adding APIKey method

rowers/views/apiviews.py

@@ -473,6 +473,58 @@ def strokedata_rowingdata(request):
     return response
 
 
+@csrf_exempt
+@api_view(["POST"])
+@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True)
+@permission_classes([IsAuthenticated])
+def strokedata_rowingdata_apikey(request):
+    """
+    Upload a .csv file (rowingdata standard) through API, using
+    """
+
+    r = getrower(request.user)
+    if r.rowerplan == 'freecoach':
+        return HttpResponseNotAllowed("This endpoint is for users, not for free coach accounts")
+
+    if request.method != 'POST':
+        return HttpResponseNotAllowed("Method not supported")
+
+    form = DocumentsForm(request.POST, request.FILES)
+    if not form.is_valid():
+        return HttpResponseBadRequest(json.dumps(form.errors))
+
+    f = form.cleaned_data['file']
+    if f is None:
+        return HttpResponseBadRequest("Missing file")
+
+    filename, completefilename = handle_uploaded_file(f)
+
+    uploadoptions = {
+        'secret': settings.UPLOAD_SERVICE_SECRET,
+        'user': r.user.id,
+        'file': completefilename,
+        'workouttype': form.cleaned_data['workouttype'],
+        'boattype': form.cleaned_data['boattype'],
+        'title': form.cleaned_data['title'],
+        'rpe': form.cleaned_data['rpe'],
+        'notes': form.cleaned_data['notes']
+    }
+
+    url = settings.UPLOAD_SERVICE_URL
+    
+    _ = myqueue(queuehigh,
+                handle_request_post,
+                url,
+                uploadoptions)
+    response = JsonResponse(
+        {
+            "status": "success",
+        }
+    )
+    response.status_code = 201
+    return response
+        
+
 @csrf_exempt
 #@login_required()
 @api_view(["POST"])

rowers/views/statements.py

@@ -164,7 +164,7 @@ from rowers.models import (
     StandardCollection, CourseStandard,
     VirtualRaceFollower, TombStone, InstantPlan,
     PlannedSessionStep,InStrokeAnalysis, ForceCurveAnalysis, SyncRecord,
-    UserMessage,
+    UserMessage,APIKey,
 )
 from rowers.models import ( RowerPowerForm, RowerHRZonesForm, SimpleRowerPowerForm,
                             RowerForm, RowerCPForm, GraphImage, AdvancedWorkoutForm,
@@ -307,6 +307,27 @@ import base64
 from django.http import HttpResponse
 from django.contrib.auth import authenticate, login
 
+def view_or_apikey(view, request, test_func, realm = "", *args, **kwargs):
+    if test_func(request.user):
+        return view(request, *args, **kwargs)
+
+    if 'Authorization' in request.META:
+        api_key = request.META.get('Authorization')
+        if api_key:
+            try:
+                api_key = APIKey.objects.get(key=api_key, is_active=True)
+            except APIKey.DoesNotExist:
+                raise AuthenticationFailed('Invalid API key')
+
+            login(request, api_key.user, backend='django.contrib.auth.backends.ModelBackend')
+            request.user = api_key.user
+            return view(request, *args, **kwargs)
+
+    response = HttpResponse()
+    response.status_code = 401
+    response['WWW-Authenticate'] = 'Basic realm="%s"' % realm
+    return response
+
 #############################################################################
 #
 def view_or_basicauth(view, request, test_func, realm = "", *args, **kwargs):
@@ -348,6 +369,15 @@ def view_or_basicauth(view, request, test_func, realm = "", *args, **kwargs):
     
 #############################################################################
 #
+def logged_in_or_apikey(realm = ""):
+    def view_decorator(func):
+        def wrapper(request, *args, **kwargs):
+            return view_or_apikey(func, request,
+                                     lambda u: u.is_authenticated,
+                                     realm, *args, **kwargs)
+        return wrapper
+    return view_decorator
+
 def logged_in_or_basicauth(realm = ""):
     """
     A simple decorator that requires a user to be logged in. If they are not

rowers/views/userviews.py

@@ -632,6 +632,12 @@ def rower_edit_view(request, rowerid=0, userid=0, message=""):
         userform = UserForm(instance=r.user)
 
     grants = AccessToken.objects.filter(user=request.user)
+    try:
+        apikey = APIKey.objects.get(user=request.user)
+    except APIKey.DoesNotExist:
+        apikey = APIKey.objects.create(user=request.user)
+
+        
     return render(request, 'rower_form.html',
                   {
                       'teams': get_my_teams(request.user),
@@ -640,8 +646,20 @@ def rower_edit_view(request, rowerid=0, userid=0, message=""):
                       'userform': userform,
                       'accountform': accountform,
                       'rower': r,
+                      'apikey': apikey.key,
                   })
 
+@login_required()
+def rower_regenerate_apikey(request):
+    try:
+        apikey = APIKey.objects.get(user=request.user)
+    except APIKey.DoesNotExist:
+        apikey = APIKey.objects.create(user=request.user)
+
+    apikey.regenerate_key()
+
+    return HttpResponseRedirect(reverse('rower_edit_view'))
+
 #simple initial settings page
 @login_required()
 @permission_required('rower.is_coach', fn=get_user_by_userid, raise_exception=True)