snulion10thAdvancedSeminar · hyemmie · Jul 31, 2022 · Jul 31, 2022 · Jul 31, 2022 · Aug 4, 2022
diff --git a/.github/workflows/django-ci.yml b/.github/workflows/django-ci.yml
@@ -1,4 +1,6 @@
 name: Django CI
+env:
+  DJANGO_KEY: ${{ secrets.django_key }}
 
 on:
   push:
@@ -13,7 +15,7 @@ jobs:
     strategy:
       max-parallel: 4
       matrix:
-        python-version: [3.7, 3.8, 3.9]
+        python-version: [3.8]
 
     steps:
     - uses: actions/checkout@v3

diff --git a/.python-version b/.python-version
@@ -0,0 +1 @@
+todolist
diff --git a/account/admin.py b/account/admin.py
diff --git a/account/models.py b/account/models.py
diff --git a/account/views.py b/account/views.py
diff --git a/account/__init__.py → accounts/__init__.py b/account/__init__.py → accounts/__init__.py
diff --git a/accounts/admin.py b/accounts/admin.py
@@ -0,0 +1,4 @@
+from django.contrib import admin
+from .models import User
+
+admin.site.register(User)
diff --git a/todolist/apps.py → accounts/apps.py b/todolist/apps.py → accounts/apps.py
@@ -1,6 +1,6 @@
 from django.apps import AppConfig
 
