2020-1-CloudComputing-E / E_Team_KhuBox

Go to a project
Toggle navigation Toggle navigation pinning
서승완
2cf8f416 1 parent 3da9d593
Builds for 1 pipeline passed in 15 minutes 31 seconds

feat: add auth middleware

Inline Side-by-side
Showing 5 changed files with 73 additions and 32 deletions
...@@ -49,6 +49,7 @@ MIDDLEWARE = [ ...@@ -49,6 +49,7 @@ MIDDLEWARE = [
49 'django.contrib.auth.middleware.AuthenticationMiddleware', 49 'django.contrib.auth.middleware.AuthenticationMiddleware',
50 'django.contrib.messages.middleware.MessageMiddleware', 50 'django.contrib.messages.middleware.MessageMiddleware',
51 'django.middleware.clickjacking.XFrameOptionsMiddleware', 51 'django.middleware.clickjacking.XFrameOptionsMiddleware',
52 + 'khubox.auth.AuthMiddleware',
52 ] 53 ]
53 54
54 ROOT_URLCONF = 'config.urls' 55 ROOT_URLCONF = 'config.urls'
......
1 +import jwt
2 +from django.conf import settings
3 +from django.http import JsonResponse
4 +
5 +
6 +class AuthMiddleware:
7 + def __init__(self, get_response):
8 + self.get_response = get_response
9 +
10 + def __call__(self, request):
11 + if 'HTTP_AUTHORIZATION' in request.META:
12 + token = str(request.META['HTTP_AUTHORIZATION'])[7:]
13 + try:
14 + decoded = jwt.decode(token, settings.SECRET_KEY, algorithms=['HS256'])
15 + request.user_id = decoded['id']
16 + except jwt.exceptions.DecodeError:
17 + return JsonResponse({'result': False, 'error': '토큰이 잘못되었습니다.'})
18 + except jwt.exceptions.ExpiredSignatureError:
19 + return JsonResponse({'result': False, 'error': '토큰이 만료되었습니다.'})
20 + else:
21 + request.user_id = None
22 +
23 + response = self.get_response(request)
24 + return response
...@@ -8,8 +8,9 @@ from ..models import File, GroupUser ...@@ -8,8 +8,9 @@ from ..models import File, GroupUser
8 8
9 # 폴더/파일 목록 9 # 폴더/파일 목록
10 def list_item(request): 10 def list_item(request):
11 - # TODO: Auth 11 + # Check Login
12 - request.user_id = 1 12 + if request.user_id is None:
13 + return {'result': False, 'error': '권한이 없습니다.'}
13 14
14 # Validate 15 # Validate
15 if request.GET.get('is_public') != 'true' \ 16 if request.GET.get('is_public') != 'true' \
...@@ -45,8 +46,9 @@ def list_item(request): ...@@ -45,8 +46,9 @@ def list_item(request):
45 46
46 # 폴더 생성, 파일 업로드 47 # 폴더 생성, 파일 업로드
47 def create(request): 48 def create(request):
48 - # TODO: Auth 49 + # Check Login
49 - request.user_id = 1 50 + if request.user_id is None:
51 + return {'result': False, 'error': '권한이 없습니다.'}
50 52
51 # Load 53 # Load
52 try: 54 try:
...@@ -105,8 +107,9 @@ def create(request): ...@@ -105,8 +107,9 @@ def create(request):
105 107
106 # 휴지통 비우기 108 # 휴지통 비우기
107 def empty_trash(request): 109 def empty_trash(request):
108 - # TODO: Auth 110 + # Check Login
109 - request.user_id = 1 111 + if request.user_id is None:
112 + return {'result': False, 'error': '권한이 없습니다.'}
110 113
111 # Query Files 114 # Query Files
112 files = File.objects.filter(owner_user_id=request.user_id, is_trashed=1, deleted_at__isnull=True) 115 files = File.objects.filter(owner_user_id=request.user_id, is_trashed=1, deleted_at__isnull=True)
...@@ -138,8 +141,9 @@ def empty_trash(request): ...@@ -138,8 +141,9 @@ def empty_trash(request):
138 141
139 # 폴더/파일 조회 142 # 폴더/파일 조회
140 def find_item(request, file_id): 143 def find_item(request, file_id):
141 - # TODO: Auth 144 + # Check Login
142 - request.user_id = 1 145 + if request.user_id is None:
146 + return {'result': False, 'error': '권한이 없습니다.'}
143 147
144 # Query 148 # Query
145 file = File.objects.filter(id=file_id, deleted_at__isnull=True) 149 file = File.objects.filter(id=file_id, deleted_at__isnull=True)
...@@ -213,8 +217,9 @@ def find_item(request, file_id): ...@@ -213,8 +217,9 @@ def find_item(request, file_id):
213 217
214 # 폴더/파일 수정 218 # 폴더/파일 수정
215 def update_item(request, file_id): 219 def update_item(request, file_id):
216 - # TODO: Auth 220 + # Check Login
217 - request.user_id = 1 221 + if request.user_id is None:
222 + return {'result': False, 'error': '권한이 없습니다.'}
218 223
219 # Load 224 # Load
220 try: 225 try:
...@@ -285,8 +290,9 @@ def update_item(request, file_id): ...@@ -285,8 +290,9 @@ def update_item(request, file_id):
285 290
286 # 파일 복제 291 # 파일 복제
287 def copy(request, file_id): 292 def copy(request, file_id):
288 - # TODO: Auth 293 + # Check Login
289 - request.user_id = 1 294 + if request.user_id is None:
295 + return {'result': False, 'error': '권한이 없습니다.'}
290 296
291 # Get File 297 # Get File
292 file = File.objects.filter(id=file_id, type='file', is_trashed=0, deleted_at__isnull=True) 298 file = File.objects.filter(id=file_id, type='file', is_trashed=0, deleted_at__isnull=True)
......
...@@ -7,8 +7,9 @@ from ..models import File, Group, GroupUser, User ...@@ -7,8 +7,9 @@ from ..models import File, Group, GroupUser, User
7 7
8 # 그룹 생성 8 # 그룹 생성
9 def create(request): 9 def create(request):
10 - # TODO: Auth 10 + # Check Login
11 - request.user_id = 1 11 + if request.user_id is None:
12 + return {'result': False, 'error': '권한이 없습니다.'}
12 13
13 # Load 14 # Load
14 try: 15 try:
...@@ -49,8 +50,9 @@ def create(request): ...@@ -49,8 +50,9 @@ def create(request):
49 50
50 # 그룹 초대장 조회 51 # 그룹 초대장 조회
51 def find_invite(request, invite_code): 52 def find_invite(request, invite_code):
52 - # TODO: Auth 53 + # Check Login
53 - request.user_id = 1 54 + if request.user_id is None:
55 + return {'result': False, 'error': '권한이 없습니다.'}
54 56
55 # Query 57 # Query
56 group = Group.objects.filter(invite_code=invite_code) 58 group = Group.objects.filter(invite_code=invite_code)
...@@ -77,8 +79,9 @@ def find_invite(request, invite_code): ...@@ -77,8 +79,9 @@ def find_invite(request, invite_code):
77 79
78 # 그룹 초대장 사용 80 # 그룹 초대장 사용
79 def use_invite(request, invite_code): 81 def use_invite(request, invite_code):
80 - # TODO: Auth 82 + # Check Login
81 - request.user_id = 1 83 + if request.user_id is None:
84 + return {'result': False, 'error': '권한이 없습니다.'}
82 85
83 # Query 86 # Query
84 group = Group.objects.filter(invite_code=invite_code) 87 group = Group.objects.filter(invite_code=invite_code)
...@@ -104,8 +107,9 @@ def use_invite(request, invite_code): ...@@ -104,8 +107,9 @@ def use_invite(request, invite_code):
104 107
105 # 그룹 목록 108 # 그룹 목록
106 def list_me(request): 109 def list_me(request):
107 - # TODO: Auth 110 + # Check Login
108 - request.user_id = 1 111 + if request.user_id is None:
