mirror of
https://github.com/ansible/awx.git
synced 2026-01-19 13:41:28 -03:30
f81859510c
* Change Swagger UI endpoint from /api/swagger/ to /api/docs/ - Update URL pattern to use /docs/ instead of /swagger/ - Update API root response to show 'docs' key instead of 'swagger' - Add authentication requirement for schema documentation endpoints - Update contact email to controller-eng@redhat.com The schema endpoints (/api/docs/, /api/schema/, /api/redoc/) now require authentication to prevent unauthorized access to API documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Require authentication for all schema endpoints including /api/schema/ Create custom view classes that enforce authentication for all schema endpoints to prevent inconsistent access control where UI views required authentication but the raw schema endpoint remained publicly accessible. This ensures all schema endpoints (/api/schema/, /api/docs/, /api/redoc/) consistently require authentication. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Add unit tests for authenticated schema view classes Add test coverage for the new AuthenticatedSpectacular* view classes to ensure they properly require authentication. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * remove unused import --------- Co-authored-by: Claude <noreply@anthropic.com>
76 lines
2.5 KiB
Python
76 lines
2.5 KiB
Python
import warnings
|
|
|
|
from rest_framework.permissions import IsAuthenticated
|
|
from drf_spectacular.openapi import AutoSchema
|
|
from drf_spectacular.views import (
|
|
SpectacularAPIView,
|
|
SpectacularSwaggerView,
|
|
SpectacularRedocView,
|
|
)
|
|
|
|
|
|
class CustomAutoSchema(AutoSchema):
|
|
"""Custom AutoSchema to add swagger_topic to tags and handle deprecated endpoints."""
|
|
|
|
def get_tags(self):
|
|
tags = []
|
|
try:
|
|
if hasattr(self.view, 'get_serializer'):
|
|
serializer = self.view.get_serializer()
|
|
else:
|
|
serializer = None
|
|
except Exception:
|
|
serializer = None
|
|
warnings.warn(
|
|
'{}.get_serializer() raised an exception during '
|
|
'schema generation. Serializer fields will not be '
|
|
'generated for this view.'.format(self.view.__class__.__name__)
|
|
)
|
|
|
|
if hasattr(self.view, 'swagger_topic'):
|
|
tags.append(str(self.view.swagger_topic).title())
|
|
elif serializer and hasattr(serializer, 'Meta') and hasattr(serializer.Meta, 'model'):
|
|
tags.append(str(serializer.Meta.model._meta.verbose_name_plural).title())
|
|
elif hasattr(self.view, 'model'):
|
|
tags.append(str(self.view.model._meta.verbose_name_plural).title())
|
|
else:
|
|
tags = super().get_tags() # Use default drf-spectacular behavior
|
|
|
|
if not tags:
|
|
warnings.warn(f'Could not determine tags for {self.view.__class__.__name__}')
|
|
tags = ['api'] # Fallback to default value
|
|
|
|
return tags
|
|
|
|
def is_deprecated(self):
|
|
"""Return `True` if this operation is to be marked as deprecated."""
|
|
return getattr(self.view, 'deprecated', False)
|
|
|
|
|
|
class AuthenticatedSpectacularAPIView(SpectacularAPIView):
|
|
"""SpectacularAPIView that requires authentication."""
|
|
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
|
|
class AuthenticatedSpectacularSwaggerView(SpectacularSwaggerView):
|
|
"""SpectacularSwaggerView that requires authentication."""
|
|
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
|
|
class AuthenticatedSpectacularRedocView(SpectacularRedocView):
|
|
"""SpectacularRedocView that requires authentication."""
|
|
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
|
|
# Schema view (returns OpenAPI schema JSON/YAML)
|
|
schema_view = AuthenticatedSpectacularAPIView.as_view()
|
|
|
|
# Swagger UI view
|
|
swagger_ui_view = AuthenticatedSpectacularSwaggerView.as_view(url_name='api:schema-json')
|
|
|
|
# ReDoc UI view
|
|
redoc_view = AuthenticatedSpectacularRedocView.as_view(url_name='api:schema-json')
|