First draft of the apps API

bookwyrm/api/urls.py

@@ -0,0 +1,35 @@
+from bookwyrm.models import User
+from django.urls import include, path
+from django.contrib import admin
+from rest_framework import routers, viewsets, generics, permissions, serializers
+admin.autodiscover()
+
+
+# Serializers define the API representation.
+class UserSerializer(serializers.HyperlinkedModelSerializer):
+    class Meta:
+        permission_classes = [permissions.IsAuthenticated]
+        model = User
+        fields = ["url", "username", "email", "is_staff"]
+
+
+# ViewSets define the view behavior.
+class UserViewSet(viewsets.ModelViewSet):
+    queryset = User.objects.all()
+    serializer_class = UserSerializer
+
+
+
+# Routers provide a way of automatically determining the URL conf.
+router = routers.DefaultRouter()
+router.register(r"v1/users", UserViewSet)
+# router.register(r"v1/apps", AppViewSet)
+# client_name, redirect_uris, scopes, website
+# router.register(r"v1/apps/verify_credentials", AppViewSet)
+
+# Wire up our API using automatic URL routing.
+# Additionally, we include login URLs for the browsable API.
+urlpatterns = [
+    path("", include(router.urls)),
+    path("api-auth/", include("rest_framework.urls", namespace="rest_framework")),
+]

bookwyrm/settings.py

@@ -101,6 +101,7 @@
     "django.contrib.messages",
     "django.contrib.staticfiles",
     "django.contrib.humanize",
+    "rest_framework",
     "oauth2_provider",
     "file_resubmit",
     "sass_processor",
@@ -146,6 +147,22 @@
     },
 ]
 
+REST_FRAMEWORK = {
+    # Use Django's standard `django.contrib.auth` permissions,
+    # or allow read-only access for unauthenticated users.
+    "DEFAULT_PERMISSION_CLASSES": [
+        # Somehow it does not work with OAuth enabled
+        # 'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
+        "rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly",
+        'rest_framework.permissions.IsAuthenticated',
+    ]
+}
+
+OAUTH2_PROVIDER = {
+    # this is the list of available scopes
+    'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'}
+}
+
 LOG_LEVEL = env("LOG_LEVEL", "INFO").upper()
 # Override aspects of the default handler to our taste
 # See https://docs.djangoproject.com/en/3.2/topics/logging/#default-logging-configuration

bookwyrm/urls.py

@@ -830,6 +830,7 @@
     ),
     path("guided-tour/<tour>", views.toggle_guided_tour),
     re_path(r"^o/", include("oauth2_provider.urls", namespace="oauth2_provider")),
+    re_path(r"^api/", include("bookwyrm.api.urls")),
 ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
 
 # Serves /static when DEBUG is true.

requirements.txt

@@ -11,6 +11,7 @@ django-csp==3.7
 django-imagekit==4.1.0
 django-model-utils==4.3.1
 django-oauth-toolkit==2.3.0
+djangorestframework==3.15.1
 django-pgtrigger==4.11.0
 django-redis==5.2.0
 django-sass-processor==1.2.2