feat: api login, logout and change password as librarian and member

15af9dc3 · impfundev · ae9c9a19 · 15af9dc3 · 15af9dc3
Commit 15af9dc3 authored Jul 10, 2024 by impfundev
Hide whitespace changes
Inline Side-by-side

Showing with 230 additions and 7 deletions

urls.py api/urls.py +28 -0

views.py api/views.py +202 -7

No files found.
--- a/api/urls.py
+++ b/api/urls.py
@@ -6,6 +6,12 @@ from api.views import (
    MemberViewSet,
    LibrarianViewSet,
    BookLoanViewSet,
+    LoginAsLibrarian,
+    LogoutAsLibrarian,
+    ChangePasswordAsLibrarian,
+    LoginAsMember,
+    LogoutAsMember,
+    ChangePasswordAsMember,
 )

 router = routers.DefaultRouter()
@@ -17,4 +23,26 @@ router.register(r"book_loans", BookLoanViewSet, basename="book_loans")

 urlpatterns = [
    path("", include(router.urls)),
+    path("login/librarian/", LoginAsLibrarian.as_view(), name="login_librarian"),
+    path(
+        "logout/librarian/<int:pk>/",
+        LogoutAsLibrarian.as_view(),
+        name="logout_librarian",
+    ),
+    path(
+        "librarians/<int:pk>/change_password/",
+        ChangePasswordAsLibrarian.as_view(),
+        name="change_pw_librarian",
+    ),
+    path("login/member/", LoginAsMember.as_view(), name="login_member"),
+    path(
+        "logout/member/<int:pk>/",
+        LogoutAsMember.as_view(),
+        name="logout_member",
+    ),
+    path(
+        "members/<int:pk>/change_password/",
+        ChangePasswordAsMember.as_view(),
+        name="change_pw_member",
+    ),
 ]
--- a/api/views.py
+++ b/api/views.py
+import jwt
+from django.conf import settings
+
+from datetime import datetime, timedelta
+from rest_framework import views, viewsets, status
+from rest_framework.response import Response
 from rest_framework.filters import SearchFilter
-from rest_framework.viewsets import ModelViewSet
 from rest_framework.permissions import IsAuthenticated
 from django_filters.rest_framework import DjangoFilterBackend

+from authentications.utils import Hasher
 from api.serializers import (
    get_user_model,
    UserSerializer,
@@ -15,23 +21,24 @@ from api.serializers import (
    BookLoans,
    BookLoanSerializer,
 )
+from librarians.models import LoginHistory


-class UserViewSet(ModelViewSet):
+class UserViewSet(viewsets.ModelViewSet):
    permission_classes = [IsAuthenticated]
    queryset = get_user_model().objects.all().order_by("id")
    serializer_class = UserSerializer


-class BookViewSet(ModelViewSet):
+class BookViewSet(viewsets.ModelViewSet):
    queryset = Book.objects.all().order_by("created_at")
    serializer_class = BookSerializer
    filter_backends = [DjangoFilterBackend, SearchFilter]
-    filterset_fields = ["title", "description"]
+    filterset_fields = ["published_year", "category__name"]
    search_fields = filterset_fields


-class MemberViewSet(ModelViewSet):
+class MemberViewSet(viewsets.ModelViewSet):
    queryset = Members.objects.all().order_by("created_at")
    serializer_class = MemberSerializer
    filter_backends = [DjangoFilterBackend, SearchFilter]
@@ -39,7 +46,7 @@ class MemberViewSet(ModelViewSet):
    search_fields = filterset_fields


-class LibrarianViewSet(ModelViewSet):
+class LibrarianViewSet(viewsets.ModelViewSet):
    queryset = Librarians.objects.all().order_by("created_at")
    serializer_class = LibrarianSerializer
    filter_backends = [DjangoFilterBackend, SearchFilter]
@@ -47,7 +54,7 @@ class LibrarianViewSet(ModelViewSet):
    search_fields = filterset_fields


