From af772b6abb5cbf689be2b71a31d01bd1718bd051 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micka=C3=ABl=20Desfr=C3=AAnes?=
<mickael.desfrenes@unicaen.fr>
Date: Wed, 11 Dec 2024 21:10:29 +0100
Subject: [PATCH] add auth to iiif endpoint
---
pount/apps/iiif/views.py | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/pount/apps/iiif/views.py b/pount/apps/iiif/views.py
index 58b7caca..a765bea6 100644
--- a/pount/apps/iiif/views.py
+++ b/pount/apps/iiif/views.py
@@ -2,9 +2,16 @@ from os import environ
from django.conf import settings
from django.contrib.auth import get_user_model
+from django.core.exceptions import PermissionDenied
+from django.shortcuts import get_object_or_404
+from rest_framework_simplejwt.authentication import JWTAuthentication
from revproxy.views import ProxyView
+from pount.apps.api.models import MediaFile
+from pount.apps.api.rules import ITEM_VIEW
+
User = get_user_model()
+JWT_authenticator = JWTAuthentication()
def get_request_headers(self):
@@ -46,17 +53,16 @@ def get_request_headers(self):
ProxyView.get_request_headers = get_request_headers
-# class TestProxyView(LoginRequiredMixin, ProxyView):
class TestProxyView(ProxyView):
upstream = environ.get("IIIF_UPSTREAM_URL", "http://localhost:8182/iiif/")
add_x_forwarded = True
def dispatch(self, request, *args, **kwargs):
- # for k in request.META.keys():
- # print(k)
- # print(args)
- # print(kwargs)
- # if not request.user.has_perm(rules.ITEM_EDIT, obj):
- # print("can't touch dis")
-
- return super().dispatch(request, *args, **kwargs)
+ response = JWT_authenticator.authenticate(request)
+ if response is not None:
+ user, _ = response
+ file_id = request.path.lstrip("iiif/3").split(".tiled.tif")[0]
+ file = get_object_or_404(MediaFile, id=file_id)
+ if user.has_perm(ITEM_VIEW, file.item):
+ return super().dispatch(request, *args, **kwargs)
+ raise PermissionDenied()
--
GitLab