feat:api token

cunla · cunla · commit 3282550e6a9d · 2023-09-17T13:48:42.000-04:00
diff --git a/docs/changelog.md b/docs/changelog.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## v1.1.0 🌈
+
+### 🚀 Features
+
+- Enable using stats view using api token
+
 ## v1.0.2 🌈
 
 ### 🧰 Maintenance
diff --git a/docs/configuration.md b/docs/configuration.md
@@ -22,6 +22,7 @@ SCHEDULER_QUEUES = {
         'REDIS_CLIENT_KWARGS': {  # Eventual additional Redis connection arguments
             'ssl_cert_reqs': None,
         },
+        'TOKEN_VALIDATION_METHOD': None,  # Method to validate auth-header
     },
     'high': {
         'URL': os.getenv('REDISTOGO_URL', 'redis://localhost:6379/0'),  # If you're on Heroku
@@ -59,6 +60,13 @@ will check which job executions are pending.
 
 Default: `10` (10 seconds).
 
+### SCHEDULER_CONFIG: `TOKEN_VALIDATION_METHOD`
+
+Method to validate request `Authorization` header with.
+Enables checking stats using API token.
+
+Default: no tokens allowed.
+
 ### `SCHEDULER_QUEUES`
 
 You can configure the queues to work with.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -56,7 +56,7 @@ poetry = "^1.6"
 coverage = "^7"
 fakeredis = { version = "^2.15", extras = ['lua'] }
 Flake8-pyproject = "^1.2"
-
+pyyaml = "^6.0"
 
 [tool.poetry.extras]
 yaml = ["pyyaml"]
diff --git a/scheduler/settings.py b/scheduler/settings.py
@@ -9,6 +9,10 @@
 SCHEDULER_CONFIG = dict()
 
 
+def _token_validation(token: str) -> bool:
+    return False
+
+
 def conf_settings():
     global QUEUES
     global SCHEDULER_CONFIG
@@ -26,6 +30,7 @@ def conf_settings():
         'DEFAULT_TIMEOUT': 300,  # 5 minutes
         'SCHEDULER_INTERVAL': 10,  # 10 seconds
         'FAKEREDIS': False,  # For testing purposes
+        'TOKEN_VALIDATION_METHOD': _token_validation,  # Access stats from another application using API tokens
     }
     user_settings = getattr(settings, 'SCHEDULER_CONFIG', {})
     SCHEDULER_CONFIG.update(user_settings)
diff --git a/scheduler/tests/test_views.py b/scheduler/tests/test_views.py
@@ -471,7 +471,7 @@ def test_statistics_json_view(self):
             res = self.client.get(reverse('queues_home_json'))
             self.assertEqual(res.status_code, 200)
 
-            # Not staff, only token
+            # Not staff => return 404
             self.user.is_staff = False
             self.user.save()
 
@@ -481,3 +481,18 @@ def test_statistics_json_view(self):
             # 404 code for stats
             res = self.client.get(reverse('queues_home_json'))
             self.assertEqual(res.status_code, 404)
+
+    @staticmethod
+    def token_validation(token: str) -> bool:
+        return token == 'valid'
+
+    @patch('scheduler.views.SCHEDULER_CONFIG')
+    def test_statistics_json_view_token(self, configuration):
+        configuration.get.return_value = ViewTest.token_validation
+        self.user.is_staff = False
+        self.user.save()
+        res = self.client.get(reverse('queues_home_json'), headers={'Authorization': 'valid'})
+        self.assertEqual(res.status_code, 200)
+
+        res = self.client.get(reverse('queues_home_json'), headers={'Authorization': 'invalid'})
+        self.assertEqual(res.status_code, 404)
diff --git a/scheduler/views.py b/scheduler/views.py
@@ -46,8 +46,10 @@ def stats(request):
 
 
 def stats_json(request):
-    # TODO support API token
-    if request.user.is_staff:
+    auth_token = request.headers.get('Authorization')
+    token_validation_func = SCHEDULER_CONFIG.get('TOKEN_VALIDATION_METHOD')
+    if (request.user.is_staff or
+            (token_validation_func and auth_token and token_validation_func(auth_token))):
         return JsonResponse(get_statistics())
 
     return HttpResponseNotFound()
