Builds for
1 pipeline
passed
in
15 minutes 31 seconds
feat: add auth middleware
Showing
5 changed files
with
73 additions
and
32 deletions
| ... | @@ -49,6 +49,7 @@ MIDDLEWARE = [ | ... | @@ -49,6 +49,7 @@ MIDDLEWARE = [ |
| 49 | 'django.contrib.auth.middleware.AuthenticationMiddleware', | 49 | 'django.contrib.auth.middleware.AuthenticationMiddleware', |
| 50 | 'django.contrib.messages.middleware.MessageMiddleware', | 50 | 'django.contrib.messages.middleware.MessageMiddleware', |
| 51 | 'django.middleware.clickjacking.XFrameOptionsMiddleware', | 51 | 'django.middleware.clickjacking.XFrameOptionsMiddleware', |
| 52 | + 'khubox.auth.AuthMiddleware', | ||
| 52 | ] | 53 | ] |
| 53 | 54 | ||
| 54 | ROOT_URLCONF = 'config.urls' | 55 | ROOT_URLCONF = 'config.urls' | ... | ... |
khubox-api/khubox/auth.py
0 → 100644
| 1 | +import jwt | ||
| 2 | +from django.conf import settings | ||
| 3 | +from django.http import JsonResponse | ||
| 4 | + | ||
| 5 | + | ||
| 6 | +class AuthMiddleware: | ||
| 7 | + def __init__(self, get_response): | ||
| 8 | + self.get_response = get_response | ||
| 9 | + | ||
| 10 | + def __call__(self, request): | ||
| 11 | + if 'HTTP_AUTHORIZATION' in request.META: | ||
| 12 | + token = str(request.META['HTTP_AUTHORIZATION'])[7:] | ||
| 13 | + try: | ||
| 14 | + decoded = jwt.decode(token, settings.SECRET_KEY, algorithms=['HS256']) | ||
| 15 | + request.user_id = decoded['id'] | ||
| 16 | + except jwt.exceptions.DecodeError: | ||
| 17 | + return JsonResponse({'result': False, 'error': '토큰이 잘못되었습니다.'}) | ||
| 18 | + except jwt.exceptions.ExpiredSignatureError: | ||
| 19 | + return JsonResponse({'result': False, 'error': '토큰이 만료되었습니다.'}) | ||
| 20 | + else: | ||
| 21 | + request.user_id = None | ||
| 22 | + | ||
| 23 | + response = self.get_response(request) | ||
| 24 | + return response |
| ... | @@ -8,8 +8,9 @@ from ..models import File, GroupUser | ... | @@ -8,8 +8,9 @@ from ..models import File, GroupUser |
| 8 | 8 | ||
| 9 | # 폴더/파일 목록 | 9 | # 폴더/파일 목록 |
| 10 | def list_item(request): | 10 | def list_item(request): |
| 11 | - # TODO: Auth | 11 | + # Check Login |
| 12 | - request.user_id = 1 | 12 | + if request.user_id is None: |
| 13 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 13 | 14 | ||
| 14 | # Validate | 15 | # Validate |
| 15 | if request.GET.get('is_public') != 'true' \ | 16 | if request.GET.get('is_public') != 'true' \ |
| ... | @@ -45,8 +46,9 @@ def list_item(request): | ... | @@ -45,8 +46,9 @@ def list_item(request): |
| 45 | 46 | ||
| 46 | # 폴더 생성, 파일 업로드 | 47 | # 폴더 생성, 파일 업로드 |
| 47 | def create(request): | 48 | def create(request): |
| 48 | - # TODO: Auth | 49 | + # Check Login |
| 49 | - request.user_id = 1 | 50 | + if request.user_id is None: |
| 51 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 50 | 52 | ||
| 51 | # Load | 53 | # Load |
| 52 | try: | 54 | try: |
| ... | @@ -105,8 +107,9 @@ def create(request): | ... | @@ -105,8 +107,9 @@ def create(request): |
| 105 | 107 | ||
| 106 | # 휴지통 비우기 | 108 | # 휴지통 비우기 |
| 107 | def empty_trash(request): | 109 | def empty_trash(request): |
| 108 | - # TODO: Auth | 110 | + # Check Login |
| 109 | - request.user_id = 1 | 111 | + if request.user_id is None: |
| 112 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 110 | 113 | ||
| 111 | # Query Files | 114 | # Query Files |
| 112 | files = File.objects.filter(owner_user_id=request.user_id, is_trashed=1, deleted_at__isnull=True) | 115 | files = File.objects.filter(owner_user_id=request.user_id, is_trashed=1, deleted_at__isnull=True) |
| ... | @@ -138,8 +141,9 @@ def empty_trash(request): | ... | @@ -138,8 +141,9 @@ def empty_trash(request): |
| 138 | 141 | ||
| 139 | # 폴더/파일 조회 | 142 | # 폴더/파일 조회 |
| 140 | def find_item(request, file_id): | 143 | def find_item(request, file_id): |
