wireguard_webadmin/api_v2/views.py

import json
import uuid as uuid_lib

from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.shortcuts import get_object_or_404, redirect, render
from django.utils.translation import gettext_lazy as _

from user_manager.models import UserAcl
from .forms import ApiKeyForm
from .models import ApiKey


@login_required
def view_api_key_list(request):
    if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=50).exists():
        return render(request, 'access_denied.html', {'page_title': _('Access Denied')})

    page_title = _('API Keys')
    api_keys = ApiKey.objects.all().order_by('name')
    context = {'page_title': page_title, 'api_keys': api_keys}
    return render(request, 'api_v2/list.html', context)

@login_required
def view_manage_api_key(request):
    if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=50).exists():
        return render(request, 'access_denied.html', {'page_title': _('Access Denied')})

    api_key = None
    if 'uuid' in request.GET:
        api_key = get_object_or_404(ApiKey, uuid=request.GET['uuid'])
        page_title = _('Edit API Key: ') + api_key.name
        
    else:
        page_title = _('Add API Key')

    if request.method == 'POST':
        if api_key:
            form = ApiKeyForm(request.POST, instance=api_key, user=request.user)
        else:
            form = ApiKeyForm(request.POST, user=request.user)

        if request.POST.get('regenerate_token') == 'true' and api_key:
            api_key.token = uuid_lib.uuid4()
            api_key.save()
            messages.success(request, _('Token regenerated successfully.'))
            return redirect('/manage_api/v2/list/')

        if form.is_valid():
            form.save()
            messages.success(request, _('API Key saved successfully.'))
            return redirect('/manage_api/v2/list/')
    else:
        if api_key:
            form = ApiKeyForm(instance=api_key, user=request.user)
        else:
            form = ApiKeyForm(user=request.user)

    form_description = {
        'size': '',
        'content': _('''
        <h5>API Keys</h5>
        <p>API Keys allow external applications to interact with the WireGuard WebAdmin API.</p>
        <p><strong>Token:</strong> The secret token used for authentication. Keep this secure.</p>
        <p><strong>Allowed Instances:</strong> The WireGuard instances this key can manage. If none are selected, the key has access to ALL instances.</p>
        <p><strong>Permissions:</strong> specific actions allowed for this key.</p>
        ''')
    }

    context = {
        'page_title': page_title,
        'form': form,
        'instance': api_key,
        'form_description': form_description
    }
    return render(request, 'api_v2/api_key_form.html', context)


@login_required
def view_delete_api_key(request, uuid):
    if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=50).exists():
        return render(request, 'access_denied.html', {'page_title': _('Access Denied')})

    api_key = get_object_or_404(ApiKey, uuid=uuid)

    if request.method == 'POST':
        api_key.delete()
        messages.success(request, _('API Key deleted successfully.'))
        return redirect('api_v2_list')

    context = {
        'object': api_key,
        'title': _('Delete API Key'),
        'cancel_url': f"/manage_api/v2/manage/?uuid={api_key.uuid}",
        'text': _('Are you sure you want to delete the API Key "%(name)s"?') % {'name': api_key.name}
    }
    return render(request, 'generic_delete_confirmation.html', context)


@login_required
def view_api_docs(request):
    from django.urls.resolvers import URLPattern
    from api_v2 import urls_api

    if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=50).exists():
        return render(request, 'access_denied.html', {'page_title': _('Access Denied')})

    docs = []
    # We iterate over the urlpatterns from the api_v2.urls_api module
    for pattern in urls_api.urlpatterns:
        if isinstance(pattern, URLPattern):
            view_func = pattern.callback
            # The view might be wrapped (e.g. by @csrf_exempt), but @api_doc metadata
            # should have been preserved on the wrapper or be available on the original function.
            # verify_api_doc checks handled this.
            if hasattr(view_func, 'api_doc'):
                doc_data = view_func.api_doc.copy()
                doc_data['url_pattern'] = str(pattern.pattern)
                doc_data['name'] = pattern.name

                # Convert examples to curl commands
                if 'examples' in doc_data:
                    curl_examples = {}
                    for key, example in doc_data['examples'].items():
                        method = example.get('method', 'POST')
                        body = example.get('json', {})
                        url = f"https://your-server/api/v2/{doc_data['url_pattern']}"
                        
                        curl_cmd = f"curl -X {method} {url} \\\n"
                        curl_cmd += "  -H 'token: <YOUR_API_TOKEN>' \\\n"
                        curl_cmd += "  -H 'Content-Type: application/json' \\\n"
                        curl_cmd += f"  -d '{json.dumps(body, indent=4)}'"
                        
                        curl_examples[key] = curl_cmd
                    doc_data['examples'] = curl_examples

                docs.append(doc_data)

    context = {
        'page_title': _('API Documentation'),
        'docs': docs
    }
    return render(request, 'api_v2/api_documentation.html', context)