2020-1-CloudComputing-E / E_Team_KhuBox

Go to a project
Toggle navigation Toggle navigation pinning
서승완
2cf8f416 1 parent 3da9d593
Builds for 1 pipeline passed in 15 minutes 31 seconds

feat: add auth middleware

Inline Side-by-side
Showing 5 changed files with 73 additions and 32 deletions
......@@ -49,6 +49,7 @@ MIDDLEWARE = [
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'khubox.auth.AuthMiddleware',
]
ROOT_URLCONF = 'config.urls'
......
import jwt
from django.conf import settings
from django.http import JsonResponse
class AuthMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
if 'HTTP_AUTHORIZATION' in request.META:
token = str(request.META['HTTP_AUTHORIZATION'])[7:]
try:
decoded = jwt.decode(token, settings.SECRET_KEY, algorithms=['HS256'])
request.user_id = decoded['id']
except jwt.exceptions.DecodeError:
return JsonResponse({'result': False, 'error': '토큰이 잘못되었습니다.'})
except jwt.exceptions.ExpiredSignatureError:
return JsonResponse({'result': False, 'error': '토큰이 만료되었습니다.'})
else:
request.user_id = None
response = self.get_response(request)
return response
......@@ -8,8 +8,9 @@ from ..models import File, GroupUser
# 폴더/파일 목록
def list_item(request):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Validate
if request.GET.get('is_public') != 'true' \
......@@ -45,8 +46,9 @@ def list_item(request):
# 폴더 생성, 파일 업로드
def create(request):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Load
try:
......@@ -105,8 +107,9 @@ def create(request):
# 휴지통 비우기
def empty_trash(request):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Query Files
files = File.objects.filter(owner_user_id=request.user_id, is_trashed=1, deleted_at__isnull=True)
......@@ -138,8 +141,9 @@ def empty_trash(request):
# 폴더/파일 조회
def find_item(request, file_id):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Query
file = File.objects.filter(id=file_id, deleted_at__isnull=True)
......@@ -213,8 +217,9 @@ def find_item(request, file_id):
# 폴더/파일 수정
def update_item(request, file_id):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Load
try:
......@@ -285,8 +290,9 @@ def update_item(request, file_id):
# 파일 복제
def copy(request, file_id):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Get File
file = File.objects.filter(id=file_id, type='file', is_trashed=0, deleted_at__isnull=True)
......
......@@ -7,8 +7,9 @@ from ..models import File, Group, GroupUser, User
# 그룹 생성
def create(request):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Load
try:
......@@ -49,8 +50,9 @@ def create(request):
# 그룹 초대장 조회
def find_invite(request, invite_code):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Query
group = Group.objects.filter(invite_code=invite_code)
......@@ -77,8 +79,9 @@ def find_invite(request, invite_code):
# 그룹 초대장 사용
def use_invite(request, invite_code):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Query
group = Group.objects.filter(invite_code=invite_code)
......@@ -104,8 +107,9 @@ def use_invite(request, invite_code):
# 그룹 목록
def list_me(request):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Query
joined = GroupUser.objects.filter(user_id=request.user_id).values_list('group_id', flat=True)
......@@ -125,8 +129,9 @@ def list_me(request):
# 그룹 조회
def find_item(request, group_id):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Check Joined
joined = GroupUser.objects.filter(group_id=group_id, user_id=request.user_id)
......@@ -167,8 +172,9 @@ def find_item(request, group_id):
# 그룹 수정
def update_item(request, group_id):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Load
try:
......@@ -200,8 +206,9 @@ def update_item(request, group_id):
# 그룹 삭제
def delete_item(request, group_id):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Query
group = Group.objects.filter(id=group_id)
......@@ -228,8 +235,9 @@ def delete_item(request, group_id):
# 그룹 사용자 삭제
def remove_user(request, group_id, user_id):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Query
group = Group.objects.filter(id=group_id)
......
......@@ -97,8 +97,9 @@ def login(request):
# 회원정보 조회
def find_me(request):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Query
user = User.objects.filter(id=request.user_id)
......@@ -121,8 +122,9 @@ def find_me(request):
# 회원정보 수정
def update_me(request):
# TODO: Auth
request.user_id = 1
# Check Login
if request.user_id is None:
return {'result': False, 'error': '권한이 없습니다.'}
# Load
try:
......