112 + return {'result': False, 'error': '권한이 없습니다.'}
109 113
110 # Query 114 # Query
111 joined = GroupUser.objects.filter(user_id=request.user_id).values_list('group_id', flat=True) 115 joined = GroupUser.objects.filter(user_id=request.user_id).values_list('group_id', flat=True)
...@@ -125,8 +129,9 @@ def list_me(request): ...@@ -125,8 +129,9 @@ def list_me(request):
125 129
126 # 그룹 조회 130 # 그룹 조회
127 def find_item(request, group_id): 131 def find_item(request, group_id):
128 - # TODO: Auth 132 + # Check Login
129 - request.user_id = 1 133 + if request.user_id is None:
134 + return {'result': False, 'error': '권한이 없습니다.'}
130 135
131 # Check Joined 136 # Check Joined
132 joined = GroupUser.objects.filter(group_id=group_id, user_id=request.user_id) 137 joined = GroupUser.objects.filter(group_id=group_id, user_id=request.user_id)
...@@ -167,8 +172,9 @@ def find_item(request, group_id): ...@@ -167,8 +172,9 @@ def find_item(request, group_id):
167 172
168 # 그룹 수정 173 # 그룹 수정
169 def update_item(request, group_id): 174 def update_item(request, group_id):
170 - # TODO: Auth 175 + # Check Login
171 - request.user_id = 1 176 + if request.user_id is None:
177 + return {'result': False, 'error': '권한이 없습니다.'}
172 178
173 # Load 179 # Load
174 try: 180 try:
...@@ -200,8 +206,9 @@ def update_item(request, group_id): ...@@ -200,8 +206,9 @@ def update_item(request, group_id):
200 206
201 # 그룹 삭제 207 # 그룹 삭제
202 def delete_item(request, group_id): 208 def delete_item(request, group_id):
203 - # TODO: Auth 209 + # Check Login
204 - request.user_id = 1 210 + if request.user_id is None:
211 + return {'result': False, 'error': '권한이 없습니다.'}
205 212
206 # Query 213 # Query
207 group = Group.objects.filter(id=group_id) 214 group = Group.objects.filter(id=group_id)
...@@ -228,8 +235,9 @@ def delete_item(request, group_id): ...@@ -228,8 +235,9 @@ def delete_item(request, group_id):
228 235
229 # 그룹 사용자 삭제 236 # 그룹 사용자 삭제
230 def remove_user(request, group_id, user_id): 237 def remove_user(request, group_id, user_id):
231 - # TODO: Auth 238 + # Check Login
232 - request.user_id = 1 239 + if request.user_id is None:
240 + return {'result': False, 'error': '권한이 없습니다.'}
233 241
234 # Query 242 # Query
235 group = Group.objects.filter(id=group_id) 243 group = Group.objects.filter(id=group_id)
......
...@@ -97,8 +97,9 @@ def login(request): ...@@ -97,8 +97,9 @@ def login(request):
97 97
98 # 회원정보 조회 98 # 회원정보 조회
99 def find_me(request): 99 def find_me(request):
100 - # TODO: Auth 100 + # Check Login
101 - request.user_id = 1 101 + if request.user_id is None:
102 + return {'result': False, 'error': '권한이 없습니다.'}
102 103
103 # Query 104 # Query
104 user = User.objects.filter(id=request.user_id) 105 user = User.objects.filter(id=request.user_id)
...@@ -121,8 +122,9 @@ def find_me(request): ...@@ -121,8 +122,9 @@ def find_me(request):
121 122
122 # 회원정보 수정 123 # 회원정보 수정
123 def update_me(request): 124 def update_me(request):
124 - # TODO: Auth 125 + # Check Login
125 - request.user_id = 1 126 + if request.user_id is None:
127 + return {'result': False, 'error': '권한이 없습니다.'}
126 128
127 # Load 129 # Load
128 try: 130 try:
......