# blog/views.py

from rest_framework import generics, permissions
from .models import Post
from .serializers import PostSerializer
from .utils import verify_token_with_auth_server  # ✅ 추가


class PostListView(generics.ListAPIView):
    queryset = Post.objects.all().order_by('-created_at')
    serializer_class = PostSerializer
    # permission_classes = [permissions.IsAuthenticated]
    permission_classes = [permissions.AllowAny]
    
class PostListCreateView(generics.ListCreateAPIView):
    queryset = Post.objects.all().order_by('-created_at')
    serializer_class = PostSerializer
    permission_classes = [permissions.IsAuthenticated]

    def perform_create(self, serializer):
        # ✅ 토큰 추출 및 유효성 2차 검증
        token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
        verify_token_with_auth_server(token)

        serializer.save(author_name=self.request.user.username)