Implement jwt #28

JVPH · 2024-03-23T20:41:55Z

Updating User Model: By changing the primary key from email address to an auto-incremented ID, we enhance the system’s flexibility. Email addresses can change, which could lead to complications with foreign key relationships. An auto-incremented ID remains constant, providing a more stable reference point. Additionally, keeping the email as a unique field ensures that each user has a unique identifier beyond the primary key.
JWT Based Authentication: Implementing JWT (JSON Web Tokens) based authentication provides a secure and scalable method for user authentication. JWTs are stateless, meaning the server does not need to store session data. This makes the system more scalable and reduces server load.
Use Django's built in functions for password checking/hashing: Django’s make_password and authenticate abstract away the details of password hashing and checking (They handle the salting and hashing of passwords). This makes the code simpler and easier to read.
Protecting Views: By requiring a bearer token in the auth headers for multiple endpoints, we ensure that only authenticated users can access these resources. Also updated the views to match the new primary key and to make use of the JWT to get user info.

To do: Update tests to match the new/changed functionality.

Update views so they reflect the change of the PK from email to id. user_id is extracted from the JWT.

JVPH added 10 commits March 22, 2024 21:25

refactor: use an autogenerated integer as primary key

ead5346

Implement JWT authentication

27899ad

Protect messages routes

ce7b6e4

Rename foreign key from email to user_id

f05664b

Add protection to views

d72db56

Update views so they reflect the change of the PK from email to id. user_id is extracted from the JWT.

update token lifetime

d8e4488

add token refresh path

4ce940f

Return email and name on successful login

1bbdee7

Update readme

2d71deb

Update readme

8d8de3a

Provide feedback