feat: login and logout api for librarians and members

a562ec53 · Ilham Maulana · 7fb5f003 · a562ec53 · a562ec53 · a562ec53
Commit a562ec53 authored Jul 13, 2024 by Ilham Maulana 💻
Showing with 172 additions and 37 deletions

serializers.py api/auth/serializers.py +0 -0

urls.py api/auth/urls.py +25 -0

views.py api/auth/views.py +145 -0

urls.py api/urls.py +2 -7

views.py api/views.py +0 -30

No files found.
--- a/api/serializers.py
+++ b/api/serializers.py
--- a/api/auth/urls.py
+++ b/api/auth/urls.py
+from django.urls import path, include
+from rest_framework import routers
+from .views import (
+    LibrarianViewSet,
+    LibrarianLoginView,
+    LibrarianLogoutView,
+    MemberViewSet,
+    MemberLoginView,
+    MemberLogoutView,
+)
+router = routers.DefaultRouter()
+router.register(r"librarians", LibrarianViewSet, basename="librarians")
+router.register(r"members", MemberViewSet, basename="members")
+urlpatterns = [
+    path("", include(router.urls)),
+    path("librarians/auth/login", LibrarianLoginView.as_view(), name="librarian_login"),
+    path(
+        "librarians/auth/logout", LibrarianLogoutView.as_view(), name="librarian_logout"
+    ),
+    path("members/auth/login", MemberLoginView.as_view(), name="member_login"),
+    path("members/auth/logout", MemberLogoutView.as_view(), name="member_logout"),
+]
--- a/api/auth/views.py
+++ b/api/auth/views.py
+from django.contrib.auth import authenticate, login, logout
+from rest_framework import views, viewsets, permissions, status
+from rest_framework.response import Response
+from .serializers import (
+    Librarian,
+    LibrarianSerializer,
+    Member,
+    MemberSerializer,
+)
+class LibrarianViewSet(viewsets.ModelViewSet):
+    permission_classes = [permissions.IsAuthenticated]
+    queryset = Librarian.objects.all().order_by("created_at")
+    serializer_class = LibrarianSerializer
+    def update(self, request, pk):
+        instance = self.get_object()
+        serializer = self.get_serializer(instance, data=request.data, partial=True)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response(serializer.data, status=status.HTTP_200_OK)
+class MemberViewSet(viewsets.ModelViewSet):
+    permission_classes = [permissions.IsAuthenticated]
+    queryset = Member.objects.all().order_by("created_at")
+    serializer_class = MemberSerializer
+    def update(self, request, pk):
+        instance = self.get_object()
+        serializer = self.get_serializer(instance, data=request.data, partial=True)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response(serializer.data, status=status.HTTP_200_OK)
+class LoginBaseView(views.APIView):
+    user = None
+    def post(self, request):
+        username = request.data.get("username")
+        password = request.data.get("password")
+        if request.user.is_authenticated:
+            return Response(
+                {"message": "Login failed, user is already authenticated"},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        if username is None or password is None:
+            return Response(
+                {"message": "Login failed, username or password cannot be empty"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        user = authenticate(request, username=username, password=password)
+        if user is not None:
+            self.user = user
+            request.data["token"] = user.get_session_auth_hash()
+            request.data["message"] = "Login successful"
+            return Response(request.data, status=status.HTTP_200_OK)
+        else:
+            return Response(
+                {"message": "Login failed, invalid username or password"},
+                status=status.HTTP_401_UNAUTHORIZED,
+            )
+class LibrarianLoginView(LoginBaseView):
+    def post(self, request):
+        response = super().post(request)
+        if response.status_code == status.HTTP_200_OK:
+            if not self.user.is_staff:
+                return Response(
+                    {"message": "Login as librarian failed, account is not staff"},
+                    status=status.HTTP_403_FORBIDDEN,
+                )
+            else:
+                login(request, self.user)
+        return response
+class MemberLoginView(LoginBaseView):
+    def post(self, request):
+        response = super().post(request)
+        if response.status_code == status.HTTP_200_OK:
+            if self.user.is_staff:
+                return Response(
+                    {"message": "Login failed, invalid username or password"},
+                    status=status.HTTP_401_UNAUTHORIZED,
+                )
+            else:
+                login(request, self.user)
+        return response
+class LogoutBasedView(views.APIView):
+    def get(self, request):
+        if not request.user.is_authenticated:
+            return Response(
+                {"message": "Logout failed, user is unauthorized"},
+                status=status.HTTP_401_UNAUTHORIZED,
+            )
+        return Response({"message": "Logout success"}, status=status.HTTP_200_OK)
+class LibrarianLogoutView(LogoutBasedView):
+    def get(self, request):
+        response = super().get(request)
+        if response.status_code == status.HTTP_200_OK:
+            if request.user.is_staff:
+                logout(request)
+            else:
+                return Response(
+                    {"message": "Logout failed, user is unauthorized"},
+                    status=status.HTTP_401_UNAUTHORIZED,
+                )
+        return response
+class MemberLogoutView(LogoutBasedView):
+    def get(self, request):
+        response = super().get(request)
+        if response.status_code == status.HTTP_200_OK:
+            if not request.user.is_staff:
+                logout(request)
+            else:
+                return Response(
+                    {"message": "Logout failed, user is unauthorized"},
+                    status=status.HTTP_401_UNAUTHORIZED,
+                )
+        return response
--- a/api/urls.py
+++ b/api/urls.py
 from django.urls import path, include
-from rest_framework import routers
-from .views import LibrarianViewSet, MemberViewSet
+from .auth import urls as auth_urls
-router = routers.DefaultRouter()
-router.register(r"librarians", LibrarianViewSet, basename="librarians")
-router.register(r"members", MemberViewSet, basename="members")
 urlpatterns = [
-    path("", include(router.urls)),
+    path("", include(auth_urls)),
 ]
--- a/api/views.py
+++ b/api/views.py
-from rest_framework import viewsets, permissions
-from rest_framework.response import Response
-from .serializers import Librarian, LibrarianSerializer, Member, MemberSerializer
-class LibrarianViewSet(viewsets.ModelViewSet):
-    permission_classes = [permissions.IsAuthenticated]
-    queryset = Librarian.objects.all().order_by("created_at")
-    serializer_class = LibrarianSerializer
-    def update(self, request, pk):
-        instance = self.get_object()
-        serializer = self.get_serializer(instance, data=request.data, partial=True)
-        serializer.is_valid(raise_exception=True)
-        serializer.save()
-        return Response(serializer.data)
-class MemberViewSet(viewsets.ModelViewSet):
-    permission_classes = [permissions.IsAuthenticated]
-    queryset = Member.objects.all().order_by("created_at")
-    serializer_class = MemberSerializer
-    def update(self, request, pk):
-        instance = self.get_object()
-        serializer = self.get_serializer(instance, data=request.data, partial=True)
-        serializer.is_valid(raise_exception=True)
-        serializer.save()
-        return Response(serializer.data)