mirror of
https://github.com/pacnpal/thrillwiki_django_no_react.git
synced 2025-12-20 07:31:07 -05:00
Refactor user account system and remove moderation integration
- Remove first_name and last_name fields from User model - Add user deletion and social provider services - Restructure auth serializers into separate directory - Update avatar upload functionality and API endpoints - Remove django-moderation integration documentation - Add mandatory compliance enforcement rules - Update frontend documentation with API usage examples
This commit is contained in:
pacnpal
@@ -3,6 +3,7 @@ Base Django settings for thrillwiki project.
|
||||
Common settings shared across all environments.
|
||||
"""
|
||||
|
||||
from datetime import timedelta
|
||||
import sys
|
||||
from pathlib import Path
|
||||
from decouple import config
|
||||
@@ -64,7 +65,12 @@ DJANGO_APPS = [
|
||||
|
||||
THIRD_PARTY_APPS = [
|
||||
"rest_framework", # Django REST Framework
|
||||
"rest_framework.authtoken", # Token authentication
|
||||
# Token authentication (kept for backward compatibility)
|
||||
"rest_framework.authtoken",
|
||||
"rest_framework_simplejwt", # JWT authentication
|
||||
"rest_framework_simplejwt.token_blacklist", # JWT token blacklist
|
||||
"dj_rest_auth", # REST authentication with JWT support
|
||||
"dj_rest_auth.registration", # REST registration support
|
||||
"drf_spectacular", # OpenAPI 3.0 documentation
|
||||
"corsheaders", # CORS headers for API
|
||||
"pghistory", # django-pghistory
|
||||
@@ -180,9 +186,9 @@ STORAGES = {
|
||||
CLOUDFLARE_IMAGES_ACCOUNT_ID = config("CLOUDFLARE_IMAGES_ACCOUNT_ID")
|
||||
CLOUDFLARE_IMAGES_API_TOKEN = config("CLOUDFLARE_IMAGES_API_TOKEN")
|
||||
CLOUDFLARE_IMAGES_ACCOUNT_HASH = config("CLOUDFLARE_IMAGES_ACCOUNT_HASH")
|
||||
CLOUDFLARE_IMAGES_DOMAIN = config(
|
||||
"CLOUDFLARE_IMAGES_DOMAIN", default="imagedelivery.net"
|
||||
)
|
||||
# CLOUDFLARE_IMAGES_DOMAIN should only be set if using a custom domain
|
||||
# When not set, it defaults to imagedelivery.net with the correct URL format
|
||||
# CLOUDFLARE_IMAGES_DOMAIN = config("CLOUDFLARE_IMAGES_DOMAIN", default=None)
|
||||
|
||||
# Password validation
|
||||
AUTH_PASSWORD_VALIDATORS = [
|
||||
@@ -228,7 +234,11 @@ AUTHENTICATION_BACKENDS = [
|
||||
|
||||
# django-allauth settings
|
||||
SITE_ID = 1
|
||||
|
||||
# CORRECTED: Django allauth still expects the old format with asterisks for required fields
|
||||
# The deprecation warnings are from dj_rest_auth, not our configuration
|
||||
ACCOUNT_SIGNUP_FIELDS = ["email*", "username*", "password1*", "password2*"]
|
||||
|
||||
ACCOUNT_LOGIN_METHODS = {"email", "username"}
|
||||
ACCOUNT_EMAIL_VERIFICATION = "mandatory"
|
||||
ACCOUNT_EMAIL_VERIFICATION_SUPPORTS_CHANGE = True
|
||||
@@ -292,8 +302,9 @@ FRONTEND_DOMAIN = config("FRONTEND_DOMAIN", default="https://thrillwiki.com")
|
||||
# Django REST Framework Settings
|
||||
REST_FRAMEWORK = {
|
||||
"DEFAULT_AUTHENTICATION_CLASSES": [
|
||||
"rest_framework_simplejwt.authentication.JWTAuthentication",
|
||||
"rest_framework.authentication.SessionAuthentication",
|
||||
"rest_framework.authentication.TokenAuthentication",
|
||||
"rest_framework.authentication.TokenAuthentication", # Kept for backward compatibility
|
||||
],
|
||||
"DEFAULT_PERMISSION_CLASSES": [
|
||||
"rest_framework.permissions.IsAuthenticated",
|
||||
@@ -443,3 +454,44 @@ SESSION_COOKIE_AGE = 86400 # 24 hours
|
||||
# Cache middleware settings
|
||||
CACHE_MIDDLEWARE_SECONDS = 300 # 5 minutes
|
||||
CACHE_MIDDLEWARE_KEY_PREFIX = "thrillwiki"
|
||||
|
||||
# JWT Settings
|
||||
|
||||
SIMPLE_JWT = {
|
||||
"ACCESS_TOKEN_LIFETIME": timedelta(minutes=60), # 1 hour
|
||||
"REFRESH_TOKEN_LIFETIME": timedelta(days=7), # 7 days
|
||||
"ROTATE_REFRESH_TOKENS": True,
|
||||
"BLACKLIST_AFTER_ROTATION": True,
|
||||
"UPDATE_LAST_LOGIN": True,
|
||||
"ALGORITHM": "HS256",
|
||||
"SIGNING_KEY": SECRET_KEY,
|
||||
"VERIFYING_KEY": None,
|
||||
"AUDIENCE": None,
|
||||
"ISSUER": None,
|
||||
"JWK_URL": None,
|
||||
"LEEWAY": 0,
|
||||
"AUTH_HEADER_TYPES": ("Bearer",),
|
||||
"AUTH_HEADER_NAME": "HTTP_AUTHORIZATION",
|
||||
"USER_ID_FIELD": "id",
|
||||
"USER_ID_CLAIM": "user_id",
|
||||
"USER_AUTHENTICATION_RULE": "rest_framework_simplejwt.authentication.default_user_authentication_rule",
|
||||
"AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
|
||||
"TOKEN_TYPE_CLAIM": "token_type",
|
||||
"TOKEN_USER_CLASS": "rest_framework_simplejwt.models.TokenUser",
|
||||
"JTI_CLAIM": "jti",
|
||||
"SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp",
|
||||
"SLIDING_TOKEN_LIFETIME": timedelta(minutes=60),
|
||||
"SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1),
|
||||
}
|
||||
|
||||
# dj-rest-auth settings
|
||||
REST_AUTH = {
|
||||
"USE_JWT": True,
|
||||
"JWT_AUTH_COOKIE": "thrillwiki-auth",
|
||||
"JWT_AUTH_REFRESH_COOKIE": "thrillwiki-refresh",
|
||||
"JWT_AUTH_SECURE": not DEBUG, # Use secure cookies in production
|
||||
"JWT_AUTH_HTTPONLY": True,
|
||||
"JWT_AUTH_SAMESITE": "Lax",
|
||||
"JWT_AUTH_RETURN_EXPIRATION": True,
|
||||
"JWT_TOKEN_CLAIMS_SERIALIZER": "rest_framework_simplejwt.serializers.TokenObtainPairSerializer",
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user