(error)
- ret.append(
- {
- "field": field_name,
- "code": error.code,
- "detail": message,
- }
- )
- return ret
-
- def transform_validation_error(self, prefix, err):
- if hasattr(err, "error_dict"):
- errors = self.flatten_errors(prefix, err.error_dict)
- elif not hasattr(err, "message"):
- errors = self.flatten_errors(prefix, err.error_list)
- else:
- raise EtebaseValidationError(err.code, err.message)
-
- raise serializers.ValidationError(
- {
- "code": "field_errors",
- "detail": "Field validations failed.",
- "errors": errors,
- }
- )
-
-
-class CollectionItemChunkSerializer(BetterErrorsMixin, serializers.ModelSerializer):
- class Meta:
- model = models.CollectionItemChunk
- fields = ("uid", "chunkFile")
-
-
-class CollectionItemRevisionSerializer(BetterErrorsMixin, serializers.ModelSerializer):
- chunks = ChunksField(
- source="chunks_relation",
- queryset=models.RevisionChunkRelation.objects.all(),
- style={"base_template": "input.html"},
- many=True,
- )
- meta = BinaryBase64Field()
-
- class Meta:
- model = models.CollectionItemRevision
- fields = ("chunks", "meta", "uid", "deleted")
- extra_kwargs = {
- "uid": {"validators": []}, # We deal with it in the serializers
- }
-
-
-class CollectionItemSerializer(BetterErrorsMixin, serializers.ModelSerializer):
- encryptionKey = BinaryBase64Field(required=False, default=None, allow_null=True)
- etag = serializers.CharField(allow_null=True, write_only=True)
- content = CollectionItemRevisionSerializer(many=False)
-
- class Meta:
- model = models.CollectionItem
- fields = ("uid", "version", "encryptionKey", "content", "etag")
-
- def create(self, validated_data):
- """Function that's called when this serializer creates an item"""
- validate_etag = self.context.get("validate_etag", False)
- etag = validated_data.pop("etag")
- revision_data = validated_data.pop("content")
- uid = validated_data.pop("uid")
-
- Model = self.__class__.Meta.model
-
- with transaction.atomic():
- instance, created = Model.objects.get_or_create(uid=uid, defaults=validated_data)
- cur_etag = instance.etag if not created else None
-
- # If we are trying to update an up to date item, abort early and consider it a success
- if cur_etag == revision_data.get("uid"):
- return instance
-
- if validate_etag and cur_etag != etag:
- raise EtebaseValidationError(
- "wrong_etag",
- "Wrong etag. Expected {} got {}".format(cur_etag, etag),
- status_code=status.HTTP_409_CONFLICT,
- )
-
- if not created:
- # We don't have to use select_for_update here because the unique constraint on current guards against
- # the race condition. But it's a good idea because it'll lock and wait rather than fail.
- current_revision = instance.revisions.filter(current=True).select_for_update().first()
-
- # If we are just re-uploading the same revision, consider it a succes and return.
- if current_revision.uid == revision_data.get("uid"):
- return instance
-
- current_revision.current = None
- current_revision.save()
-
- try:
- process_revisions_for_item(instance, revision_data)
- except django_exceptions.ValidationError as e:
- self.transform_validation_error("content", e)
-
- return instance
-
- def update(self, instance, validated_data):
- # We never update, we always update in the create method
- raise NotImplementedError()
-
-
-class CollectionItemDepSerializer(BetterErrorsMixin, serializers.ModelSerializer):
- etag = serializers.CharField()
-
- class Meta:
- model = models.CollectionItem
- fields = ("uid", "etag")
-
- def validate(self, data):
- item = self.__class__.Meta.model.objects.get(uid=data["uid"])
- etag = data["etag"]
- if item.etag != etag:
- raise EtebaseValidationError(
- "wrong_etag",
- "Wrong etag. Expected {} got {}".format(item.etag, etag),
- status_code=status.HTTP_409_CONFLICT,
- )
-
- return data
-
-
-class CollectionItemBulkGetSerializer(BetterErrorsMixin, serializers.ModelSerializer):
- etag = serializers.CharField(required=False)
-
- class Meta:
- model = models.CollectionItem
- fields = ("uid", "etag")
-
-
-class CollectionListMultiSerializer(BetterErrorsMixin, serializers.Serializer):
- collectionTypes = serializers.ListField(child=BinaryBase64Field())
-
-
-class CollectionSerializer(BetterErrorsMixin, serializers.ModelSerializer):
- collectionKey = CollectionEncryptionKeyField()
- collectionType = CollectionTypeField()
- accessLevel = serializers.SerializerMethodField("get_access_level_from_context")
- stoken = serializers.CharField(read_only=True)
-
- item = CollectionItemSerializer(many=False, source="main_item")
-
- class Meta:
- model = models.Collection
- fields = ("item", "accessLevel", "collectionKey", "collectionType", "stoken")
-
- def get_access_level_from_context(self, obj):
- request = self.context.get("request", None)
- if request is not None:
- return obj.members.get(user=request.user).accessLevel
- return None
-
- def create(self, validated_data):
- """Function that's called when this serializer creates an item"""
- collection_key = validated_data.pop("collectionKey")
- collection_type = validated_data.pop("collectionType")
-
- user = validated_data.get("owner")
- main_item_data = validated_data.pop("main_item")
- uid = main_item_data.get("uid")
- etag = main_item_data.pop("etag")
- revision_data = main_item_data.pop("content")
-
- instance = self.__class__.Meta.model(uid=uid, **validated_data)
-
- with transaction.atomic():
- if etag is not None:
- raise EtebaseValidationError("bad_etag", "etag is not null")
-
- try:
- instance.validate_unique()
- except django_exceptions.ValidationError:
- raise EtebaseValidationError(
- "unique_uid", "Collection with this uid already exists", status_code=status.HTTP_409_CONFLICT
- )
- instance.save()
-
- main_item = models.CollectionItem.objects.create(**main_item_data, collection=instance)
-
- instance.main_item = main_item
- instance.save()
-
- process_revisions_for_item(main_item, revision_data)
-
- collection_type_obj, _ = models.CollectionType.objects.get_or_create(uid=collection_type, owner=user)
-
- models.CollectionMember(
- collection=instance,
- stoken=models.Stoken.objects.create(),
- user=user,
- accessLevel=models.AccessLevels.ADMIN,
- encryptionKey=collection_key,
- collectionType=collection_type_obj,
- ).save()
-
- return instance
-
- def update(self, instance, validated_data):
- raise NotImplementedError()
-
-
-class CollectionMemberSerializer(BetterErrorsMixin, serializers.ModelSerializer):
- username = UserSlugRelatedField(
- source="user",
- read_only=True,
- style={"base_template": "input.html"},
- )
-
- class Meta:
- model = models.CollectionMember
- fields = ("username", "accessLevel")
-
- def create(self, validated_data):
- raise NotImplementedError()
-
- def update(self, instance, validated_data):
- with transaction.atomic():
- # We only allow updating accessLevel
- access_level = validated_data.pop("accessLevel")
