admin_transporte_backend/project/api/middlewares.py

from django.urls import resolve
from django.http import HttpResponse
from .models import Usuario, Persona
from decouple import config
import jwt
import logging

private_key = config('SECRET_JWT')

class ApiMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        # se omite esta regla si no es api
        if request.path[0:5] != '/api/':
            response = self.get_response(request)
            return response

        # se omite esta regla en login
        if request.path == '/api/auth/' and request.method == 'POST':
            response = self.get_response(request)
            return response
        
        match = resolve(request.path)
        logging.error(match)

        # se omite esta regla al mostrar imagen de paradero
        if match.url_name == 'paradero_imagen-detail' and request.method == 'GET':
            response = self.get_response(request)
            return response

        # se omite esta regla al mostrar informacion publica de paradero
        if match.url_name == 'paradero-info-public' and request.method == 'GET':
            response = self.get_response(request)
            return response

        if not request.headers.get('Authorization'):
            return HttpResponse('Debe indicar el token de autorización', status = 400)

        authorization = request.headers.get('Authorization').split(' ')
        token = authorization[1]

        try:
            decoded = jwt.decode(token, private_key, algorithms=["HS256"])
        except jwt.ExpiredSignatureError:
            return HttpResponse('token ya no es valido', status = 400)
        except jwt.InvalidTokenError:
            return HttpResponse('token es invalido', status = 400)
        
        if decoded['login'] != '0':        
            usuario = Usuario.objects.filter(login = decoded['login'], vigente = True).values().first()
            if not usuario:
                return HttpResponse('Usuario ya no vigente', status = 400)
            
            persona = Persona.objects.filter(rut = usuario['rut_id']).values().first()
            if not persona:
                return HttpResponse('No existe información de la persona', status = 500)
        
            request.jwt_info = { 'login': usuario['login'], 'persona': persona }
        else:
            request.jwt_info = { 'login': '0', 'persona': None }

        response = self.get_response(request)
        return response
commit inicial 2023-12-05 10:34:47 -03:00			`from django.urls import resolve`
			`from django.http import HttpResponse`
			`from .models import Usuario, Persona`
			`from decouple import config`
			`import jwt`
			`import logging`

			`private_key = config('SECRET_JWT')`

			`class ApiMiddleware:`
			`def __init__(self, get_response):`
			`self.get_response = get_response`

			`def __call__(self, request):`
			`# se omite esta regla si no es api`
			`if request.path[0:5] != '/api/':`
			`response = self.get_response(request)`
			`return response`

			`# se omite esta regla en login`
			`if request.path == '/api/auth/' and request.method == 'POST':`
			`response = self.get_response(request)`
			`return response`

			`match = resolve(request.path)`
			`logging.error(match)`
se corrige informacion publica de paradero 2024-01-20 14:18:59 -03:00
commit inicial 2023-12-05 10:34:47 -03:00			`# se omite esta regla al mostrar imagen de paradero`
			`if match.url_name == 'paradero_imagen-detail' and request.method == 'GET':`
			`response = self.get_response(request)`
			`return response`

se corrige informacion publica de paradero 2024-01-20 14:18:59 -03:00			`# se omite esta regla al mostrar informacion publica de paradero`
			`if match.url_name == 'paradero-info-public' and request.method == 'GET':`
			`response = self.get_response(request)`
			`return response`
commit inicial 2023-12-05 10:34:47 -03:00
			`if not request.headers.get('Authorization'):`
			`return HttpResponse('Debe indicar el token de autorización', status = 400)`

			`authorization = request.headers.get('Authorization').split(' ')`
			`token = authorization[1]`

			`try:`
			`decoded = jwt.decode(token, private_key, algorithms=["HS256"])`
			`except jwt.ExpiredSignatureError:`
			`return HttpResponse('token ya no es valido', status = 400)`
			`except jwt.InvalidTokenError:`
			`return HttpResponse('token es invalido', status = 400)`

			`if decoded['login'] != '0':`
			`usuario = Usuario.objects.filter(login = decoded['login'], vigente = True).values().first()`
			`if not usuario:`
			`return HttpResponse('Usuario ya no vigente', status = 400)`

			`persona = Persona.objects.filter(rut = usuario['rut_id']).values().first()`
			`if not persona:`
			`return HttpResponse('No existe información de la persona', status = 500)`

			`request.jwt_info = { 'login': usuario['login'], 'persona': persona }`
			`else:`
			`request.jwt_info = { 'login': '0', 'persona': None }`

			`response = self.get_response(request)`
			`return response`