Begin integration of django rest framework

README.md

@@ -1,57 +1,50 @@
 # ungleich-otp
 
-The ungleich OTP service that allows you access to the ungleich micro
-service infrastructure.
+ungleich-otp is a full blown authentication and authorisation service
+made for micro services.
 
-We are using
+The basic idea is that every micro service has a (long term) seed and
+creates time based tokens (TOTP, RFCXXXX).
 
-- nameko for internal communication
-- django for the DB + admin interface
+## Setup instructions ##
 
-## Status
-
-In development, pre production.
-
-## Usage: WEB
-
-- No user interface (UI) supported (?)
-  -> idea is to keep flow logic in ungleich-dynamicweb
-
-## Usage: BUS
-
-### RPC: verify(appuuid, token, appuuidtoverify, tokentoverify)
-
-Verify whether the requesting app is authenticated. This is only
-allowed to be used for trusted appuuids.
-
-Returns a JSON object:
-
-Either
-```
-{
-    status: "OK"
-}
-```
-
-OR
+This is a standard django project and thus can be easily setup using
 
 ```
-{
-    status: "FAIL"
-}
+pip install -r requirements.txt
 ```
 
+To bootstrap the application, you need your very first trusted seed to
+access the application. You can generate it using
 
+```
+to be filled in
+```
 
-## Usage: REST
+After that, you can run the application using
+
+```
+python manage.py runserver
+```
+
+The usual instructions on how to setup an https proxy should be followed.
+
+## Realms ##
+
+Access is granting/denied based on realms. There are two reserved
+realms, all other realms can be used by the users:
+
+* ungleich-admin: realm??
+
+## Status ##
+
+## Usage: REST ##
 
 - Use an existing token to connect to the service
 - All REST based messages: JSON
 
 ### POST: /verify
 
-Not sure if this one will be publicly available.
-
 Request JSON object:
 
 ```
@@ -81,6 +74,40 @@ OR
 }
 ```
 
+### POST /register
+
+Register a new seed. Returns an app ID.
+
+Request JSON object:
+
+```
+{
+    version: "1",
+    appuuid: "your-app-uuid",
+    token: "current time based token",
+    username: "user this app belongs to",
+    appname: "name of your web app"
+}
+```
+
+Response JSON object:
+
+```
+{
+    status: "OK",
+    appuuid: "UUID of your app",
+}
+```
+
+OR
+
+```
+{
+    status: "FAIL",
+    error: "Reason for failure"
+}
+```
+
 ### POST /app/register
 
 Register a new app. Returns an app ID.

requirements.txt

@@ -1,2 +1,7 @@
 pyotp>=2.2.6
 django>=2.1.2
+djangorestframework
+
+# Recommended
+markdown
+django-filter

ungleichotp/ungleichotp/settings.py

@@ -37,6 +37,7 @@ INSTALLED_APPS = [
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
+    'rest_framework',
     'otpauth'
 ]
 

ungleichotp/ungleichotp/urls.py

@@ -15,7 +15,38 @@ Including another URLconf
 """
 from django.contrib import admin
 from django.urls import path
+# from django.conf.urls import url, include
 
+
+# urlpatterns = [
+
+#     url(r'^api-auth/', include('rest_framework.urls'))
+# ]
+
+
+from django.conf.urls import url, include
+from django.contrib.auth.models import User
+from rest_framework import routers, serializers, viewsets
+
+# Serializers define the API representation.
+class UserSerializer(serializers.HyperlinkedModelSerializer):
+    class Meta:
+        model = User
+        fields = ('url', 'username', 'email', 'is_staff')
+
+# ViewSets define the view behavior.
+class UserViewSet(viewsets.ModelViewSet):
+    queryset = User.objects.all()
+    serializer_class = UserSerializer
+
+# Routers provide an easy way of automatically determining the URL conf.
+router = routers.DefaultRouter()
+router.register(r'users', UserViewSet)
+
+# Wire up our API using automatic URL routing.
+# Additionally, we include login URLs for the browsable API.
 urlpatterns = [
     path('admin/', admin.site.urls),
+    url(r'^', include(router.urls)),
+    url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework'))
 ]