From b854d8f22ea16f02cfd516275d13e61c81964333 Mon Sep 17 00:00:00 2001
From: Johannes Christ <jc@jchri.st>
Date: Tue, 14 Aug 2018 22:34:45 +0200
Subject: Add bot API key permission check.

---
 pysite/permissions.py |  8 ++++++++
 pysite/settings.py    | 11 +++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 pysite/permissions.py

(limited to 'pysite')

diff --git a/pysite/permissions.py b/pysite/permissions.py
new file mode 100644
index 00000000..2a96b819
--- /dev/null
+++ b/pysite/permissions.py
@@ -0,0 +1,8 @@
+from django.conf import setting
+from rest_framework import permissions
+
+
+class HasValidAPIKey(permissions.BasePermission):
+    def has_permission(self, request, view):
+        api_key = request.META.get('HTTP_X_API_KEY')
+        return api_key == settings.BOT_API_KEY
diff --git a/pysite/settings.py b/pysite/settings.py
index cf89bb40..247a27a9 100644
--- a/pysite/settings.py
+++ b/pysite/settings.py
@@ -159,3 +159,14 @@ if DEBUG:
     PARENT_HOST = 'pythondiscord.local:8000'
 else:
     PARENT_HOST = 'pythondiscord.com'
+
+# Django REST framework
+# http://www.django-rest-framework.org
+REST_FRAMEWORK = {
+    'DEFAULT_PERMISSION_CLASSES': [
+        'pysite.permissions.HasValidAPIKey'
+    ]
+}
+
+# Bot API settings
+BOT_API_KEY = env('BOT_API_KEY')
-- 
cgit v1.2.3