from django.urls import resolve from django.http import HttpResponse from .models import Usuario, Persona from decouple import config import jwt import logging private_key = config('SECRET_JWT') class ApiMiddleware: def __init__(self, get_response): self.get_response = get_response def __call__(self, request): # se omite esta regla si no es api if request.path[0:5] != '/api/': response = self.get_response(request) return response # se omite esta regla en login if request.path == '/api/auth/' and request.method == 'POST': response = self.get_response(request) return response match = resolve(request.path) logging.error(match) # se omite esta regla al mostrar imagen de paradero if match.url_name == 'paradero_imagen-detail' and request.method == 'GET': response = self.get_response(request) return response if not request.headers.get('Authorization'): return HttpResponse('Debe indicar el token de autorizaciĆ³n', status = 400) authorization = request.headers.get('Authorization').split(' ') token = authorization[1] try: decoded = jwt.decode(token, private_key, algorithms=["HS256"]) except jwt.ExpiredSignatureError: return HttpResponse('token ya no es valido', status = 400) except jwt.InvalidTokenError: return HttpResponse('token es invalido', status = 400) if decoded['login'] != '0': usuario = Usuario.objects.filter(login = decoded['login'], vigente = True).values().first() if not usuario: return HttpResponse('Usuario ya no vigente', status = 400) persona = Persona.objects.filter(rut = usuario['rut_id']).values().first() if not persona: return HttpResponse('No existe informaciĆ³n de la persona', status = 500) request.jwt_info = { 'login': usuario['login'], 'persona': persona } else: request.jwt_info = { 'login': '0', 'persona': None } response = self.get_response(request) return response