Created API endpoint for GET request (list view) for USERS with proper JWT authentication

requirements/base.txt

@@ -9,3 +9,5 @@ django-crispy-forms==2.0  # https://github.com/django-crispy-forms/django-crispy
 crispy-bootstrap5==0.7  # https://github.com/django-crispy-forms/crispy-bootstrap5
 django-machina==1.3.1 # https://github.com/ellmetha/django-machina
 Whoosh==2.7.4 # https://github.com/mchaput/whoosh
+djangorestframework-simplejwt==5.2.0
+dj-rest-auth==1.0.0

src/chigame/api/permissions.py

@@ -0,0 +1,6 @@
+from rest_framework.permissions import BasePermission
+
+
+class IsUnauthenticated(BasePermission):
+    def has_permission(self, request, view):
+        return not request.user or not request.user.is_authenticated

src/chigame/api/urls.py

@@ -16,6 +16,7 @@
 
 user_patterns = [
     path("", views.UserListView.as_view(), name="api-user-list"),
+    path("add/", views.UserRegistrationView.as_view(), name="user-registration"),
     path("<slug:slug>/", views.UserDetailView.as_view(), name="api-user-detail"),
     path("<slug:slug>/groups/", views.UserGroupsView.as_view(), name="api-user-groups"),
     path("<int:pk>/friends/", views.UserFriendsAPIView.as_view(), name="api-user-friends"),
@@ -33,6 +34,9 @@
 ]
 
 urlpatterns = [
+    path("token/", views.CustomTokenObtainPairView.as_view(), name="token_obtain_pair"),
+    path("token/refresh/", views.CustomTokenRefreshView.as_view(), name="token_refresh"),
+    path("token/verify/", views.CustomTokenVerifyView.as_view(), name="token_verify"),
     path("games/", include(game_patterns)),
     path("lobbies/", include(lobby_patterns)),
     path("users/", include(user_patterns)),

src/chigame/api/views.py

@@ -1,10 +1,16 @@
 # from django.shortcuts import render
+
+
+from dj_rest_auth.models import TokenModel
 from django.shortcuts import get_object_or_404
 from django_filters.rest_framework import DjangoFilterBackend
 from rest_framework import generics, status
 from rest_framework.pagination import PageNumberPagination
+from rest_framework.permissions import AllowAny, IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
+from rest_framework_simplejwt.authentication import JWTAuthentication
+from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView, TokenVerifyView
 
 from chigame.api.filters import GameFilter
 from chigame.api.serializers import (
@@ -17,8 +23,8 @@
     MessageSerializer,
     UserSerializer,
 )
-from chigame.games.models import Game, Lobby, Message, User
-from chigame.users.models import Group, UserProfile
+from chigame.games.models import Game, Lobby, Message
+from chigame.users.models import Group, User, UserProfile
 
 
 # Helper function to get user from slug
@@ -44,6 +50,29 @@ class GameDetailView(generics.RetrieveUpdateDestroyAPIView):
     serializer_class = GameSerializer
 
 
+class UserListView(generics.ListAPIView):
+    queryset = User.objects.all()
+    serializer_class = UserSerializer
+    permission_classes = [IsAuthenticated]
+    authentication_classes = [JWTAuthentication]
+
+
+class UserRegistrationView(APIView):
+    permission_classes = [AllowAny]
+    serializer_class = UserSerializer
+
+    def post(self, request, *args, **kwargs):
+        serializer_instance = self.serializer_class(data=request.data)
+        if serializer_instance.is_valid():
+            user = serializer_instance.save()
+            UserProfile.objects.create(user=user, display_name=user.name)
+            refresh = TokenModel.objects.create(user=user)
+            access_token = str(refresh.key)
+
+            return Response({"access_token": access_token}, status=status.HTTP_201_CREATED)
+        return Response(serializer_instance.errors, status=status.HTTP_400_BAD_REQUEST)
+
+
 class GameCategoriesAPIView(generics.ListAPIView):
     serializer_class = CategorySerializer
     pagination_class = PageNumberPagination
@@ -84,10 +113,19 @@ class LobbyDetailView(generics.RetrieveUpdateDestroyAPIView):
     serializer_class = LobbySerializer
 
