0079_apitoken_data.py

# Generated by Django 6.0.3 on 2026-03-10 22:09

from django.db import migrations
from django.contrib.auth.hashers import make_password


def migrate_api_tokens(apps, schema_editor):
    """Migrate existing plain-text DRF tokens to the new hashed APIToken model."""
    APIToken = apps.get_model("scanpipe", "APIToken")
    PREFIX_LENGTH = 8

    with schema_editor.connection.cursor() as cursor:
        cursor.execute(
            "SELECT EXISTS (SELECT 1 FROM information_schema.tables "
            "WHERE table_name = 'authtoken_token')"
        )
        table_exists = cursor.fetchone()[0]

        if not table_exists:
            return

        cursor.execute("SELECT user_id, key, created FROM authtoken_token")
        rows = cursor.fetchall()
        if not rows:
            return

        tokens_to_create = [
            APIToken(
                user_id=user_id,
                prefix=key[:PREFIX_LENGTH],
                key_hash=make_password(key),
                created=created,
            )
            for user_id, key, created in rows
        ]
        migrated_tokens = APIToken.objects.bulk_create(tokens_to_create, ignore_conflicts=True)
        if migrated_tokens:
            print(f" -> {len(migrated_tokens)} tokens migrated.")


def reverse_migrate_api_tokens(apps, schema_editor):
    """Reverse migration: remove all migrated tokens."""
    APIToken = apps.get_model("scanpipe", "APIToken")
    APIToken.objects.all().delete()


class Migration(migrations.Migration):

    dependencies = [
        ('scanpipe', '0078_apitoken'),
    ]

    operations = [
        migrations.RunPython(migrate_api_tokens, reverse_migrate_api_tokens),
        migrations.RunSQL(
            sql="DROP TABLE IF EXISTS authtoken_token",
            reverse_sql=migrations.RunSQL.noop,
        ),
    ]