개인 기록을 위한 내용으로 정리 없이 작성하였음.
KONG
curl -i -X POST http://localhost:8001/consumers \
--data "username=msa-user"
curl -i -X POST http://192.168.0.88:8001/consumers/msa-user/jwt \
--data "key=msa-user" \
--data 'secret=django-insecure-*kh6e0376o-0m5n*xz^2a2t^fa^77c1=))f$3egn7!w7axaj-l'
curl -i -X POST http://192.168.0.88:8001/services/demo-blog/plugins \
--data "name=jwt"Django-Auth-Project
django-auth/users/serializers.py
token[“iss”] = “msa-user” 이 내용 추가 필요.
from rest_framework import serializers
from .models import CustomUser
from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
class RegisterSerializer(serializers.ModelSerializer):
password = serializers.CharField(write_only=True)
class Meta:
model = CustomUser
fields = ('email', 'name', 'password', 'grade')
def create(self, validated_data):
password = validated_data.pop('password')
user = CustomUser(**validated_data)
user.set_password(password)
user.save()
return user
class CustomTokenObtainPairSerializer(TokenObtainPairSerializer):
@classmethod
def get_token(cls, user):
token = super().get_token(user)
# ✅ JWT payload에 커스텀 정보 추가
token["name"] = user.name
token["grade"] = user.grade
token["email"] = user.email # 선택적으로 추가 가능
# ✅ Kong JWT 플러그인용 issuer 정보 추가
token["iss"] = "msa-user"
return tokenDjango-Blog-Project
django-blog/blog/views.py
from rest_framework import generics, permissions
from rest_framework.exceptions import PermissionDenied
from .models import Post
from .serializers import PostSerializer
#from .utils import verify_token_with_auth_server
import logging # 2025-04-29
logger = logging.getLogger(__name__) # 2025-04-29
class PostListView(generics.ListAPIView):
queryset = Post.objects.all().order_by('-created_at')
serializer_class = PostSerializer
permission_classes = [permissions.AllowAny]
class PostListCreateView(generics.ListCreateAPIView):
queryset = Post.objects.all().order_by('-created_at')
serializer_class = PostSerializer
permission_classes = [permissions.IsAuthenticated]
def perform_create(self, serializer):
# token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
# verify_token_with_auth_server(token)
# verify_result = verify_token_with_auth_server(token)
# 2025-04-14 로그 등록 (콘솔+FluentBit용)
# if verify_result == None:
# logger.info(f"Token verified")
# else:
# logger.info(f"Token error")
serializer.save(author_name=self.request.user.username)
post_title=serializer.save(author_name=self.request.user.username)
logger.info(f"Post titled '{post_title}' has been created.")
# ✅ 조회, 수정, 삭제 전부 처리
class PostDetailView(generics.RetrieveUpdateDestroyAPIView):
queryset = Post.objects.all()
serializer_class = PostSerializer
def get_permissions(self):
if self.request.method in ["PUT", "PATCH", "DELETE"]:
return [permissions.IsAuthenticated()]
return [permissions.AllowAny()]
def perform_update(self, serializer):
# token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
# verify_token_with_auth_server(token)
if serializer.instance.author_name != self.request.user.username:
raise PermissionDenied("작성자만 수정할 수 있습니다.")
serializer.save()
post_title=serializer.save(author_name=self.request.user.username)
logger.info(f"Post titled '{post_title}' has been updated.")
def perform_destroy(self, instance):
# token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
# verify_token_with_auth_server(token)
if instance.author_name != self.request.user.username:
raise PermissionDenied("작성자만 삭제할 수 있습니다.")
instance.delete()
logger.info(f"Post titled '{instance}' has been deleted.")