- if instance.accessLevel != access_level:
- instance.stoken = models.Stoken.objects.create()
- instance.accessLevel = access_level
- instance.save()
-
- return instance
-
-
-class CollectionInvitationSerializer(BetterErrorsMixin, serializers.ModelSerializer):
- username = UserSlugRelatedField(
- source="user",
- queryset=User.objects,
- style={"base_template": "input.html"},
- )
- collection = serializers.CharField(source="collection.uid")
- fromUsername = serializers.CharField(source="fromMember.user.username", read_only=True)
- fromPubkey = BinaryBase64Field(source="fromMember.user.userinfo.pubkey", read_only=True)
- signedEncryptionKey = BinaryBase64Field()
-
- class Meta:
- model = models.CollectionInvitation
- fields = (
- "username",
- "uid",
- "collection",
- "signedEncryptionKey",
- "accessLevel",
- "fromUsername",
- "fromPubkey",
- "version",
- )
-
- def validate_user(self, value):
- request = self.context["request"]
-
- if request.user.username == value.lower():
- raise EtebaseValidationError("no_self_invite", "Inviting yourself is not allowed")
- return value
-
- def create(self, validated_data):
- request = self.context["request"]
- collection = validated_data.pop("collection")
-
- member = collection.members.get(user=request.user)
-
- with transaction.atomic():
- try:
- return type(self).Meta.model.objects.create(**validated_data, fromMember=member)
- except IntegrityError:
- raise EtebaseValidationError("invitation_exists", "Invitation already exists")
-
- def update(self, instance, validated_data):
- with transaction.atomic():
- instance.accessLevel = validated_data.pop("accessLevel")
- instance.signedEncryptionKey = validated_data.pop("signedEncryptionKey")
- instance.save()
-
- return instance
-
-
-class InvitationAcceptSerializer(BetterErrorsMixin, serializers.Serializer):
- collectionType = BinaryBase64Field()
- encryptionKey = BinaryBase64Field()
-
- def create(self, validated_data):
-
- with transaction.atomic():
- invitation = self.context["invitation"]
- encryption_key = validated_data.get("encryptionKey")
- collection_type = validated_data.pop("collectionType")
-
- user = invitation.user
- collection_type_obj, _ = models.CollectionType.objects.get_or_create(uid=collection_type, owner=user)
-
- member = models.CollectionMember.objects.create(
- collection=invitation.collection,
- stoken=models.Stoken.objects.create(),
- user=user,
- accessLevel=invitation.accessLevel,
- encryptionKey=encryption_key,
- collectionType=collection_type_obj,
- )
-
- models.CollectionMemberRemoved.objects.filter(
- user=invitation.user, collection=invitation.collection
- ).delete()
-
- invitation.delete()
-
- return member
-
- def update(self, instance, validated_data):
- raise NotImplementedError()
-
-
-class UserSerializer(BetterErrorsMixin, serializers.ModelSerializer):
- pubkey = BinaryBase64Field(source="userinfo.pubkey")
- encryptedContent = BinaryBase64Field(source="userinfo.encryptedContent")
-
- class Meta:
- model = User
- fields = (User.USERNAME_FIELD, User.EMAIL_FIELD, "pubkey", "encryptedContent")
-
-
-class UserInfoPubkeySerializer(BetterErrorsMixin, serializers.ModelSerializer):
- pubkey = BinaryBase64Field()
-
- class Meta:
- model = models.UserInfo
- fields = ("pubkey",)
-
-
-class UserSignupSerializer(BetterErrorsMixin, serializers.ModelSerializer):
- class Meta:
- model = User
- fields = (User.USERNAME_FIELD, User.EMAIL_FIELD)
- extra_kwargs = {
- "username": {"validators": []}, # We specifically validate in SignupSerializer
- }
-
-
-class AuthenticationSignupSerializer(BetterErrorsMixin, serializers.Serializer):
- """Used both for creating new accounts and setting up existing ones for the first time.
- When setting up existing ones the email is ignored."
- """
-
- user = UserSignupSerializer(many=False)
- salt = BinaryBase64Field()
- loginPubkey = BinaryBase64Field()
- pubkey = BinaryBase64Field()
- encryptedContent = BinaryBase64Field()
-
- def create(self, validated_data):
- """Function that's called when this serializer creates an item"""
- user_data = validated_data.pop("user")
-
- with transaction.atomic():
- view = self.context.get("view", None)
- try:
- user_queryset = get_user_queryset(User.objects.all(), context=CallbackContext(view.kwargs))
- instance = user_queryset.get(**{User.USERNAME_FIELD: user_data["username"].lower()})
- except User.DoesNotExist:
- # Create the user and save the casing the user chose as the first name
- try:
- instance = create_user(
- **user_data,
- password=None,
- first_name=user_data["username"],
- context=CallbackContext(view.kwargs)
- )
- instance.full_clean()
- except EtebaseValidationError as e:
- raise e
- except django_exceptions.ValidationError as e:
- self.transform_validation_error("user", e)
- except Exception as e:
- raise EtebaseValidationError("generic", str(e))
-
- if hasattr(instance, "userinfo"):
- raise EtebaseValidationError("user_exists", "User already exists", status_code=status.HTTP_409_CONFLICT)
-
- models.UserInfo.objects.create(**validated_data, owner=instance)
-
- return instance
-
- def update(self, instance, validated_data):
- raise NotImplementedError()
-
-
-class AuthenticationLoginChallengeSerializer(BetterErrorsMixin, serializers.Serializer):
- username = serializers.CharField(required=True)
-
- def create(self, validated_data):
- raise NotImplementedError()
-
- def update(self, instance, validated_data):
- raise NotImplementedError()
-
-
-class AuthenticationLoginSerializer(BetterErrorsMixin, serializers.Serializer):
- response = BinaryBase64Field()
- signature = BinaryBase64Field()
-
- def create(self, validated_data):
- raise NotImplementedError()
-
- def update(self, instance, validated_data):
- raise NotImplementedError()
-
-
-class AuthenticationLoginInnerSerializer(AuthenticationLoginChallengeSerializer):
- challenge = BinaryBase64Field()
- host = serializers.CharField()
- action = serializers.CharField()
-
- def create(self, validated_data):
- raise NotImplementedError()
-
- def update(self, instance, validated_data):
- raise NotImplementedError()
-
-
-class AuthenticationChangePasswordInnerSerializer(AuthenticationLoginInnerSerializer):
- loginPubkey = BinaryBase64Field()
- encryptedContent = BinaryBase64Field()
-
- class Meta:
- model = models.UserInfo
- fields = ("loginPubkey", "encryptedContent")
-
- def create(self, validated_data):
- raise NotImplementedError()
-
- def update(self, instance, validated_data):
- with transaction.atomic():
- instance.loginPubkey = validated_data.pop("loginPubkey")
- instance.encryptedContent = validated_data.pop("encryptedContent")
- instance.save()
-
- return instance
diff --git a/django_etebase/tests.py b/django_etebase/tests.py
deleted file mode 100644
index 7ce503c..0000000
--- a/django_etebase/tests.py
+++ /dev/null
@@ -1,3 +0,0 @@
-from django.test import TestCase
-
-# Create your tests here.
