mirror of
https://github.com/seanmorley15/AdventureLog.git
synced 2026-05-17 03:05:10 -04:00
b2ca759358
* Refactor AdventureLog Bot workflow to improve issue validation handling and encapsulate comment and close logic * feat: add API key management to settings page - Implemented API key creation, deletion, and display functionality. - Updated the settings page to fetch and show existing API keys. - Added UI elements for creating new API keys and copying them to clipboard. - Enhanced request handling to ensure proper trailing slashes for API endpoints. * feat: add API Keys documentation and update contributing guidelines * fix: update appVersion to reflect the latest build * fix: update @tailwindcss/typography to version 0.5.19 * fix: update @tailwindcss/typography to version 0.5.19 * chore: update dependencies in pnpm-lock.yaml - dompurify: upgraded from 3.3.1 to 3.3.3 - emoji-picker-element: upgraded from 1.29.0 to 1.29.1 - @sveltejs/adapter-node: updated to use @sveltejs/kit@2.55.0 - @sveltejs/adapter-vercel: updated to use @sveltejs/kit@2.55.0 - @sveltejs/kit: upgraded from 2.53.3 to 2.55.0 - @types/node: upgraded from 22.19.13 to 22.19.15 - autoprefixer: updated postcss version from 8.5.6 to 8.5.8 - baseline-browser-mapping: upgraded from 2.10.0 to 2.10.8 - daisyui: updated postcss version from 8.5.6 to 8.5.8 - prettier-plugin-svelte: upgraded from 3.5.0 to 3.5.1 - svelte-check: updated postcss version from 8.5.6 to 8.5.8 - devalue: upgraded from 5.6.3 to 5.6.4 - electron-to-chromium: upgraded from 1.5.302 to 1.5.313 - caniuse-lite: upgraded from 1.0.30001774 to 1.0.30001780 - mlly: upgraded from 1.8.0 to 1.8.1 - node-releases: upgraded from 2.0.27 to 2.0.36 - tar: upgraded from 7.5.9 to 7.5.11 - tinyexec: upgraded from 1.0.2 to 1.0.4 * fix: update appVersion to include the latest build identifier * fix: enhance authentication fallback for protected media access * feat(auth): add 'mobile-qr' to trailing slash list for URL handling * Translated using Weblate (French) Currently translated at 99.9% (1091 of 1092 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/fr/ * Translated using Weblate (Korean) Currently translated at 100.0% (1092 of 1092 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/ko/ * Translated using Weblate (German) Currently translated at 100.0% (1092 of 1092 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/de/ * Translated using Weblate (Swedish) Currently translated at 100.0% (1092 of 1092 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/sv/ * Added translation using Weblate (Catalan) * Translated using Weblate (Catalan) Currently translated at 1.2% (14 of 1092 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/ca/ * Docs: Reorder immich API permissions to natural order (#1086) * Refactor AdventureLog Bot workflow to improve issue validation handling and encapsulate comment and close logic (#1068) * Reorder immich API permissions to natural order --------- Co-authored-by: Sean Morley <git@seanmorley.com> * Translated using Weblate (Turkish) Currently translated at 100.0% (1093 of 1093 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/tr/ * Translated using Weblate (Swedish) Currently translated at 100.0% (1093 of 1093 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/sv/ * Translated using Weblate (German) Currently translated at 100.0% (1093 of 1093 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/de/ * Add ENABLE_RATE_LIMITS configuration for backend rate limiting * Set tabindex to -1 for dropdown menus to improve accessibility * feat: Enhance LocationQuickStart component with quick add functionality and location enrichment - Added quick add feature for locations with category selection. - Implemented location description enrichment using Google Maps API. - Improved search functionality and result handling. - Introduced new utility functions for location saving and validation. - Updated UI to reflect changes in location selection and quick add status. - Added toast notifications for user feedback on actions. - Refactored existing code for better readability and maintainability. fix: Ensure finite coordinates in LocationSearchMap component - Added validation for initial selection coordinates to prevent errors. chore: Update app version to v0.12.0-main-033126 - Updated versioning in config file. feat: Create location-save module for handling location data saving - Implemented saveLocation function to handle both new and existing location data. - Added utility functions for coordinate formatting and link sanitization. * fix: Remove unused API keys section from Norwegian and Polish locale files * fix: typo in backend success response (#1010) * feat: enhance API key security with PBKDF2 hashing and configurable iterations * fix: update PR handling to ignore dependabot in addition to maintainer * fix: improve error handling for image import and permission validation * fix: format code for