 
-class UserListView(generics.ListCreateAPIView):
-    queryset = User.objects.all()
-    serializer_class = UserSerializer
-    pagination_class = PageNumberPagination
+class CustomTokenObtainPairView(TokenObtainPairView):
+    # Add any custom behavior if needed
+    pass
+
+
+class CustomTokenRefreshView(TokenRefreshView):
+    # Add any custom behavior if needed
+    pass
+
+
+class CustomTokenVerifyView(TokenVerifyView):
+    # Add any custom behavior if needed
+    pass
 
 
 # Bug with PATCH'ing emails -- refer to Issue #394

src/config/settings/base.py

@@ -1,6 +1,7 @@
 """
 Base settings to build other settings files upon.
 """
+from datetime import timedelta
 from pathlib import Path
 
 import environ
@@ -77,6 +78,9 @@
     "rest_framework",
     "django_filters",
     "django_tables2",
+    "rest_framework_simplejwt",
+    "rest_framework.authtoken",
+    "dj_rest_auth",
 ]
 THIRD_PARTY_APPS = [
     "crispy_forms",
@@ -115,7 +119,41 @@
 # https://docs.djangoproject.com/en/dev/ref/settings/#installed-apps
 INSTALLED_APPS = DJANGO_APPS + THIRD_PARTY_APPS + LOCAL_APPS
 
-
+REST_FRAMEWORK = {"DEFAULT_AUTHENTICATION_CLASSES": ("rest_framework_simplejwt.authentication.JWTAuthentication",)}
+
+
+SIMPLE_JWT = {
+    "ACCESS_TOKEN_LIFETIME": timedelta(days=1),
+    "REFRESH_TOKEN_LIFETIME": timedelta(days=7),
+    "ROTATE_REFRESH_TOKENS": False,
+    "BLACKLIST_AFTER_ROTATION": False,
+    "UPDATE_LAST_LOGIN": False,
+    "ALGORITHM": "HS256",
+    "VERIFYING_KEY": "",
+    "AUDIENCE": None,
+    "ISSUER": None,
+    "JSON_ENCODER": None,
+    "JWK_URL": None,
+    "LEEWAY": 0,
+    "AUTH_HEADER_TYPES": ("Bearer",),
+    "AUTH_HEADER_NAME": "HTTP_AUTHORIZATION",
+    "USER_ID_FIELD": "id",
+    "USER_ID_CLAIM": "user_id",
+    "USER_AUTHENTICATION_RULE": "rest_framework_simplejwt.authentication.default_user_authentication_rule",
+    "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
+    "TOKEN_TYPE_CLAIM": "token_type",
+    "TOKEN_USER_CLASS": "rest_framework_simplejwt.models.TokenUser",
+    "JTI_CLAIM": "jti",
+    "SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp",
+    "SLIDING_TOKEN_LIFETIME": timedelta(minutes=5),
+    "SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1),
+    "TOKEN_OBTAIN_SERIALIZER": "rest_framework_simplejwt.serializers.TokenObtainPairSerializer",
+    "TOKEN_REFRESH_SERIALIZER": "rest_framework_simplejwt.serializers.TokenRefreshSerializer",
+    "TOKEN_VERIFY_SERIALIZER": "rest_framework_simplejwt.serializers.TokenVerifySerializer",
+    "TOKEN_BLACKLIST_SERIALIZER": "rest_framework_simplejwt.serializers.TokenBlacklistSerializer",
+    "SLIDING_TOKEN_OBTAIN_SERIALIZER": "rest_framework_simplejwt.serializers.TokenObtainSlidingSerializer",
+    "SLIDING_TOKEN_REFRESH_SERIALIZER": "rest_framework_simplejwt.serializers.TokenRefreshSlidingSerializer",
+}
 # AUTHENTICATION
 # ------------------------------------------------------------------------------
 # https://docs.djangoproject.com/en/dev/ref/settings/#authentication-backends