Merge pull request #20 from JuanBenitezDev/refactor

Refactor views, using Django 3.1 and added filters

Author: juanbeniteza

.gitignore

@@ -106,3 +106,6 @@ venv.bak/
 
 # mypy
 .mypy_cache/
+
+# Database
+db.sqlite3

README.md

@@ -3,16 +3,21 @@
 
 ## Requirements
 - Python 3.6
-- Django (2.1)
+- Django 3.1
 - Django REST Framework
-- Django Rest Auth
 
 ## Installation
+After you cloned the repository, you want to create a virtual environment, so you have a clean python installation.
+You can do this by running the command
 ```
-	pip install django
-	pip install djangorestframework
-	pip install django-rest-auth
-	pip install django-allauth
+python -m venv env
+```
+
+After this, it is necessary to activate the virtual environment, you can get more information about this [here](https://docs.python.org/3/tutorial/venv.html)
+
+You can install all the required dependencies by running
+```
+pip install -r requirements.txt
 ```
 
 ## Structure
@@ -29,7 +34,9 @@ Endpoint |HTTP Method | CRUD Method | Result
 `movies/:id` | DELETE | DELETE | Delete a movie
 
 ## Use
-We can test the API using [curl](https://curl.haxx.se/) or [httpie](https://github.com/jakubroztocil/httpie#installation). Httpie is a user friendly http client that's written in Python. Let's install that.
+We can test the API using [curl](https://curl.haxx.se/) or [httpie](https://github.com/jakubroztocil/httpie#installation), or we can use [Postman](https://www.postman.com/)
+
+Httpie is a user-friendly http client that's written in Python. Let's try and install that.
 
