Added profiles page and friends system

2024-03-03 09:20:17 +03:00
parent 13b4e8bafb
commit c81cd3560f
7 changed files with 132 additions and 3 deletions
@@ -1,3 +1,4 @@
+import bcrypt
 import jwt
 from django.conf import settings
 from rest_framework.authentication import (
@@ -30,6 +31,13 @@ class JWTAuthentication(BaseAuthentication):
            )

            user = Profile.objects.get(id=payload["id"])
+
+            if not bcrypt.checkpw(
+                payload["password"].encode("utf-8"),
+                user.password.encode("utf-8"),
+            ):
+                error = "Token has expired"
+                raise AuthenticationFailed(error)
        except Profile.DoesNotExist:
            error = "Invalid token"
            raise AuthenticationFailed(error) from None
@@ -1,4 +1,4 @@
-# Generated by Django 4.2.10 on 2024-03-02 10:14
+# Generated by Django 4.2.10 on 2024-03-03 06:12

 import api.users.validators
 import django.core.validators
@@ -24,6 +24,7 @@ class Migration(migrations.Migration):
                ('isPublic', models.BooleanField()),
                ('phone', models.CharField(blank=True, max_length=20, null=True, validators=[django.core.validators.MaxLengthValidator(20), django.core.validators.RegexValidator('\\+[\\d]+')])),
                ('image', models.URLField(blank=True, null=True)),
+                ('friends', models.ManyToManyField(blank=True, to='users.profile')),
            ],
        ),
    ]
@@ -32,6 +32,7 @@ class Profile(models.Model):
        null=True,
    )
    image = models.URLField(max_length=200, blank=True, null=True)
+    friends = models.ManyToManyField("self", blank=True, symmetrical=False)

    def __str__(self):
        return self.login
@@ -39,6 +40,16 @@ class Profile(models.Model):
    def is_authenticated(self):
        return True

+    def add_friend(self, user):
+        if self != user:
+            self.friends.add(user)
+
+    def remove_friend(self, user):
+        self.friends.remove(user)
+
+    def check_for_friendship(self, user):
+        return self.friends.filter(pk=user.pk).exists()
+
    @classmethod
    def check_unique(cls, user_id, validated_data):
        errors = {}
@@ -0,0 +1,13 @@
+from rest_framework.permissions import BasePermission
+
+
+class CanAccessProfile(BasePermission):
+    def has_object_permission(self, request, view, obj):
+        if (
+            obj.isPublic
+            or obj.check_for_friendship(request.user)
+            or obj == request.user
+        ):
+            return True
+
+        return False
@@ -28,3 +28,24 @@ class UpdateProfileSerializer(serializers.ModelSerializer):
            "phone",
            "image",
        ]
+
+
+class PublicProfileSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Profile
+        fields = [
+            "login",
+            "email",
+            "countryCode",
+            "isPublic",
+            "phone",
+            "image",
+        ]
+
+    def to_representation(self, instance):
+        data = super().to_representation(instance)
+        if data["image"] is None:
+            del data["image"]
+        if data["phone"] is None:
+            del data["phone"]
+        return data
@@ -16,5 +16,21 @@ urlpatterns = [
    path(
        "me/profile",
        api.users.views.ProfileMeApiView.as_view(),
-    )
+        name="profile-me",
+    ),
+    path(
+        "profiles/<str:login>",
+        api.users.views.ProfileAPIView.as_view(),
+        name="profiles",
+    ),
+    path(
+        "friends/add",
+        api.users.views.AddFriendAPIView.as_view(),
+        name="add-friend",
+    ),
+    path(
+        "friends/remove",
+        api.users.views.RemoveFriendAPIView.as_view(),
+        name="remove-friend",
+    ),
 ]
@@ -10,7 +10,12 @@ from rest_framework.response import Response
 from rest_framework.views import APIView

 from api.users.models import Profile
-from api.users.serializers import ProfileSerializer, UpdateProfileSerializer
+from api.users.permissions import CanAccessProfile
+from api.users.serializers import (
+    ProfileSerializer,
+    PublicProfileSerializer,
+    UpdateProfileSerializer,
+)


 class RegisterUserApiView(APIView):
@@ -116,3 +121,57 @@ class ProfileMeApiView(APIView):
            profile["image"] = user.image

        return profile
+
+
+class ProfileAPIView(APIView):
+    permission_classes = [IsAuthenticated, CanAccessProfile]
+
+    def get(self, request, login):
+        try:
+            profile = Profile.objects.get(login=login)
+            self.check_object_permissions(request, profile)
+            serializer = PublicProfileSerializer(profile)
+            return Response(serializer.data)
+        except Profile.DoesNotExist:
+            return Response(
+                {"detail": "Profile not found."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
+
+class AddFriendAPIView(APIView):
+    permission_classes = [IsAuthenticated]
+
+    def post(self, request):
+        try:
+            login = request.data.get("login")
+            profile = Profile.objects.get(login=login)
+            request.user.add_friend(profile)
+            return Response(
+                {"status": "ok"},
+                status=status.HTTP_200_OK,
+            )
+        except Profile.DoesNotExist:
+            return Response(
+                {"detail": "Profile not found."},
+                status=status.HTTP_404_NOT_FOUND,
+            )
+
+
+class RemoveFriendAPIView(APIView):
+    permission_classes = [IsAuthenticated]
+
+    def post(self, request):
+        try:
+            login = request.data.get("login")
+            profile = Profile.objects.get(login=login)
+            request.user.remove_friend(profile)
+            return Response(
+                {"status": "ok"},
+                status=status.HTTP_200_OK,
+            )
+        except Profile.DoesNotExist:
+            return Response(
+                {"detail": "Profile not found."},
+                status=status.HTTP_404_NOT_FOUND,
+            )