File size: 3,019 Bytes
2529305
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
"""
API Token model for datastore API access.
"""

import secrets
import uuid

from django.conf import settings
from django.db import models


class DataStoreAPIToken(models.Model):
    """
    API token for accessing datastore data via REST API.
    Tokens can be scoped to a single datastore or grant access to all datastores.
    """

    id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)

    # The actual token value (64-char URL-safe string)
    token = models.CharField(
        max_length=64,
        unique=True,
        db_index=True,
        help_text="API token value (auto-generated)",
    )

    # Friendly name to identify this token
    name = models.CharField(
        max_length=100,
        help_text="Friendly name for this token",
    )

    # Optional: Restrict to specific datastore (null = global access to all datastores)
    datastore = models.ForeignKey(
        "DataStore",
        on_delete=models.CASCADE,
        null=True,
        blank=True,
        related_name="api_tokens",
        help_text="If set, token only grants access to this datastore. Leave empty for global access.",
    )

    # Timestamps
    created_at = models.DateTimeField(auto_now_add=True)
    last_used_at = models.DateTimeField(
        null=True,
        blank=True,
        help_text="Last time this token was used",
    )
    expires_at = models.DateTimeField(
        null=True,
        blank=True,
        help_text="Optional expiration date. Leave empty for no expiration.",
    )

    # Who created this token
    created_by = models.ForeignKey(
        settings.AUTH_USER_MODEL,
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name="created_api_tokens",
    )

    # Active flag for soft-disable
    is_active = models.BooleanField(
        default=True,
        help_text="Inactive tokens cannot be used for API access",
    )

    class Meta:
        db_table = "datastore_api_tokens"
        verbose_name = "API token"
        verbose_name_plural = "API tokens"
        ordering = ["-created_at"]

    def __str__(self):
        if self.datastore:
            return f"{self.name} ({self.datastore.name})"
        return f"{self.name} (global)"

    @staticmethod
    def generate_token() -> str:
        """Generate a secure random API token (64 chars, URL-safe)."""
        return secrets.token_urlsafe(48)

    def get_masked_token(self) -> str:
        """Return a masked version of the token for display."""
        if len(self.token) <= 12:
            return "*" * len(self.token)
        return f"{self.token[:8]}...{self.token[-4:]}"

    @property
    def is_global(self) -> bool:
        """Return True if this is a global token (not scoped to a datastore)."""
        return self.datastore is None

    @property
    def scope_display(self) -> str:
        """Return a human-readable scope description."""
        if self.datastore:
            return f"Datastore: {self.datastore.name}"
        return "All datastores"