BTHLABS-50: Safari Web extension

Co-authored-by: Tomek Wójcik <labs@tomekwojcik.pl>
Co-committed-by: Tomek Wójcik <labs@tomekwojcik.pl>

services/backend/hotpocket_backend/apps/ui/views/integrations/__init__.py

@@ -1,2 +1,3 @@
 from . import android  # noqa: F401
+from . import extension  # noqa: F401
 from . import ios  # noqa: F401

services/backend/hotpocket_backend/apps/ui/views/integrations/extension.py

@@ -0,0 +1,53 @@
+# -*- coding: utf-8 -*-
+from __future__ import annotations
+
+import logging
+import uuid
+
+from django.core.exceptions import PermissionDenied
+from django.http import HttpRequest, HttpResponse
+from django.shortcuts import redirect, render
+from django.urls import reverse
+
+LOGGER = logging.getLogger(__name__)
+
+
+def authenticate(request: HttpRequest) -> HttpResponse:
+    if request.user.is_anonymous is False:
+        auth_key = str(uuid.uuid4())
+
+        request.session['extension_auth_key'] = auth_key
+        request.session.save()
+
+        return redirect(reverse(
+            'ui.integrations.extension.post_authenticate',
+            query=[
+                ('auth_key', auth_key),
+            ],
+        ))
+
+    return redirect(reverse('ui.accounts.login', query=[
+        ('next', reverse('ui.integrations.extension.authenticate')),
+    ]))
+
+
+def post_authenticate(request: HttpRequest) -> HttpResponse:
+    try:
+        assert request.user.is_anonymous is False, 'Not authenticated'
+
+        auth_key = request.GET.get('auth_key', None)
+        assert request.session.get('extension_auth_key', None) == auth_key, (
+            'Auth key mismatch'
+        )
+
+        return render(
+            request, 'ui/integrations/extension/post_authenticate.html',
+        )
+    except AssertionError as exception:
+        LOGGER.error(
+            'Unable to handle extension authentication: %s',
+            exception,
+            exc_info=exception,
+        )
+
+        raise PermissionDenied('NOPE')