2023-12-05 10:34:47 -03:00
|
|
|
from django.urls import resolve
|
|
|
|
|
from django.http import HttpResponse
|
|
|
|
|
from .models import Usuario, Persona
|
2024-01-27 00:26:58 -03:00
|
|
|
from project.settings import SECRET_KEY
|
2023-12-05 10:34:47 -03:00
|
|
|
import jwt
|
|
|
|
|
import logging
|
|
|
|
|
|
|
|
|
|
class ApiMiddleware:
|
|
|
|
|
def __init__(self, get_response):
|
|
|
|
|
self.get_response = get_response
|
|
|
|
|
|
|
|
|
|
def __call__(self, request):
|
|
|
|
|
# se omite esta regla si no es api
|
|
|
|
|
if request.path[0:5] != '/api/':
|
|
|
|
|
response = self.get_response(request)
|
|
|
|
|
return response
|
2024-07-30 13:31:59 -04:00
|
|
|
|
2023-12-05 10:34:47 -03:00
|
|
|
match = resolve(request.path)
|
2024-07-30 13:35:08 -04:00
|
|
|
logging.info(match)
|
2024-01-20 14:18:59 -03:00
|
|
|
|
2023-12-05 10:34:47 -03:00
|
|
|
# se omite esta regla al mostrar imagen de paradero
|
|
|
|
|
if match.url_name == 'paradero_imagen-detail' and request.method == 'GET':
|
|
|
|
|
response = self.get_response(request)
|
|
|
|
|
return response
|
|
|
|
|
|
2024-01-27 00:26:58 -03:00
|
|
|
if match.url_name == 'auth_login' and request.method == 'POST':
|
|
|
|
|
response = self.get_response(request)
|
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
if match.url_name == 'auth_recuperar':
|
|
|
|
|
response = self.get_response(request)
|
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
if match.url_name == 'auth_info':
|
|
|
|
|
response = self.get_response(request)
|
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
if match.url_name == 'auth_contrasena':
|
|
|
|
|
response = self.get_response(request)
|
|
|
|
|
return response
|
|
|
|
|
|
2024-01-20 14:18:59 -03:00
|
|
|
# se omite esta regla al mostrar informacion publica de paradero
|
|
|
|
|
if match.url_name == 'paradero-info-public' and request.method == 'GET':
|
|
|
|
|
response = self.get_response(request)
|
|
|
|
|
return response
|
2023-12-05 10:34:47 -03:00
|
|
|
|
|
|
|
|
if not request.headers.get('Authorization'):
|
|
|
|
|
return HttpResponse('Debe indicar el token de autorización', status = 400)
|
|
|
|
|
|
|
|
|
|
authorization = request.headers.get('Authorization').split(' ')
|
|
|
|
|
token = authorization[1]
|
|
|
|
|
|
|
|
|
|
try:
|
2024-01-27 00:26:58 -03:00
|
|
|
decoded = jwt.decode(token, SECRET_KEY, algorithms=["HS256"])
|
2023-12-05 10:34:47 -03:00
|
|
|
except jwt.ExpiredSignatureError:
|
|
|
|
|
return HttpResponse('token ya no es valido', status = 400)
|
|
|
|
|
except jwt.InvalidTokenError:
|
|
|
|
|
return HttpResponse('token es invalido', status = 400)
|
2024-07-30 13:31:59 -04:00
|
|
|
|
|
|
|
|
if decoded['login'] != '0':
|
2023-12-05 10:34:47 -03:00
|
|
|
usuario = Usuario.objects.filter(login = decoded['login'], vigente = True).values().first()
|
|
|
|
|
if not usuario:
|
|
|
|
|
return HttpResponse('Usuario ya no vigente', status = 400)
|
2024-07-30 13:31:59 -04:00
|
|
|
|
2023-12-05 10:34:47 -03:00
|
|
|
persona = Persona.objects.filter(rut = usuario['rut_id']).values().first()
|
|
|
|
|
if not persona:
|
|
|
|
|
return HttpResponse('No existe información de la persona', status = 500)
|
2024-07-30 13:31:59 -04:00
|
|
|
|
2023-12-05 10:34:47 -03:00
|
|
|
request.jwt_info = { 'login': usuario['login'], 'persona': persona }
|
|
|
|
|
else:
|
|
|
|
|
request.jwt_info = { 'login': '0', 'persona': None }
|
|
|
|
|
|
|
|
|
|
response = self.get_response(request)
|
|
|
|
|
return response
|
