dev/msa-django-auth
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update
Some checks failed
Build And Test / build-and-push (push) Failing after 1m46s
Details

Browse Source
This commit is contained in:
icurfer
2026-01-13 22:41:07 +09:00
parent e4b185332b
commit 00db74a333
6 changed files with 152 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
users/migrations/0008_add_unique_name.py Normal file
View File

@ -0,0 +1,18 @@
# Generated by Django 4.2.14 on 2026-01-13 04:56
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('users', '0007_customuser_address_customuser_birth_date_and_more'),
]
operations = [
migrations.AlterField(
model_name='customuser',
name='name',
field=models.CharField(max_length=255, unique=True),
),
]

2
users/models.py
View File

@ -51,7 +51,7 @@ class CustomUser(AbstractBaseUser, PermissionsMixin):
)
email = models.EmailField(unique=True)
name = models.CharField(max_length=255)
name = models.CharField(max_length=255, unique=True)
grade = models.CharField(max_length=20, choices=GRADE_CHOICES, default='user')
desc = models.TextField(blank=True, null=True, verbose_name="설명")

40
users/serializers.py
View File

@ -11,6 +11,16 @@ class RegisterSerializer(serializers.ModelSerializer):
fields = ("email", "name", "password", "grade", "desc",
"phone", "address", "gender", "birth_date", "education")
def validate_email(self, value):
if CustomUser.objects.filter(email=value).exists():
raise ValidationError("이미 사용 중인 이메일입니다.")
return value
def validate_name(self, value):
if CustomUser.objects.filter(name=value).exists():
raise ValidationError("이미 사용 중인 이름입니다.")
return value
def create(self, validated_data):
password = validated_data.pop("password")
user = CustomUser(**validated_data)
@ -19,7 +29,24 @@ class RegisterSerializer(serializers.ModelSerializer):
return user
class UserListSerializer(serializers.ModelSerializer):
"""관리자용 사용자 목록 시리얼라이저"""
class Meta:
model = CustomUser
fields = [
'id', 'email', 'name', 'grade', 'is_active', 'is_staff',
'created_at', 'phone', 'address', 'gender', 'birth_date', 'education'
]
read_only_fields = [
'id', 'email', 'name', 'grade', 'is_staff',
'created_at', 'phone', 'address', 'gender', 'birth_date', 'education'
]
class CustomTokenObtainPairSerializer(TokenObtainPairSerializer):
# email 필드를 identifier로 재정의 (이메일 또는 이름 허용)
email = serializers.CharField()
@classmethod
def get_token(cls, user):
token = super().get_token(user)
@ -36,18 +63,23 @@ class CustomTokenObtainPairSerializer(TokenObtainPairSerializer):
return token
def validate(self, attrs):
email = attrs.get("email")
identifier = attrs.get("email") # 이메일 또는 이름
password = attrs.get("password")
user = CustomUser.objects.filter(email=email).first()
# 이메일 또는 이름으로 사용자 찾기
user = CustomUser.objects.filter(email=identifier).first()
if user is None:
user = CustomUser.objects.filter(name=identifier).first()
if user is None:
raise ValidationError("이메일 또는 비밀번호가 올바르지 않습니다.")
raise ValidationError("계정 또는 비밀번호가 올바르지 않습니다.")
if not user.is_active:
raise ValidationError("계정이 비활성화되어 있습니다. 관리자에게 문의하세요.")
if not user.check_password(password):
raise ValidationError("이메일 또는 비밀번호가 올바르지 않습니다.")
raise ValidationError("계정 또는 비밀번호가 올바르지 않습니다.")
# 부모 클래스의 validate를 위해 attrs에 실제 email 설정
attrs["email"] = user.email
self.user = user # ✅ 수동 설정 필요
data = super().validate(attrs)

9
users/urls.py
View File

@ -1,5 +1,9 @@
from django.urls import path
from .views import RegisterView, MeView, CustomTokenObtainPairView, SSHKeyUploadView, SSHKeyInfoView, SSHKeyRetrieveView
from .views import (
RegisterView, MeView, CustomTokenObtainPairView,
SSHKeyUploadView, SSHKeyInfoView, SSHKeyRetrieveView,
UserListView, UserUpdateView
)
from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView, TokenVerifyView
from .views_jwks import jwks_view # django-jwks
@ -14,4 +18,7 @@ urlpatterns = [
path("ssh-key/info/", SSHKeyInfoView.as_view(), name="ssh_key_info"),
path("ssh-key/view/", SSHKeyRetrieveView.as_view(), name="ssh_key_retrieve"),
path(".well-known/jwks.json", jwks_view, name="jwks"), # django-jwks
# 관리자용 사용자 관리 API
path('users/', UserListView.as_view(), name='user_list'),
path('users/<int:pk>/', UserUpdateView.as_view(), name='user_update'),
]

90
users/views.py
View File

@ -4,9 +4,11 @@ from opentelemetry import trace # ✅ OpenTelemetry 트레이서
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework import status
from rest_framework.permissions import IsAuthenticated
from rest_framework.permissions import IsAuthenticated, BasePermission
from rest_framework_simplejwt.views import TokenObtainPairView
from .serializers import RegisterSerializer, CustomTokenObtainPairSerializer
from rest_framework import generics
from .serializers import RegisterSerializer, CustomTokenObtainPairSerializer, UserListSerializer
from .models import CustomUser
logger = logging.getLogger(__name__)
tracer = trace.get_tracer(__name__) # ✅ 트레이서 생성
@ -233,3 +235,87 @@ class SSHKeyRetrieveView(APIView):
attributes={"email": email, "reason": str(e)},
) # ✅
return Response({"error": f"복호화 실패: {str(e)}"}, status=500)
# ============================================
# 관리자용 사용자 관리 API
# ============================================
class IsAdminOrManager(BasePermission):
"""admin 또는 manager 등급만 접근 가능"""
def has_permission(self, request, view):
if not request.user or not request.user.is_authenticated:
return False
return request.user.grade in ['admin', 'manager']
class UserListView(generics.ListAPIView):
"""사용자 목록 조회 (관리자 전용)"""
queryset = CustomUser.objects.all().order_by('-created_at')
serializer_class = UserListSerializer
permission_classes = [IsAuthenticated, IsAdminOrManager]
def list(self, request, *args, **kwargs):
with tracer.start_as_current_span("UserListView GET") as span:
email, ip, ua = get_request_info(request)
logger.info(f"[USER LIST] admin={email} | IP={ip} | UA={ua}")
span.add_event("User list retrieved", attributes={"admin": email})
return super().list(request, *args, **kwargs)
class UserUpdateView(generics.RetrieveUpdateDestroyAPIView):
"""사용자 상태 수정/삭제 (관리자 전용)"""
queryset = CustomUser.objects.all()
serializer_class = UserListSerializer
permission_classes = [IsAuthenticated, IsAdminOrManager]
def partial_update(self, request, *args, **kwargs):
with tracer.start_as_current_span("UserUpdateView PATCH") as span:
admin_email, ip, ua = get_request_info(request)
instance = self.get_object()
target_email = instance.email
# is_active만 수정 가능
is_active = request.data.get('is_active')
if is_active is not None:
instance.is_active = is_active
instance.save(update_fields=['is_active'])
action = "activated" if is_active else "deactivated"
logger.info(
f"[USER UPDATE] admin={admin_email} | target={target_email} | action={action} | IP={ip} | UA={ua}"
)
span.add_event(
f"User {action}",
attributes={"admin": admin_email, "target": target_email}
)
serializer = self.get_serializer(instance)
return Response(serializer.data)
def destroy(self, request, *args, **kwargs):
with tracer.start_as_current_span("UserUpdateView DELETE") as span:
admin_email, ip, ua = get_request_info(request)
instance = self.get_object()
target_email = instance.email
# 자기 자신은 삭제 불가
if request.user.id == instance.id:
return Response(
{"error": "자기 자신의 계정은 삭제할 수 없습니다."},
status=status.HTTP_400_BAD_REQUEST
)
logger.info(
f"[USER DELETE] admin={admin_email} | target={target_email} | IP={ip} | UA={ua}"
)
span.add_event(
"User deleted",
attributes={"admin": admin_email, "target": target_email}
)
instance.delete()
return Response(
{"message": f"사용자 {target_email}이(가) 삭제되었습니다."},
status=status.HTTP_200_OK
)