better readability in LocationQuickStart component * Translated using Weblate (Spanish) Currently translated at 100.0% (1097 of 1097 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/es/ * Translated using Weblate (German) Currently translated at 99.7% (1094 of 1097 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/de/ * Translated using Weblate (German) Currently translated at 99.7% (1094 of 1097 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/de/ * fix: update default value for ENABLE_RATE_LIMITS in Docker configuration * feat(lodging): implement quick start feature for lodging creation - Added LodgingQuickStart component to facilitate quick lodging entry. - Integrated Google Maps support for lodging selection and details enrichment. - Enhanced LodgingModal to include quick start step and handle prefill from Google Places. - Introduced utility function to infer lodging type from Google Places data. - Updated localization files to include new strings for quick start functionality. * fix: correct appVersion to reflect the development version * fix: theme selector not working on HTTP environment (#1102) * fix: remove unnecessary trailing comma in secure cookie setting * Translated using Weblate (German) Currently translated at 100.0% (1098 of 1098 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/de/ * Translated using Weblate (Spanish) Currently translated at 100.0% (1098 of 1098 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/es/ * Translated using Weblate (Swedish) Currently translated at 100.0% (1098 of 1098 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/sv/ * Translated using Weblate (Turkish) Currently translated at 100.0% (1098 of 1098 strings) Translation: AdventureLog/Web App Translate-URL: https://hosted.weblate.org/projects/adventurelog/web-app/tr/ * feat(itinerary): add validation for global and dated itinerary items * Refactor code structure for improved readability and maintainability * feat: update serializers and views to handle images and attachments in backup/export processes * feat(itinerary): implement quick add functionality for locations and lodgings with itinerary date handling * chore: update Django and Pillow versions in requirements.txt * fix: update appVersion to reflect the main branch version * fixes External Mapping Search not using saved GPS coordinate for Loacations Fixes #1134 --------- Co-authored-by: lesensei <alain-gh@lespeps.eu> Co-authored-by: Hosted Weblate user 141821 <clearstripe@users.noreply.hosted.weblate.org> Co-authored-by: Alex <div@alexe.at> Co-authored-by: AntonPalmqvist <apq@users.noreply.hosted.weblate.org> Co-authored-by: Marc Llopart <marc@medullar.com> Co-authored-by: Stephan Zwicknagl <64196842+stephanzwicknagl@users.noreply.github.com> Co-authored-by: Orhun <orhunavcu@gmail.com> Co-authored-by: bittin1ddc447d824349b2 <bittin@reimu.nl> Co-authored-by: Matthias Thym <git@thym.at> Co-authored-by: Francisco Serrador <fserrador@gmail.com> Co-authored-by: Johannes Roeßler <adventurelog@joei.de> Co-authored-by: Gaël <67436391+Pexilo@users.noreply.github.com> Co-authored-by: MrAsieru <weblate@asier.net>
123 lines
4.3 KiB
Python
123 lines
4.3 KiB
Python
import hashlib
|
||
import secrets
|
||
import uuid
|
||
from django.conf import settings
|
||
from django.contrib.auth.models import AbstractUser
|
||
from django.db import models
|
||
from django_resized import ResizedImageField
|
||
|
||
|
||
CURRENCY_CHOICES = (
|
||
('USD', 'US Dollar'),
|
||
('EUR', 'Euro'),
|
||
('GBP', 'British Pound'),
|
||
('JPY', 'Japanese Yen'),
|
||
('AUD', 'Australian Dollar'),
|
||
('CAD', 'Canadian Dollar'),
|
||
('CHF', 'Swiss Franc'),
|
||
('CNY', 'Chinese Yuan'),
|
||
('HKD', 'Hong Kong Dollar'),
|
||
('SGD', 'Singapore Dollar'),
|
||
('SEK', 'Swedish Krona'),
|
||
('NOK', 'Norwegian Krone'),
|
||
('DKK', 'Danish Krone'),
|
||
('NZD', 'New Zealand Dollar'),
|
||
('INR', 'Indian Rupee'),
|
||
('MXN', 'Mexican Peso'),
|
||
('BRL', 'Brazilian Real'),
|
||
('ZAR', 'South African Rand'),
|
||
('AED', 'UAE Dirham'),
|
||
('TRY', 'Turkish Lira'),
|
||
)
|
||
|
||
class CustomUser(AbstractUser):
|
||
email = models.EmailField(unique=True) # Override the email field with unique constraint
|
||
profile_pic = ResizedImageField(force_format="WEBP", quality=75, null=True, blank=True, upload_to='profile-pics/')
|
||
uuid = models.UUIDField(default=uuid.uuid4, editable=False, unique=True)
|
||
public_profile = models.BooleanField(default=False)
|
||
disable_password = models.BooleanField(default=False)
|
||
measurement_system = models.CharField(max_length=10, choices=[('metric', 'Metric'), ('imperial', 'Imperial')], default='metric')
|
||
default_currency = models.CharField(max_length=5, choices=CURRENCY_CHOICES, default='USD')
|
||
|
||
|
||
def __str__(self):
|
||
return self.username
|
||
|
||
|
||
class APIKey(models.Model):
|
||
"""
|
||
Personal API keys for authenticating programmatic access.
