feat: Utilisation d'une clef API Docuseal par établissement

2026-01-28 23:43:22 +00:00 · 2025-05-30 14:19:01 +02:00
parent 8cf22905e5
commit 23ab7d04ef
21 changed files with 256 additions and 134 deletions
--- a/Back-End/DocuSeal/views.py
+++ b/Back-End/DocuSeal/views.py
@ -1,5 +1,4 @@
 from django.conf import settings
-from django.http import JsonResponse
 from django.views.decorators.csrf import csrf_exempt
 from rest_framework.decorators import api_view
 from rest_framework.response import Response
@ -7,49 +6,67 @@ from rest_framework import status
 import jwt
 import datetime
 import requests
+from Establishment.models import Establishment

@csrf_exempt
@api_view(['POST'])
 def generate_jwt_token(request):
-    # Vérifier la clé API
+    # Récupérer l'établissement concerné (par ID ou autre info transmise)
+    establishment_id = request.data.get('establishment_id')
+    if not establishment_id:
+        return Response({'error': 'establishment_id requis'}, status=status.HTTP_400_BAD_REQUEST)
+
+    try:
+        establishment = Establishment.objects.get(id=establishment_id)
+    except Establishment.DoesNotExist:
+        return Response({'error': "Établissement introuvable"}, status=status.HTTP_404_NOT_FOUND)
+
+    # Vérifier la clé API reçue dans le header
    api_key = request.headers.get('X-Auth-Token')
-    if not api_key or api_key != settings.DOCUSEAL_JWT["API_KEY"]:
-        return Response({'error': 'Invalid API key'}, status=status.HTTP_401_UNAUTHORIZED)
+    if not api_key or not establishment.api_docuseal or api_key != establishment.api_docuseal:
+        return Response({'error': 'Clé API invalide'}, status=status.HTTP_401_UNAUTHORIZED)

    # Récupérer les données de la requête
    user_email = request.data.get('user_email')
    documents_urls = request.data.get('documents_urls', [])
-    id = request.data.get('id')  # Récupérer le id
+    template_id = request.data.get('id')

-    # Vérifier les données requises
    if not user_email:
        return Response({'error': 'User email is required'}, status=status.HTTP_400_BAD_REQUEST)

-    # Utiliser la configuration JWT de DocuSeal depuis les settings
-    jwt_secret = settings.DOCUSEAL_JWT['API_KEY']
+    # Utiliser la clé API de l'établissement comme secret JWT
+    jwt_secret = establishment.api_docuseal
    jwt_algorithm = settings.DOCUSEAL_JWT['ALGORITHM']
    expiration_delta = settings.DOCUSEAL_JWT['EXPIRATION_DELTA']

-    # Définir le payload
    payload = {
        'user_email': user_email,
        'documents_urls': documents_urls,
-        'template_id': id,  # Ajouter le id au payload
-        'exp': datetime.datetime.utcnow() + expiration_delta  # Temps d'expiration du token
+        'template_id': template_id,
+        'exp': datetime.datetime.utcnow() + expiration_delta
    }

-    # Générer le token JWT
    token = jwt.encode(payload, jwt_secret, algorithm=jwt_algorithm)
-
    return Response({'token': token}, status=status.HTTP_200_OK)

@csrf_exempt
@api_view(['POST'])
 def clone_template(request):
-    # Vérifier la clé API
+    # Récupérer l'établissement concerné
+    establishment_id = request.data.get('establishment_id')
+    print(f"establishment_id : {establishment_id}")
+    if not establishment_id:
+        return Response({'error': 'establishment_id requis'}, status=status.HTTP_400_BAD_REQUEST)
+
+    try:
+        establishment = Establishment.objects.get(id=establishment_id)
+    except Establishment.DoesNotExist:
+        return Response({'error': "Établissement introuvable"}, status=status.HTTP_404_NOT_FOUND)
+
+    # Vérifier la clé API reçue dans le header
    api_key = request.headers.get('X-Auth-Token')
-    if not api_key or api_key != settings.DOCUSEAL_JWT["API_KEY"]:
-        return Response({'error': 'Invalid API key'}, status=status.HTTP_401_UNAUTHORIZED)
+    if not api_key or not establishment.api_docuseal or api_key != establishment.api_docuseal:
+        return Response({'error': 'Clé API invalide'}, status=status.HTTP_401_UNAUTHORIZED)

    # Récupérer les données de la requête
    document_id = request.data.get('templateId')
@ -57,7 +74,7 @@ def clone_template(request):
    is_required = request.data.get('is_required')

    # Vérifier les données requises
-    if not document_id :
+    if not document_id:
        return Response({'error': 'template ID is required'}, status=status.HTTP_400_BAD_REQUEST)