-class BookLoanViewSet(ModelViewSet):
+class BookLoanViewSet(viewsets.ModelViewSet):
    queryset = BookLoans.objects.all().order_by("created_at")
    serializer_class = BookLoanSerializer
    filter_backends = [DjangoFilterBackend, SearchFilter]
@@ -57,3 +64,191 @@ class BookLoanViewSet(ModelViewSet):
        "return_date",
    ]
    search_fields = filterset_fields
+
+
+class LoginAsLibrarian(views.APIView):
+
+    def post(self, request):
+        data = request.data
+        librarians = Librarians.objects.all()
+        librarian = librarians.filter(email=data.get("email"))
+        is_email_exists = librarian.exists()
+
+        if not is_email_exists:
+            return Response(
+                {
+                    "message": "Invalid Email, please enter valid email or sign up firts!"
+                },
+                status=status.HTTP_401_UNAUTHORIZED,
+            )
+
+        is_password_verified = Hasher.verify(
+            data.get("password"), librarian[0].password
+        )
+        if not is_password_verified:
+            return Response(
+                {"message": "Invalid Password, please enter valid password!"},
+                status=status.HTTP_401_UNAUTHORIZED,
+            )
+
+        expiration_time = datetime.now() + timedelta(hours=2)
+        payload = {
+            "exp": expiration_time.timestamp(),
+            "librarian_id": librarian[0].id,
+            "name": librarian[0].name,
+            "email": librarian[0].email,
+        }
+
+        token = jwt.encode(payload, settings.JWT_SECRET, algorithm="HS256")
+        LoginHistory.objects.create(librarian_id=librarian[0].id)
+
+        key = "auth_session_" + str(librarian[0].uuid)
+        request.session[key] = token
+
+        return Response({"message": "Login success!"}, status=status.HTTP_200_OK)
+
+
+class LogoutAsLibrarian(views.APIView):
+
+    def get(self, request, pk):
+        librarian = Librarians.objects.get(pk=pk)
+        key = "auth_session_" + str(librarian.uuid)
+        if request.session[key] is None:
+            return Response(
+                {"message": "Logout failed, invalid key!"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        del request.session[key]
+
+        return Response({"message": "Logout success!"}, status=status.HTTP_200_OK)
+
+
+class ChangePasswordAsLibrarian(views.APIView):
+
+    def post(self, request, pk):
+        data = request.data
+        librarians = Librarians.objects.all()
+        librarian = librarians.filter(pk=pk, email=data.get("email"))
+        is_email_exists = librarian.exists()
+        new_password = data.get("new_password")
+
+        if not is_email_exists:
+            return Response(
+                {"message": "Invalid Email, please enter valid email!"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        is_old_password_verified = Hasher.verify(
+            data.get("password"), librarian[0].password
+        )
+
+        if not is_old_password_verified:
+            return Response(
+                {"message": "Invalid Old Password, please enter valid password!"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        if new_password is None:
+            return Response(
+                {"message": "Request failed, new_password is required field!"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        hashed_password = Hasher.encode(new_password)
+        librarian.update(password=hashed_password)
+
+        return Response(
+            {"message": "Change password success!"}, status=status.HTTP_200_OK
+        )
+
+
+class LoginAsMember(views.APIView):
+
+    def post(self, request):
+        data = request.data
+        members = Members.objects.all()
+        member = members.filter(email=data.get("email"))
+        is_email_exists = member.exists()
+
+        if not is_email_exists:
+            return Response(
+                {
+                    "message": "Invalid Email, please enter valid email or sign up firts!"
+                },
+                status=status.HTTP_401_UNAUTHORIZED,
+            )
+
+        is_password_verified = Hasher.verify(data.get("password"), member[0].password)
+        if not is_password_verified:
+            return Response(
+                {"message": "Invalid Password, please enter valid password!"},
+                status=status.HTTP_401_UNAUTHORIZED,
+            )
+
+        expiration_time = datetime.now() + timedelta(hours=2)
+        payload = {
+            "exp": expiration_time.timestamp(),
+            "librarian_id": member[0].id,
+            "name": member[0].name,
+            "email": member[0].email,
+        }
+
+        token = jwt.encode(payload, settings.JWT_SECRET, algorithm="HS256")
+        LoginHistory.objects.create(librarian_id=member[0].id)
+
+        key = "auth_session_" + member[0].account_number
+        request.session[key] = token
+
+        return Response({"message": "Login success!"}, status=status.HTTP_200_OK)
+
+
+class LogoutAsMember(views.APIView):
+
+    def get(self, request, pk):
+        member = Members.objects.get(pk=pk)
+        key = "auth_session_" + member.account_number
+        if request.session[key] is None:
+            return Response(
+                {"message": "Logout failed, invalid key!"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        del request.session[key]
+
+        return Response({"message": "Logout success!"}, status=status.HTTP_200_OK)
+
+
+class ChangePasswordAsMember(views.APIView):
+
+    def post(self, request, pk):
+        data = request.data
+        members = Members.objects.all()
+        member = members.filter(pk=pk, email=data.get("email"))
+        is_email_exists = member.exists()
+        new_password = data.get("new_password")
+
+        if not is_email_exists:
+            return Response(
+                {"message": "Invalid Email, please enter valid email!"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        is_old_password_verified = Hasher.verify(
+            data.get("password"), member[0].password
+        )
+
+        if not is_old_password_verified:
+            return Response(
+                {"message": "Invalid Old Password, please enter valid password!"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        if new_password is None:
+            return Response(
+                {"message": "Request failed, new_password is required field!"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        hashed_password = Hasher.encode(new_password)
+        member.update(password=hashed_password)
+
+        return Response(
+            {"message": "Change password success!"}, status=status.HTTP_200_OK
+        )