I have successfully send a post request to deployed(in Heroku) Django rest API from react axios but the data is not saved in my database. I use MongoDB(Djongo) as a databse. Let me show you the code I have used.
settings.py
"""
Django settings for CyberMinds project.
Generated by 'django-admin startproject' using Django 3.2.5.
For more information on this file, see
https://docs.djangoproject.com/en/3.2/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/3.2/ref/settings/
"""
from pathlib import Path
import django_heroku
# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
ALLOWED_HOSTS = []
# Application definition
INSTALLED_APPS = [
"django.contrib.admin",
"django.contrib.auth",
"django.contrib.contenttypes",
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
"rest_framework",
"rest_framework.authtoken",
"corsheaders",
"accounts",
"threat_catalog_models",
'django_rest_passwordreset',
"threat_catalog",
# "risk_model",
"risk_model",
"business_process",
]
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"corsheaders.middleware.CorsMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
]
ROOT_URLCONF = "config.urls"
TEMPLATES = [
{
"BACKEND": "django.template.backends.django.DjangoTemplates",
"DIRS": [],
"APP_DIRS": True,
"OPTIONS": {
"context_processors": [
"django.template.context_processors.debug",
"django.template.context_processors.request",
"django.contrib.auth.context_processors.auth",
"django.contrib.messages.context_processors.messages",
],
},
},
]
WSGI_APPLICATION = "config.wsgi.application"
# Database
# https://docs.djangoproject.com/en/3.2/ref/settings/#databases
DATABASES = {
"default": {
"ENGINE": "djongo",
"NAME": "cyberminds",
}
}
# Password validation
# https://docs.djangoproject.com/en/3.2/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
{
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
},
{
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
},
{
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
},
{
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
},
]
# Internationalization
# https://docs.djangoproject.com/en/3.2/topics/i18n/
LANGUAGE_CODE = "en-us"
TIME_ZONE = "UTC"
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/3.2/howto/static-files/
STATIC_URL = "/static/"
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": [
"rest_framework.authentication.TokenAuthentication",
],
}
AUTH_USER_MODEL = "accounts.Account"
CORS_ORIGIN_ALLOW_ALL = True
ADMIN_SITE_HEADER = "CYBERMINDS Administration"
CORS_ALLOW_HEADERS = [
"accept",
"accept-encoding",
"authorization",
"content-type",
"dnt",
"origin",
"user-agent",
"x-csrftoken",
"x-requested-with",
]
# Default primary key field type
# https://docs.djangoproject.com/en/3.2/ref/settings/#default-auto-field
DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
],
# 'DEFAULT_PERMISSION_CLASSES': [
# 'rest_framework.permissions.IsAuthenticated',
# ],
# 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
# 'DEFAULT_FILTER_BACKENDS': ('django_filters.rest_framework.DjangoFilterBackend',),
# 'PAGE_SIZE': 10,
}
APPEND_SLASH = True
django_heroku.settings(locals())
serializers.py
class ExcelUploaderWithClient(serializers.Serializer):
file = serializers.FileField()
client = serializers.IntegerField()
business_process = serializers.IntegerField()
views.py
class UploadBusinessImpactExcelBySuperUSer(APIView, ExcelHandlingView):
permission_classes = (
IsAuthenticated,
permissions.IsCybermindAdmin,
)
def post(self, request):
self.can_model_handle_ExcelHandlingView(models.BusinessImpact)
serializer = serializers.ExcelUploaderWithClient(
data=request.data)
if serializer.is_valid():
data = serializer.validated_data
file = data.get("file")
client = data.get("client")
business_process_id = data.get("business_process")
try:
business_process = get_business_process_by_client(
client, business_process_id
)
except (
models.BusinessProcess.DoesNotExist,
accountModels.Client.DoesNotExist,
) as e:
return Response(
"business process or client does not exist",
status=status.HTTP_404_NOT_FOUND,
)
if (
file.content_type
== "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
):
# self.delete_every_recore_on_that_model(models.BusinessImpact)
self.delete_every_record_that_match_criteria(
models.BusinessImpact,
{"client": client, "business_process": business_process},
)
excel_file = pd.read_excel(file)
data = pd.DataFrame(
excel_file,
columns=self.get_excel_fields(
models.BusinessImpact.excel_titles),
)
for _, row in data.iterrows():
self.create_model_object(
models.BusinessImpact,
row,
{"client": client, "business_process": business_process.id},
)
return Response("Successfully Loaded data from excel.")
else:
return Response(
{"file": ["File type must be excel with .xlxs extension."]},
status=status.HTTP_400_BAD_REQUEST,
)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
I used React Axios for post request and here is the code
const handleUploadFile = (e) => {
let myfile = file;
let formData = new FormData();
formData.append("file", myfile);
formData.append("client", company_name);
formData.append("business_process", business);
http({
url: "https://cyberminds-backend.herokuapp.com/api/business_process/upload-business-impact-excel-by-superuser",
method: "POST",
mode: "cors",
data: formData,
headers: { "Content-Type": "multipart/form-data" },
}).then(
(response) => {
alert("File uploaded Sesscessfullyyyyy");
},
(err) => {
console.log(err);
}
);
};
Here is the request from chrome dev tools.
