fixed bookmarklet

2026-01-01 04:10:06 -05:00 · 2022-08-04 18:45:40 +02:00
parent 3ec4afb02f
commit f7af0741fe
6 changed files with 13 additions and 9 deletions
--- a/cookbook/static/js/bookmarklet_v3.js
+++ b/cookbook/static/js/bookmarklet_v3.js
@@ -28,7 +28,7 @@
            const xhr = new XMLHttpRequest();
            xhr.open('POST', url, true);
            xhr.setRequestHeader('Content-Type', 'application/json');
-            xhr.setRequestHeader('Authorization', 'Token ' + token);
+            xhr.setRequestHeader('Authorization', 'Bearer ' + token);

            // listen for `onload` event
            xhr.onload = () => {
--- a/cookbook/templatetags/custom_tags.py
+++ b/cookbook/templatetags/custom_tags.py
@@ -151,7 +151,7 @@ def bookmarklet(request):
            localStorage.setItem('redirectURL', '" + server + reverse('data_import_url') + "'); \
            localStorage.setItem('token', '" + api_token.__str__() + "'); \
            document.body.appendChild(document.createElement(\'script\')).src=\'" \
-               + server + prefix + static('js/bookmarklet.js') + "? \
+               + server + prefix + static('js/bookmarklet_v3.js') + "? \
            r=\'+Math.floor(Math.random()*999999999);}})();'>Test</a>"
    return re.sub(r"[\n\t]*", "", bookmark)

--- a/cookbook/views/api.py
+++ b/cookbook/views/api.py
@@ -54,7 +54,7 @@ from cookbook.helper.ingredient_parser import IngredientParser
 from cookbook.helper.permission_helper import (CustomIsAdmin, CustomIsOwner,
                                               CustomIsOwnerReadOnly, CustomIsShared,
                                               CustomIsSpaceOwner, CustomIsUser, group_required,
-                                               is_space_owner, switch_user_active_space, above_space_limit, CustomRecipePermission, CustomUserPermission, CustomTokenHasReadWriteScope)
+                                               is_space_owner, switch_user_active_space, above_space_limit, CustomRecipePermission, CustomUserPermission, CustomTokenHasReadWriteScope, CustomTokenHasScope)
 from cookbook.helper.recipe_search import RecipeFacet, RecipeSearch
 from cookbook.helper.recipe_url_import import get_from_youtube_scraper, get_images_from_soup
 from cookbook.helper.scrapers.scrapers import text_scraper
@@ -1035,7 +1035,8 @@ class ExportLogViewSet(viewsets.ModelViewSet):
 class BookmarkletImportViewSet(viewsets.ModelViewSet):
    queryset = BookmarkletImport.objects
    serializer_class = BookmarkletImportSerializer
-    permission_classes = [CustomIsUser & CustomTokenHasReadWriteScope]
+    permission_classes = [CustomIsUser & CustomTokenHasScope]
+    required_scopes = ['bookmarklet']

    def get_serializer_class(self):
        if self.action == 'list':
--- a/cookbook/views/data.py
+++ b/cookbook/views/data.py
@@ -1,12 +1,15 @@
+import uuid
 from datetime import datetime

 from django.contrib import messages
 from django.http import HttpResponseRedirect
 from django.shortcuts import redirect, render
 from django.urls import reverse
+from django.utils import timezone
 from django.utils.translation import gettext as _
 from django.utils.translation import ngettext
 from django_tables2 import RequestConfig
+from oauth2_provider.models import AccessToken
 from rest_framework.authtoken.models import Token

 from cookbook.forms import BatchEditForm, SyncForm
@@ -115,8 +118,8 @@ def import_url(request):
        messages.add_message(request, messages.WARNING, msg)
        return HttpResponseRedirect(reverse('index'))

-    if (api_token := Token.objects.filter(user=request.user).first()) is None:
-        api_token = Token.objects.create(user=request.user)
+    if (api_token := AccessToken.objects.filter(user=request.user, scope='bookmarklet').first()) is None:
+        api_token = AccessToken.objects.create(user=request.user, scope='bookmarklet', expires=(timezone.now() + timezone.timedelta(days=365*10)), token=f'tda_{str(uuid.uuid4()).replace("-","_")}')

    bookmarklet_import_id = -1
    if 'id' in request.GET:
--- a/cookbook/views/views.py
+++ b/cookbook/views/views.py
@@ -339,7 +339,7 @@ def user_settings(request):
        search_form = SearchPreferenceForm()

    if (api_token := AccessToken.objects.filter(user=request.user).first()) is None:
-        api_token = AccessToken.objects.create(user=request.user, token=f'tda_{str(uuid.uuid4()).replace("-","_")}', expires=(timezone.now() + timezone.timedelta(days=365*5)), scope='read write').token
+        api_token = AccessToken.objects.create(user=request.user, token=f'tda_{str(uuid.uuid4()).replace("-","_")}', expires=(timezone.now() + timezone.timedelta(days=365*10)), scope='read write').token

    # these fields require postgresql - just disable them if postgresql isn't available
    if not settings.DATABASES['default']['ENGINE'] in ['django.db.backends.postgresql_psycopg2',
--- a/vue/src/apps/ImportView/ImportView.vue
+++ b/vue/src/apps/ImportView/ImportView.vue
@@ -695,7 +695,7 @@ export default {
                `localStorage.setItem("importURL", "${localStorage.getItem('BASE_PATH')}${this.resolveDjangoUrl('api:bookmarkletimport-list')}");` +
                `localStorage.setItem("redirectURL", "${localStorage.getItem('BASE_PATH')}${this.resolveDjangoUrl('data_import_url')}");` +
                `localStorage.setItem("token", "${window.API_TOKEN}");` +
-                `document.body.appendChild(document.createElement("script")).src="${localStorage.getItem('BASE_PATH')}${resolveDjangoStatic('/js/bookmarklet.js')}?r="+Math.floor(Math.random()*999999999)}` +
+                `document.body.appendChild(document.createElement("script")).src="${localStorage.getItem('BASE_PATH')}${resolveDjangoStatic('/js/bookmarklet_v3.js')}?r="+Math.floor(Math.random()*999999999)}` +
                `})()`
        },
    },