|
||
|
||
Security design:
|
||
- A 32-byte cryptographically random token is generated with the prefix ``al_``.
|
||
- Only a PBKDF2-HMAC-SHA256 derived hash of the full token is persisted;
|
||
the plaintext is returned exactly once at creation time and never stored.
|
||
- The first 12 characters of the token are kept as ``key_prefix`` so users can
|
||
identify their keys without revealing the secret.
|
||
"""
|
||
|
||
_KEY_HASH_ITERATIONS = 600000
|
||
_KEY_HASH_SALT_NAMESPACE = "users.APIKey"
|
||
|
||
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
|
||
user = models.ForeignKey(
|
||
CustomUser, on_delete=models.CASCADE, related_name='api_keys'
|
||
)
|
||
name = models.CharField(max_length=100)
|
||
key_prefix = models.CharField(max_length=12, editable=False)
|
||
key_hash = models.CharField(max_length=64, unique=True, editable=False)
|
||
created_at = models.DateTimeField(auto_now_add=True)
|
||
last_used_at = models.DateTimeField(null=True, blank=True)
|
||
|
||
class Meta:
|
||
ordering = ['-created_at']
|
||
|
||
def __str__(self):
|
||
return f"{self.user.username} – {self.name} ({self.key_prefix}…)"
|
||
|
||
@classmethod
|
||
def _hash_raw_key(cls, raw_key: str) -> str:
|
||
"""Derive a computationally expensive hash for API key persistence."""
|
||
salt = f"{cls._KEY_HASH_SALT_NAMESPACE}:{settings.SECRET_KEY}".encode("utf-8")
|
||
return hashlib.pbkdf2_hmac(
|
||
"sha256",
|
||
raw_key.encode("utf-8"),
|
||
salt,
|
||
cls._KEY_HASH_ITERATIONS,
|
||
).hex()
|
||
|
||
@classmethod
|
||
def generate(cls, user, name: str) -> tuple['APIKey', str]:
|
||
"""
|
||
Create a new APIKey for *user* with the given *name*.
|
||
|
||
Returns a ``(instance, raw_key)`` tuple. The raw key is shown to the
|
||
user once and must never be stored anywhere after that.
|
||
"""
|
||
raw_key = f"al_{secrets.token_urlsafe(32)}"
|
||
key_hash = cls._hash_raw_key(raw_key)
|
||
key_prefix = raw_key[:12]
|
||
instance = cls.objects.create(
|
||
user=user,
|
||
name=name,
|
||
key_prefix=key_prefix,
|
||
key_hash=key_hash,
|
||
)
|
||
return instance, raw_key
|
||
|
||
@classmethod
|
||
def authenticate(cls, raw_key: str):
|
||
"""
|
||
Look up an APIKey by its raw value.
|
||
|
||
Returns the matching ``APIKey`` instance (updating ``last_used_at``) or
|
||
``None`` if not found.
|
||
"""
|
||
key_hash = cls._hash_raw_key(raw_key)
|
||
try:
|
||
api_key = cls.objects.select_related('user').get(key_hash=key_hash)
|
||
except cls.DoesNotExist:
|
||
return None
|
||
from django.utils import timezone
|
||
cls.objects.filter(pk=api_key.pk).update(last_used_at=timezone.now())
|
||
return api_key |