    # URL de l'API de DocuSeal pour cloner le template
@ -67,7 +84,7 @@ def clone_template(request):
    try:
        response = requests.post(clone_url, headers={
            'Content-Type': 'application/json',
-            'X-Auth-Token': settings.DOCUSEAL_JWT['API_KEY']
+            'X-Auth-Token': establishment.api_docuseal
        })

        if response.status_code != status.HTTP_200_OK:
@ -79,12 +96,15 @@ def clone_template(request):
            # URL de l'API de DocuSeal pour créer une submission
            submission_url = f'https://docuseal.com/api/submissions'

-            # Faire la requête pour cloner le template
            try:
                clone_id = data['id']
-                response = requests.post(submission_url, json={'template_id':clone_id, 'send_email': False, 'submitters': [{'email': email}]}, headers={
+                response = requests.post(submission_url, json={
+                    'template_id': clone_id,
+                    'send_email': False,
+                    'submitters': [{'email': email}]
+                }, headers={
                    'Content-Type': 'application/json',
-                    'X-Auth-Token': settings.DOCUSEAL_JWT['API_KEY']
+                    'X-Auth-Token': establishment.api_docuseal
                })

                if response.status_code != status.HTTP_200_OK:
@ -93,10 +113,10 @@ def clone_template(request):
                data = response.json()
                data[0]['id'] = clone_id
                return Response(data[0], status=status.HTTP_200_OK)
-            
+
            except requests.RequestException as e:
                return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
-        else :
+        else:
            print(f'NOT REQUIRED -> on ne crée pas de submission')
            return Response(data, status=status.HTTP_200_OK)

@ -106,18 +126,28 @@ def clone_template(request):
@csrf_exempt
@api_view(['DELETE'])
 def remove_template(request, id):
-    # Vérifier la clé API
-    api_key = request.headers.get('X-Auth-Token')
-    if not api_key or api_key != settings.DOCUSEAL_JWT["API_KEY"]:
-        return Response({'error': 'Invalid API key'}, status=status.HTTP_401_UNAUTHORIZED)
+    # Récupérer l'établissement concerné
+    establishment_id = request.GET.get('establishment_id')
+    if not establishment_id:
+        return Response({'error': 'establishment_id requis'}, status=status.HTTP_400_BAD_REQUEST)

-    # URL de l'API de DocuSeal pour cloner le template
+    try:
+        establishment = Establishment.objects.get(id=establishment_id)
+    except Establishment.DoesNotExist:
+        return Response({'error': "Établissement introuvable"}, status=status.HTTP_404_NOT_FOUND)
+
+    # Vérifier la clé API reçue dans le header
+    api_key = request.headers.get('X-Auth-Token')
+    if not api_key or not establishment.api_docuseal or api_key != establishment.api_docuseal:
+        return Response({'error': 'Clé API invalide'}, status=status.HTTP_401_UNAUTHORIZED)
+
+    # URL de l'API de DocuSeal pour supprimer le template
+    
    clone_url = f'https://docuseal.com/api/templates/{id}'

-    # Faire la requête pour cloner le template
    try:
        response = requests.delete(clone_url, headers={
-            'X-Auth-Token': settings.DOCUSEAL_JWT['API_KEY']
+            'X-Auth-Token': establishment.api_docuseal
        })

        if response.status_code != status.HTTP_200_OK:
@ -132,23 +162,32 @@ def remove_template(request, id):
@csrf_exempt
@api_view(['GET'])
 def download_template(request, slug):
-    # Vérifier la clé API
+    # Récupérer l'établissement concerné
+    establishment_id = request.GET.get('establishment_id')
+    if not establishment_id:
+        return Response({'error': 'establishment_id requis'}, status=status.HTTP_400_BAD_REQUEST)
+
+    try:
+        establishment = Establishment.objects.get(id=establishment_id)
+    except Establishment.DoesNotExist:
+        return Response({'error': "Établissement introuvable"}, status=status.HTTP_404_NOT_FOUND)
+
+    # Vérifier la clé API reçue dans le header
    api_key = request.headers.get('X-Auth-Token')
-    if not api_key or api_key != settings.DOCUSEAL_JWT["API_KEY"]:
-        return Response({'error': 'Invalid API key'}, status=status.HTTP_401_UNAUTHORIZED)
+    if not api_key or not establishment.api_docuseal or api_key != establishment.api_docuseal:
+        return Response({'error': 'Clé API invalide'}, status=status.HTTP_401_UNAUTHORIZED)

    # Vérifier les données requises
-    if not slug :
+    if not slug:
        return Response({'error': 'slug is required'}, status=status.HTTP_400_BAD_REQUEST)

-    # URL de l'API de DocuSeal pour cloner le template
+    # URL de l'API de DocuSeal pour télécharger le template
    download_url = f'https://docuseal.com/submitters/{slug}/download'

-    # Faire la requête pour cloner le template
    try:
        response = requests.get(download_url, headers={
            'Content-Type': 'application/json',
-            'X-Auth-Token': settings.DOCUSEAL_JWT['API_KEY']
+            'X-Auth-Token': establishment.api_docuseal
        })

        if response.status_code != status.HTTP_200_OK: