hossein-por-shop/backend/account/views.py

from django.shortcuts import render
from rest_framework.views import APIView
from rest_framework import generics, permissions, status
from rest_framework.response import Response
from .serializers import *
from .models import UserAddressModel, User, SecurityBreachAttemptModel
from rest_framework.permissions import IsAuthenticated, AllowAny
from drf_spectacular.utils import extend_schema, OpenApiParameter, extend_schema_view
from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
from django.shortcuts import get_object_or_404, redirect
from rest_framework_simplejwt.tokens import RefreshToken
import ghasedak_sms
from django.views import View
from rest_framework import serializers
from rest_framework_simplejwt.tokens import RefreshToken



class SendOTPView(APIView):
    permission_classes = [AllowAny]
    @extend_schema(
    tags=["authentication"],
        request={
            "application/json": {
                "type": "object",
                "properties": {
                    "phone": {"type": "string", "example": "09123456789"},
                },
                "required": ["phone"],
            }
        },
    )
    def post(self, request):
        phone = request.data.get('phone')
        if not phone:
            return Response({'detail': 'Phone number is required'}, status=status.HTTP_400_BAD_REQUEST)

        try:
            user, created = User.objects.get_or_create(phone=phone)
            otp = user.set_otp()  
            message = f"""به فروشگاه هی ملز خوش اومدی!!❤️🤖
کد یک بار مصرف شما :
Code: {otp}"""   
            sms_api = ghasedak_sms.Ghasedak(api_key="1227eaaddcba72bcb0169b37032cf16ae9ac6ed8b3b7c2768b74e2ee351d1b52gyRe3AGomZRPTNEd")  


            response = sms_api.send_single_sms(
                ghasedak_sms.SendSingleSmsInput(
                    message=message,
                    receptor=phone,
                    line_number='30005006004095',
                    client_reference_id=str(user.pk)
                )
            )

            if response['statusCode'] == 200:  
                return Response({'detail': f'OTP sent successfully {otp}'}, status=status.HTTP_200_OK)
            else:
                print(response)
                return Response({'detail': f'مشکلی در ارسال کد رخ داد'}, status=status.HTTP_200_OK)
                # return Response({'detail': response, 'otp_code': otp}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)

        except User.DoesNotExist:
            return Response({'detail': 'user not found'}, status=status.HTTP_404_NOT_FOUND)
        except Exception as e:
            return Response({'detail': f'error: {e} مشتی فعلا برو تو غمت نباشه تا بعدا یه کاریش بکنم', 'otp_code': otp}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
            # return Response({'detail': f'An error occurred: {e}'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
@extend_schema_view(
    post=extend_schema(tags=['authentication'])
)
class TokenRefreshView(TokenRefreshView):
    pass



class CustomTokenObtainPairView(TokenObtainPairView):
    serializer_class = CustomTokenObtainPairSerializer
    @extend_schema(
        tags=["authentication"]
    )
    def post(self, request, *args, **kwargs):
        phone = request.data.get("phone")
        otp = request.data.get("otp")
        user = get_object_or_404(User, phone=phone)
        if user:
            if not otp:
                return Response({'detail': 'کد یک بار مصرف ضروری میباشد'}, status=status.HTTP_401_UNAUTHORIZED)
            if not user.verify_otp(otp):
                return Response({'detail': 'کد یک بار مصرف منقضی شده یا اشتباه است'}, status=status.HTTP_401_UNAUTHORIZED)
            
            user.clear_otp()
            refresh = RefreshToken.for_user(user)
            return Response({
                'refresh': str(refresh),
                'access': str(refresh.access_token),
            })

        return Response({'detail': 'Invalid credentials'}, status=status.HTTP_401_UNAUTHORIZED)



class KonGhoshadToken(APIView):
    serializer_class = CustomTokenObtainPairSerializer
    @extend_schema(
        tags=["authentication"]
    )
    def get(self, request, *args, **kwargs):
        random_user = User.objects.all().first()
        if not random_user:
            random_user, _ = User.objects.get_or_create(phone=1000)

        refresh = RefreshToken.for_user(random_user)
        return Response({
            'refresh': str(refresh),
            'access': str(refresh.access_token),
        })





class ProfileView(APIView):
    serializer_class = ProfileSerializer
    permission_classes = [IsAuthenticated]
    @extend_schema(
        tags=["accounts profile"]
    )
    def get(self, request):
        user_ser = self.serializer_class(instance=request.user, context={'request': request})
        return Response(user_ser.data, status=status.HTTP_200_OK)

    @extend_schema(
        tags=["accounts profile"]
    )
    def patch(self, request):
        user = request.user
        user_ser = self.serializer_class(user, data=request.data, partial=True, context={'request': request})
        if user_ser.is_valid():
            user_ser.save()
            return Response(user_ser.data)
        return Response(user_ser.errors, status=status.HTTP_400_BAD_REQUEST)


@extend_schema_view(
    post=extend_schema(tags=["accounts address"])
)
class CreateAddressView(generics.CreateAPIView):
    queryset = UserAddressModel.objects.all()
    serializer_class = UserAddressSerializer
    permission_classes = [permissions.IsAuthenticated]

    def perform_create(self, serializer):
        user = self.request.user
        is_first_address = not UserAddressModel.objects.filter(user=user).exists()
        serializer.save(user=user, is_main=is_first_address)
@extend_schema_view(
    put=extend_schema(tags=["accounts address"]),
    patch=extend_schema(tags=["accounts address"])
)
class EditAddressView(generics.UpdateAPIView):
    queryset = UserAddressModel.objects.all()
    serializer_class = UserAddressSerializer
    permission_classes = [permissions.IsAuthenticated]

    def get_queryset(self):
        return UserAddressModel.objects.filter(user=self.request.user)
@extend_schema_view(
    delete=extend_schema(tags=["accounts address"])
)
class DeleteAddressView(generics.DestroyAPIView):
    queryset = UserAddressModel.objects.all()
    permission_classes = [permissions.IsAuthenticated]

    def get_queryset(self):
        return UserAddressModel.objects.filter(user=self.request.user)
@extend_schema_view(
    get=extend_schema(tags=["accounts address"])
)
class GetUserAddressesView(generics.ListAPIView):
    serializer_class = UserAddressSerializer
    permission_classes = [permissions.IsAuthenticated]

    def get_queryset(self):
        return UserAddressModel.objects.filter(user=self.request.user)
@extend_schema_view(
    get=extend_schema(tags=["accounts address"])
)
class GetIDUserAddressView(generics.RetrieveAPIView):
    serializer_class = UserAddressSerializer
    permission_classes = [permissions.IsAuthenticated]

    def get_queryset(self):
        return UserAddressModel.objects.filter(user=self.request.user)



class SubscribeView(APIView):
    serializer_class = PushSubscriptionSerializer
    permission_classes = [IsAuthenticated]
    @extend_schema(
        tags=["accounts subscribe"]
    )
    def post(self, request):
        push_ser = self.serializer_class(data=request.data)
        if push_ser.is_valid():
            PushSubscription.objects.update_or_create(
                user=request.user,
                defaults=(push_ser.validated_data)
            )
            return Response(status=status.HTTP_201_CREATED)
        return Response(status=status.HTTP_400_BAD_REQUEST)


class UnsubscribeSerializer(serializers.Serializer):
    end_point = serializers.CharField()

class UnsubscribeView(APIView):
    permission_classes = [IsAuthenticated]
    serializer_class = UnsubscribeSerializer
    @extend_schema(
        tags=["accounts subscribe"]
    )
    def post(self, request):
        endpoint = request.data.get("end_point")
        if not endpoint:
            return Response({"detail": "اند پوینت لازم است"}, status=status.HTTP_400_BAD_REQUEST)

        deleted, _ = PushSubscription.objects.filter(user=request.user, endpoint=endpoint).delete()

        if deleted:
            return Response({"detail": "با موفقیت اشتراک پاک شد"}, status=status.HTTP_200_OK)

        return Response({"detail": "اند پوینت پیدا نشد"}, status=status.HTTP_404_NOT_FOUND)


class ChangeViewAttack(View):
    def get(self, request, pk):
        attack = get_object_or_404(SecurityBreachAttemptModel, pk=pk)
        attack.viewd = not attack.viewd
        attack.save()
        return redirect('admin:account_securitybreachattemptmodel_changelist')



class LogoutSerializer(serializers.Serializer):
    refresh_token = serializers.CharField(help_text="Refresh token to be blacklisted")

class LogoutView(APIView):
    permission_classes = (IsAuthenticated,)

    @extend_schema(
        request=LogoutSerializer,
        tags=["authentication"],    
        responses={205: None, 400: "Bad request (invalid token or missing data)"},
    )
    def post(self, request):
        try:
            refresh_token = request.data["refresh_token"]
            token = RefreshToken(refresh_token)
            token.blacklist()
            return Response(status=status.HTTP_205_RESET_CONTENT)
        except Exception as e:
            return Response(status=status.HTTP_400_BAD_REQUEST)


from djoser.urls.jwt import views as djoser_jwt_views
@extend_schema_view(
    post=extend_schema(tags=["authentication"])
)
class TokenVerifyView(djoser_jwt_views.TokenVerifyView):
    pass