Merge pull request #11 from Kalgoc/develop

Develop

Author: ebenstom

.flake8

@@ -0,0 +1,5 @@
+[flake8]
+exclude = .git,__pycache__,old,build,dist,.venv, */migrations/*
+ignore = E226,E302,E41,F401,F403,F405
+max-line-length = 120
+max-complexity = 10

.github/pull_request_template.md

@@ -2,6 +2,19 @@
 
 [Escribir acá que es lo que incluye esta PR]
 
+## Checklist
+
+[Revisar y confirmar que se hayan realizado los cambios de la lista]
+
+- [ ] Mi código se adhiere al formato de estilo del proyecto
+- [ ] Revisé mi código
+- [ ] Eliminé código legacy
+- [ ] Mis cambios no generan nuevos warnings
+- [ ] Hice cambios en la documentación
+- [ ] Probé correr los tests ya existentes
+- [ ] Cree nuevos tests que mantengan al menos un 60% de cobertura del proyecto
+
+
 ## Comentarios Adicionales
 
 [Escribir acá cualquier comentario adicional, por ejemplo, puntos a considerar o solicitudes de feedback]

.github/workflows/pytest.yml

@@ -33,5 +33,6 @@ jobs:
       - uses: pavelzw/pytest-action@v2
         env:
           SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }}
+          AWS_REGION: us-east-2
         with:
           emoji: false

.gitignore

@@ -161,3 +161,5 @@ cython_debug/
 
 # Misc
 .DS_Store
+
+bci-script.py

Pipfile

@@ -7,6 +7,11 @@ name = "pypi"
 django = "*"
 psycopg2-binary = "*"
 python-dotenv = "*"
+djangorestframework = "*"
+boto3 = "*"
+pyjwt = "*"
+requests = "*"
+cryptography = "*"
 
 [dev-packages]
 flake8 = "*"
@@ -18,6 +23,7 @@ pre-commit = "*"
 coverage = "*"
 pytest-cov = "*"
 flake8-pyproject = "*"
+factory-boy = "*"
 
 [requires]
 python_version = "3.11"

Pipfile.lock

@@ -0,0 +1,38 @@
+version: 0.0
+os: linux
+
+# In this case we copy all the files of the project to the EC2
+files:
+  - source: /
+    destination: /home/ubuntu/api
+
+# If a file already exists in the destination, it will be OVERWRITTEN
+file_exists_behavior: OVERWRITE
+
+# 
+hooks:
+  # First the CodeDeploy agent stops the application
+  ApplicationStop:
+    - location: scripts/application_stop.sh
+      timeout: 100
+      runas: ubuntu
+      overwrite: true
+  # The isntall the service (Copy the revision files to the EC2)
+  # So we can run after install scripts for example for configuration
+  AfterInstall:
+    - location: scripts/after_install.sh
+      timeout: 100
+      runas: ubuntu
+      overwrite: true
+  # Then Start the service
+  ApplicationStart:
+    - location: scripts/application_start.sh
+      timeout: 100
+      runas: ubuntu
+      overwrite: true
+  # Finally we validate the deployment with a script
+  ValidateService:
+    - location: scripts/validate_service.sh
+      timeout: 100
+      runas: ubuntu
+      overwrite: true

appspec.yml

@@ -0,0 +1,40 @@
+from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
+from django.utils.translation import gettext_lazy as _
+from .models import User
+
+
+class UserAdmin(BaseUserAdmin):
+    fieldsets = (
+        (None, {"fields": ("username", "password")}),
+        (_("Personal info"), {"fields": ("first_name", "last_name", "email", "phone")}),
+        (_("Important dates"), {"fields": ("last_login", "date_joined", "created_at", "updated_at")}),
+        (_("Permissions"), {"fields": ("is_active", "is_staff", "is_superuser", "groups", "user_permissions")}),
+        (_("Status"), {"fields": ("enabled",)}),
+    )
+    add_fieldsets = (
+        (
+            None,
+            {
+                "classes": ("wide",),
+                "fields": ("username", "password1", "password2"),
+            },
+        ),
+    )
+    list_display = (
+        "username",
+        "email",
+        "first_name",
+        "last_name",
+        "is_staff",
+        "phone",
+        "user_id",
+        "enabled",
+        "created_at",
+        "updated_at",
+    )
+    search_fields = ("username", "first_name", "last_name", "email", "phone", "user_id")
+    ordering = ("username",)
+
+
+admin.site.register(User, UserAdmin)

