se agrega pagination, ordering

project/api/middlewares.py

@@ -10,11 +10,19 @@ class ApiMiddleware:
         self.get_response = get_response
 
     def __call__(self, request):
-        if not request.headers.get('Authorization') and request.path == '/api/auth/' and request.method == 'POST':
+        # se omite esta regla en documentacion
-            # cuando se quiere obtener el token, se omite esta regla
+        if not request.headers.get('Authorization') and request.path[0:6] == '/docs/':
             response = self.get_response(request)
             return response
         
+        # se omite esta regla en login
+        if request.path == '/api/auth/' and request.method == 'POST':
+            response = self.get_response(request)
+            return response
+        
+        if not request.headers.get('Authorization'):
+            return HttpResponse('Debe indicar el token de autorización', status = 400)
+        
         authorization = request.headers.get('Authorization').split(' ')
         token = authorization[1]
 

project/api/serializers.py

@@ -13,11 +13,10 @@ class PersonaSerializer(serializers.ModelSerializer):
         fields = '__all__'
 
 class UsuarioSerializer(serializers.ModelSerializer):
-    # persona = serializers.PrimaryKeyRelatedField(queryset=Persona.objects.all(), source='rut')
-
     class Meta:
         model = Usuario
         fields = ('login','vigente','rut')
 
-    # def get_persona(self, usuario):
+class AuthSerializer(serializers.Serializer):
-    #     return usuario.persona
+    username = serializers.CharField(required=True)
+    password = serializers.CharField(required=True, style={'input_type':'password'})

project/api/views.py

@@ -1,15 +1,17 @@
 from rest_framework import viewsets
-from rest_framework.decorators import action
+from rest_framework.decorators import action, api_view, schema
+from rest_framework.schemas import AutoSchema
 from django.views.decorators.csrf import csrf_exempt
 from django.http import HttpResponse
 from django.http import JsonResponse
 from .models import Usuario, Persona
 from .models import Aplicacion
 from .serializers import UsuarioSerializer, PersonaSerializer
-from .serializers import AplicacionSerializer
+from .serializers import AplicacionSerializer, AuthSerializer
 import json
 import jwt
 import datetime
+import coreapi
 from decouple import config
 
 private_key = config('SECRET_JWT')
@@ -18,6 +20,7 @@ private_key = config('SECRET_JWT')
 class AplicacionViewSet(viewsets.ModelViewSet):
     queryset = Aplicacion.objects.all()
     serializer_class = AplicacionSerializer
+    ordering_fields = '__all__'
 
 class PersonaViewSet(viewsets.ModelViewSet):
     queryset = Persona.objects.all()
@@ -27,9 +30,24 @@ class UsuarioViewSet(viewsets.ModelViewSet):
     queryset = Usuario.objects.all()
     serializer_class = UsuarioSerializer
 
+
+class CustomAuthSchema(AutoSchema):
+    manual_fields = []
+
+    def get_manual_fields(self, path, method):
+        custom_fields = []
+        if method.lower() == 'post':
+            custom_fields = [
+                coreapi.Field('username', required=True, location='form', description='Usuario'),
+                coreapi.Field('password', required=True, location='form', description='Contraseña'),
+            ]
+        return self._manual_fields + custom_fields
+
 # Views jwt
 @csrf_exempt
 @action(detail=False, methods=['post','get'])
+@api_view(['GET','POST'])
+@schema(CustomAuthSchema())
 def jwt_login(request):
     if request.method == 'POST':
         # validar username y password

project/project/settings.py

@@ -136,7 +136,12 @@ STATIC_URL = 'static/'
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
-REST_FRAMEWORK = { 'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.coreapi.AutoSchema' }
+REST_FRAMEWORK = {
+    'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.coreapi.AutoSchema',
+    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination',
+    'DEFAULT_FILTER_BACKENDS': ['rest_framework.filters.OrderingFilter'],
+    # 'PAGE_SIZE': 15,
+}
 CORS_ORIGIN_ALLOW_ALL = False
 CORS_ORIGIN_WHITELIST = [
     "http://localhost:3000",

rest/login.rest

@@ -14,4 +14,8 @@ Content-Type: application/json
 
 ###
 GET {{server}}/auth/
-Authorization: Bearer {{token}}
+Authorization: Bearer {{token}}
+
+###
+GET {{server}}/aplicaciones/?ordering=-id_aplicacion
+Authorization: Bearer {{token}}