Spaces:

davidtran999
/

hue-portal-backend-v2

Running

App Files Files Community

davidtran999 commited on 18 days ago

Commit

bdf663d

verified ·

1 Parent(s): 7cc0182

Upload backend/hue_portal/core/auth_views.py with huggingface_hub

Browse files

Files changed (1) hide show

backend/hue_portal/core/auth_views.py +86 -0

backend/hue_portal/core/auth_views.py ADDED Viewed

	@@ -0,0 +1,86 @@

+from django.contrib.auth import authenticate, get_user_model
+from rest_framework import permissions, status
+from rest_framework.response import Response
+from rest_framework.views import APIView
+from rest_framework_simplejwt.tokens import RefreshToken
+from .models import UserProfile
+from .serializers import RegisterSerializer, AuthUserSerializer
+User = get_user_model()
+def _user_role(user):
+    profile = getattr(user, "profile", None)
+    return profile.role if profile else UserProfile.Roles.USER
+class RegisterView(APIView):
+    permission_classes = [permissions.IsAuthenticated]
+    def post(self, request):
+        if _user_role(request.user) != UserProfile.Roles.ADMIN:
+            return Response({"detail": "Bạn không có quyền tạo tài khoản."}, status=status.HTTP_403_FORBIDDEN)
+        serializer = RegisterSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        user = serializer.save()
+        return Response(AuthUserSerializer(user).data, status=status.HTTP_201_CREATED)
+class LoginView(APIView):
+    permission_classes = [permissions.AllowAny]
+    def post(self, request):
+        username = request.data.get("username") or request.data.get("email")
+        password = request.data.get("password")
+        if not username or not password:
+            return Response({"detail": "Thiếu thông tin đăng nhập."}, status=status.HTTP_400_BAD_REQUEST)
+        user = authenticate(request, username=username, password=password)
+        if not user:
+            try:
+                user_obj = User.objects.get(email=username)
+                if user_obj.check_password(password):
+                    user = user_obj
+            except User.DoesNotExist:
+                pass
+        if not user:
+            return Response({"detail": "Thông tin đăng nhập không hợp lệ."}, status=status.HTTP_401_UNAUTHORIZED)
+        refresh = RefreshToken.for_user(user)
+        data = {
+            "access": str(refresh.access_token),
+            "refresh": str(refresh),
+            "user": AuthUserSerializer(user).data,
+        }
+        return Response(data, status=status.HTTP_200_OK)
+class LogoutView(APIView):
+    permission_classes = [permissions.IsAuthenticated]
+    def post(self, request):
+        refresh_token = request.data.get("refresh")
+        if not refresh_token:
+            return Response({"detail": "Thiếu refresh token."}, status=status.HTTP_400_BAD_REQUEST)
+        try:
+            token = RefreshToken(refresh_token)
+            token.blacklist()
+        except Exception:
+            return Response({"detail": "Refresh token không hợp lệ."}, status=status.HTTP_400_BAD_REQUEST)
+        return Response({"detail": "Đã đăng xuất."}, status=status.HTTP_200_OK)
+class CurrentUserView(APIView):
+    permission_classes = [permissions.IsAuthenticated]
+    def get(self, request):
+        return Response(AuthUserSerializer(request.user).data)