auth/views.py

import secrets

from django.conf import settings
from django.core.cache import cache
from django.core.signing import TimestampSigner
from rest_framework import status
from rest_framework.response import Response
from rest_framework.views import APIView

from .serializers import RequestOTPSerializer, VerifyOTPSerializer


OTP_TTL_SECONDS = 300
OTP_SIGNER = TimestampSigner(salt="auth.otp")


def _auth_user_to_data(user):
    """Build AuthUser-shaped dict from Django User (or mock)."""
    # if user is None or not getattr(user, "pk", None):
    #     return None
    # return {
    #     "id": user.id,
    #     "username": getattr(user, "username", "") or "",
    #     "email": getattr(user, "email", "") or "",
    #     "first_name": getattr(user, "first_name", "") or "",
    #     "last_name": getattr(user, "last_name", "") or "",
    #     "phone_number": getattr(user, "phone_number", "") or "",
    # }
    return {
        "id": 1,
        "username": "testuser",
        "email": "testuser@example.com",
        "first_name": "Test",
        "last_name": "User",
        "phone_number": "09123456789",
    }


class AuthenticationView(APIView):
    """
    Single view for auth flows: request-otp and verify-otp.
    Dispatches by path: .../request-otp/ -> request_otp, .../verify-otp/ -> verify_otp.
    Response format: RequestOTPResponse / VerifyOTPResponse (code, msg, token, data when applicable).
    """

    def post(self, request):
        if "verify-otp" in request.path:
            return self._verify_otp(request)
        return self._request_otp(request)

    def _request_otp(self, request):
        serializer = RequestOTPSerializer(data=request.data)
        serializer.is_valid(raise_exception=True)

        phone_number = serializer.validated_data["phone_number"].strip()
        otp_code = f"{secrets.randbelow(1_000_000):06d}"

        cache.set(f"otp_code:{phone_number}", otp_code, timeout=OTP_TTL_SECONDS)
        otp_token = OTP_SIGNER.sign(phone_number)

        payload = {"code": 200, "msg": "success", "token": otp_token}
        if settings.DEBUG:
            payload["debug_note"] = "OTP code is returned only when DEBUG=1."

        return Response(payload, status=status.HTTP_200_OK)

    def _verify_otp(self, request):
        serializer = VerifyOTPSerializer(data=request.data)
        serializer.is_valid(raise_exception=True)

        # TODO: validate token + otp_code, load or create user, issue JWT/session token
        auth_token = "1234567890"
        user_data = _auth_user_to_data(getattr(request, "user", None))
        if user_data is None:
            user_data = {
                "id": 0,
                "username": "",
                "email": "",
                "first_name": "",
                "last_name": "",
                "phone_number": "",
            }

        return Response(
            {
                "code": 200,
                "msg": "success",
                "data": user_data,
                "token": auth_token,
            },
            status=status.HTTP_200_OK,
        )
First commit 2026-02-19 01:19:22 +03:30			`import secrets`

			`from django.conf import settings`
			`from django.core.cache import cache`
			`from django.core.signing import TimestampSigner`
			`from rest_framework import status`
			`from rest_framework.response import Response`
			`from rest_framework.views import APIView`

			`from .serializers import RequestOTPSerializer, VerifyOTPSerializer`


			`OTP_TTL_SECONDS = 300`
			`OTP_SIGNER = TimestampSigner(salt="auth.otp")`


			`def _auth_user_to_data(user):`
			`"""Build AuthUser-shaped dict from Django User (or mock)."""`
			`# if user is None or not getattr(user, "pk", None):`
			`# return None`
			`# return {`
			`# "id": user.id,`
			`# "username": getattr(user, "username", "") or "",`
			`# "email": getattr(user, "email", "") or "",`
			`# "first_name": getattr(user, "first_name", "") or "",`
			`# "last_name": getattr(user, "last_name", "") or "",`
			`# "phone_number": getattr(user, "phone_number", "") or "",`
			`# }`
			`return {`
			`"id": 1,`
			`"username": "testuser",`
			`"email": "testuser@example.com",`
			`"first_name": "Test",`
			`"last_name": "User",`
			`"phone_number": "09123456789",`
			`}`


			`class AuthenticationView(APIView):`
			`"""`
			`Single view for auth flows: request-otp and verify-otp.`
			`Dispatches by path: .../request-otp/ -> request_otp, .../verify-otp/ -> verify_otp.`
			`Response format: RequestOTPResponse / VerifyOTPResponse (code, msg, token, data when applicable).`
			`"""`

			`def post(self, request):`
			`if "verify-otp" in request.path:`
			`return self._verify_otp(request)`
			`return self._request_otp(request)`

			`def _request_otp(self, request):`
			`serializer = RequestOTPSerializer(data=request.data)`
			`serializer.is_valid(raise_exception=True)`

			`phone_number = serializer.validated_data["phone_number"].strip()`
			`otp_code = f"{secrets.randbelow(1_000_000):06d}"`

			`cache.set(f"otp_code:{phone_number}", otp_code, timeout=OTP_TTL_SECONDS)`
			`otp_token = OTP_SIGNER.sign(phone_number)`

			`payload = {"code": 200, "msg": "success", "token": otp_token}`
			`if settings.DEBUG:`
			`payload["debug_note"] = "OTP code is returned only when DEBUG=1."`

			`return Response(payload, status=status.HTTP_200_OK)`

			`def _verify_otp(self, request):`
			`serializer = VerifyOTPSerializer(data=request.data)`
			`serializer.is_valid(raise_exception=True)`

			`# TODO: validate token + otp_code, load or create user, issue JWT/session token`
			`auth_token = "1234567890"`
			`user_data = _auth_user_to_data(getattr(request, "user", None))`
			`if user_data is None:`
			`user_data = {`
			`"id": 0,`
			`"username": "",`
			`"email": "",`
			`"first_name": "",`
			`"last_name": "",`
			`"phone_number": "",`
			`}`

			`return Response(`
			`{`
			`"code": 200,`
			`"msg": "success",`
			`"data": user_data,`
			`"token": auth_token,`
			`},`
			`status=status.HTTP_200_OK,`
			`)`