playground/migrations/__init__.py authentication/__init__.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class AuthenticationConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "authentication"

authentication/admin.py

@@ -0,0 +1,20 @@
+from functools import wraps
+from rest_framework.response import Response
+from rest_framework import status
+from rest_framework.decorators import api_view, authentication_classes
+from .services.cognito_authentication import CognitoAuthentication
+
+
+def cognito_authenticated(func):
+    @wraps(func)
+    @api_view(["GET", "POST", "PUT", "DELETE"])
+    @authentication_classes([CognitoAuthentication])
+    def wrapper(request, *args, **kwargs):
+        if not request.user or not hasattr(request.user, "get"):
+            return Response(
+                {"error": "Authentication credentials were not provided or are invalid."},
+                status=status.HTTP_401_UNAUTHORIZED,
+            )
+        return func(request, *args, **kwargs)
+
+    return wrapper

authentication/apps.py

@@ -0,0 +1,97 @@
+# Generated by Django 5.0.6 on 2024-06-06 00:20
+
+import django.contrib.auth.models
+import django.contrib.auth.validators
+import django.utils.timezone
+import uuid
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    initial = True
+
+    dependencies = [
+        ("auth", "0012_alter_user_first_name_max_length"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="User",
+            fields=[
+                ("id", models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
+                ("password", models.CharField(max_length=128, verbose_name="password")),
+                ("last_login", models.DateTimeField(blank=True, null=True, verbose_name="last login")),
+                (
+                    "is_superuser",
+                    models.BooleanField(
+                        default=False,
+                        help_text="Designates that this user has all permissions without explicitly assigning them.",
+                        verbose_name="superuser status",
+                    ),
+                ),
+                (
+                    "username",
+                    models.CharField(
+                        error_messages={"unique": "A user with that username already exists."},
+                        help_text="Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.",
+                        max_length=150,
+                        unique=True,
+                        validators=[django.contrib.auth.validators.UnicodeUsernameValidator()],
+                        verbose_name="username",
+                    ),
+                ),
+                ("first_name", models.CharField(blank=True, max_length=150, verbose_name="first name")),
+                ("last_name", models.CharField(blank=True, max_length=150, verbose_name="last name")),
+                ("email", models.EmailField(blank=True, max_length=254, verbose_name="email address")),
+                (
+                    "is_staff",
+                    models.BooleanField(
+                        default=False,
+                        help_text="Designates whether the user can log into this admin site.",
+                        verbose_name="staff status",
+                    ),
+                ),
+                (
+                    "is_active",
+                    models.BooleanField(
+                        default=True,
+                        help_text="Designates whether this user should be treated as active. Unselect this instead of deleting accounts.",
+                        verbose_name="active",
+                    ),
+                ),
+                ("date_joined", models.DateTimeField(default=django.utils.timezone.now, verbose_name="date joined")),
+                ("uuid", models.UUIDField(default=uuid.uuid4, editable=False, unique=True)),
+                ("phone", models.CharField(blank=True, max_length=15)),
+                (
+                    "groups",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="The groups this user belongs to. A user will get all permissions granted to each of their groups.",
+                        related_name="user_set",
+                        related_query_name="user",
+                        to="auth.group",
+                        verbose_name="groups",
+                    ),
+                ),
+                (
+                    "user_permissions",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Specific permissions for this user.",
+                        related_name="user_set",
+                        related_query_name="user",
+                        to="auth.permission",
+                        verbose_name="user permissions",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "user",
+                "verbose_name_plural": "users",
+                "abstract": False,
+            },
+            managers=[
+                ("objects", django.contrib.auth.models.UserManager()),
+            ],
+        ),
+    ]

authentication/decorators.py

@@ -0,0 +1,29 @@
+# Generated by Django 5.0.6 on 2024-06-06 04:03
+
+import datetime
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("authentication", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="created_at",
+            field=models.DateTimeField(auto_now_add=True, default=datetime.datetime(2024, 6, 6, 4, 3, 44, 102325)),
+            preserve_default=False,
+        ),
+        migrations.AddField(
+            model_name="user",
+            name="enabled",
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name="user",
+            name="updated_at",
+            field=models.DateTimeField(auto_now=True),
+        ),
+    ]

authentication/migrations/0001_initial.py

@@ -0,0 +1,17 @@
+# Generated by Django 5.0.6 on 2024-06-06 04:07
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("authentication", "0002_user_created_at_user_enabled_user_updated_at"),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name="user",
+            old_name="uuid",
+            new_name="user_id",
+        ),
+    ]

authentication/migrations/0002_user_created_at_user_enabled_user_updated_at.py

@@ -0,0 +1,11 @@
+from django.contrib.auth.models import AbstractUser
+from django.db import models
+import uuid
+
+
+class User(AbstractUser):
+    user_id = models.UUIDField(default=uuid.uuid4, unique=True, editable=False)
+    phone = models.CharField(max_length=15, blank=True)
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+    enabled = models.BooleanField(default=True)

authentication/migrations/0003_rename_uuid_user_user_id.py

@@ -0,0 +1,13 @@
+from rest_framework import serializers
+
+
+class RegisterSerializer(serializers.Serializer):
+    name = serializers.CharField(max_length=150)
+    phone = serializers.CharField(max_length=15)
+    email = serializers.EmailField()
+    password = serializers.CharField(write_only=True)
+
+
+class LoginSerializer(serializers.Serializer):
+    email = serializers.EmailField()
+    password = serializers.CharField(write_only=True)

authentication/migrations/__init__.py

@@ -0,0 +1,34 @@
+import jwt
+from jwt import PyJWKClient, PyJWKSetError
+from django.conf import settings
+from rest_framework import authentication, exceptions
+
+
+class CognitoAuthentication(authentication.BaseAuthentication):
+    def __init__(self):
+        self.cognito_jwks_url = (
+            f"https://cognito-idp.{settings.AWS_REGION}.amazonaws.com/"
+            f"{settings.COGNITO_USER_POOL_ID}/.well-known/jwks.json"
+        )
+        self.jwks_client = PyJWKClient(self.cognito_jwks_url)
+
+    def authenticate(self, request):
+        auth_header = request.headers.get("Authorization")
+        if not auth_header:
+            return None
+
+        try:
+            token = auth_header.split()[1]
+            signing_key = self.jwks_client.get_signing_key_from_jwt(token)
+            payload = jwt.decode(token, signing_key.key, algorithms=["RS256"], aud=settings.COGNITO_APP_CLIENT_ID)
+            return (payload, None)
+        except PyJWKSetError as e:
+            raise exceptions.AuthenticationFailed(f"JWK Set did not contain any usable keys: {e}")
+        except jwt.ExpiredSignatureError as e:
+            raise exceptions.AuthenticationFailed(f"Token has expired: {e}")
+        except jwt.DecodeError as e:
+            raise exceptions.AuthenticationFailed(f"Error decoding token: {e}")
+        except jwt.InvalidTokenError as e:
+            raise exceptions.AuthenticationFailed(f"Invalid token: {e}")
+        except Exception as e:
+            raise exceptions.AuthenticationFailed(f"Unhandled exception: {e}")