How can I actually save the post data into my database?
Thanks
the reason u are uploading files and not saving, is because u did not setup staticfiles in your settings. Add these in your settings underneath static url:
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
STATICFILES_DIRS = [
os.path.join(BASE_DIR, 'staticfiles/static/')
]
and the run python manage.py collectstatics on your server
i have a django rest api with jwt auth , and i have my front end with react js , i have my login function set up like this :
class SessionApi {
static login(data) {
const endpoint = 'http://foody-dev-dev.eu-west-
3.elasticbeanstalk.com/api/auth/jwt/'
const csrfToken = cookie.load('csrftoken')
let lookupOptions = {
method: "POST",
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken,
},
body: JSON.stringify(data),
}
return fetch(endpoint, lookupOptions).then(response => {
return response.json();
}).catch(error => {
return error;
});
}
}
and i have my load Meals function set up like this :
loadProducts(){
const endpoint = 'http://foody-dev-dev.eu-west-3.elasticbeanstalk.com/api/meals/'
const csrfToken = cookie.load('csrftoken')
let thisComp = this
let token = sessionStorage.token
let lookupOptions = {
method: "GET",
headers: {
'Content-Type': 'application/json',
'AUTHORIZATION': `Bearer ${sessionStorage.token}`,
'X-CSRFToken': csrfToken
},
}
fetch(endpoint, lookupOptions)
.then(function(response){
return response.json()
}).then(function(responseData){
console.log(responseData)
thisComp.setState({
products: responseData
})
console.log("Token Stored in meal", token)
}).catch(function(error){
console.log("error", error)
})
}
i succes to login and to get my token but when i try to go to my Products view in react js and run the load meals function i get this error :
Exception Type: TypeError at /api/meals/
Exception Value: int() argument must be a string, a bytes-like object or
a number, not 'AnonymousUser'
Request information:
USER: AnonymousUser
GET: No GET data
POST: No POST data
FILES: No FILES data
COOKIES: No cookie data
META:
CONTENT_TYPE = 'application/json'
CONTEXT_DOCUMENT_ROOT = '/var/www/html'
CONTEXT_PREFIX = ''
DOCUMENT_ROOT = '/var/www/html'
GATEWAY_INTERFACE = 'CGI/1.1'
HTTP_ACCEPT = '*/*'
HTTP_ACCEPT_ENCODING = 'gzip, deflate'
HTTP_ACCEPT_LANGUAGE = 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7'
HTTP_CONNECTION = 'keep-alive'
HTTP_HOST = 'foody-dev-dev.eu-west-3.elasticbeanstalk.com'
HTTP_ORIGIN = 'http://foody-react.s3-website.eu-west-3.amazonaws.com'
HTTP_REFERER = 'http://foody-react.s3-website.eu-west-3.amazonaws.com/'
HTTP_USER_AGENT = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36'
HTTP_X_CSRFTOKEN = 'undefined'
HTTP_X_FORWARDED_FOR = '141.226.122.202'
HTTP_X_FORWARDED_PORT = '80'
HTTP_X_FORWARDED_PROTO = 'http'
PATH_INFO = '/api/meals/'
PATH_TRANSLATED = '/opt/python/current/app/api/wsgi.py/api/meals/'
QUERY_STRING = ''
REMOTE_ADDR = '172.31.16.55'
REMOTE_PORT = '25104'
REQUEST_METHOD = 'GET'
REQUEST_SCHEME = 'http'
REQUEST_URI = '/api/meals/'
SCRIPT_FILENAME = '/opt/python/current/app/api/wsgi.py'
SCRIPT_NAME = ''
SERVER_ADDR = '172.31.36.251'
SERVER_ADMIN = 'root#localhost'
SERVER_NAME = 'foody-dev-dev.eu-west-3.elasticbeanstalk.com'
SERVER_PORT = '80'
SERVER_PROTOCOL = 'HTTP/1.1'
SERVER_SIGNATURE = ''
SERVER_SOFTWARE = 'Apache/2.4.33 (Amazon) mod_wsgi/3.5 Python/3.6.5'
mod_wsgi.application_group = 'ip-172-31-36-251.eu-west-3.compute.internal|'
mod_wsgi.callable_object = 'application'
mod_wsgi.enable_sendfile = '0'
mod_wsgi.handler_script = ''
mod_wsgi.input_chunked = '0'
mod_wsgi.listener_host = ''
mod_wsgi.listener_port = '80'
mod_wsgi.process_group = 'wsgi'
mod_wsgi.queue_start = '1530048823861583'
mod_wsgi.request_handler = 'wsgi-script'
mod_wsgi.script_reloading = '1'
mod_wsgi.version = '(3, 5)'
wsgi.errors = <_io.TextIOWrapper encoding='utf-8'>
wsgi.file_wrapper = ''
wsgi.input = <mod_wsgi.Input object at 0x7fc68ffcc030>
wsgi.multiprocess = True
wsgi.multithread = True
wsgi.run_once = False
wsgi.url_scheme = 'http'
wsgi.version = '(1, 0)'
Settings:
Using settings module api.settings
ABSOLUTE_URL_OVERRIDES = {}
ADMINS = []
ADMIN_MEDIA_PREFIX = '//foody-dev.s3.amazonaws.com/static/admin/'
ALLOWED_HOSTS = ['127.0.0.1', 'foody-delivery.herokuapp.com', '.herokuapp.com', 'www.velty.fr', 'www.velty.fr.herokudns.com', 'foody-dev-dev.eu-west-3.elasticbeanstalk.com']
APPEND_SLASH = True
AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend']
AUTH_PASSWORD_VALIDATORS = '********************'
AUTH_USER_MODEL = 'auth.User'
AWS_ACCESS_KEY_ID = '********************'
AWS_FILE_EXPIRE = 200
AWS_HEADERS = {'Expires': 'Sunday, 26 August 2018 20:00:00 GMT', 'Cache-Control': 'max-age=5270400'}
AWS_PRELOAD_METADATA = True
AWS_QUERYSTRING_AUTH = False
AWS_SECRET_ACCESS_KEY = '********************'
AWS_STORAGE_BUCKET_NAME = 'foody-dev'
BASE_DIR = '/opt/python/current/app'
CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}
CACHE_MIDDLEWARE_ALIAS = 'default'
CACHE_MIDDLEWARE_KEY_PREFIX = '********************'
CACHE_MIDDLEWARE_SECONDS = 600
CORS_ORIGIN_ALLOW_ALL = True
CORS_ORIGIN_ALLOW_HEADERS = "('Content-Type', 'Access-Control-Allow-Headers', 'Authorization', 'AUTHORIZATION', 'X-Requested-With', 'credentials')"
CORS_ORIGIN_WHITELIST = "('*', 'your-domain.com', 'your-bucket-here.s3-us-west-2.amazonaws.com', 'foody-dev-dev.eu-west-3.elasticbeanstalk.com')"
CORS_URLS_REGEX = '^/api.*'
CSRF_COOKIE_AGE = 31449600
CSRF_COOKIE_DOMAIN = None
CSRF_COOKIE_HTTPONLY = False
CSRF_COOKIE_NAME = 'csrftoken'
CSRF_COOKIE_PATH = '/'
CSRF_COOKIE_SECURE = False
CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure'
CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'
CSRF_TRUSTED_ORIGINS = []
CSRF_USE_SESSIONS = False
DATABASES = {'default': {'ENGINE': 'django.db.backends.sqlite3', 'NAME': '/opt/python/current/app/db.sqlite3', 'CONN_MAX_AGE': 500, 'ATOMIC_REQUESTS': False, 'AUTOCOMMIT': True, 'OPTIONS': {}, 'TIME_ZONE': None, 'USER': '', 'PASSWORD': '********************', 'HOST': '', 'PORT': '', 'TEST': {'CHARSET': None, 'COLLATION': None, 'NAME': None, 'MIRROR': None}}}
DATABASE_ROUTERS = []
DATA_UPLOAD_MAX_MEMORY_SIZE = 2621440
DATA_UPLOAD_MAX_NUMBER_FIELDS = 1000
DATETIME_FORMAT = 'N j, Y, P'
DATETIME_INPUT_FORMATS = ['%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M:%S.%f', '%Y-%m-%d %H:%M', '%Y-%m-%d', '%m/%d/%Y %H:%M:%S', '%m/%d/%Y %H:%M:%S.%f', '%m/%d/%Y %H:%M', '%m/%d/%Y', '%m/%d/%y %H:%M:%S', '%m/%d/%y %H:%M:%S.%f', '%m/%d/%y %H:%M', '%m/%d/%y']
DATE_FORMAT = 'N j, Y'
DATE_INPUT_FORMATS = ['%Y-%m-%d', '%m/%d/%Y', '%m/%d/%y', '%b %d %Y', '%b %d, %Y', '%d %b %Y', '%d %b, %Y', '%B %d %Y', '%B %d, %Y', '%d %B %Y', '%d %B, %Y']
DEBUG = True
DEBUG_PROPAGATE_EXCEPTIONS = False
DECIMAL_SEPARATOR = '.'
