# Security
# Permisos
from restframework.permissions import BasePermission
class BasePermission(BasePermission):
"""
A base class from which all permission classes should inherit.
"""
def has_permission(self, request, view):
"""
Return `True` if permission is granted, `False` otherwise.
"""
return True
def has_object_permission(self, request, view, obj):
"""
Return `True` if `has_permission` is `True` and object permission is granted, `False` otherwise.
"""
return True
# Simple JWT Tokens
$ pip install djangorestframework-simplejwt
import datetime
REST_FRAMEWORK = {
...
"DEFAULT_AUTHENTICATION_CLASSES": (
...
"rest_framework_simplejwt.authentication.JWTAuthentication",
),
}
SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME': datetime.timedelta(minutes=15),
'REFRESH_TOKEN_LIFETIME': datetime.timedelta(hours=1),
'USER_ID_FIELD': 'id',
'USER_ID_CLAIM': 'id'
}
# urls.py
from rest_framework_simplejwt.views import TokenObtainPairView
urlpatterns = [
...
path('token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
...
]
# CORS Headers
$ pip install django-cors-headers
THIRD_PARTY_APPS = (
...
'corsheaders',
...
)
MIDDLEWARE = [
...
'corsheaders.middleware.CorsMiddleware', # django-cors-headers middleware
'django.middleware.common.CommonMiddleware',
...
]
CORS_ORIGIN_WHITELIST = os.environ.get("DJANGO_ALLOWED_ORIGINS").split(' ')
CORS_ALLOW_ORIGINS_ALL = True
CORS_ALLOW_CREDENTIALS = True