feat: utils

authentications/context_processors.py

 import jwt
 from django.shortcuts import get_object_or_404
 from librarians.models import Librarians
+from django.conf import settings
 
 
 def get_auth_session(request):
     auth_session = request.session.get("auth_session", None)
 
     if auth_session:
-        decoded = jwt.decode(auth_session, "secret", algorithms=["HS256"])
+        decoded = jwt.decode(auth_session, settings.JWT_SECRET, algorithms=["HS256"])
 
         user_id = decoded["librarian_id"]
         user_verified = get_object_or_404(Librarians, id=user_id)

authentications/middleware.py

@@ -5,6 +5,7 @@ from django.utils.deprecation import MiddlewareMixin
 from django.shortcuts import get_object_or_404
 from django.http import HttpResponseRedirect
 from librarians.models import Librarians
+from django.conf import settings
 
 
 class AuthMiddleware(MiddlewareMixin):
@@ -18,7 +19,9 @@ class AuthMiddleware(MiddlewareMixin):
 
         if request.path.startswith("/dashboard/"):
             if auth_session is not None:
-                decoded = jwt.decode(auth_session, "secret", algorithms=["HS256"])
+                decoded = jwt.decode(
+                    auth_session, settings.JWT_SECRET, algorithms=["HS256"]
+                )
                 user_verified = get_object_or_404(
                     Librarians, id=decoded["librarian_id"]
                 )

authentications/utils.py

+import jwt
+from django.conf import settings
+
+
+def create_auth_session(request, payload):
+    token = jwt.encode(payload, settings.JWT_SECRET, algorithm="HS256")
+    request.session["auth_session"] = token

authentications/views.py

-import jwt
 from django.http import HttpResponseRedirect
 from django.shortcuts import render
 from authentications.forms import LoginForm, SignUpForm
 from librarians.models import Librarians, LoginHistory
+from authentications.utils import create_auth_session
 
 
 def login(request):
@@ -20,14 +20,13 @@ def login(request):
                     email=form.data["email"],
                     password=form.data["password"],
                 )
-
                 payload = {
                     "librarian_id": librarian.id,
                     "name": librarian.name,
                     "email": librarian.email,
                 }
-                token = jwt.encode(payload, "secret", algorithm="HS256")
-                request.session["auth_session"] = token
+
+                create_auth_session(request, payload)
 
                 LoginHistory.objects.create(librarian_id=librarian.id)
                 return HttpResponseRedirect("/dashboard/")
@@ -59,13 +58,20 @@ def sign_up(request):
                     email=form.data["email"],
                     password=form.data["password"],
                 )
-                librarian_id = librarian.get(
+                new_librarian = librarian.get(
                     name=form.data["name"],
                     email=form.data["email"],
                     password=form.data["password"],
-                ).id
+                )
+
+                payload = {
+                    "librarian_id": new_librarian.id,
+                    "name": new_librarian.name,
+                    "email": new_librarian.email,
+                }
+                create_auth_session(request, payload)
 
-                LoginHistory.objects.create(librarian_id=librarian_id)
+                LoginHistory.objects.create(librarian_id=new_librarian.id)
                 return HttpResponseRedirect("/dashboard/")
     else:
         form = SignUpForm()

config/settings.py

@@ -11,10 +11,15 @@ https://docs.djangoproject.com/en/5.0/ref/settings/
 """
 
 from pathlib import Path
+import os
+from dotenv import load_dotenv
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
+# .env
+load_dotenv()
+JWT_SECRET = os.getenv("JWT_SECRET", default="")
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/5.0/howto/deployment/checklist/