diff --git a/django_etebase/token_auth/admin.py b/django_etebase/token_auth/admin.py
deleted file mode 100644
index e69de29..0000000
diff --git a/django_etebase/token_auth/authentication.py b/django_etebase/token_auth/authentication.py
deleted file mode 100644
index 7e84956..0000000
--- a/django_etebase/token_auth/authentication.py
+++ /dev/null
@@ -1,46 +0,0 @@
-from django.utils import timezone
-from django.utils.translation import gettext_lazy as _
-
-from rest_framework import exceptions
-from rest_framework.authentication import TokenAuthentication as DRFTokenAuthentication
-
-from .models import AuthToken, get_default_expiry
-
-
-AUTO_REFRESH = True
-MIN_REFRESH_INTERVAL = 60
-
-
-class TokenAuthentication(DRFTokenAuthentication):
- keyword = "Token"
- model = AuthToken
-
- def authenticate_credentials(self, key):
- msg = _("Invalid token.")
- model = self.get_model()
- try:
- token = model.objects.select_related("user").get(key=key)
- except model.DoesNotExist:
- raise exceptions.AuthenticationFailed(msg)
-
- if not token.user.is_active:
- raise exceptions.AuthenticationFailed(_("User inactive or deleted."))
-
- if token.expiry is not None:
- if token.expiry < timezone.now():
- token.delete()
- raise exceptions.AuthenticationFailed(msg)
-
- if AUTO_REFRESH:
- self.renew_token(token)
-
- return (token.user, token)
-
- def renew_token(self, auth_token):
- current_expiry = auth_token.expiry
- new_expiry = get_default_expiry()
- # Throttle refreshing of token to avoid db writes
- delta = (new_expiry - current_expiry).total_seconds()
- if delta > MIN_REFRESH_INTERVAL:
- auth_token.expiry = new_expiry
- auth_token.save(update_fields=("expiry",))
diff --git a/django_etebase/urls.py b/django_etebase/urls.py
deleted file mode 100644
index 01797c1..0000000
--- a/django_etebase/urls.py
+++ /dev/null
@@ -1,30 +0,0 @@
-from django.conf import settings
-from django.conf.urls import include
-from django.urls import path
-
-from rest_framework_nested import routers
-
-from django_etebase import views
-
-router = routers.DefaultRouter()
-router.register(r"collection", views.CollectionViewSet)
-router.register(r"authentication", views.AuthenticationViewSet, basename="authentication")
-router.register(r"invitation/incoming", views.InvitationIncomingViewSet, basename="invitation_incoming")
-router.register(r"invitation/outgoing", views.InvitationOutgoingViewSet, basename="invitation_outgoing")
-
-collections_router = routers.NestedSimpleRouter(router, r"collection", lookup="collection")
-collections_router.register(r"item", views.CollectionItemViewSet, basename="collection_item")
-collections_router.register(r"member", views.CollectionMemberViewSet, basename="collection_member")
-
-item_router = routers.NestedSimpleRouter(collections_router, r"item", lookup="collection_item")
-item_router.register(r"chunk", views.CollectionItemChunkViewSet, basename="collection_items_chunk")
-
-if settings.DEBUG:
- router.register(r"test/authentication", views.TestAuthenticationViewSet, basename="test_authentication")
-
-app_name = "django_etebase"
-urlpatterns = [
- path("v1/", include(router.urls)),
- path("v1/", include(collections_router.urls)),
- path("v1/", include(item_router.urls)),
-]
diff --git a/django_etebase/views.py b/django_etebase/views.py
deleted file mode 100644
index 5a03aa4..0000000
--- a/django_etebase/views.py
+++ /dev/null
@@ -1,861 +0,0 @@
-# Copyright © 2017 Tom Hacohen
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, version 3.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-import msgpack
-
-from django.conf import settings
-from django.contrib.auth import get_user_model, user_logged_in, user_logged_out
-from django.core.exceptions import PermissionDenied
-from django.db import transaction, IntegrityError
-from django.db.models import Q
-from django.http import HttpResponseBadRequest, HttpResponse, Http404
-from django.shortcuts import get_object_or_404
-
-from rest_framework import status
-from rest_framework import viewsets
-from rest_framework.decorators import action as action_decorator
-from rest_framework.response import Response
-from rest_framework.parsers import JSONParser, FormParser, MultiPartParser
-from rest_framework.renderers import BrowsableAPIRenderer
-from rest_framework.exceptions import AuthenticationFailed
-from rest_framework.permissions import IsAuthenticated
-
-import nacl.encoding
-import nacl.signing
-import nacl.secret
-import nacl.hash
-
-from .sendfile import sendfile
-from .token_auth.models import AuthToken
-
-from .drf_msgpack.parsers import MessagePackParser
-from .drf_msgpack.renderers import MessagePackRenderer
-
-from . import app_settings, permissions
-from .renderers import JSONRenderer
-from .models import (
- Collection,
- CollectionItem,
- CollectionItemRevision,
- CollectionMember,
- CollectionMemberRemoved,
- CollectionInvitation,
- Stoken,
- UserInfo,
-)
-from .serializers import (
- AuthenticationChangePasswordInnerSerializer,
- AuthenticationSignupSerializer,
- AuthenticationLoginChallengeSerializer,
- AuthenticationLoginSerializer,
- AuthenticationLoginInnerSerializer,
- CollectionSerializer,
- CollectionItemSerializer,
- CollectionItemBulkGetSerializer,
- CollectionItemDepSerializer,
- CollectionItemRevisionSerializer,
- CollectionItemChunkSerializer,
- CollectionListMultiSerializer,
- CollectionMemberSerializer,
- CollectionInvitationSerializer,
- InvitationAcceptSerializer,
- UserInfoPubkeySerializer,
- UserSerializer,
-)
-from .utils import get_user_queryset, CallbackContext
-from .exceptions import EtebaseValidationError
-from .parsers import ChunkUploadParser
-from .signals import user_signed_up
-
-User = get_user_model()
-
-
-def msgpack_encode(content):
- return msgpack.packb(content, use_bin_type=True)
-
-
-def msgpack_decode(content):
- return msgpack.unpackb(content, raw=False)
-
-
-class BaseViewSet(viewsets.ModelViewSet):
- authentication_classes = tuple(app_settings.API_AUTHENTICATORS)
- permission_classes = tuple(app_settings.API_PERMISSIONS)
- renderer_classes = [JSONRenderer, MessagePackRenderer] + ([BrowsableAPIRenderer] if settings.DEBUG else [])
- parser_classes = [JSONParser, MessagePackParser, FormParser, MultiPartParser]
- stoken_annotation = None
-
- def get_serializer_class(self):
- serializer_class = self.serializer_class
-
- if self.request.method == "PUT":
- serializer_class = getattr(self, "serializer_update_class", serializer_class)
