From 54dde69bb380c17f426709e66f09024ac572f306 Mon Sep 17 00:00:00 2001
From: deadbeef <plop@plop.plop>
Date: Tue, 30 Mar 2021 16:32:51 +0200
Subject: [PATCH] Add json web token authentication check

---
 webpush/urls.py  |  1 +
 webpush/views.py | 44 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/webpush/urls.py b/webpush/urls.py
index 7effcb3..1f391b4 100644
--- a/webpush/urls.py
+++ b/webpush/urls.py
@@ -17,6 +17,7 @@
          ),
          name='javascript-catalog'),
     path('save_information', views.save_info, name='save_webpush_info'),
+    path('jwt/save_information', views.jwt_save_info, name='jwt_save_webpush_info'),
     # Service worker need to be loaded from same domain
     path('service-worker.js', views.ServiceWorkerView.as_view(), name='service_worker')
 ]
diff --git a/webpush/views.py b/webpush/views.py
index 9a0d096..264eb11 100644
--- a/webpush/views.py
+++ b/webpush/views.py
@@ -4,6 +4,9 @@
 from django.views.decorators.http import require_POST, require_GET
 from django.views.generic import TemplateView
 
+from rest_framework.decorators import api_view, permission_classes
+from rest_framework.permissions import IsAuthenticated
+
 from .forms import WebPushForm, SubscriptionForm
 
 
@@ -48,6 +51,47 @@ def save_info(request):
     return HttpResponse(status=400)
 
 
+@api_view(['POST'])
+@permission_classes((IsAuthenticated, ))
+@csrf_exempt
+def jwt_save_info(request):
+    # Parse the  json object from post data. return 400 if the json encoding is wrong
+    try:
+        post_data = json.loads(request.body.decode('utf-8'))
+    except ValueError:
+        return HttpResponse(status=400)
+
+    # Process the subscription data to mach with the model
+    subscription_data = process_subscription_data(post_data)
+    subscription_form = SubscriptionForm(subscription_data)
+    # pass the data through WebPushForm for validation purpose
+    web_push_form = WebPushForm(post_data)
+
+    
+    # Get the cleaned data in order to get status_type and group_name
+    web_push_data = web_push_form.cleaned_data
+    status_type = web_push_data.pop("status_type")
+    group_name = web_push_data.pop("group")
+
+    # We at least need the user or group to subscribe for a notification
+    if request.user.is_authenticated or group_name:
+        # Save the subscription info with subscription data
+        # as the subscription data is a dictionary and its valid
+        subscription = subscription_form.get_or_save()
+        web_push_form.save_or_delete(
+            subscription=subscription, user=request.user,
+            status_type=status_type, group_name=group_name)
+
+        # If subscribe is made, means object is created. So return 201
+        if status_type == 'subscribe':
+            return HttpResponse(status=201)
+        # Unsubscribe is made, means object is deleted. So return 202
+        elif "unsubscribe":
+            return HttpResponse(status=202)
+
+    return HttpResponse(status=400)
+
+
 def process_subscription_data(post_data):
     """Process the subscription data according to out model"""
     subscription_data = post_data.pop("subscription", {})