Add Speaker views and API endpoints

app/eventyay/api/auth/api_auth.py

@@ -19,6 +19,17 @@ class EventTokenAuthentication(authentication.BaseAuthentication):
     def authenticate(self, request):
         auth = get_authorization_header(request).split()
 
+        # Always set request.event if event_id is in the URL, even for unauthenticated requests
+        if "event_id" in request.resolver_match.kwargs:
+            event_id = request.resolver_match.kwargs["event_id"]
+            try:
+                request.event = Event.objects.get(id=int(event_id))
+            except (ValueError, TypeError, Event.DoesNotExist):
+                try:
+                    request.event = Event.objects.get(slug=event_id)
+                except Event.DoesNotExist:
+                    request.event = None
+
         if not auth or auth[0].lower() != self.keyword.lower().encode():
             return None
 
@@ -35,8 +46,9 @@ def authenticate(self, request):
             msg = "Invalid token header. Token string should not contain invalid characters."
             raise exceptions.AuthenticationFailed(msg)
 
-        event_id = request.resolver_match.kwargs["event_id"]
-        request.event = get_object_or_404(Event, id=event_id)
+        if not request.event:
+            raise exceptions.AuthenticationFailed("Event not found.")
+
         return self.authenticate_credentials(token, request.event)
 
     def authenticate_credentials(self, key, event):

app/eventyay/api/serializers/speaker.py

@@ -0,0 +1,32 @@
+from django_scopes import scopes_disabled
+from rest_framework.serializers import (
+    CharField,
+    SerializerMethodField,
+    URLField,
+    ModelSerializer,
+)
+
+from eventyay.base.models.profile import SpeakerProfile
+
+
+class SpeakerSerializer(ModelSerializer):
+    """Serializer for Speaker profiles in the API."""
+
+    code = CharField(source="user.code", read_only=True)
+    name = CharField(source="user.name", read_only=True)
+    biography = CharField(read_only=True)
+    submissions = SerializerMethodField()
+
+    def get_submissions(self, obj):
+        """Return list of submission codes for this speaker."""
+        if not obj.user:
+            return []
+        with scopes_disabled():
+            return list(
+                obj.user.submissions.filter(event=obj.event)
+                .values_list('code', flat=True)
+            )
+
+    class Meta:
+        model = SpeakerProfile
+        fields = ('code', 'name', 'biography', 'submissions')

app/eventyay/api/urls.py

@@ -3,6 +3,7 @@
 
 # Import views directly from their modules to avoid relying on package attribute access
 from .views.rooms import RoomViewSet
+from .views.speaker import SpeakerViewSet
 from .views.event import (
     EventView,
     schedule_update,
@@ -13,17 +14,18 @@
     ExportView,
 )
 
-orga_router = routers.DefaultRouter(trailing_slash=False)
+orga_router = routers.DefaultRouter()
 
-event_router = routers.DefaultRouter(trailing_slash=False)
+event_router = routers.DefaultRouter()
 event_router.register(r"rooms", RoomViewSet)
+event_router.register(r"speakers", SpeakerViewSet, basename="speaker")
 
-router = routers.DefaultRouter(trailing_slash=False)
+router = routers.DefaultRouter()
 urlpatterns = [
-    path("events/<str:event_id>/", EventView.as_view(), name="root"),
     re_path("events/(?P<event_id>[^/]+)/schedule_update/?$", schedule_update),
     re_path("events/(?P<event_id>[^/]+)/delete_user/?$", delete_user),
     path("events/<str:event_id>/", include(event_router.urls)),
+    path("events/<str:event_id>", EventView.as_view(), name="root"),
     path("events/<str:event_id>/theme", EventThemeView.as_view()),
     path(
         "events/<str:event_id>/favourite-talk/",