-
- return serializer_class
-
- def get_collection_queryset(self, queryset=Collection.objects):
- user = self.request.user
- return queryset.filter(members__user=user)
-
- def get_stoken_obj_id(self, request):
- return request.GET.get("stoken", None)
-
- def get_stoken_obj(self, request):
- stoken = self.get_stoken_obj_id(request)
-
- if stoken is not None:
- try:
- return Stoken.objects.get(uid=stoken)
- except Stoken.DoesNotExist:
- raise EtebaseValidationError("bad_stoken", "Invalid stoken.", status_code=status.HTTP_400_BAD_REQUEST)
-
- return None
-
- def filter_by_stoken(self, request, queryset):
- stoken_rev = self.get_stoken_obj(request)
-
- queryset = queryset.annotate(max_stoken=self.stoken_annotation).order_by("max_stoken")
-
- if stoken_rev is not None:
- queryset = queryset.filter(max_stoken__gt=stoken_rev.id)
-
- return queryset, stoken_rev
-
- def get_queryset_stoken(self, queryset):
- maxid = -1
- for row in queryset:
- rowmaxid = getattr(row, "max_stoken") or -1
- maxid = max(maxid, rowmaxid)
- new_stoken = (maxid >= 0) and Stoken.objects.get(id=maxid)
-
- return new_stoken or None
-
- def filter_by_stoken_and_limit(self, request, queryset):
- limit = int(request.GET.get("limit", 50))
-
- queryset, stoken_rev = self.filter_by_stoken(request, queryset)
-
- result = list(queryset[: limit + 1])
- if len(result) < limit + 1:
- done = True
- else:
- done = False
- result = result[:-1]
-
- new_stoken_obj = self.get_queryset_stoken(result) or stoken_rev
-
- return result, new_stoken_obj, done
-
- # Change how our list works by default
- def list(self, request, collection_uid=None, *args, **kwargs):
- queryset = self.get_queryset()
- serializer = self.get_serializer(queryset, many=True)
-
- ret = {
- "data": serializer.data,
- "done": True, # we always return all the items, so it's always done
- }
-
- return Response(ret)
-
-
-class CollectionViewSet(BaseViewSet):
- allowed_methods = ["GET", "POST"]
- permission_classes = BaseViewSet.permission_classes + (permissions.IsCollectionAdminOrReadOnly,)
- queryset = Collection.objects.all()
- serializer_class = CollectionSerializer
- lookup_field = "uid"
- lookup_url_kwarg = "uid"
- stoken_annotation = Collection.stoken_annotation
-
- def get_queryset(self, queryset=None):
- if queryset is None:
- queryset = type(self).queryset
- return self.get_collection_queryset(queryset)
-
- def get_serializer_context(self):
- context = super().get_serializer_context()
- prefetch = self.request.query_params.get("prefetch", "auto")
- context.update({"request": self.request, "prefetch": prefetch})
- return context
-
- def destroy(self, request, uid=None, *args, **kwargs):
- # FIXME: implement
- return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
-
- def partial_update(self, request, uid=None, *args, **kwargs):
- return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
-
- def update(self, request, *args, **kwargs):
- return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
-
- def create(self, request, *args, **kwargs):
- serializer = self.get_serializer(data=request.data)
- serializer.is_valid(raise_exception=True)
- serializer.save(owner=self.request.user)
-
- return Response({}, status=status.HTTP_201_CREATED)
-
- def list(self, request, *args, **kwargs):
- queryset = self.get_queryset()
- return self.list_common(request, queryset, *args, **kwargs)
-
- @action_decorator(detail=False, methods=["POST"])
- def list_multi(self, request, *args, **kwargs):
- serializer = CollectionListMultiSerializer(data=request.data)
- serializer.is_valid(raise_exception=True)
-
- collection_types = serializer.validated_data["collectionTypes"]
-
- queryset = self.get_queryset()
- # FIXME: Remove the isnull part once we attach collection types to all objects ("collection-type-migration")
- queryset = queryset.filter(
- Q(members__collectionType__uid__in=collection_types) | Q(members__collectionType__isnull=True)
- )
-
- return self.list_common(request, queryset, *args, **kwargs)
-
- def list_common(self, request, queryset, *args, **kwargs):
- result, new_stoken_obj, done = self.filter_by_stoken_and_limit(request, queryset)
- new_stoken = new_stoken_obj and new_stoken_obj.uid
-
- serializer = self.get_serializer(result, many=True)
-
- ret = {
- "data": serializer.data,
- "stoken": new_stoken,
- "done": done,
- }
-
- stoken_obj = self.get_stoken_obj(request)
- if stoken_obj is not None:
- # FIXME: honour limit? (the limit should be combined for data and this because of stoken)
- remed_qs = CollectionMemberRemoved.objects.filter(user=request.user, stoken__id__gt=stoken_obj.id)
- if not ret["done"]:
- # We only filter by the new_stoken if we are not done. This is because if we are done, the new stoken
- # can point to the most recent collection change rather than most recent removed membership.
- remed_qs = remed_qs.filter(stoken__id__lte=new_stoken_obj.id)
-
- remed = remed_qs.values_list("collection__uid", flat=True)
- if len(remed) > 0:
- ret["removedMemberships"] = [{"uid": x} for x in remed]
-
- return Response(ret)
-
-
-class CollectionItemViewSet(BaseViewSet):
- allowed_methods = ["GET", "POST", "PUT"]
- permission_classes = BaseViewSet.permission_classes + (permissions.HasWriteAccessOrReadOnly,)
- queryset = CollectionItem.objects.all()
- serializer_class = CollectionItemSerializer
- lookup_field = "uid"
- stoken_annotation = CollectionItem.stoken_annotation
-
- def get_queryset(self):
- collection_uid = self.kwargs["collection_uid"]
- try:
- collection = self.get_collection_queryset(Collection.objects).get(uid=collection_uid)
- except Collection.DoesNotExist:
- raise Http404("Collection does not exist")
- # XXX Potentially add this for performance: .prefetch_related('revisions__chunks')
- queryset = type(self).queryset.filter(collection__pk=collection.pk, revisions__current=True)
-
- return queryset
-
- def get_serializer_context(self):
- context = super().get_serializer_context()
- prefetch = self.request.query_params.get("prefetch", "auto")
- context.update({"request": self.request, "prefetch": prefetch})
- return context
-
- def create(self, request, collection_uid=None, *args, **kwargs):
- # We create using batch and transaction
- return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
-
- def destroy(self, request, collection_uid=None, uid=None, *args, **kwargs):
- # We can't have destroy because we need to get data from the user (in the body) such as hmac.
