Merge pull request #6 from RustamovAkrom/main

Main

Author: RustamovAkrom

.gitignore

@@ -139,3 +139,5 @@ GitHub.sublime-settings
 
 # private_key.pem
 # public_key.pem
+
+db.sqlite3

apps/blog/views.py

@@ -41,7 +41,7 @@ class HomePageView(TemplateView):
     template_name = "blog/home.html"
 
     def get(self, request):
-        if request.user and request.user.is_authenticated:
+        if request.user is not None and request.user.is_authenticated:
             posts = Post.objects.exclude(author=request.user)
         else:
             posts = Post.objects.all()

security_settings/.gitignore apps/shared/management/__init__.pysecurity_settings/.gitignore renamed to apps/shared/management/__init__.py

@@ -0,0 +1,28 @@
+import os
+
+from dotenv import load_dotenv
+load_dotenv()
+
+from django.contrib.auth import get_user_model
+from django.core.management.base import BaseCommand
+
+
+ADMIN_USERNAME = str(os.getenv("ADMIN_USERNAME"))
+ADMIN_PASSWORD = str(os.getenv("ADMIN_PASSWORD"))
+ADMIN_EMAIL = str(os.getenv("ADMIN_PASSWORD"))
+
+
+class Command(BaseCommand):
+    def handle(self, *args, **options):
+        User = get_user_model()
+        self.create_superuser(User, ADMIN_USERNAME, ADMIN_EMAIL, ADMIN_PASSWORD)
+    def create_superuser(self, User, username, email, password):
+        if not User.objects.filter(username=username).exists():
+            User.objects.create_superuser(username, email, password)
+            self.stdout.write(
+                self.style.SUCCESS(f"Superuser {username} created successfully.")
+            )
+        else:
+            self.stdout.write(
+                self.style.ERROR(f"Superuser {username} already exists.")
+            )

apps/shared/management/commands/__init__.py

@@ -6,25 +6,36 @@
 
 class LoginForm(forms.Form):
     username = forms.CharField(
-        max_length=28,
+        max_length=150,
         widget=forms.TextInput(
             attrs={"placeholder": "Username...", "class": "form-control rounded-4"}
         ),
+        error_messages={
+            "required": "Username is required!",
+            'max_length': "Username is too lang, max length is 150 charecters."
+        }
     )
     password = forms.CharField(
         max_length=60,
         widget=forms.PasswordInput(
             attrs={"placeholder": "Password...", "class": "form-control rounded-4"}
         ),
+        error_messages={
+            "required": "Password is required!",
+            "max_length": "Password is to long, max length is 60 charecters."
+        }
     )
 
 
 class RegisterForm(forms.ModelForm):
     password1 = forms.CharField(
+        label="Password",
         max_length=28,
         widget=forms.PasswordInput(attrs={"id": "password", "type": "password"}),
+
     )
     password2 = forms.CharField(
+        label="Password (Confirm)",
         max_length=28,
         widget=forms.PasswordInput(attrs={"id": "password", "type": "password"}),
     )
@@ -39,7 +50,7 @@ def save(self, commit=True):
             user.set_password(password1)
             user.save()
         else:
-            raise ValidationError("Password must be match")
+            return ValidationError("Passwords must be match!")
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)

apps/shared/management/commands/createadmin.py

@@ -1,6 +1,8 @@
-from rest_framework_simplejwt.tokens import AccessToken
+from rest_framework_simplejwt.tokens import AccessToken, TokenError
 from django.utils.deprecation import MiddlewareMixin
 from django.contrib.auth import get_user_model
+from django.contrib.auth.models import AnonymousUser
+from django.core.cache import cache
 
 
 User = get_user_model()
@@ -10,11 +12,20 @@ class JWTAuthMiddleware(MiddlewareMixin):
     def process_request(self, request):
         access_token = request.COOKIES.get("access_token")
 
-        if access_token:
-            try:
-                token = AccessToken(access_token)
-                user_id = token['user_id']
-                request.user = User.objects.get(id=user_id)
-            except Exception as e:
-                request.user = None
-                
+        if not access_token:
+            request.user = AnonymousUser()
+        
+        cached_user = cache.get(access_token)
+        if cached_user:
+            request.user = cached_user
+            return
+    
+        try:
+            token = AccessToken(access_token)
+            user_id = token['user_id']
+            user = User.objects.get(id=user_id)
+
+            cache.set(access_token, user, timeout=60 * 15)
+            request.user = user
+        except (TokenError, User.DoesNotExist):
+            request.user = AnonymousUser()

apps/users/forms.py

@@ -20,14 +20,14 @@ def get(self, request):
 
     def post(self, request):
 
-        form = RegisterForm(request.POST, request.FILES)
+        form = RegisterForm(request.POST)
 
         if form.is_valid():
             form.save()
             messages.success(request, "User succesfully registered")
             return redirect(reverse("users:login"))
 
-        messages.warning(request, "Error registered!")
+        messages.warning(request, "Invalid registration fields!")
         return render(request, "auth/register.html", {"form": form})
 
 
@@ -43,6 +43,7 @@ def post(self, request):
         if form.is_valid():
             username = form.cleaned_data.get("username")
             password = form.cleaned_data.get("password")
+
             user = authenticate(username=username, password=password)
 
             if user is not None:
@@ -58,7 +59,7 @@ def post(self, request):
                 response.set_cookie("access_token", access_token, httponly=True)
                 response.set_cookie("refresh_token", refresh_token, httponly=True)
 
-                messages.info(request, f"You are logged in as { username }")
+                messages.success(request, f"You are logged in as { username }")
                 return response
 
             else:

apps/users/middleware.py

@@ -21,4 +21,5 @@
     "rest_framework",
     "rest_framework_simplejwt",
     "rest_framework_simplejwt.token_blacklist",
+
 ]

apps/users/views.py

@@ -2,11 +2,13 @@
 
 from datetime import timedelta
 
+from dotenv import load_dotenv
+load_dotenv()
 
-with open(str(os.getenv("PRIVATE_KEY_PATH", "security_settings/private_key.pem")), "r") as f:
+with open(str(os.getenv("PRIVATE_KEY_PATH")), "r") as f:
     PRIVATE_KEY = f.read()
 
-with open(str(os.getenv("PUBLIC_KEY_PATH", "security_settings/public_key.pem")), "r") as f:
+with open(str(os.getenv("PUBLIC_KEY_PATH")), "r") as f:
     PUBLIC_KEY = f.read()
 
 
@@ -32,6 +34,6 @@
     "TOKEN_TYPE_CLAIM": "token_type",
     "JTI_CLAIM": "jti",
     "SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp",
-    "SLIDING_TOKEN_LIFETIME": timedelta(minutes=5),
+    "SLIDING_TOKEN_LIFETIME": timedelta(seconds=1),
     "SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1),
 }