se avanza con api auth

.env.develop

@@ -4,3 +4,4 @@ DBNAME=database
 DBUSER=postgres
 DBPASS=password
 DBSCHEMA=desarrollo1
+SECRET_JWT="mB&2CH0fy7#Zb4T%o661eFn5"

project/api/serializers.py

@@ -1,5 +1,6 @@
 from django.contrib.auth.models import User
 from rest_framework import serializers
+from django.db import models
 from .models import Project, Agency, Route
 
 class ProjectSerializer(serializers.ModelSerializer):
@@ -28,4 +29,11 @@ class AuthSerializer(serializers.Serializer):
 
     def to_representation(self, instance):
         # Implement serialization logic here
-        pass
+        pass
+
+class TokenSerializer(serializers.Serializer):
+    token = serializers.CharField()
+
+    def to_representation(self, instance):
+        # Implement serialization logic here
+        pass

project/api/urls.py

@@ -18,5 +18,4 @@ router.register(r'auth', views.AuthViewSet, basename='auth')
 urlpatterns = [
     path('', include(router.urls)),
     path('token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
-    path('token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
 ]

project/api/views.py

@@ -1,10 +1,17 @@
-import jwt
+# models
 from django.contrib.auth.models import User
-from rest_framework.response import Response
-from rest_framework import viewsets
+from .models import Project, Agency, Route
+# serializers
 from .serializers import ProjectSerializer, AgencySerializer, RouteSerializer
 from .serializers import UserSerializer, AuthSerializer
-from .models import Project, Agency, Route
+# others
+import jwt
+import datetime
+from decouple import config
+from rest_framework.response import Response
+from rest_framework import viewsets
+from rest_framework.decorators import action
+from django.core.exceptions import PermissionDenied
 
 # Create your views here.
 class ProjectViewSet(viewsets.ModelViewSet):
@@ -26,6 +33,8 @@ class UserViewSet(viewsets.ModelViewSet):
 """
     Metodos de generacion de jwt en forma manual
 """
+private_key = config('SECRET_JWT','palabrasecreta')
+
 class AuthViewSet(viewsets.ViewSet):
     serializer_class = AuthSerializer
 
@@ -35,9 +44,27 @@ class AuthViewSet(viewsets.ViewSet):
     def create(self, request):
         username = request.data.get('username')
         user = User.objects.filter(username = username).first()
-        private_key = 'lapalabrasecreta'
+        now = datetime.datetime.utcnow()
         payload = {
-            'user_id': user.username
+            'exp': now + datetime.timedelta(hours=1),
+            'user_id': user.id
         }
         token = jwt.encode(payload, private_key, algorithm="HS256")
-        return Response({ 'token': token })
+        return Response({ 'token': token })
+    
+    @action(detail=False, methods=['post'])
+    def info(self, request, pk=None):
+        token = request.data.get('token')
+        decode = jwt.decode(token, private_key, algorithms= ["HS256"])
+
+        user = User.objects.filter(id = decode.get('user_id')).values().first()
+        if (user == None):
+            raise PermissionDenied
+        
+        return Response({
+            'id': user.get('id'),
+            'username': user.get('username'),
+            'first_name': user.get('first_name'),
+            'last_name': user.get('last_name'),
+            'email': user.get('email'),
+        })