From 23fe15d982ef4d5da28f4a18f60c0cfddbc35dd6 Mon Sep 17 00:00:00 2001
From: Alexis Mercier des Rochettes <apernouille@gmail.com>
Date: Tue, 9 Dec 2025 23:02:09 +0100
Subject: [PATCH] feat: qrcode data checker

---
 apps/api/serializers.py |  8 ++++++++
 apps/api/urls.py        |  3 ++-
 apps/api/viewsets.py    | 22 ++++++++++++++++++++--
 3 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/apps/api/serializers.py b/apps/api/serializers.py
index 7891bfc6..562558e2 100644
--- a/apps/api/serializers.py
+++ b/apps/api/serializers.py
@@ -89,3 +89,11 @@ class OAuthSerializer(serializers.ModelSerializer):
             'note',
             'memberships',
         )
+
+
+class QRCodeCheckSerializer(serializers.Serializer):
+    data = serializers.CharField(
+        label="Données du QR Code",
+        help_text="Le contenu brut lu depuis le QR Code (Username + Token)",
+        required=True
+    )
\ No newline at end of file
diff --git a/apps/api/urls.py b/apps/api/urls.py
index ff093187..b8db7d77 100644
--- a/apps/api/urls.py
+++ b/apps/api/urls.py
@@ -7,13 +7,14 @@ from django.urls import re_path, path
 from rest_framework import routers
 
 from .views import UserInformationView
-from .viewsets import ContentTypeViewSet, UserViewSet
+from .viewsets import ContentTypeViewSet, UserViewSet, QRCodeVerificationViewSet
 
 # Routers provide an easy way of automatically determining the URL conf.
 # Register each app API router and user viewset
 router = routers.DefaultRouter()
 router.register('models', ContentTypeViewSet)
 router.register('user', UserViewSet)
+router.register('check_qrcode', QRCodeVerificationViewSet, basename='check_qrcode')
 
 if "activity" in settings.INSTALLED_APPS:
     from activity.api.urls import register_activity_urls
diff --git a/apps/api/viewsets.py b/apps/api/viewsets.py
index 5c17eab4..7ae45928 100644
--- a/apps/api/viewsets.py
+++ b/apps/api/viewsets.py
@@ -2,18 +2,22 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 import re
+import pyotp
+import base64
+import os
 
 from django.contrib.contenttypes.models import ContentType
 from django_filters.rest_framework import DjangoFilterBackend
 from django.db.models import Q
 from django.conf import settings
 from django.contrib.auth.models import User
-from rest_framework.viewsets import ReadOnlyModelViewSet, ModelViewSet
+from rest_framework.viewsets import ReadOnlyModelViewSet, ModelViewSet, GenericViewSet
+from rest_framework.response import Response
 from permission.backends import PermissionBackend
 from note.models import Alias
 
 from .filters import RegexSafeSearchFilter
-from .serializers import UserSerializer, ContentTypeSerializer
+from .serializers import UserSerializer, ContentTypeSerializer, QRCodeCheckSerializer
 
 
 def is_regex(pattern):
@@ -124,3 +128,17 @@ class ContentTypeViewSet(ReadOnlyModelViewSet):
     filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['id', 'app_label', 'model', ]
     search_fields = ['$app_label', '$model', ]
+
+
+class QRCodeVerificationViewSet(GenericViewSet):
+    serializer_class = QRCodeCheckSerializer
+    queryset = User.objects.none()
+
+    def get_view_name(self):
+        return "Vérification QR Code"
+
+    def create(self, request, *args, **kwargs):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        secret = base64.b32encode(os.getenv("DJANGO_SECRET_KEY").encode())
+        return Response({'valid': pyotp.TOTP(secret, interval=30).verify(serializer.validated_data['data'][-6:])})
\ No newline at end of file