- return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
-
- def update(self, request, collection_uid=None, uid=None, *args, **kwargs):
- return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
-
- def partial_update(self, request, collection_uid=None, uid=None, *args, **kwargs):
- return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
-
- def list(self, request, collection_uid=None, *args, **kwargs):
- queryset = self.get_queryset()
-
- if not self.request.query_params.get("withCollection", False):
- queryset = queryset.filter(parent__isnull=True)
-
- result, new_stoken_obj, done = self.filter_by_stoken_and_limit(request, queryset)
- new_stoken = new_stoken_obj and new_stoken_obj.uid
-
- serializer = self.get_serializer(result, many=True)
-
- ret = {
- "data": serializer.data,
- "stoken": new_stoken,
- "done": done,
- }
- return Response(ret)
-
- @action_decorator(detail=True, methods=["GET"])
- def revision(self, request, collection_uid=None, uid=None, *args, **kwargs):
- col = get_object_or_404(self.get_collection_queryset(Collection.objects), uid=collection_uid)
- item = get_object_or_404(col.items, uid=uid)
-
- limit = int(request.GET.get("limit", 50))
- iterator = request.GET.get("iterator", None)
-
- queryset = item.revisions.order_by("-id")
-
- if iterator is not None:
- iterator = get_object_or_404(queryset, uid=iterator)
- queryset = queryset.filter(id__lt=iterator.id)
-
- result = list(queryset[: limit + 1])
- if len(result) < limit + 1:
- done = True
- else:
- done = False
- result = result[:-1]
-
- serializer = CollectionItemRevisionSerializer(result, context=self.get_serializer_context(), many=True)
-
- iterator = serializer.data[-1]["uid"] if len(result) > 0 else None
-
- ret = {
- "data": serializer.data,
- "iterator": iterator,
- "done": done,
- }
- return Response(ret)
-
- # FIXME: rename to something consistent with what the clients have - maybe list_updates?
- @action_decorator(detail=False, methods=["POST"])
- def fetch_updates(self, request, collection_uid=None, *args, **kwargs):
- queryset = self.get_queryset()
-
- serializer = CollectionItemBulkGetSerializer(data=request.data, many=True)
- serializer.is_valid(raise_exception=True)
- # FIXME: make configurable?
- item_limit = 200
-
- if len(serializer.validated_data) > item_limit:
- content = {"code": "too_many_items", "detail": "Request has too many items. Limit: {}".format(item_limit)}
- return Response(content, status=status.HTTP_400_BAD_REQUEST)
-
- queryset, stoken_rev = self.filter_by_stoken(request, queryset)
-
- uids, etags = zip(*[(item["uid"], item.get("etag")) for item in serializer.validated_data])
- revs = CollectionItemRevision.objects.filter(uid__in=etags, current=True)
- queryset = queryset.filter(uid__in=uids).exclude(revisions__in=revs)
-
- new_stoken_obj = self.get_queryset_stoken(queryset)
- new_stoken = new_stoken_obj and new_stoken_obj.uid
- stoken = stoken_rev and getattr(stoken_rev, "uid", None)
- new_stoken = new_stoken or stoken
-
- serializer = self.get_serializer(queryset, many=True)
-
- ret = {
- "data": serializer.data,
- "stoken": new_stoken,
- "done": True, # we always return all the items, so it's always done
- }
- return Response(ret)
-
- @action_decorator(detail=False, methods=["POST"])
- def batch(self, request, collection_uid=None, *args, **kwargs):
- return self.transaction(request, collection_uid, validate_etag=False)
-
- @action_decorator(detail=False, methods=["POST"])
- def transaction(self, request, collection_uid=None, validate_etag=True, *args, **kwargs):
- stoken = request.GET.get("stoken", None)
- with transaction.atomic(): # We need this for locking on the collection object
- collection_object = get_object_or_404(
- self.get_collection_queryset(Collection.objects).select_for_update(), # Lock writes on the collection
- uid=collection_uid,
- )
-
- if stoken is not None and stoken != collection_object.stoken:
- content = {"code": "stale_stoken", "detail": "Stoken is too old"}
- return Response(content, status=status.HTTP_409_CONFLICT)
-
- items = request.data.get("items")
- deps = request.data.get("deps", None)
- # FIXME: It should just be one serializer
- context = self.get_serializer_context()
- context.update({"validate_etag": validate_etag})
- serializer = self.get_serializer_class()(data=items, context=context, many=True)
- deps_serializer = CollectionItemDepSerializer(data=deps, context=context, many=True)
-
- ser_valid = serializer.is_valid()
- deps_ser_valid = deps is None or deps_serializer.is_valid()
- if ser_valid and deps_ser_valid:
- items = serializer.save(collection=collection_object)
-
- ret = {}
- return Response(ret, status=status.HTTP_200_OK)
-
- return Response(
- {
- "items": serializer.errors,
- "deps": deps_serializer.errors if deps is not None else [],
- },
- status=status.HTTP_409_CONFLICT,
- )
-
-
-class CollectionItemChunkViewSet(viewsets.ViewSet):
- allowed_methods = ["GET", "PUT"]
- authentication_classes = BaseViewSet.authentication_classes
- permission_classes = BaseViewSet.permission_classes
- renderer_classes = BaseViewSet.renderer_classes
- parser_classes = (ChunkUploadParser,)
- serializer_class = CollectionItemChunkSerializer
- lookup_field = "uid"
-
- def get_serializer_class(self):
- return self.serializer_class
-
- def get_collection_queryset(self, queryset=Collection.objects):
- user = self.request.user
- return queryset.filter(members__user=user)
-
- def update(self, request, *args, collection_uid=None, collection_item_uid=None, uid=None, **kwargs):
- col = get_object_or_404(self.get_collection_queryset(), uid=collection_uid)
- # IGNORED FOR NOW: col_it = get_object_or_404(col.items, uid=collection_item_uid)
-
- data = {
- "uid": uid,
- "chunkFile": request.data["file"],
- }
-
- serializer = self.get_serializer_class()(data=data)
- serializer.is_valid(raise_exception=True)
- try:
- serializer.save(collection=col)
- except IntegrityError:
- return Response(
- {"code": "chunk_exists", "detail": "Chunk already exists."}, status=status.HTTP_409_CONFLICT
- )
-
- return Response({}, status=status.HTTP_201_CREATED)
-
- @action_decorator(detail=True, methods=["GET"])
- def download(self, request, collection_uid=None, collection_item_uid=None, uid=None, *args, **kwargs):
- col = get_object_or_404(self.get_collection_queryset(), uid=collection_uid)
- chunk = get_object_or_404(col.chunks, uid=uid)
-
- filename = chunk.chunkFile.path
- return sendfile(request, filename)
-
-
-class CollectionMemberViewSet(BaseViewSet):
- allowed_methods = ["GET", "PUT", "DELETE"]
- our_base_permission_classes = BaseViewSet.permission_classes
- permission_classes = our_base_permission_classes + (permissions.IsCollectionAdmin,)
- queryset = CollectionMember.objects.all()
- serializer_class = CollectionMemberSerializer
- lookup_field = f"user__{User.USERNAME_FIELD}__iexact"
- lookup_url_kwarg = "username"
- stoken_annotation = CollectionMember.stoken_annotation
-
- # FIXME: need to make sure that there's always an admin, and maybe also don't let an owner remove adm access
- # (if we want to transfer, we need to do that specifically)
-
- def get_queryset(self, queryset=None):
- collection_uid = self.kwargs["collection_uid"]
- try:
- collection = self.get_collection_queryset(Collection.objects).get(uid=collection_uid)
- except Collection.DoesNotExist:
- raise Http404("Collection does not exist")
-
- if queryset is None:
- queryset = type(self).queryset
-
- return queryset.filter(collection=collection)
-
- # We override this method because we expect the stoken to be called iterator
- def get_stoken_obj_id(self, request):
- return request.GET.get("iterator", None)
-
- def list(self, request, collection_uid=None, *args, **kwargs):
- queryset = self.get_queryset().order_by("id")
- result, new_stoken_obj, done = self.filter_by_stoken_and_limit(request, queryset)
- new_stoken = new_stoken_obj and new_stoken_obj.uid
- serializer = self.get_serializer(result, many=True)
-
- ret = {
- "data": serializer.data,
- "iterator": new_stoken, # Here we call it an iterator, it's only stoken for collection/items
- "done": done,
- }
-
- return Response(ret)
-
- def create(self, request, *args, **kwargs):
- return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
-
- # FIXME: block leaving if we are the last admins - should be deleted / assigned in this case depending if there
- # are other memebers.