 You can install httpie using pip:
 ```
@@ -38,70 +45,105 @@ pip install httpie
 
 First, we have to start up Django's development server.
 ```
-	python manage.py runserver
+python manage.py runserver
 ```
 Only authenticated users can use the API services, for that reason if we try this:
 ```
-	http  http://127.0.0.1:8000/api/v1/movies/3
+http  http://127.0.0.1:8000/api/v1/movies/
 ```
 we get:
 ```
- {  "detail":  "You must be authenticated"  }
+{
+    "detail": "Authentication credentials were not provided."
+}
 ```
 Instead, if we try to access with credentials:
 ```
-	http http://127.0.0.1:8000/api/v1/movies/3 "Authorization: Token 7530ec9186a31a5b3dd8d03d84e34f80941391e3"
+http http://127.0.0.1:8000/api/v1/movies/3 "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjE2MjA4Mjk1LCJqdGkiOiI4NGNhZmMzMmFiZDA0MDQ2YjZhMzFhZjJjMmRiNjUyYyIsInVzZXJfaWQiOjJ9.NJrs-sXnghAwcMsIWyCvE2RuGcQ3Hiu5p3vBmLkHSvM"
 ```
 we get the movie with id = 3
 ```
 {  "title":  "Avengers",  "genre":  "Superheroes",  "year":  2012,  "creator":  "admin"  }
 ```
 
-## Login and Tokens
+## Create users and Tokens
 
-To get a token first we have to login
+First we need to create a user, so we can log in
+```
+http POST http://127.0.0.1:8000/api/v1/auth/register/ email="[email protected]" username="USERNAME" password1="PASSWORD" password2="PASSWORD"
 ```
-	http http://127.0.0.1:8000/rest-auth/login/ username="admin" password="root1234"
+
+After we create an account we can use those credentials to get a token
+
+To get a token first we need to request
+```
+http http://127.0.0.1:8000/api/v1/auth/token/ username="username" password="password"
 ```
 after that, we get the token
 ```
 {
-    "key": "2d500db1e51153318e300860064e52c061e72016"
+    "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTYxNjI5MjMyMSwianRpIjoiNGNkODA3YTlkMmMxNDA2NWFhMzNhYzMxOTgyMzhkZTgiLCJ1c2VyX2lkIjozfQ.hP1wPOPvaPo2DYTC9M1AuOSogdRL_mGP30CHsbpf4zA",
+    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjE2MjA2MjIxLCJqdGkiOiJjNTNlNThmYjE4N2Q0YWY2YTE5MGNiMzhlNjU5ZmI0NSIsInVzZXJfaWQiOjN9.Csz-SgXoItUbT3RgB3zXhjA2DAv77hpYjqlgEMNAHps"
 }
 ```
-**ALL request must be authenticated with a valid token, otherwise they will be invalid**
+We got two tokens, the access token will be used to authenticated all the requests we need to make, this access token will expire after some time.
+We can use the refresh token to request a need access token.
 
-We can create new users. (password1 and password2 must be equal)
+requesting new access token
 ```
-http POST http://127.0.0.1:8000/rest-auth/registration/ username="USERNAME" password1="PASSWORD" password2="PASSWORD"
+http http://127.0.0.1:8000/api/v1/auth/token/refresh/ refresh="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTYxNjI5MjMyMSwianRpIjoiNGNkODA3YTlkMmMxNDA2NWFhMzNhYzMxOTgyMzhkZTgiLCJ1c2VyX2lkIjozfQ.hP1wPOPvaPo2DYTC9M1AuOSogdRL_mGP30CHsbpf4zA"
 ```
-And we can logout, the token must be your actual token
+and we will get a new access token
 ```
-http POST http://127.0.0.1:8000/rest-auth/logout/ "Authorization: Token <YOUR_TOKEN>" 
+{
+    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjE2MjA4Mjk1LCJqdGkiOiI4NGNhZmMzMmFiZDA0MDQ2YjZhMzFhZjJjMmRiNjUyYyIsInVzZXJfaWQiOjJ9.NJrs-sXnghAwcMsIWyCvE2RuGcQ3Hiu5p3vBmLkHSvM"
+}
 ```
 
+
 The API has some restrictions:
 -   The movies are always associated with a creator (user who created it).
 -   Only authenticated users may create and see movies.
 -   Only the creator of a movie may update or delete it.
--   Unauthenticated requests shouldn't have access.
+-   The API doesn't allow unauthenticated requests.
 
 ### Commands
 ```
-http http://127.0.0.1:8000/api/v1/movies/ "Authorization: Token <YOUR_TOKEN>"
-http GET http://127.0.0.1:8000/api/v1/movies/3 "Authorization: Token <YOUR_TOKEN>"
-http POST http://127.0.0.1:8000/api/v1/movies/ "Authorization: Token <YOUR_TOKEN>" title="Ant Man and The Wasp" genre="Action" year=2018
-http PUT http://127.0.0.1:8000/api/v1/movies/3 "Authorization: Token <YOUR_TOKEN>" title="AntMan and The Wasp" genre="Action" year=2018
-http DELETE http://127.0.0.1:8000/api/v1/movies/3 "Authorization: Token <YOUR_TOKEN>"
+Get all movies
+http http://127.0.0.1:8000/api/v1/movies/ "Authorization: Bearer {YOUR_TOKEN}" 
+Get a single movie
+http GET http://127.0.0.1:8000/api/v1/movies/{movie_id}/ "Authorization: Bearer {YOUR_TOKEN}" 
+Create a new movie
+http POST http://127.0.0.1:8000/api/v1/movies/ "Authorization: Bearer {YOUR_TOKEN}" title="Ant Man and The Wasp" genre="Action" year=2018 
+Full update a movie
+http PUT http://127.0.0.1:8000/api/v1/movies/{movie_id}/ "Authorization: Bearer {YOUR_TOKEN}" title="AntMan and The Wasp" genre="Action" year=2018
+Partial update a movie
+http PATCH http://127.0.0.1:8000/api/v1/movies/{movie_id}/ "Authorization: Bearer {YOUR_TOKEN}" title="AntMan and The Wasp" 
+Delete a movie
+http DELETE http://127.0.0.1:8000/api/v1/movies/{movie_id}/ "Authorization: Bearer {YOUR_TOKEN}"
 ```
 
 ### Pagination
-The API supports pagination, by default responses have a page_size=10 but if you want change that you can pass through params page=size=X
+The API supports pagination, by default responses have a page_size=10 but if you want change that you can pass through params page_size={your_page_size_number}
