chore: WIP uilisant d'un CSRF global à l'appli

2026-01-29 07:53:23 +00:00 · 2025-02-17 09:26:12 +01:00
parent cccb5efa2c
commit ef1b036dcc
18 changed files with 563 additions and 145 deletions
--- a/Back-End/N3wtSchool/settings.py
+++ b/Back-End/N3wtSchool/settings.py
@ -13,6 +13,7 @@ https://docs.djangoproject.com/en/5.0/ref/settings/
 from pathlib import Path
 import json
 import os
+from datetime import timedelta

 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
@ -53,6 +54,7 @@ INSTALLED_APPS = [
    'django_celery_beat',
    'N3wtSchool',
    'drf_yasg',
+    'rest_framework_simplejwt'
 ]

 MIDDLEWARE = [
@ -250,10 +252,19 @@ CORS_ALLOW_ALL_HEADERS = True
 CORS_ALLOW_CREDENTIALS = True

 CORS_ALLOWED_ORIGINS = [
-    os.getenv('CORS_ALLOWED_ORIGINS', 'http://localhost:3000')
+    'http://localhost:3000'
 ]

-CSRF_TRUSTED_ORIGINS = os.getenv('CSRF_TRUSTED_ORIGINS', 'http://localhost:3000,http://localhost:8080').split(',')
+CSRF_TRUSTED_ORIGINS = [
+    'http://localhost:3000',
+    'http://localhost:8080'
+]
+
+# CORS_ALLOWED_ORIGINS = [
+#     os.getenv('CORS_ALLOWED_ORIGINS', 'http://localhost:3000')
+# ]
+
+# CSRF_TRUSTED_ORIGINS = os.getenv('CSRF_TRUSTED_ORIGINS', 'http://localhost:3000,http://localhost:8080').split(',')

 CSRF_COOKIE_HTTPONLY = False
 CSRF_COOKIE_SECURE = False
@ -289,7 +300,10 @@ NB_MAX_PAGE = 100

 REST_FRAMEWORK = {
    'DEFAULT_PAGINATION_CLASS': 'Subscriptions.pagination.CustomPagination',
-    'PAGE_SIZE': NB_RESULT_PER_PAGE
+    'PAGE_SIZE': NB_RESULT_PER_PAGE,
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        'rest_framework_simplejwt.authentication.JWTAuthentication',
+    ),
 }

 CELERY_BROKER_URL = 'redis://redis:6379/0'
@ -308,3 +322,18 @@ REDIS_DB = 0
 REDIS_PASSWORD = None

 SECRET_KEY = 'QWQ8bYlCz1NpQ9G0vR5kxMnvWszfH2y3'
+SIMPLE_JWT = {
+    'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5),
+    'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
+    'ROTATE_REFRESH_TOKENS': False,
+    'BLACKLIST_AFTER_ROTATION': True,
+    'ALGORITHM': 'HS256',
+    'SIGNING_KEY': SECRET_KEY,
+    'VERIFYING_KEY': None,
+    'AUTH_HEADER_TYPES': ('Bearer',),
+    'USER_ID_FIELD': 'id',
+    'USER_ID_CLAIM': 'user_id',
+    'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
+    'TOKEN_TYPE_CLAIM': 'token_type',
+}
+