Metadata-Version: 2.3
Name: django-magic-authorization
Version: 0.1.1
Summary: Add magic authorization links to your django project.
Keywords: django,authorization,access-control,middleware
Author: j23n
Author-email: j23n <oss@j23n.com>
License: BSD 3-Clause License
         
         Copyright (c) 2026, j23n
         
         Redistribution and use in source and binary forms, with or without
         modification, are permitted provided that the following conditions are met:
         
         1. Redistributions of source code must retain the above copyright notice, this
            list of conditions and the following disclaimer.
         
         2. Redistributions in binary form must reproduce the above copyright notice,
            this list of conditions and the following disclaimer in the documentation
            and/or other materials provided with the distribution.
         
         3. Neither the name of the copyright holder nor the names of its
            contributors may be used to endorse or promote products derived from
            this software without specific prior written permission.
         
         THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
         AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
         IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
         DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
         FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
         DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
         SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
         CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
         OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
         OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
         
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Web Environment
Classifier: Framework :: Django
Classifier: Framework :: Django :: 5.2
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Dist: django>=5.2
Requires-Python: >=3.10
Project-URL: Bug Tracker, https://codeberg.org/j23n/django-magic-authorization/issues
Project-URL: Changelog, https://codeberg.org/j23n/django-magic-authorization/blob/main/CHANGELOG.md
Project-URL: Homepage, https://codeberg.org/j23n/django-magic-authorization
Project-URL: Repository, https://codeberg.org/j23n/django-magic-authorization
Description-Content-Type: text/markdown

# Django Magic Authorize

This middleware adds simple token-based authorization for private content to any Django project.

## Installation

First, install the package using your favorite python package manager

`uv add django-magic-authorization`

or

`pip install django-magic-authorization`

Second, you need to enable the app in your Django project.

```python
# settings.py
INSTALLED_APPS = [
  ...
  "django_magic_authorization"
  ...
]

MIDDLEWARE = [
  ...
  "django_magic_authorization.middleware.MagicAuthorizeMiddleware",
  ...
]

```

Third, run the migrations to add the relevant schemas to your database

```
python manage.py migrate
```

## Quickstart

Authorization happens on the URL level. The package offers a drop-in replacement for `django.urls.path`, that is used to mark urls as protected. You can use this in conjunction with `include()` to protect sub-paths quickly.

```python
# urls.py
from django.urls import path, include
from django.http import HttpResponse
from django_magic_authorization.urls import protected_path


def test_view(request):
  return HttpResponse("Hello")

urlpatterns = [
  path("unprotected", test_view),
  protected_path("protected", test_view)
]
```

With a running development server

```bash
$ curl -s -o /dev/null -w "%{http_code}\n" http://localhost:8000/protected
403
```

This URL can now only be accessed by someone with a valid token.

There is a django admin interface for you to create, manage and delete access tokens for these protected paths. You can also do so in the shell.

```ipython
>>> t = AccessToken.objects.create(path="protected", description="Test token creation")
>>> t.token
your-token-value
```

using this token to access the protected view:

```bash
$ curl -s -o /dev/null -w "%{http_code}\n" http://localhost:8000/protected?token=your-token-value
200
```