| 141 | - # TODO: Auth | 144 | + # Check Login |
| 142 | - request.user_id = 1 | 145 | + if request.user_id is None: |
| 146 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 143 | 147 | ||
| 144 | # Query | 148 | # Query |
| 145 | file = File.objects.filter(id=file_id, deleted_at__isnull=True) | 149 | file = File.objects.filter(id=file_id, deleted_at__isnull=True) |
| ... | @@ -213,8 +217,9 @@ def find_item(request, file_id): | ... | @@ -213,8 +217,9 @@ def find_item(request, file_id): |
| 213 | 217 | ||
| 214 | # 폴더/파일 수정 | 218 | # 폴더/파일 수정 |
| 215 | def update_item(request, file_id): | 219 | def update_item(request, file_id): |
| 216 | - # TODO: Auth | 220 | + # Check Login |
| 217 | - request.user_id = 1 | 221 | + if request.user_id is None: |
| 222 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 218 | 223 | ||
| 219 | # Load | 224 | # Load |
| 220 | try: | 225 | try: |
| ... | @@ -285,8 +290,9 @@ def update_item(request, file_id): | ... | @@ -285,8 +290,9 @@ def update_item(request, file_id): |
| 285 | 290 | ||
| 286 | # 파일 복제 | 291 | # 파일 복제 |
| 287 | def copy(request, file_id): | 292 | def copy(request, file_id): |
| 288 | - # TODO: Auth | 293 | + # Check Login |
| 289 | - request.user_id = 1 | 294 | + if request.user_id is None: |
| 295 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 290 | 296 | ||
| 291 | # Get File | 297 | # Get File |
| 292 | file = File.objects.filter(id=file_id, type='file', is_trashed=0, deleted_at__isnull=True) | 298 | file = File.objects.filter(id=file_id, type='file', is_trashed=0, deleted_at__isnull=True) | ... | ... |
| ... | @@ -7,8 +7,9 @@ from ..models import File, Group, GroupUser, User | ... | @@ -7,8 +7,9 @@ from ..models import File, Group, GroupUser, User |
| 7 | 7 | ||
| 8 | # 그룹 생성 | 8 | # 그룹 생성 |
| 9 | def create(request): | 9 | def create(request): |
| 10 | - # TODO: Auth | 10 | + # Check Login |
| 11 | - request.user_id = 1 | 11 | + if request.user_id is None: |
| 12 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 12 | 13 | ||
| 13 | # Load | 14 | # Load |
| 14 | try: | 15 | try: |
| ... | @@ -49,8 +50,9 @@ def create(request): | ... | @@ -49,8 +50,9 @@ def create(request): |
| 49 | 50 | ||
| 50 | # 그룹 초대장 조회 | 51 | # 그룹 초대장 조회 |
| 51 | def find_invite(request, invite_code): | 52 | def find_invite(request, invite_code): |
| 52 | - # TODO: Auth | 53 | + # Check Login |
| 53 | - request.user_id = 1 | 54 | + if request.user_id is None: |
| 55 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 54 | 56 | ||
| 55 | # Query | 57 | # Query |
| 56 | group = Group.objects.filter(invite_code=invite_code) | 58 | group = Group.objects.filter(invite_code=invite_code) |
| ... | @@ -77,8 +79,9 @@ def find_invite(request, invite_code): | ... | @@ -77,8 +79,9 @@ def find_invite(request, invite_code): |
| 77 | 79 | ||
| 78 | # 그룹 초대장 사용 | 80 | # 그룹 초대장 사용 |
| 79 | def use_invite(request, invite_code): | 81 | def use_invite(request, invite_code): |
| 80 | - # TODO: Auth | 82 | + # Check Login |
| 81 | - request.user_id = 1 | 83 | + if request.user_id is None: |
| 84 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 82 | 85 | ||
| 83 | # Query | 86 | # Query |
| 84 | group = Group.objects.filter(invite_code=invite_code) | 87 | group = Group.objects.filter(invite_code=invite_code) |
| ... | @@ -104,8 +107,9 @@ def use_invite(request, invite_code): | ... | @@ -104,8 +107,9 @@ def use_invite(request, invite_code): |
| 104 | 107 | ||
| 105 | # 그룹 목록 | 108 | # 그룹 목록 |
| 106 | def list_me(request): | 109 | def list_me(request): |
| 107 | - # TODO: Auth | 110 | + # Check Login |
| 108 | - request.user_id = 1 | 111 | + if request.user_id is None: |
| 112 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 109 | 113 | ||
| 110 | # Query | 114 | # Query |
| 111 | joined = GroupUser.objects.filter(user_id=request.user_id).values_list('group_id', flat=True) | 115 | joined = GroupUser.objects.filter(user_id=request.user_id).values_list('group_id', flat=True) |
| ... | @@ -125,8 +129,9 @@ def list_me(request): | ... | @@ -125,8 +129,9 @@ def list_me(request): |
| 125 | 129 | ||
| 126 | # 그룹 조회 | 130 | # 그룹 조회 |
| 127 | def find_item(request, group_id): | 131 | def find_item(request, group_id): |
| 128 | - # TODO: Auth | 132 | + # Check Login |
| 129 | - request.user_id = 1 | 133 | + if request.user_id is None: |
| 134 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 130 | 135 | ||
| 131 | # Check Joined | 136 | # Check Joined |
| 132 | joined = GroupUser.objects.filter(group_id=group_id, user_id=request.user_id) | 137 | joined = GroupUser.objects.filter(group_id=group_id, user_id=request.user_id) |
| ... | @@ -167,8 +172,9 @@ def find_item(request, group_id): | ... | @@ -167,8 +172,9 @@ def find_item(request, group_id): |
| 167 | 172 | ||
| 168 | # 그룹 수정 | 173 | # 그룹 수정 |
| 169 | def update_item(request, group_id): | 174 | def update_item(request, group_id): |
| 170 | - # TODO: Auth | 175 | + # Check Login |
| 171 | - request.user_id = 1 | 176 | + if request.user_id is None: |
| 177 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 172 | 178 | ||
| 173 | # Load | 179 | # Load |
| 174 | try: | 180 | try: |
| ... | @@ -200,8 +206,9 @@ def update_item(request, group_id): | ... | @@ -200,8 +206,9 @@ def update_item(request, group_id): |
| 200 | 206 | ||
| 201 | # 그룹 삭제 | 207 | # 그룹 삭제 |
| 202 | def delete_item(request, group_id): | 208 | def delete_item(request, group_id): |
| 203 | - # TODO: Auth | 209 | + # Check Login |
| 204 | - request.user_id = 1 | 210 | + if request.user_id is None: |
| 211 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 205 | 212 | ||
| 206 | # Query | 213 | # Query |
| 207 | group = Group.objects.filter(id=group_id) | 214 | group = Group.objects.filter(id=group_id) |
| ... | @@ -228,8 +235,9 @@ def delete_item(request, group_id): | ... | @@ -228,8 +235,9 @@ def delete_item(request, group_id): |
| 228 | 235 | ||
| 229 | # 그룹 사용자 삭제 | 236 | # 그룹 사용자 삭제 |
| 230 | def remove_user(request, group_id, user_id): | 237 | def remove_user(request, group_id, user_id): |
| 231 | - # TODO: Auth | 238 | + # Check Login |
| 232 | - request.user_id = 1 | 239 | + if request.user_id is None: |
| 240 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 233 | 241 | ||
| 234 | # Query | 242 | # Query |
| 235 | group = Group.objects.filter(id=group_id) | 243 | group = Group.objects.filter(id=group_id) | ... | ... |
| ... | @@ -97,8 +97,9 @@ def login(request): | ... | @@ -97,8 +97,9 @@ def login(request): |
| 97 | 97 | ||
| 98 | # 회원정보 조회 | 98 | # 회원정보 조회 |
| 99 | def find_me(request): | 99 | def find_me(request): |
| 100 | - # TODO: Auth | 100 | + # Check Login |
| 101 | - request.user_id = 1 | 101 | + if request.user_id is None: |
| 102 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 102 | 103 | ||
| 103 | # Query | 104 | # Query |
| 104 | user = User.objects.filter(id=request.user_id) | 105 | user = User.objects.filter(id=request.user_id) |
| ... | @@ -121,8 +122,9 @@ def find_me(request): | ... | @@ -121,8 +122,9 @@ def find_me(request): |
| 121 | 122 | ||
| 122 | # 회원정보 수정 | 123 | # 회원정보 수정 |
| 123 | def update_me(request): | 124 | def update_me(request): |
| 124 | - # TODO: Auth | 125 | + # Check Login |
| 125 | - request.user_id = 1 | 126 | + if request.user_id is None: |
| 127 | + return {'result': False, 'error': '권한이 없습니다.'} | ||
| 126 | 128 | ||
| 127 | # Load | 129 | # Load |
| 128 | try: | 130 | try: | ... | ... |
-
Please register or login to post a comment