se guarda token en cookie, y se agrega logout

2023-06-12 18:27:40 -04:00 · 2023-06-12 18:27:40 -04:00 · 8dbcd62223
parent bda2e4ff9d
commit 8dbcd62223
1 changed files with 38 additions and 3 deletions
--- a/project/api/views.py
+++ b/project/api/views.py
@ -43,17 +43,45 @@ class AuthViewSet(viewsets.ViewSet):
    
    def create(self, request):
        username = request.data.get('username')
+        password = request.data.get('password')
+
        user = User.objects.filter(username = username).first()
+        is_correct = user.check_password(password)
+        if not is_correct:
+            raise PermissionDenied
+
        now = datetime.datetime.utcnow()
        payload = {
            'exp': now + datetime.timedelta(hours=1),
            'user_id': user.id
        }
        token = jwt.encode(payload, private_key, algorithm="HS256")
-        return Response({ 'token': token })
+        response = Response({ 'token': token })
+        response.set_cookie('token', token)
+        return response
+    
+    @action(detail=False, methods=['get'])
+    def info(self, request, pk=None):
+        token = request.COOKIES.get('token')
+        if not token:
+            raise PermissionDenied
+        decode = jwt.decode(token, private_key, algorithms= ["HS256"])
+
+        user = User.objects.filter(id = decode.get('user_id')).values().first()
+        if (user == None):
+            raise PermissionDenied
+        
+        return Response({
+            'id': user.get('id'),
+            'username': user.get('username'),
+            'first_name': user.get('first_name'),
+            'last_name': user.get('last_name'),
+            'email': user.get('email'),
+            'token': token,
+        })
    
    @action(detail=False, methods=['post'])
-    def info(self, request, pk=None):
+    def set_token(self, request, pk=None):
        token = request.data.get('token')
        decode = jwt.decode(token, private_key, algorithms= ["HS256"])

@ -67,4 +95,11 @@ class AuthViewSet(viewsets.ViewSet):
            'first_name': user.get('first_name'),
            'last_name': user.get('last_name'),
            'email': user.get('email'),
-        })
+            'token': token,
+        })
+
+    @action(detail=False, methods=['post'])
+    def logout(self, request, pk=None):
+        response = Response()
+        response.delete_cookie('token')
+        return response