updated caching, api docs

This commit is contained in:
Alexander Karpov 2024-04-07 23:28:29 +03:00
parent c772c1a97b
commit 6bce18344f
4 changed files with 30 additions and 5 deletions

View File

@ -401,9 +401,15 @@ def post(self, request, *args, **kwargs):
try: try:
user_id = self.request.data.get("user_id", None) user_id = self.request.data.get("user_id", None)
if user_id: if user_id:
user = User.objects.cache().get(id=user_id) user_id_int = None
if user != self.request.user: try:
return Response(status=403) user_id_int = int(user_id)
except ValueError:
...
if user_id_int:
user = User.objects.cache().get(id=user_id_int)
if user != self.request.user:
return Response(status=403)
except User.DoesNotExist: except User.DoesNotExist:
... ...

View File

@ -1,6 +1,8 @@
from drf_spectacular.extensions import OpenApiAuthenticationExtension
from drf_spectacular.plumbing import build_bearer_security_scheme_object
from rest_framework.authentication import BaseAuthentication from rest_framework.authentication import BaseAuthentication
from akarpov.users.models import UserAPIToken from akarpov.users.models import User, UserAPIToken
from akarpov.users.tasks import set_last_active_token from akarpov.users.tasks import set_last_active_token
@ -19,4 +21,14 @@ def authenticate(self, request):
return None return None
set_last_active_token.delay(token.token) set_last_active_token.delay(token.token)
return token.user, token return User.objects.cache().get(id=token.user_id), token
class UserTokenAuthenticationExtension(OpenApiAuthenticationExtension):
target_class = "akarpov.users.api.authentification.UserTokenAuthentication"
name = "UserTokenAuthentication"
def get_security_definition(self, auto_schema):
return build_bearer_security_scheme_object(
header_name="Authorization", token_prefix="Bearer"
)

View File

@ -18,6 +18,8 @@
) )
from akarpov.users.models import User from akarpov.users.models import User
from .authentification import UserTokenAuthentication # noqa: F401
class UserRegisterAPIViewSet(generics.CreateAPIView): class UserRegisterAPIViewSet(generics.CreateAPIView):
"""Creates new user and sends verification email""" """Creates new user and sends verification email"""

View File

@ -529,6 +529,11 @@
{"url": "http://127.0.0.1:8000", "description": "Local Development server"}, {"url": "http://127.0.0.1:8000", "description": "Local Development server"},
{"url": "https://new.akarpov.ru", "description": "Production server"}, {"url": "https://new.akarpov.ru", "description": "Production server"},
], ],
"EXTENSIONS": {
"authentication": [
"akarpov.users.api.authentification.UserTokenAuthenticationExtension"
],
},
} }
# CKEDITOR # CKEDITOR