 
-class TodolistConfig(AppConfig):
+class AccountsConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
-    name = 'todolist'
+    name = 'accounts'
diff --git a/accounts/authenticate.py b/accounts/authenticate.py
@@ -0,0 +1,16 @@
+from django.conf import settings
+from rest_framework_simplejwt.authentication import JWTAuthentication
+
+class CustomAuthentication(JWTAuthentication):
+    def authenticate(self, request):
+        header = self.get_header(request)
+
+        if header is None:
+            raw_token = request.COOKIES.get(settings.SIMPLE_JWT['ACCESS_TOKEN']) or None
+        else:
+            raw_token = self.get_raw_token(header)
+        if raw_token is None:
+            return None
+
+        validated_token = self.get_validated_token(raw_token)
+        return self.get_user(validated_token), validated_token
diff --git a/accounts/migrations/0001_initial.py b/accounts/migrations/0001_initial.py
@@ -0,0 +1,44 @@
+# Generated by Django 4.0.6 on 2022-09-21 11:06
+
+import django.contrib.auth.models
+import django.contrib.auth.validators
+from django.db import migrations, models
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('auth', '0012_alter_user_first_name_max_length'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='User',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('password', models.CharField(max_length=128, verbose_name='password')),
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
+                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
+                ('username', models.CharField(error_messages={'unique': 'A user with that username already exists.'}, help_text='Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.', max_length=150, unique=True, validators=[django.contrib.auth.validators.UnicodeUsernameValidator()], verbose_name='username')),
+                ('first_name', models.CharField(blank=True, max_length=150, verbose_name='first name')),
+                ('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')),
+                ('email', models.EmailField(blank=True, max_length=254, verbose_name='email address')),
+                ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
+                ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
+                ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
+                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')),
+                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')),
+            ],
+            options={
+                'verbose_name': 'user',
+                'verbose_name_plural': 'users',
+                'abstract': False,
+            },
+            managers=[
+                ('objects', django.contrib.auth.models.UserManager()),
+            ],
+        ),
+    ]
diff --git a/account/migrations/__init__.py → accounts/migrations/__init__.py b/account/migrations/__init__.py → accounts/migrations/__init__.py
diff --git a/accounts/models.py b/accounts/models.py
@@ -0,0 +1,15 @@
+from django.db import models
+from django.contrib.auth.models import AbstractUser
+from rest_framework_simplejwt.tokens import RefreshToken
+
+class User(AbstractUser):
+
+    def __str__(self):
+        return self.username
+
+    def tokens(self):
+        refresh = RefreshToken.for_user(self)
+        return {
+            'refresh': str(refresh),
+            'access': str(refresh.access_token)
+        }
diff --git a/accounts/serializers.py b/accounts/serializers.py
@@ -0,0 +1,67 @@
+from rest_framework import serializers
+from .models import User
+from django.contrib import auth
+from rest_framework.exceptions import AuthenticationFailed
+from rest_framework_simplejwt.tokens import RefreshToken, TokenError
+
+
+class SignUpSerializer(serializers.ModelSerializer):
+    password = serializers.CharField(max_length=68, min_length=8, write_only=True)
+    class Meta:
+        model = User
+        fields = ['username', 'password']
+
+    def validate(self, attrs):
+        username = attrs.get('username', '')
+        if not username.isalnum():
+            raise serializers.ValidationError(self.default_error_messages)
+        return attrs
+
+    def create(self, validated_data):
+        return User.objects.create_user(**validated_data)
+
+class LoginSerializer(serializers.ModelSerializer):
+    password = serializers.CharField(max_length=68, min_length=8, write_only=True)
+    username = serializers.CharField(max_length=255, min_length=4)
+    tokens = serializers.SerializerMethodField()
+
+    def get_tokens(self, obj):
+        user =  User.objects.get(username=obj['username'])
+        return {
+            'refresh': user.tokens()['refresh'],
+            'access': user.tokens()['access']
+        }
+
+    class Meta:
+        model = User
+        fields = ['password', 'username', 'tokens',]
+
+    def validate(self, attrs):
+        username = attrs.get('username', '')
+        password = attrs.get('password', '')
+        user = auth.authenticate(username=username, password=password)
+
+        if not user:
+            raise AuthenticationFailed('invalid credentials, try again')
+        if not user.is_active:
+            raise AuthenticationFailed('user not active')
+
+        return {
+            'username': user.username,
+            'tokens': user.tokens
+        }
+
+class LogoutSerializer(serializers.Serializer):
+    refresh = serializers.CharField()
+
+    def validate(self, attrs):
+        self.token = attrs['refresh']
+        return attrs
+
+    def save(self, **kwargs):
+        try:
+            RefreshToken(self.token).blacklist()
+        except TokenError:
+            msg = 'Token is blacklisted'
+            raise serializers.ValidationError(msg, code='authorization')
+
diff --git a/account/tests.py → accounts/tests.py b/account/tests.py → accounts/tests.py
diff --git a/accounts/urls.py b/accounts/urls.py
@@ -0,0 +1,14 @@
+from django.urls import path
+from accounts import views 
+from rest_framework_simplejwt.views import TokenRefreshView
+from rest_framework_simplejwt.views import TokenObtainPairView
+from rest_framework_simplejwt.views import TokenVerifyView
+
+app_name = 'accounts'
+urlpatterns = [
+    path('signup/', views.SignUpAPIView.as_view(), name='signup'),
+    path('login/', views.LoginAPIView.as_view(), name='login'),
+    path('logout/', views.LogoutAPIView.as_view(), name='logout'),
+    path('token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
+    path('token/verify/', TokenVerifyView.as_view(), name='token_verify'),
+]
diff --git a/accounts/views.py b/accounts/views.py
@@ -0,0 +1,44 @@
+from django.conf import settings
+from rest_framework import generics, status, permissions
+from rest_framework.response import Response
+
+from .serializers import SignUpSerializer, LoginSerializer, LogoutSerializer
+
+class SignUpAPIView(generics.GenericAPIView):
+    authentication_classes = []
+    serializer_class = SignUpSerializer
+    def post(self, request):
+        user = request.data
+        serializer = self.serializer_class(data=user)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        data = { "msg": "user created" }
+        return Response(data, status=status.HTTP_201_CREATED)
+
+class LoginAPIView(generics.GenericAPIView):
+    authentication_classes = []
+    serializer_class = LoginSerializer
+    def post(self, request):
+        serializer = self.serializer_class(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        access_token = serializer.data["tokens"]["access"]
+        refresh_token = serializer.data["tokens"]["refresh"]
+        data = { "msg" : "login success", "username": serializer.data["username"] }
+        res = Response(data, status=status.HTTP_200_OK)
+        res.set_cookie('access_token', value=access_token, httponly=True)
+        res.set_cookie('refresh_token', value=refresh_token, httponly=True)
+        return res
+
+class LogoutAPIView(generics.GenericAPIView):
+    serializer_class = LogoutSerializer
+    permission_classes = [permissions.IsAuthenticated]
+    def post(self, request):
+        refresh_token = { "refresh" : request.COOKIES.get(settings.SIMPLE_JWT['REFRESH_TOKEN'])}
+        serializer = self.serializer_class(data = refresh_token)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        data = { "msg": "logout success" }
+        res = Response(data, status=status.HTTP_200_OK)
+        res.delete_cookie('access_token')
+        res.delete_cookie('refresh_token')
+        return res
diff --git a/blending_back/settings.py b/blending_back/settings.py
@@ -10,14 +10,16 @@
 https://docs.djangoproject.com/en/4.0/ref/settings/
 """
 
