26 lines
941 B
Python
26 lines
941 B
Python
# blog/views.py
|
|
|
|
from rest_framework import generics, permissions
|
|
from .models import Post
|
|
from .serializers import PostSerializer
|
|
from .utils import verify_token_with_auth_server # ✅ 추가
|
|
|
|
|
|
class PostListView(generics.ListAPIView):
|
|
queryset = Post.objects.all().order_by('-created_at')
|
|
serializer_class = PostSerializer
|
|
# permission_classes = [permissions.IsAuthenticated]
|
|
permission_classes = [permissions.AllowAny]
|
|
|
|
class PostListCreateView(generics.ListCreateAPIView):
|
|
queryset = Post.objects.all().order_by('-created_at')
|
|
serializer_class = PostSerializer
|
|
permission_classes = [permissions.IsAuthenticated]
|
|
|
|
def perform_create(self, serializer):
|
|
# ✅ 토큰 추출 및 유효성 2차 검증
|
|
token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
|
|
verify_token_with_auth_server(token)
|
|
|
|
serializer.save(author_name=self.request.user.username)
|