DEFAULT_CHARSET = 'utf-8'
DEFAULT_CONTENT_TYPE = 'text/html'
DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter'
DEFAULT_FILE_STORAGE = 'api.aws.utils.MediaRootS3BotoStorage'
DEFAULT_FROM_EMAIL = 'webmaster#localhost'
DEFAULT_INDEX_TABLESPACE = ''
DEFAULT_TABLESPACE = ''
DISALLOWED_USER_AGENTS = []
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'localhost'
EMAIL_HOST_PASSWORD = '********************'
EMAIL_HOST_USER = ''
EMAIL_PORT = 25
EMAIL_SSL_CERTFILE = None
EMAIL_SSL_KEYFILE = '********************'
EMAIL_SUBJECT_PREFIX = '[Django] '
EMAIL_TIMEOUT = None
EMAIL_USE_LOCALTIME = False
EMAIL_USE_SSL = False
EMAIL_USE_TLS = False
FILE_CHARSET = 'utf-8'
FILE_UPLOAD_DIRECTORY_PERMISSIONS = None
FILE_UPLOAD_HANDLERS = ['django.core.files.uploadhandler.MemoryFileUploadHandler', 'django.core.files.uploadhandler.TemporaryFileUploadHandler']
FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440
FILE_UPLOAD_PERMISSIONS = None
FILE_UPLOAD_TEMP_DIR = None
FIRST_DAY_OF_WEEK = 0
FIXTURE_DIRS = []
FORCE_SCRIPT_NAME = None
FORMAT_MODULE_PATH = None
FORM_RENDERER = 'django.forms.renderers.DjangoTemplates'
IGNORABLE_404_URLS = []
INSTALLED_APPS = ['django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'storages', 'corsheaders', 'rest_framework', 'rest_auth', 'foody']
INTERNAL_IPS = []
JWT_AUTH = {'JWT_ENCODE_HANDLER': 'rest_framework_jwt.utils.jwt_encode_handler', 'JWT_DECODE_HANDLER': 'rest_framework_jwt.utils.jwt_decode_handler', 'JWT_PAYLOAD_HANDLER': 'rest_framework_jwt.utils.jwt_payload_handler', 'JWT_PAYLOAD_GET_USER_ID_HANDLER': 'rest_framework_jwt.utils.jwt_get_user_id_from_payload_handler', 'JWT_RESPONSE_PAYLOAD_HANDLER': 'api.utils.jwt_response_payload_handler', 'JWT_ALLOW_REFRESH': True, 'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(7), 'JWT_AUTH_HEADER_PREFIX': 'JWT', 'JWT_AUTH_COOKIE': None}
LANGUAGES = [('af', 'Afrikaans'), ('ar', 'Arabic'), ('ast', 'Asturian'), ('az', 'Azerbaijani'), ('bg', 'Bulgarian'), ('be', 'Belarusian'), ('bn', 'Bengali'), ('br', 'Breton'), ('bs', 'Bosnian'), ('ca', 'Catalan'), ('cs', 'Czech'), ('cy', 'Welsh'), ('da', 'Danish'), ('de', 'German'), ('dsb', 'Lower Sorbian'), ('el', 'Greek'), ('en', 'English'), ('en-au', 'Australian English'), ('en-gb', 'British English'), ('eo', 'Esperanto'), ('es', 'Spanish'), ('es-ar', 'Argentinian Spanish'), ('es-co', 'Colombian Spanish'), ('es-mx', 'Mexican Spanish'), ('es-ni', 'Nicaraguan Spanish'), ('es-ve', 'Venezuelan Spanish'), ('et', 'Estonian'), ('eu', 'Basque'), ('fa', 'Persian'), ('fi', 'Finnish'), ('fr', 'French'), ('fy', 'Frisian'), ('ga', 'Irish'), ('gd', 'Scottish Gaelic'), ('gl', 'Galician'), ('he', 'Hebrew'), ('hi', 'Hindi'), ('hr', 'Croatian'), ('hsb', 'Upper Sorbian'), ('hu', 'Hungarian'), ('ia', 'Interlingua'), ('id', 'Indonesian'), ('io', 'Ido'), ('is', 'Icelandic'), ('it', 'Italian'), ('ja', 'Japanese'), ('ka', 'Georgian'), ('kab', 'Kabyle'), ('kk', 'Kazakh'), ('km', 'Khmer'), ('kn', 'Kannada'), ('ko', 'Korean'), ('lb', 'Luxembourgish'), ('lt', 'Lithuanian'), ('lv', 'Latvian'), ('mk', 'Macedonian'), ('ml', 'Malayalam'), ('mn', 'Mongolian'), ('mr', 'Marathi'), ('my', 'Burmese'), ('nb', 'Norwegian Bokmål'), ('ne', 'Nepali'), ('nl', 'Dutch'), ('nn', 'Norwegian Nynorsk'), ('os', 'