implement auth (register, login, logout)

api/serializers.py

@@ -0,0 +1,75 @@
+from django.contrib.auth import authenticate, get_user_model
+from django.core.validators import validate_email
+from django.utils.translation import gettext_lazy as _
+from rest_framework import serializers
+from rest_framework_simplejwt.tokens import RefreshToken
+
+User = get_user_model()
+
+
+class RegistrationSerializer(serializers.Serializer):
+    email = serializers.EmailField()
+    password = serializers.CharField(min_length=8, write_only=True)
+
+    def validate_email(self, value):
+        validate_email(value)
+        if User.objects.filter(email__iexact=value).exists():
+            raise serializers.ValidationError(_("Email is already registered."))
+        return value
+
+    def create(self, validated_data):
+        email = validated_data["email"].lower()
+        password = validated_data["password"]
+        user = User.objects.create_user(
+            username=email,
+            email=email,
+            password=password,
+        )
+        return user
+
+
+class LoginSerializer(serializers.Serializer):
+    email = serializers.EmailField()
+    password = serializers.CharField(write_only=True)
+
+    def validate(self, attrs):
+        email = attrs.get("email", "").lower()
+        password = attrs.get("password")
+        if not email or not password:
+            raise serializers.ValidationError(_("Email and password are required."))
+
+        user = authenticate(
+            request=self.context.get("request"),
+            username=email,
+            password=password,
+        )
+        if user is None:
+            raise serializers.ValidationError(_("Invalid email or password."))
+        if not user.is_active:
+            raise serializers.ValidationError(_("User account is disabled."))
+
+        attrs["user"] = user
+        return attrs
+
+    def create(self, validated_data):
+        user = validated_data["user"]
+        refresh = RefreshToken.for_user(user)
+        return {
+            "refresh": str(refresh),
+            "access": str(refresh.access_token),
+        }
+
+
+class LogoutSerializer(serializers.Serializer):
+    refresh = serializers.CharField()
+
+    def validate(self, attrs):
+        refresh = attrs.get("refresh")
+        if not refresh:
+            raise serializers.ValidationError(_("Refresh token is required."))
+        return attrs
+
+    def create(self, validated_data):
+        refresh = RefreshToken(validated_data["refresh"])
+        refresh.blacklist()
+        return {}

api/urls.py

@@ -0,0 +1,9 @@
+from django.urls import path
+
+from .views import LoginView, LogoutView, RegisterView
+
+urlpatterns = [
+    path("auth/register", RegisterView.as_view(), name="auth-register"),
+    path("auth/login", LoginView.as_view(), name="auth-login"),
+    path("auth/logout", LogoutView.as_view(), name="auth-logout"),
+]

api/views.py

@@ -1,3 +1,67 @@
-from django.shortcuts import render
+from rest_framework import permissions, status
+from rest_framework.response import Response
+from rest_framework.views import APIView
 
-# Create your views here.
+from .serializers import LoginSerializer, LogoutSerializer, RegistrationSerializer
+
+
+class RegisterView(APIView):
+    permission_classes = [permissions.AllowAny]
+    throttle_scope = "auth"
+
+    def post(self, request):
+        serializer = RegistrationSerializer(data=request.data)
+        if not serializer.is_valid():
+            return Response(
+                {"errors": serializer.errors},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        user = serializer.save()
+        login_serializer = LoginSerializer(
+            data={
+                "email": user.email,
+                "password": request.data.get("password"),
+            },
+            context={"request": request},
+        )
+        login_serializer.is_valid(raise_exception=True)
+        tokens = login_serializer.save()
+        return Response(
+            {
+                "user": {
+                    "id": user.id,
+                    "email": user.email,
+                },
+                "tokens": tokens,
+            },
+            status=status.HTTP_201_CREATED,
+        )
+
+
+class LoginView(APIView):
+    permission_classes = [permissions.AllowAny]
+    throttle_scope = "auth"
+
+    def post(self, request):
+        serializer = LoginSerializer(data=request.data, context={"request": request})
+        if not serializer.is_valid():
+            return Response(
+                {"errors": serializer.errors},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        tokens = serializer.save()
+        return Response({"tokens": tokens}, status=status.HTTP_200_OK)
+
+
+class LogoutView(APIView):
+    permission_classes = [permissions.IsAuthenticated]
+
+    def post(self, request):
+        serializer = LogoutSerializer(data=request.data)
+        if not serializer.is_valid():
+            return Response(
+                {"errors": serializer.errors},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        serializer.save()
+        return Response({"detail": "Logged out."}, status=status.HTTP_200_OK)