import uuid from django.utils.translation import ugettext_lazy as _ from rest_framework.authtoken.models import Token from django.conf import settings from django.db import models from common.db.models import BaseCreateUpdateModel class AccessKey(models.Model): id = models.UUIDField(verbose_name='AccessKeyID', primary_key=True, default=uuid.uuid4, editable=False) secret = models.UUIDField(verbose_name='AccessKeySecret', default=uuid.uuid4, editable=False) user = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name='User', on_delete=models.CASCADE, related_name='access_keys') is_active = models.BooleanField(default=True, verbose_name=_('Active')) date_created = models.DateTimeField(auto_now_add=True) def get_id(self): return str(self.id) def get_secret(self): return str(self.secret) def get_full_value(self): return '{}:{}'.format(self.id, self.secret) def __str__(self): return str(self.id) class Meta: verbose_name = _("Access key") class PrivateToken(Token): """Inherit from auth token, otherwise migration is boring""" class Meta: verbose_name = _('Private Token') class SSOToken(BaseCreateUpdateModel): """ 类似腾讯企业邮的 [单点登录](https://exmail.qq.com/qy_mng_logic/doc#10036) 出于安全考虑,这里的 `token` 使用一次随即过期。但我们保留每一个生成过的 `token`。 """ authkey = models.UUIDField(primary_key=True, default=uuid.uuid4, verbose_name=_('Token')) expired = models.BooleanField(default=False, verbose_name=_('Expired')) user = models.ForeignKey('users.User', on_delete=models.CASCADE, verbose_name=_('User'), db_constraint=False) class Meta: verbose_name = _('SSO token') class ConnectionToken(BaseCreateUpdateModel): # Todo: 未来可能放到这里,不记录到 redis 了,虽然方便,但是不易于审计 # Todo: add connection token 可能要授权给 普通用户, 或者放开就行 class Meta: verbose_name = _('Connection token') permissions = [ ('view_connectiontokensecret', _('Can view connection token secret')) ] class SuperConnectionToken(ConnectionToken): class Meta: proxy = True verbose_name = _("Super connection token")