From afcd290000368cb0645b3c0e7730f24792992f13 Mon Sep 17 00:00:00 2001
From: Francisco Sandoval <francisco.sandoval@crecic.cl>
Date: Mon, 26 Jun 2023 16:52:08 -0400
Subject: [PATCH] se agrega pagination, ordering

---
 project/api/middlewares.py  | 12 ++++++++++--
 project/api/serializers.py  |  7 +++----
 project/api/views.py        | 22 ++++++++++++++++++++--
 project/project/settings.py |  7 ++++++-
 rest/login.rest             |  6 +++++-
 5 files changed, 44 insertions(+), 10 deletions(-)

diff --git a/project/api/middlewares.py b/project/api/middlewares.py
index ae1bc2d..1e10b29 100644
--- a/project/api/middlewares.py
+++ b/project/api/middlewares.py
@@ -10,11 +10,19 @@ class ApiMiddleware:
         self.get_response = get_response
 
     def __call__(self, request):
-        if not request.headers.get('Authorization') and request.path == '/api/auth/' and request.method == 'POST':
-            # cuando se quiere obtener el token, se omite esta regla
+        # se omite esta regla en documentacion
+        if not request.headers.get('Authorization') and request.path[0:6] == '/docs/':
             response = self.get_response(request)
             return response
         
+        # se omite esta regla en login
+        if request.path == '/api/auth/' and request.method == 'POST':
+            response = self.get_response(request)
+            return response
+        
+        if not request.headers.get('Authorization'):
+            return HttpResponse('Debe indicar el token de autorización', status = 400)
+        
         authorization = request.headers.get('Authorization').split(' ')
         token = authorization[1]
 
diff --git a/project/api/serializers.py b/project/api/serializers.py
index 6a0454c..655b3a4 100644
--- a/project/api/serializers.py
+++ b/project/api/serializers.py
@@ -13,11 +13,10 @@ class PersonaSerializer(serializers.ModelSerializer):
         fields = '__all__'
 
 class UsuarioSerializer(serializers.ModelSerializer):
-    # persona = serializers.PrimaryKeyRelatedField(queryset=Persona.objects.all(), source='rut')
-
     class Meta:
         model = Usuario
         fields = ('login','vigente','rut')
 
-    # def get_persona(self, usuario):
-    #     return usuario.persona
\ No newline at end of file
+class AuthSerializer(serializers.Serializer):
+    username = serializers.CharField(required=True)
+    password = serializers.CharField(required=True, style={'input_type':'password'})
\ No newline at end of file
diff --git a/project/api/views.py b/project/api/views.py
index 30922e2..4d2dc35 100644
--- a/project/api/views.py
+++ b/project/api/views.py
@@ -1,15 +1,17 @@
 from rest_framework import viewsets
-from rest_framework.decorators import action
+from rest_framework.decorators import action, api_view, schema
+from rest_framework.schemas import AutoSchema
 from django.views.decorators.csrf import csrf_exempt
 from django.http import HttpResponse
 from django.http import JsonResponse
 from .models import Usuario, Persona
 from .models import Aplicacion
 from .serializers import UsuarioSerializer, PersonaSerializer
-from .serializers import AplicacionSerializer
+from .serializers import AplicacionSerializer, AuthSerializer
 import json
 import jwt
 import datetime
+import coreapi
 from decouple import config
 
 private_key = config('SECRET_JWT')
@@ -18,6 +20,7 @@ private_key = config('SECRET_JWT')
 class AplicacionViewSet(viewsets.ModelViewSet):
     queryset = Aplicacion.objects.all()
     serializer_class = AplicacionSerializer
+    ordering_fields = '__all__'
 
 class PersonaViewSet(viewsets.ModelViewSet):
     queryset = Persona.objects.all()
@@ -27,9 +30,24 @@ class UsuarioViewSet(viewsets.ModelViewSet):
     queryset = Usuario.objects.all()
     serializer_class = UsuarioSerializer
 
+
+class CustomAuthSchema(AutoSchema):
+    manual_fields = []
+
+    def get_manual_fields(self, path, method):
+        custom_fields = []
+        if method.lower() == 'post':
+            custom_fields = [
+                coreapi.Field('username', required=True, location='form', description='Usuario'),
+                coreapi.Field('password', required=True, location='form', description='Contraseña'),
+            ]
+        return self._manual_fields + custom_fields
+
 # Views jwt
 @csrf_exempt
 @action(detail=False, methods=['post','get'])
+@api_view(['GET','POST'])
+@schema(CustomAuthSchema())
 def jwt_login(request):
     if request.method == 'POST':
         # validar username y password
diff --git a/project/project/settings.py b/project/project/settings.py
index ae56f28..5ac0add 100644
--- a/project/project/settings.py
+++ b/project/project/settings.py
@@ -136,7 +136,12 @@ STATIC_URL = 'static/'
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
-REST_FRAMEWORK = { 'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.coreapi.AutoSchema' }
+REST_FRAMEWORK = {
+    'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.coreapi.AutoSchema',
+    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination',
+    'DEFAULT_FILTER_BACKENDS': ['rest_framework.filters.OrderingFilter'],
+    # 'PAGE_SIZE': 15,
+}
 CORS_ORIGIN_ALLOW_ALL = False
 CORS_ORIGIN_WHITELIST = [
     "http://localhost:3000",
diff --git a/rest/login.rest b/rest/login.rest
index eeeef0f..f0e6ba8 100644
--- a/rest/login.rest
+++ b/rest/login.rest
@@ -14,4 +14,8 @@ Content-Type: application/json
 
 ###
 GET {{server}}/auth/
-Authorization: Bearer {{token}}
\ No newline at end of file
+Authorization: Bearer {{token}}
+
+###
+GET {{server}}/aplicaciones/?ordering=-id_aplicacion
+Authorization: Bearer {{token}}