+from datetime import timedelta
 from pathlib import Path
 import os
 import environ
 from dotenv import load_dotenv
-load_dotenv()
+
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
+load_dotenv()
 env = environ.Env()
 environ.Env.read_env(
     env_file=os.path.join(BASE_DIR, '.env')
@@ -42,9 +44,39 @@
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
+    'corsheaders',
+    'todos',
+    'accounts',
+    'rest_framework',
+    'rest_framework_simplejwt',
+    'rest_framework_simplejwt.token_blacklist',
 ]
 
+REST_FRAMEWORK = {
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        'accounts.authenticate.CustomAuthentication',
+    ),
+}
+
+REST_USE_JWT = True
+
+SIMPLE_JWT = {
+    # 'ACCESS_TOKEN_LIFETIME': timedelta(minutes = 1),
+    'ACCESS_TOKEN_LIFETIME': timedelta(hours = 2),
+    'REFRESH_TOKEN_LIFETIME': timedelta(days = 7),
+    'ROTATE_REFRESH_TOKENS': False,
+    'BLACKLIST_AFTER_ROTATION': True,
+    'TOKEN_USER_CLASS': 'accounts.User',
+    'AUTH_HEADER_TYPES': 'JWT',
+    'USER_AUTHENTICATION_RULE': 'rest_framework_simplejwt.authentication.default_user_authentication_rule',
+
+    'ACCESS_TOKEN': 'access_token',
+    'REFRESH_TOKEN': 'refresh_token',
+
+}
+
 MIDDLEWARE = [
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
@@ -85,6 +117,7 @@
     }
 }
 
+AUTH_USER_MODEL = 'accounts.User'
 
 # Password validation
 # https://docs.djangoproject.com/en/4.0/ref/settings/#auth-password-validators
@@ -126,3 +159,27 @@
 # https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
+
+CORS_ORIGIN_ALLOW_ALL = True
+CORS_ALLOW_CREDENTIALS = True
+
+CORS_ALLOW_METHODS = (
+    'DELETE',
+    'GET',
+    'OPTIONS',
+    'PATCH',
+    'POST',
+    'PUT',
+)
+
+CORS_ALLOW_HEADERS = (
+    'accept',
+    'accept-encoding',
+    'authorization',
+    'content-type',
+    'dnt',
+    'origin',
+    'user-agent',
+    'x-csrftoken',
+    'x-requested-with',
+)
diff --git a/blending_back/urls.py b/blending_back/urls.py
@@ -19,4 +19,6 @@
 
 urlpatterns = [
     path('admin/', admin.site.urls),
-]
+    path('api/todos/', include('todos.urls')),
+    path('api/accounts/', include('accounts.urls'))
+]
diff --git a/requirements.txt b/requirements.txt
@@ -1,6 +1,9 @@
 asgiref==3.5.2
 Django==4.0.6
+django-cors-headers==3.13.0
 django-environ==0.9.0
 environ==1.0
 python-dotenv==0.20.0
 sqlparse==0.4.2
+djangorestframework==3.13.1
+djangorestframework-simplejwt==5.0.0
diff --git a/todolist/admin.py b/todolist/admin.py
diff --git a/todolist/views.py b/todolist/views.py
diff --git a/todolist/__init__.py → todos/__init__.py b/todolist/__init__.py → todos/__init__.py
diff --git a/todos/admin.py b/todos/admin.py
@@ -0,0 +1,4 @@
+from django.contrib import admin
+from todos.models import Todo
+
+admin.site.register(Todo)
diff --git a/account/apps.py → todos/apps.py b/account/apps.py → todos/apps.py
@@ -1,6 +1,6 @@
 from django.apps import AppConfig
 
 
-class AccountConfig(AppConfig):
+class TodosConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
-    name = 'account'
+    name = 'todos'