From c7bb94d82afd867332693db553bb04bcb21871b2 Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Thu, 17 Mar 2022 10:05:10 -0400
Subject: [PATCH] add api key auth to swagger

---
 api/tacticalrmm/tacticalrmm/__init__.py |  3 +++
 api/tacticalrmm/tacticalrmm/schema.py   | 12 ++++++++++++
 api/tacticalrmm/tacticalrmm/settings.py |  3 ++-
 3 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 api/tacticalrmm/tacticalrmm/schema.py

diff --git a/api/tacticalrmm/tacticalrmm/__init__.py b/api/tacticalrmm/tacticalrmm/__init__.py
index 8a891ca1..ee5ee8b2 100644
--- a/api/tacticalrmm/tacticalrmm/__init__.py
+++ b/api/tacticalrmm/tacticalrmm/__init__.py
@@ -2,4 +2,7 @@ from __future__ import absolute_import, unicode_literals
 
 from .celery import app as celery_app
 
+# drf auto-registers this as an authentication method when imported
+from .schema import APIAuthenticationScheme
+
 __all__ = ("celery_app",)
diff --git a/api/tacticalrmm/tacticalrmm/schema.py b/api/tacticalrmm/tacticalrmm/schema.py
new file mode 100644
index 00000000..f41a65e6
--- /dev/null
+++ b/api/tacticalrmm/tacticalrmm/schema.py
@@ -0,0 +1,12 @@
+from drf_spectacular.extensions import OpenApiAuthenticationExtension
+
+# custom api key auth for swagger-ui
+class APIAuthenticationScheme(OpenApiAuthenticationExtension):
+    target_class = "tacticalrmm.auth.APIAuthentication"  # full import path OR class ref
+    name = 'API Key Auth'  # name used in the schem
+    def get_security_definition(self, auto_schema):
+        return {
+            'type': 'apiKey',
+            'in': 'header',
+            'name': 'X-API-KEY',
+        }
\ No newline at end of file
diff --git a/api/tacticalrmm/tacticalrmm/settings.py b/api/tacticalrmm/tacticalrmm/settings.py
index df48867e..be2c5bbc 100644
--- a/api/tacticalrmm/tacticalrmm/settings.py
+++ b/api/tacticalrmm/tacticalrmm/settings.py
@@ -58,7 +58,7 @@ except ImportError:
     pass
 
 REST_FRAMEWORK = {
-    "DATETIME_FORMAT": "%b-%d-%Y - %H:%M",
+#    "DATETIME_FORMAT": "%b-%d-%Y - %H:%M",
     "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",),
     "DEFAULT_AUTHENTICATION_CLASSES": (
         "knox.auth.TokenAuthentication",
@@ -71,6 +71,7 @@ SPECTACULAR_SETTINGS = {
     "TITLE": "Tactical RMM API",
     "DESCRIPTION": "Simple and Fast remote monitoring and management tool",
     "VERSION": TRMM_VERSION,
+    'AUTHENTICATION_WHITELIST': ["tacticalrmm.auth.APIAuthentication"],
 }
 
 if not "AZPIPELINE" in os.environ: