[Feature] Create API Key Authenticaton for v1 API (#327)

Add API key authentication to v1 API Also includes: - management command to create keys for users - Improvements to API tests Minor: - more robust way to start docker dev container. Reviewed-on: enviPath/enviPy#327 Co-authored-by: Tobias O <tobias.olenyi@envipath.com> Co-committed-by: Tobias O <tobias.olenyi@envipath.com>
2026-02-11 02:29:54 +13:00
parent c0cfdb9255
commit 5789f20e7f
15 changed files with 282 additions and 165 deletions
--- a/epapi/v1/auth.py
+++ b/epapi/v1/auth.py
@ -1,8 +1,34 @@
+import hashlib
+
 from ninja.security import HttpBearer
 from ninja.errors import HttpError

+from epdb.models import APIToken
+

 class BearerTokenAuth(HttpBearer):
    def authenticate(self, request, token):
-        # FIXME: placeholder; implement it in O(1) time
-        raise HttpError(401, "Invalid or expired token")
+        if token is None:
+            return None
+
+        hashed_token = hashlib.sha256(token.encode()).hexdigest()
+        user = APIToken.authenticate(hashed_token, hashed=True)
+        if not user:
+            raise HttpError(401, "Invalid or expired token")
+
+        request.user = user
+        return user
+
+
+class OptionalBearerTokenAuth:
+    """Bearer auth that allows unauthenticated access.
+
+    Validates the Bearer token if present (401 on invalid token),
+    otherwise lets the request through for anonymous/session access.
+    """
+
+    def __init__(self):
+        self._bearer = BearerTokenAuth()
+
+    def __call__(self, request):
+        return self._bearer(request) or request.user