def comment_create_view(request, slug):
if request.method == 'POST':
token_type, token = request.META.get('HTTP_AUTHORIZATION').split()
if (token_type != 'JWT'):
return Response({'detail': 'No JWT Authentication Token Found'},
status=status.HTTP_400_BAD_REQUEST)
token_data = {'token': token}
try:
valid_data = VerifyJSONWebTokenSerializer().validate(token_data)
author = valid_data.get('user')
except:
return Response({'detail': 'Invalid Token, No Log in user'},
status.HTTP_400_BAD_REQUEST)
#data = JSONParser().parse(request.data)
data = request.data
post = get_object_or_404(Post, slug=slug)
data['author'] = author.pk
data['post'] = post.pk
serializer = CommentCreateSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
else:
return Response(serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
else:
return Response({'comments': 'Something Went Wrong'},
status=status.HTTP_400_BAD_REQUEST)
def post_create_view(request):
"""View To Create New Post For The Logged In Users"""
if request.method == 'POST':
token_type, token = request.META.get('HTTP_AUTHORIZATION').split()
if (token_type != 'JWT'):
return Response({'detail': 'No JWT Authentication Token Found'},
status=status.HTTP_400_BAD_REQUEST)
token_data = {'token': token}
try:
valid_data = VerifyJSONWebTokenSerializer().validate(token_data)
user = valid_data.get('user')
except:
return Response({'detail': 'Invalid Token'},
status.HTTP_400_BAD_REQUEST)
data = request.data
data['author'] = user.pk # Adding User ID Of The Author
serializer = PostCreateSerializer(data=data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
else:
return Response(serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
else:
return Response({'detail': 'Something Went Wrong'},
status=status.HTTP_400_BAD_REQUEST)
def post_delete_view(request):
"""View To Delete A Post For Logged In Users"""
if request.method == 'DELETE':
token_type, token = request.META.get('HTTP_AUTHORIZATION').split()
if (token_type != 'JWT'):
return Response({'detail': 'No JWT Authentication Token Found'},
status=status.HTTP_400_BAD_REQUEST)
token_data = {'token': token}
try:
valid_data = VerifyJSONWebTokenSerializer().validate(token_data)
logged_in_user = valid_data.get('user')
except:
return Response({'detail': 'Invalid Token'},
status.HTTP_400_BAD_REQUEST)
instance = Post.objects.get(slug=request.data.get('slug'))
admin_user = User.objects.get(pk=1) # PK Of Admin User Is 1
if (instance.author == logged_in_user or logged_in_user == admin_user):
instance.delete()
return Response({}, status=status.HTTP_200_OK)
else:
return Response({'detail': 'Something Went Wrong.'},
status=status.HTTP_400_BAD_REQUEST)
else:
return Response({'detail': 'You Are Not Authorised To Edit This Post'},
status.HTTP_403_FORBIDDEN)
def project_update_view(request):
"""View To Update A Project For Logged In Users"""
if request.method == 'POST':
token_type, token = request.META.get('HTTP_AUTHORIZATION').split()
if(token_type != 'JWT'):
return Response({'detail': 'No JWT Authentication Token Found'}, status=status.HTTP_400_BAD_REQUEST)
token_data = {'token': token}
try:
valid_data = VerifyJSONWebTokenSerializer().validate(token_data)
logged_in_user = valid_data.get('user')
except:
return Response({'detail': 'Invalid Token'}, status.HTTP_400_BAD_REQUEST)
updated_data = request.data
instance = Project.objects.get(slug=updated_data.get('slug'))
admin_user = User.objects.get(pk=1) # PK Of Admin User Is 1
if(instance.author == logged_in_user or logged_in_user == admin_user):
updated_data.pop('slug')
serializer = ProjectUpdateSerializer(instance, data=updated_data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_202_ACCEPTED)
else:
return Response({'detail': 'Something Went Wrong.'}, status=status.HTTP_400_BAD_REQUEST)
else:
return Response({'detail': 'You Are Not Authorised To Edit This Project'}, status.HTTP_403_FORBIDDEN)
else:
return Response({'detail': 'You Are Not Authorised To Edit This Project'}, status.HTTP_403_FORBIDDEN)
def __call__(self, scope):
"""Call the middleware."""
if scope.get('user') and scope['user'] != AnonymousUser:
# We already have an authenticated user
return self.inner(scope)
if "method" not in scope:
scope['method'] = "FAKE"
cookies = scope.get("cookies")
if not cookies:
return self.inner(scope)
jwt_cookie = cookies.get("auth_jwt")
if not jwt_cookie:
return self.inner(scope)
data = {'token': jwt_cookie}
try:
valid_data = VerifyJSONWebTokenSerializer().validate(data)
except ValidationError as err:
LOGGER.warning("Token present, but couldn't be verified: %s", err)
return self.inner(scope)
user = valid_data.get("user")
if not user:
return self.inner(scope)
scope['user'] = user
return self.inner(scope)
def check_permissions_by_header(request, user_id=None):
bearer = request.META['HTTP_AUTHORIZATION'].split()[-1]
result = Verifyer().validate({'token': bearer})
if result.get('user') and result['user'].id == int(user_id):
return True
return False