Add API endpoint for URL shortening with Bearer token authentication

mentirinha.env

@@ -10,3 +10,7 @@ DJANGO_ALLOWED_HOSTS=localhost
 DJANGO_DEBUG=1
 DJANGO_SECRET_KEY=secret_key
 DJANGO_LOG_FILE=/dkdata/mentirinha.log
+
+# API Authentication
+# Set this to a secure random token for the /api/shorten endpoint
+API_TOKEN=your-secret-api-token-here

mentirinha/auth.py

@@ -0,0 +1,42 @@
+import os
+from functools import wraps
+from django.http import JsonResponse
+
+
+def require_bearer_token(view_func):
+    """
+    Decorator to require Bearer token authentication for API views.
+
+    Checks the Authorization header for a Bearer token and validates it
+    against the API_TOKEN environment variable.
+
+    Returns 401 if authentication fails.
+    """
+    @wraps(view_func)
+    def wrapper(request, *args, **kwargs):
+        auth_header = request.headers.get('Authorization', '')
+
+        if not auth_header.startswith('Bearer '):
+            return JsonResponse(
+                {'error': 'Missing or invalid Authorization header'},
+                status=401
+            )
+
+        token = auth_header[7:]  # Remove 'Bearer ' prefix
+        expected_token = os.getenv('API_TOKEN', '')
+
+        if not expected_token:
+            return JsonResponse(
+                {'error': 'API authentication not configured'},
+                status=500
+            )
+
+        if token != expected_token:
+            return JsonResponse(
+                {'error': 'Invalid authentication token'},
+                status=401
+            )
+
+        return view_func(request, *args, **kwargs)
+
+    return wrapper

mentirinha/urls.py

@@ -5,5 +5,6 @@
 urlpatterns = [
     path('', views.redirect_to),
     path('__ping', views.ping),
+    path('api/shorten', views.shorten_url),
     path('<short_code>', views.redirect_to),
 ]

mentirinha/utils.py

@@ -0,0 +1,25 @@
+import random
+import string
+from mentirinha.models import ShortenedUrl
+
+
+def generate_short_code(length=6):
+    """
+    Generate a random short code that doesn't already exist in the database.
+
+    Args:
+        length: Length of the short code (default: 6)
+
+    Returns:
+        A unique short code string
+    """
+    characters = string.ascii_letters + string.digits
+    max_attempts = 100
+
+    for _ in range(max_attempts):
+        short_code = ''.join(random.choice(characters) for _ in range(length))
+        if not ShortenedUrl.objects.filter(short_code=short_code).exists():
+            return short_code
+
+    # If we couldn't find a unique code in max_attempts, try with longer length
+    return generate_short_code(length + 1)

mentirinha/views.py

@@ -1,8 +1,14 @@
+import json
 from django.http import JsonResponse
 from django.db.models import F
 from django.shortcuts import get_object_or_404, redirect
+from django.views.decorators.csrf import csrf_exempt
+from django.core.exceptions import ValidationError
 from mentirinha.models import ShortenedUrl
 from mentirinha import counter
+from mentirinha.auth import require_bearer_token
+from mentirinha.utils import generate_short_code
+from sample_project.settings import BASE_URL
 
 
 def list_all(request):
@@ -21,3 +27,77 @@ def redirect_to(request, short_code=None):
 
 def ping(request):
     return JsonResponse({"pong": True})
+
+
+@csrf_exempt
+@require_bearer_token
+def shorten_url(request):
+    """
+    API endpoint to create shortened URLs.
+
+    Accepts POST requests with JSON body:
+    {
+        "url": "https://example.com/long-url",
+        "short_code": "optional-custom-code"  # optional
+    }
+
+    Returns:
+    {
+        "short_url": "http://localhost:8000/abc123",
+        "short_code": "abc123"
+    }
+
+    Requires Bearer token authentication via Authorization header.
+    """
+    if request.method != 'POST':
+        return JsonResponse(
+            {'error': 'Only POST method is allowed'},
+            status=405
+        )
+
+    try:
+        data = json.loads(request.body)
+    except json.JSONDecodeError:
+        return JsonResponse(
+            {'error': 'Invalid JSON in request body'},
+            status=400
+        )
+
+    original_url = data.get('url')
+    if not original_url:
+        return JsonResponse(
+            {'error': 'Missing required field: url'},
+            status=400
+        )
+
+    # Get custom short_code or generate one
+    short_code = data.get('short_code')
+    if short_code:
+        # Validate that custom short_code is not already in use
+        if ShortenedUrl.objects.filter(short_code=short_code).exists():
+            return JsonResponse(
+                {'error': f'Short code "{short_code}" is already in use'},
+                status=409
+            )
+    else:
+        short_code = generate_short_code()
+
+    # Create the shortened URL
+    shortened_url = ShortenedUrl(
+        short_code=short_code,
+        original_url=original_url
+    )
+
+    try:
+        shortened_url.full_clean()
+        shortened_url.save()
+    except ValidationError as e:
+        return JsonResponse(
+            {'error': str(e.message_dict)},
+            status=400
+        )
+
+    return JsonResponse({
+        'short_url': f'{BASE_URL}/{short_code}',
+        'short_code': short_code
+    }, status=201)