- def perform_destroy(self, instance):
- instance.revoke()
-
- @action_decorator(detail=False, methods=["POST"], permission_classes=our_base_permission_classes)
- def leave(self, request, collection_uid=None, *args, **kwargs):
- collection_uid = self.kwargs["collection_uid"]
- col = get_object_or_404(self.get_collection_queryset(Collection.objects), uid=collection_uid)
-
- member = col.members.get(user=request.user)
- self.perform_destroy(member)
-
- return Response({})
-
-
-class InvitationBaseViewSet(BaseViewSet):
- queryset = CollectionInvitation.objects.all()
- serializer_class = CollectionInvitationSerializer
- lookup_field = "uid"
- lookup_url_kwarg = "invitation_uid"
-
- def list(self, request, collection_uid=None, *args, **kwargs):
- limit = int(request.GET.get("limit", 50))
- iterator = request.GET.get("iterator", None)
-
- queryset = self.get_queryset().order_by("id")
-
- if iterator is not None:
- iterator = get_object_or_404(queryset, uid=iterator)
- queryset = queryset.filter(id__gt=iterator.id)
-
- result = list(queryset[: limit + 1])
- if len(result) < limit + 1:
- done = True
- else:
- done = False
- result = result[:-1]
-
- serializer = self.get_serializer(result, many=True)
-
- iterator = serializer.data[-1]["uid"] if len(result) > 0 else None
-
- ret = {
- "data": serializer.data,
- "iterator": iterator,
- "done": done,
- }
-
- return Response(ret)
-
-
-class InvitationOutgoingViewSet(InvitationBaseViewSet):
- allowed_methods = ["GET", "POST", "PUT", "DELETE"]
-
- def get_queryset(self, queryset=None):
- if queryset is None:
- queryset = type(self).queryset
-
- return queryset.filter(fromMember__user=self.request.user)
-
- def create(self, request, *args, **kwargs):
- serializer = self.get_serializer(data=request.data)
- serializer.is_valid(raise_exception=True)
- collection_uid = serializer.validated_data.get("collection", {}).get("uid")
-
- try:
- collection = self.get_collection_queryset(Collection.objects).get(uid=collection_uid)
- except Collection.DoesNotExist:
- raise Http404("Collection does not exist")
-
- if request.user == serializer.validated_data.get("user"):
- content = {"code": "self_invite", "detail": "Inviting yourself is invalid"}
- return Response(content, status=status.HTTP_400_BAD_REQUEST)
-
- if not permissions.is_collection_admin(collection, request.user):
- raise PermissionDenied(
- {"code": "admin_access_required", "detail": "User is not an admin of this collection"}
- )
-
- serializer.save(collection=collection)
-
- return Response({}, status=status.HTTP_201_CREATED)
-
- @action_decorator(detail=False, allowed_methods=["GET"], methods=["GET"])
- def fetch_user_profile(self, request, *args, **kwargs):
- username = request.GET.get("username")
- kwargs = {User.USERNAME_FIELD: username.lower()}
- user = get_object_or_404(get_user_queryset(User.objects.all(), CallbackContext(self.kwargs)), **kwargs)
- user_info = get_object_or_404(UserInfo.objects.all(), owner=user)
- serializer = UserInfoPubkeySerializer(user_info)
- return Response(serializer.data)
-
-
-class InvitationIncomingViewSet(InvitationBaseViewSet):
- allowed_methods = ["GET", "DELETE"]
-
- def get_queryset(self, queryset=None):
- if queryset is None:
- queryset = type(self).queryset
-
- return queryset.filter(user=self.request.user)
-
- @action_decorator(detail=True, allowed_methods=["POST"], methods=["POST"])
- def accept(self, request, invitation_uid=None, *args, **kwargs):
- invitation = get_object_or_404(self.get_queryset(), uid=invitation_uid)
- context = self.get_serializer_context()
- context.update({"invitation": invitation})
-
- serializer = InvitationAcceptSerializer(data=request.data, context=context)
- serializer.is_valid(raise_exception=True)
- serializer.save()
- return Response(status=status.HTTP_201_CREATED)
-
-
-class AuthenticationViewSet(viewsets.ViewSet):
- allowed_methods = ["POST"]
- authentication_classes = BaseViewSet.authentication_classes
- renderer_classes = BaseViewSet.renderer_classes
- parser_classes = BaseViewSet.parser_classes
-
- def get_encryption_key(self, salt):
- key = nacl.hash.blake2b(settings.SECRET_KEY.encode(), encoder=nacl.encoding.RawEncoder)
- return nacl.hash.blake2b(
- b"",
- key=key,
- salt=salt[: nacl.hash.BLAKE2B_SALTBYTES],
- person=b"etebase-auth",
- encoder=nacl.encoding.RawEncoder,
- )
-
- def get_queryset(self):
- return get_user_queryset(User.objects.all(), CallbackContext(self.kwargs))
-
- def get_serializer_context(self):
- return {"request": self.request, "format": self.format_kwarg, "view": self}
-
- def login_response_data(self, user):
- return {
- "token": AuthToken.objects.create(user=user).key,
- "user": UserSerializer(user).data,
- }
-
- def list(self, request, *args, **kwargs):
- return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
-
- @action_decorator(detail=False, methods=["POST"])
- def signup(self, request, *args, **kwargs):
- serializer = AuthenticationSignupSerializer(data=request.data, context=self.get_serializer_context())
- serializer.is_valid(raise_exception=True)
- user = serializer.save()
-
- user_signed_up.send(sender=user.__class__, request=request, user=user)
-
- data = self.login_response_data(user)
- return Response(data, status=status.HTTP_201_CREATED)
-
- def get_login_user(self, username):
- kwargs = {User.USERNAME_FIELD + "__iexact": username.lower()}
- try:
- user = self.get_queryset().get(**kwargs)
- if not hasattr(user, "userinfo"):
- raise AuthenticationFailed({"code": "user_not_init", "detail": "User not properly init"})
- return user
- except User.DoesNotExist:
- raise AuthenticationFailed({"code": "user_not_found", "detail": "User not found"})
-
- def validate_login_request(self, request, validated_data, response_raw, signature, expected_action):
- from datetime import datetime
-
- username = validated_data.get("username")
- user = self.get_login_user(username)
- host = validated_data["host"]
