fix: require authorization on API docs, if enabled

Screenly · Jun 7, 2024 · 9e7e74d · 9e7e74d
1 parent 2e8876a
commit 9e7e74d
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/anthias_django/urls.py b/anthias_django/urls.py
@@ -16,13 +16,25 @@
 from django.contrib import admin
 from django.urls import include, path
 from drf_spectacular.views import SpectacularAPIView, SpectacularRedocView
+from lib.auth import authorized
+
+
+class APIDocView(SpectacularRedocView):
+    @authorized
+    def get(self, request, *args, **kwargs):
+        return super().get(request, *args, **kwargs)
+
 
 urlpatterns = [
     path('admin/', admin.site.urls),
     path('', include('anthias_app.urls')),
     path('api/', include('api.urls')),
     path('api/schema/', SpectacularAPIView.as_view(), name='schema'),
-    path('api/docs/', SpectacularRedocView.as_view(url_name='schema'), name='redoc'),
+    path(
+        'api/docs/',
+        APIDocView.as_view(url_name='schema'),
+        name='redoc'
+    ),
 ]
 
 # @TODO: Write custom 403 and 404 pages.