 ```
-http http://127.0.0.1:8000/api/v1/movies/?page=1 "Authorization: Token <YOUR_TOKEN>"
-http http://127.0.0.1:8000/api/v1/movies/?page=3 "Authorization: Token <YOUR_TOKEN>"
-http http://127.0.0.1:8000/api/v1/movies/?page=3&page_size=15 "Authorization: Token <YOUR_TOKEN>"
+http http://127.0.0.1:8000/api/v1/movies/?page=1 "Authorization: Bearer {YOUR_TOKEN}"
+http http://127.0.0.1:8000/api/v1/movies/?page=3 "Authorization: Bearer {YOUR_TOKEN}"
+http http://127.0.0.1:8000/api/v1/movies/?page=3&page_size=15 "Authorization: Bearer {YOUR_TOKEN}"
 ```
 
-Finally, I provide a DB to make these tests.
+### Filters
+The API supports filtering, you can filter by the attributes of a movie like this
+```
+http http://127.0.0.1:8000/api/v1/movies/?title="AntMan" "Authorization: Bearer {YOUR_TOKEN}"
+http http://127.0.0.1:8000/api/v1/movies/?year=2020 "Authorization: Bearer {YOUR_TOKEN}"
+http http://127.0.0.1:8000/api/v1/movies/?year__gt=2019&year__lt=2022 "Authorization: Bearer {YOUR_TOKEN}"
+http http://127.0.0.1:8000/api/v1/movies/?genre="Action" "Authorization: Bearer {YOUR_TOKEN}"
+http http://127.0.0.1:8000/api/v1/movies/?creator__username="myUsername" "Authorization: Bearer {YOUR_TOKEN}"
+```
+
+You can also combine multiples filters like so
+```
+http http://127.0.0.1:8000/api/v1/movies/?title="AntMan"&year=2020 "Authorization: Bearer {YOUR_TOKEN}"
+http http://127.0.0.1:8000/api/v1/movies/?year__gt=2019&year__lt=2022&genre="Action" "Authorization: Bearer {YOUR_TOKEN}"
+```
 

api_crud/settings.py

@@ -29,8 +29,11 @@
 
 REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': (
-        'rest_framework.authentication.TokenAuthentication',
-    )
+        'rest_framework_simplejwt.authentication.JWTAuthentication',
+    ),
+    'DEFAULT_FILTER_BACKENDS': (
+        'django_filters.rest_framework.DjangoFilterBackend',
+    ),
 }
 
 
@@ -44,13 +47,9 @@
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'rest_framework',
+    'django_filters',
+    'authentication',
     'movies',
-    'rest_framework.authtoken',
-    'rest_auth',
-    'django.contrib.sites',
-    'allauth',
-    'allauth.account',
-    'rest_auth.registration',
 ]
 
 SITE_ID = 1

api_crud/urls.py

@@ -1,14 +1,10 @@
 
 from django.contrib import admin
-from django.conf.urls import include, url
-from .views import RegisterView, CustomLoginView
-
+from django.urls import include, path
 
 # urls
 urlpatterns = [
-    url(r'^', include('movies.urls')),
-    url(r'^rest-auth/login/', CustomLoginView.as_view()),
-    url(r'^rest-auth/registration/', RegisterView.as_view()),
-    url(r'^rest-auth/', include('rest_auth.urls')),
-    url(r'^admin/', admin.site.urls),
+    path('api/v1/movies/', include('movies.urls')),
+    path('api/v1/auth/', include('authentication.urls')),
+    path('admin/', admin.site.urls),
 ]

api_crud/views.py

@@ -1,57 +0,0 @@
-from django.utils.decorators import method_decorator
-from django.views.decorators.debug import sensitive_post_parameters
-from rest_framework.response import Response
-from rest_framework.generics import CreateAPIView
-from rest_framework import status
-from allauth.account.utils import complete_signup
-from allauth.account import app_settings as allauth_settings
-from rest_auth.models import TokenModel
-from rest_auth.views import LoginView
-from rest_auth.registration.app_settings import RegisterSerializer, register_permission_classes
-from django.contrib.auth.models import User
-
-sensitive_post_parameters_m = method_decorator(
-    sensitive_post_parameters('password1', 'password2')
-)
-
-
-class RegisterView(CreateAPIView):
-    serializer_class = RegisterSerializer
-    permission_classes = register_permission_classes()
-    token_model = TokenModel
-
-    @sensitive_post_parameters_m
-    def dispatch(self, *args, **kwargs):
-        return super(RegisterView, self).dispatch(*args, **kwargs)
-
-    def create(self, request, *args, **kwargs):
-        serializer = self.get_serializer(data=request.data)
-        serializer.is_valid(raise_exception=True)
-        user = self.perform_create(serializer)
-        headers = self.get_success_headers(serializer.data)
-        content = {
-            "details": "Registered"
-        }
-        return Response(content,
-                        status=status.HTTP_201_CREATED,
-                        headers=headers)
-
-    def perform_create(self, serializer):
-        user = serializer.save(self.request)
-
-        complete_signup(self.request._request, user, None, None)
-        return user
-
-
-class CustomLoginView(LoginView):
-    
-    def get_response(self):
-        orginal_response = super().get_response()
-
-        custom_response = {"user": {
-            "username": self.user.username,
-            "email": self.user.email
-        }}
-        
-        orginal_response.data.update(custom_response)
-        return orginal_response

authentication/__init__.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.

authentication/admin.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class AuthConfig(AppConfig):
+    name = 'authentication'

authentication/apps.py

@@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.