ops/nixos: add dev-quotes.bfob.gg to server aliases

This commit is contained in:
Luke Granger-Brown 2021-01-20 00:22:54 +00:00
parent 5ee6a1c3b7
commit 1fe4e04464
14 changed files with 123 additions and 2 deletions

View file

@ -54,6 +54,14 @@ in
proxyPass = "http://unix:${sock}"; proxyPass = "http://unix:${sock}";
}; };
}; };
virtualHosts."dev-quotes.bfob.gg" = {
listen = nginxListen;
useACMEHost = "bfob.gg";
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8000";
};
};
}; };
services.postgresql = { services.postgresql = {

View file

View file

@ -0,0 +1,24 @@
from django.conf import settings
from allauth.account.adapter import DefaultAccountAdapter
from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
class BFOBAdapter(DefaultAccountAdapter):
def is_open_for_signup(self, request):
return False
class BFOBSocialAdapter(DefaultSocialAccountAdapter):
def is_open_for_signup(self, request):
return True
def pre_social_login(self, request, sociallogin):
guild_data = sociallogin.account.extra_data.get("guild_data", {})
roles = set(guild_data.get("roles", []))
should_be_admin = str(settings.DISCORD_ADMIN_ROLE) in roles
user = sociallogin.user
if user.is_staff != should_be_admin or user.is_superuser != should_be_admin:
user.is_staff = should_be_admin
user.is_superuser = should_be_admin
user.save()
return

View file

@ -0,0 +1,3 @@
from django.contrib import admin
# Register your models here.

View file

@ -0,0 +1,5 @@
from django.apps import AppConfig
class DiscordguildConfig(AppConfig):
name = "discordguild"

View file

@ -0,0 +1,3 @@
from django.db import models
# Create your models here.

View file

@ -0,0 +1,10 @@
import requests
from django.conf import settings
from allauth.socialaccount.providers.discord.provider import DiscordProvider
class DiscordGuildPermissionsProvider(DiscordProvider):
id = "discord"
provider_classes = [DiscordGuildPermissionsProvider]

View file

@ -0,0 +1,3 @@
from django.test import TestCase
# Create your tests here.

View file

@ -0,0 +1,5 @@
from .provider import DiscordGuildPermissionsProvider
from allauth.socialaccount.providers.oauth2.urls import default_urlpatterns
urlpatterns = default_urlpatterns(DiscordGuildPermissionsProvider)

View file

@ -0,0 +1,33 @@
from .provider import DiscordGuildPermissionsProvider
from django.core.exceptions import PermissionDenied
from django.conf import settings
import requests
from allauth.socialaccount.providers.discord.views import DiscordOAuth2Adapter
from allauth.socialaccount.providers.oauth2.views import (
OAuth2CallbackView,
OAuth2LoginView,
)
class DiscordGuildPermissionsOAuth2Adapter(DiscordOAuth2Adapter):
provider_id = DiscordGuildPermissionsProvider.id
def complete_login(self, request, app, token, **kwargs):
login = super().complete_login(request, app, token, **kwargs)
guild_data = requests.get(
f"https://discord.com/api/guilds/{settings.DISCORD_GUILD_ID}/members/{login.account.uid}",
headers={
"Authorization": f"Bot {settings.DISCORD_BOT_TOKEN}",
"Content-Type": "application/json",
},
)
if guild_data.status_code == 404:
raise PermissionDenied("You're not a BFOBer.")
guild_data.raise_for_status()
login.account.extra_data["guild_data"] = guild_data.json()
return login
oauth2_login = OAuth2LoginView.adapter_view(DiscordGuildPermissionsOAuth2Adapter)
oauth2_callback = OAuth2CallbackView.adapter_view(DiscordGuildPermissionsOAuth2Adapter)

View file

@ -0,0 +1,17 @@
# Generated by Django 3.1.5 on 2021-01-20 00:39
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
("quotedb", "0001_initial"),
]
operations = [
migrations.AlterModelOptions(
name="person",
options={"verbose_name_plural": "people"},
),
]

View file

@ -26,7 +26,7 @@ SECRET_KEY = "&(13b=+n^k3px89=%x24_=2593x2*)p_6l7&wu_xph!t=$o9!1"
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True DEBUG = True
ALLOWED_HOSTS = [] ALLOWED_HOSTS = ["dev-quotes.bfob.gg"]
SITE_ID = 1 SITE_ID = 1
@ -44,8 +44,8 @@ INSTALLED_APPS = [
"allauth", "allauth",
"allauth.account", "allauth.account",
"allauth.socialaccount", "allauth.socialaccount",
"allauth.socialaccount.providers.discord",
"quotes.quotedb", "quotes.quotedb",
"quotes.discordguild",
] ]
MIDDLEWARE = [ MIDDLEWARE = [
@ -134,6 +134,12 @@ STATICFILES_DIRS = [
BASE_DIR / "static", BASE_DIR / "static",
] ]
LOGIN_URL = "/accounts/discord/login/"
ACCOUNT_ADAPTER = "quotes.discordguild.adapter.BFOBAdapter"
SOCIALACCOUNT_ADAPTER = "quotes.discordguild.adapter.BFOBSocialAdapter"
DISCORD_GUILD_ID = 547155312071671809
DISCORD_ADMIN_ROLE = 801258366810456115
DISCORD_BOT_TOKEN = os.environ.get("DISCORD_BOT_TOKEN", None)
SOCIALACCOUNT_PROVIDERS = { SOCIALACCOUNT_PROVIDERS = {
"discord": { "discord": {
"SCOPE": [ "SCOPE": [

View file

@ -14,11 +14,15 @@ Including another URLconf
2. Add a URL to urlpatterns: path('blog/', include('blog.urls')) 2. Add a URL to urlpatterns: path('blog/', include('blog.urls'))
""" """
from django.contrib import admin from django.contrib import admin
from django.contrib.auth.decorators import login_required
from django.urls import include, re_path, path from django.urls import include, re_path, path
import allauth.urls import allauth.urls
import quotes.quotedb.urls import quotes.quotedb.urls
# Monkeypatch the login_required decorator onto /admin.
admin.site.login = login_required(admin.site.login)
urlpatterns = [ urlpatterns = [
path("admin/", admin.site.urls), path("admin/", admin.site.urls),
path("accounts/", include(allauth.urls)), path("accounts/", include(allauth.urls)),