app/eventyay/api/views/speaker.py

@@ -0,0 +1,45 @@
+from django.utils.functional import cached_property
+from django_scopes import scopes_disabled
+from rest_framework import mixins, viewsets
+from rest_framework.pagination import PageNumberPagination
+from rest_framework.permissions import AllowAny
+
+from eventyay.base.models.profile import SpeakerProfile
+from eventyay.api.serializers.speaker import SpeakerSerializer
+
+
+class LargeResultsSetPagination(PageNumberPagination):
+    """Pagination class that supports a 'limit' query parameter."""
+    page_size = 50
+    page_size_query_param = 'limit'
+    max_page_size = 10000
+
+
+class SpeakerViewSet(
+    mixins.ListModelMixin,
+    mixins.RetrieveModelMixin,
+    viewsets.GenericViewSet,
+):
+    """
+    API endpoint for listing and retrieving speakers for an event.
+    """
+    serializer_class = SpeakerSerializer
+    queryset = SpeakerProfile.objects.none()
+    lookup_field = "user__code__iexact"
+    pagination_class = LargeResultsSetPagination
+    permission_classes = [AllowAny]  # Allow public access to speakers list
+
+    def get_queryset(self):
+        """Return speakers for the current event."""
+        if not hasattr(self.request, 'event') or not self.request.event:
+            return self.queryset
+
+        # Use scopes_disabled to bypass django_scopes since we're filtering by event explicitly
+        with scopes_disabled():
+            # Get all speaker profiles for this event that have a user
+            queryset = SpeakerProfile.objects.filter(
+                event=self.request.event,
+                user__isnull=False
+            ).select_related('user', 'event').order_by('user__fullname')
+
+            return queryset

app/eventyay/config/settings.py

@@ -900,8 +900,24 @@ def instance_name(request):
     CORS_ORIGIN_REGEX_WHITELIST = [
         r'^http://localhost$',
         r'^http://localhost:\d+$',
+        r'^http://127\.0\.0\.1$',
+        r'^http://127\.0\.0\.1:\d+$',
     ]
 
+# Additional CORS settings for API access
+CORS_ALLOW_CREDENTIALS = True
+CORS_ALLOW_HEADERS = [
+    'accept',
+    'accept-encoding',
+    'authorization',
+    'content-type',
+    'dnt',
+    'origin',
+    'user-agent',
+    'x-csrftoken',
+    'x-requested-with',
+]
+
 # Video-Security settings
 SECURE_BROWSER_XSS_FILTER = True
 SECURE_CONTENT_TYPE_NOSNIFF = True

app/eventyay/config/urls.py

@@ -31,7 +31,7 @@
     url(r'^metrics$', metrics.serve_metrics, name='metrics'),
     url(r'^csp_report/$', csp.csp_report, name='csp.report'),
     url(r'^js_helpers/states/$', js_helpers.states, name='js_helpers.states'),
-    # url(r'^api/v1/', include(('eventyay.api.urls', 'eventyayapi'), namespace='api-v1')),
+    url(r'^api/', include(('eventyay.api.urls', 'eventyayapi'))),
     # url(r'^api/$', RedirectView.as_view(url='/api/v1/'), name='redirect-api-version'),
     url(r'^accounts/', include('allauth.urls')),
 ]

app/eventyay/features/live/consumers.py

@@ -164,6 +164,10 @@ async def receive_json(self, content, **kargs):
 
         if not self.user:
             if content[0] == "authenticate":
+                # Check if components are properly initialized
+                if "user" not in self.components:
+                    await self.send_error("protocol.not_connected", close=True)
+                    return
                 await self._maybe_refresh(self.event, allowed_age=30)
                 await self.components["user"].login(content[-1])
             else:

app/eventyay/webapp/src/lib/validators.js

@@ -40,9 +40,10 @@ export function youtubeid(message) {
 	return helpers.withMessage(message, helpers.regex(/^[0-9A-Za-z_-]{5,}$/))
 }
 const relative = helpers.regex(/^\/.*$/)
-const devurl = helpers.regex(/^http:\/\/localhost.*$/) // vuelidate does not allow localhost
+// Allow localhost and local IP addresses (with or without port)
+const localurl = helpers.regex(/^https?:\/\/(localhost|127\.0\.0\.1|0\.0\.0\.0)(:[0-9]+)?(\/.*)?$/)
 export function url(message) {
-	return helpers.withMessage(message, (value) => (!helpers.req(value) || _url(value) || relative(value) || (ENV_DEVELOPMENT && devurl(value))))
+	return helpers.withMessage(message, (value) => (!helpers.req(value) || _url(value) || relative(value) || localurl(value)))
 }
 export function isJson() {
 	return helpers.withMessage(({ $response }) => $response?.message, value => {