- challenge = validated_data["challenge"]
- action = validated_data["action"]
-
- salt = bytes(user.userinfo.salt)
- enc_key = self.get_encryption_key(salt)
- box = nacl.secret.SecretBox(enc_key)
-
- challenge_data = msgpack_decode(box.decrypt(challenge))
- now = int(datetime.now().timestamp())
- if action != expected_action:
- content = {"code": "wrong_action", "detail": 'Expected "{}" but got something else'.format(expected_action)}
- return Response(content, status=status.HTTP_400_BAD_REQUEST)
- elif now - challenge_data["timestamp"] > app_settings.CHALLENGE_VALID_SECONDS:
- content = {"code": "challenge_expired", "detail": "Login challange has expired"}
- return Response(content, status=status.HTTP_400_BAD_REQUEST)
- elif challenge_data["userId"] != user.id:
- content = {"code": "wrong_user", "detail": "This challenge is for the wrong user"}
- return Response(content, status=status.HTTP_400_BAD_REQUEST)
- elif not settings.DEBUG and host.split(":", 1)[0] != request.get_host().split(":", 1)[0]:
- detail = 'Found wrong host name. Got: "{}" expected: "{}"'.format(host, request.get_host())
- content = {"code": "wrong_host", "detail": detail}
- return Response(content, status=status.HTTP_400_BAD_REQUEST)
-
- verify_key = nacl.signing.VerifyKey(bytes(user.userinfo.loginPubkey), encoder=nacl.encoding.RawEncoder)
-
- try:
- verify_key.verify(response_raw, signature)
- except nacl.exceptions.BadSignatureError:
- return Response(
- {"code": "login_bad_signature", "detail": "Wrong password for user."},
- status=status.HTTP_401_UNAUTHORIZED,
- )
-
- return None
-
- @action_decorator(detail=False, methods=["GET"])
- def is_etebase(self, request, *args, **kwargs):
- return Response({}, status=status.HTTP_200_OK)
-
- @action_decorator(detail=False, methods=["POST"])
- def login_challenge(self, request, *args, **kwargs):
- from datetime import datetime
-
- serializer = AuthenticationLoginChallengeSerializer(data=request.data)
- serializer.is_valid(raise_exception=True)
- username = serializer.validated_data.get("username")
- user = self.get_login_user(username)
-
- salt = bytes(user.userinfo.salt)
- enc_key = self.get_encryption_key(salt)
- box = nacl.secret.SecretBox(enc_key)
-
- challenge_data = {
- "timestamp": int(datetime.now().timestamp()),
- "userId": user.id,
- }
- challenge = box.encrypt(msgpack_encode(challenge_data), encoder=nacl.encoding.RawEncoder)
-
- ret = {
- "salt": salt,
- "challenge": challenge,
- "version": user.userinfo.version,
- }
- return Response(ret, status=status.HTTP_200_OK)
-
- @action_decorator(detail=False, methods=["POST"])
- def login(self, request, *args, **kwargs):
- outer_serializer = AuthenticationLoginSerializer(data=request.data)
- outer_serializer.is_valid(raise_exception=True)
-
- response_raw = outer_serializer.validated_data["response"]
- response = msgpack_decode(response_raw)
- signature = outer_serializer.validated_data["signature"]
-
- context = {"host": request.get_host()}
- serializer = AuthenticationLoginInnerSerializer(data=response, context=context)
- serializer.is_valid(raise_exception=True)
-
- bad_login_response = self.validate_login_request(
- request, serializer.validated_data, response_raw, signature, "login"
- )
- if bad_login_response is not None:
- return bad_login_response
-
- username = serializer.validated_data.get("username")
- user = self.get_login_user(username)
-
- data = self.login_response_data(user)
-
- user_logged_in.send(sender=user.__class__, request=request, user=user)
-
- return Response(data, status=status.HTTP_200_OK)
-
- @action_decorator(detail=False, methods=["POST"], permission_classes=[IsAuthenticated])
- def logout(self, request, *args, **kwargs):
- request.auth.delete()
- user_logged_out.send(sender=request.user.__class__, request=request, user=request.user)
- return Response(status=status.HTTP_204_NO_CONTENT)
-
- @action_decorator(detail=False, methods=["POST"], permission_classes=BaseViewSet.permission_classes)
- def change_password(self, request, *args, **kwargs):
- outer_serializer = AuthenticationLoginSerializer(data=request.data)
- outer_serializer.is_valid(raise_exception=True)
-
- response_raw = outer_serializer.validated_data["response"]
- response = msgpack_decode(response_raw)
- signature = outer_serializer.validated_data["signature"]
-
- context = {"host": request.get_host()}
- serializer = AuthenticationChangePasswordInnerSerializer(request.user.userinfo, data=response, context=context)
- serializer.is_valid(raise_exception=True)
-
- bad_login_response = self.validate_login_request(
- request, serializer.validated_data, response_raw, signature, "changePassword"
- )
- if bad_login_response is not None:
- return bad_login_response
-
- serializer.save()
-
- return Response({}, status=status.HTTP_200_OK)
-
- @action_decorator(detail=False, methods=["POST"], permission_classes=[IsAuthenticated])
- def dashboard_url(self, request, *args, **kwargs):
- get_dashboard_url = app_settings.DASHBOARD_URL_FUNC
- if get_dashboard_url is None:
- raise EtebaseValidationError(
- "not_supported", "This server doesn't have a user dashboard.", status_code=status.HTTP_400_BAD_REQUEST
- )
-
- ret = {
- "url": get_dashboard_url(request, *args, **kwargs),
- }
- return Response(ret)
-
-
-class TestAuthenticationViewSet(viewsets.ViewSet):
- allowed_methods = ["POST"]
- renderer_classes = BaseViewSet.renderer_classes
- parser_classes = BaseViewSet.parser_classes
-
- def get_serializer_context(self):
- return {"request": self.request, "format": self.format_kwarg, "view": self}
-
- def list(self, request, *args, **kwargs):
- return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
-
- @action_decorator(detail=False, methods=["POST"])
- def reset(self, request, *args, **kwargs):
- # Only run when in DEBUG mode! It's only used for tests
- if not settings.DEBUG:
- return HttpResponseBadRequest("Only allowed in debug mode.")
-
- with transaction.atomic():
- user_queryset = get_user_queryset(User.objects.all(), CallbackContext(self.kwargs))
- user = get_object_or_404(user_queryset, username=request.data.get("user").get("username"))
-
- # Only allow test users for extra safety
- if not getattr(user, User.USERNAME_FIELD).startswith("test_user"):
- return HttpResponseBadRequest("Endpoint not allowed for user.")
-
- if hasattr(user, "userinfo"):
- user.userinfo.delete()
-
- serializer = AuthenticationSignupSerializer(data=request.data, context=self.get_serializer_context())
- serializer.is_valid(raise_exception=True)
- serializer.save()
-
- # Delete all of the journal data for this user for a clear test env
- user.collection_set.all().delete()
- user.collectionmember_set.all().delete()
- user.incoming_invitations.all().delete()
-
- # FIXME: also delete chunk files!!!
-
- return HttpResponse()
diff --git a/etebase_fastapi/authentication.py b/etebase_fastapi/authentication.py
index a13cc51..1c262c8 100644
--- a/etebase_fastapi/authentication.py
+++ b/etebase_fastapi/authentication.py
@@ -18,16 +18,14 @@ from fastapi import APIRouter, Depends, status, Request
from fastapi.security import APIKeyHeader
from django_etebase import app_settings, models
-from django_etebase.exceptions import EtebaseValidationError
from django_etebase.models import UserInfo
from django_etebase.signals import user_signed_up
from django_etebase.token_auth.models import AuthToken
from django_etebase.token_auth.models import get_default_expiry
from django_etebase.utils import create_user, get_user_queryset, CallbackContext
-from django_etebase.views import msgpack_encode, msgpack_decode
from .exceptions import AuthenticationFailed, transform_validation_error, HttpError
from .msgpack import MsgpackRoute
-from .utils import BaseModel, permission_responses
+from .utils import BaseModel, permission_responses, msgpack_encode, msgpack_decode
User = get_user_model()
token_scheme = APIKeyHeader(name="Authorization")
@@ -293,7 +291,7 @@ def signup_save(data: SignupIn, request: Request) -> User:
context=CallbackContext(request.path_params),
)
instance.full_clean()
- except EtebaseValidationError as e:
+ except HttpError as e:
raise e
except django_exceptions.ValidationError as e:
transform_validation_error("user", e)
diff --git a/etebase_fastapi/utils.py b/etebase_fastapi/utils.py
index 165163a..3473fa0 100644
--- a/etebase_fastapi/utils.py
+++ b/etebase_fastapi/utils.py
@@ -1,5 +1,6 @@
import dataclasses
import typing as t
+import msgpack
from fastapi import status, Query, Depends
from pydantic import BaseModel as PyBaseModel
@@ -44,6 +45,14 @@ def is_collection_admin(collection, user):
return (member is not None) and (member.accessLevel == AccessLevels.ADMIN)
+def msgpack_encode(content):
+ return msgpack.packb(content, use_bin_type=True)
+
+
+def msgpack_decode(content):
+ return msgpack.unpackb(content, raw=False)
+
+
PERMISSIONS_READ = [Depends(x) for x in app_settings.API_PERMISSIONS_READ]
PERMISSIONS_READWRITE = PERMISSIONS_READ + [Depends(x) for x in app_settings.API_PERMISSIONS_WRITE]
diff --git a/etebase_server/settings.py b/etebase_server/settings.py
index 46ad3c9..5d57ec0 100644
--- a/etebase_server/settings.py
+++ b/etebase_server/settings.py
@@ -53,8 +53,6 @@ INSTALLED_APPS = [
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
- "corsheaders",
- "rest_framework",
"myauth.apps.MyauthConfig",
"django_etebase.apps.DjangoEtebaseConfig",
"django_etebase.token_auth.apps.TokenAuthConfig",
@@ -63,7 +61,6 @@ INSTALLED_APPS = [
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
- "corsheaders.middleware.CorsMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
@@ -124,9 +121,6 @@ USE_L10N = True
USE_TZ = True
-# Cors
-CORS_ORIGIN_ALLOW_ALL = True
-
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/3.0/howto/static-files/
diff --git a/etebase_server/urls.py b/etebase_server/urls.py
index 443763d..7cf5a60 100644
--- a/etebase_server/urls.py
+++ b/etebase_server/urls.py
@@ -1,7 +1,7 @@
import os
from django.conf import settings
-from django.conf.urls import include, url
+from django.conf.urls import url
from django.contrib import admin
from django.urls import path, re_path
from django.views.generic import TemplateView
@@ -9,15 +9,11 @@ from django.views.static import serve
from django.contrib.staticfiles import finders
urlpatterns = [
- url(r"^api/", include("django_etebase.urls")),
url(r"^admin/", admin.site.urls),
path("", TemplateView.as_view(template_name="success.html")),
]
if settings.DEBUG:
- urlpatterns += [
- url(r"^api-auth/", include("rest_framework.urls", namespace="rest_framework")),
- ]
def serve_static(request, path):
filename = finders.find(path)
diff --git a/requirements.in/base.txt b/requirements.in/base.txt
index ca8dd94..fee4a56 100644
--- a/requirements.in/base.txt
+++ b/requirements.in/base.txt
@@ -1,9 +1,5 @@
django
-django-cors-headers
-djangorestframework
-drf-nested-routers
msgpack
-psycopg2-binary
pynacl
fastapi
-uvicorn
\ No newline at end of file
+uvicorn
diff --git a/requirements.txt b/requirements.txt
index 3d19eaf..cfce456 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -7,14 +7,10 @@
asgiref==3.3.1 # via django
cffi==1.14.4 # via pynacl
click==7.1.2 # via uvicorn
-django-cors-headers==3.6.0 # via -r requirements.in/base.txt
-django==3.1.4 # via -r requirements.in/base.txt, django-cors-headers, djangorestframework, drf-nested-routers
-djangorestframework==3.12.2 # via -r requirements.in/base.txt, drf-nested-routers
-drf-nested-routers==0.92.5 # via -r requirements.in/base.txt
+django==3.1.4 # via -r requirements.in/base.txt
fastapi==0.63.0 # via -r requirements.in/base.txt
h11==0.11.0 # via uvicorn
msgpack==1.0.2 # via -r requirements.in/base.txt
-psycopg2-binary==2.8.6 # via -r requirements.in/base.txt
pycparser==2.20 # via cffi
pydantic==1.7.3 # via fastapi
pynacl==1.4.0 # via -r requirements.in/base.txt