add token based authentication, allowing only web club members to wri…

…te blogs

src/_services/blogApi.js

@@ -93,6 +93,11 @@ class BlogApi {
     res = await res.json()
     return res;
   }
+  // make a post request to the server to see if the user is authenticated to write blogs
+  async check_authentication(user) {
+    let res = await axios.post(urlApi.backendDomain()+'/isAuthenticated/', user)
+    return res
+  }
 }
 
 var instance = new BlogApi();

src/components/Blogs/blogsHome.js

@@ -76,14 +76,33 @@ class Blogs extends React.Component {
             console.log(this.state.allBlogs)
         })
 
+    }
+    async authenticated(user, response){
+        try{
+            let res = await BlogApi.check_authentication(user);
+            // if authenticated then send to the editor to write blogs
+            window.location.href = urlApi.webDomain()+'/new#/editor?userName=' + response.profileObj.name + '&userEmail=' + response.profileObj.email;
+        }
+        catch (e){
+            // if not authenticated then don't sent to the editor
+            console.log(e)
+            console.log("error has been detected")
+            console.error(e);
+        }
 
     }
     responseGoogle = (response) => {
-        console.log(response)
-        console.log(response.profileObj)
-        console.log(response.profileObj.name)
-        console.log(response.profileObj.email)
-        window.location.href = urlApi.webDomain()+'/new#/editor?userName=' + response.profileObj.name + '&userEmail=' + response.profileObj.email;
+
+        // store the token obtained from google authentication server for the authenticating to web club server
+        localStorage.setItem("token",response.profileObj.googleId)
+        let user = {
+            "email" : response.profileObj.email,
+            "token" : response.profileObj.googleId,
+            "name" : response.profileObj.name,
+            "profilePic" : response.profileObj.imageUrl
+        }
+        // check if user is authenticated to write blogs
+        this.authenticated(user,response)
 
     }
     handlePageClick = (k) => {

webclubBackend/blogs/admin.py

@@ -1,6 +1,8 @@
 from django.contrib import admin
-from .models import blogs,tag,taginblog
+from .models import blogs,tag,taginblog,writerDetails,webClubMembers
 # Register your models here.
 admin.site.register(blogs)
 admin.site.register(tag)
 admin.site.register(taginblog)
+admin.site.register(writerDetails)
+admin.site.register(webClubMembers)

webclubBackend/blogs/models.py

@@ -1,6 +1,19 @@
 from django.db import models
 
 # Create your models here.
+
+# stores the data of users who are authorized to write blogs (only web club members are allowed to write blogs)
+class writerDetails(models.Model):
+    token = models.CharField(max_length = 100)
+    name = models.CharField(max_length = 100)
+    email = models.CharField(max_length = 100)
+    profilePic =  models.CharField(max_length = 100)
+
+class webClubMembers(models.Model):
+    name = models.CharField(max_length = 100)
+    email = models.CharField(max_length = 100)
+
+
 class blogs(models.Model):
     heading = models.CharField(max_length=500)
     sample_text = models.CharField(max_length=500,default="none")

webclubBackend/blogs/serializers.py

@@ -0,0 +1,7 @@
+from rest_framework import serializers
+from blogs.models import writerDetails
+
+class writerDetailSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = writerDetails
+        fields = '__all__'

webclubBackend/blogs/urls.py

@@ -6,5 +6,6 @@
     path('searchBlogWithTag',views.searchBlogWithTag),
     path('getblogs',views.loadBlogs),
     path('getblogs/<id>',views.loadBlog),
-    path('addblog',views.postBlog)
+    path('addblog',views.postBlog),
+    path('isAuthenticated/',views.userDetails.as_view())
 ]

webclubBackend/blogs/views.py

@@ -1,12 +1,45 @@
 from django.shortcuts import render
-from .models import blogs,tag,taginblog
+from .models import blogs,tag,taginblog, webClubMembers,  writerDetails
+from .serializers import writerDetailSerializer
 from django.db import IntegrityError
 from django.http import JsonResponse
 from django.http import HttpResponseRedirect,HttpResponse
+
+# import rest framework
+from rest_framework.views import APIView
+from rest_framework.response import Response
+from rest_framework import status
+
 import json
 import datetime
 import ast
-# Create your views here.
+
+
+# Handles authentication
+# authentication mechanism is not entirely correct and secure, needs modification (token has the digital signature and the information but the system is yet not checking it, and hence any random token is allowed on the system as of now)
+class userDetails(APIView):
+
+    def post(self, request, format=None):
+        json_data = json.loads(str(request.body, encoding='utf-8'))
+
+        user_email = json_data["email"]
+        user_token = json_data["token"]
+
+        obj = webClubMembers.objects.filter(email = user_email)
+        # if valid web club member
+        if len(obj)>0:
+            # entering system for the first time
+            writer = writerDetails.objects.filter(token = user_token)
+            if(len(writer) <= 0):
+                # save the details in writerDetails table
+                serializer = writerDetailSerializer(data=json_data)
+                if serializer.is_valid():
+                    serializer.save()
+
+            return Response(status=status.HTTP_201_CREATED)
+
+        return Response("not authorized web club member ", status=status.HTTP_401_UNAUTHORIZED)
+
 def homepage(request):
 
     return HttpResponse('<h1>bharat singh</h1>')
@@ -83,4 +116,5 @@ def postBlog(request):
 
 
     print(temp['heading'])
-    return HttpResponse('Success')
+    return HttpResponse('Success')
+

webclubBackend/webclubBackend/settings.py

@@ -80,7 +80,7 @@
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': BASE_DIR / 'db.sqlite3',
+        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
     }
 }