Skip to content

Commit ff2dc2b

Browse files
NamanmeetSinghNamanmeetSingh
committed
Draft: Implement DRF API Key security gateway for V3 endpoints
Signed-off-by: Namanmeet Singh <singhnamanmeet@gmail.com>
1 parent 74172c4 commit ff2dc2b

File tree

5 files changed

+8
-0
lines changed

5 files changed

+8
-0
lines changed

requirements.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@ docopt==0.6.2
3939
docutils==0.17.1
4040
drf-spectacular==0.24.2
4141
drf-spectacular-sidecar==2022.10.1
42+
djangorestframework-api-key>=3.0.0
4243
executing==0.8.3
4344
fetchcode==0.8.2
4445
freezegun==1.2.1

setup.cfg

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -106,6 +106,8 @@ install_requires =
106106
#hashid
107107
uritemplate
108108

109+
djangorestframework-api-key>=3.0.0
110+
109111

110112
[options.extras_require]
111113
dev =

vulnerabilities/api.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
from rest_framework import viewsets
2323
from rest_framework.decorators import action
2424
from rest_framework.response import Response
25+
from rest_framework_api_key.permissions import HasAPIKey
2526

2627
from vulnerabilities.models import Alias
2728
from vulnerabilities.models import Exploit
@@ -471,6 +472,7 @@ class PackageViewSet(viewsets.ReadOnlyModelViewSet):
471472
filter_backends = (filters.DjangoFilterBackend,)
472473
filterset_class = PackageFilterSet
473474
throttle_classes = [PermissionBasedUserRateThrottle]
475+
permission_classes = [HasAPIKey]
474476

475477
def get_queryset(self):
476478
return super().get_queryset().with_is_vulnerable()

vulnerabilities/api_v2.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@
4343
from vulnerabilities.throttling import PermissionBasedUserRateThrottle
4444
from vulnerabilities.utils import group_advisories_by_content
4545

46+
from rest_framework_api_key.permissions import HasAPIKey
4647

4748
class CharInFilter(filters.BaseInFilter, filters.CharFilter):
4849
pass
@@ -1070,6 +1071,7 @@ class PackageV3ViewSet(viewsets.ReadOnlyModelViewSet):
10701071
filter_backends = [filters.DjangoFilterBackend]
10711072
filterset_class = AdvisoryPackageV2FilterSet
10721073
throttle_classes = [AnonRateThrottle, PermissionBasedUserRateThrottle]
1074+
permission_classes = [HasAPIKey]
10731075

10741076
def get_queryset(self):
10751077
return (

vulnerablecode/settings.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,7 @@
8383
"django_filters",
8484
"rest_framework",
8585
"rest_framework.authtoken",
86+
'rest_framework_api_key',
8687
"widget_tweaks",
8788
"crispy_forms",
8889
"crispy_bootstrap4",

0 commit comments

Comments
 (0)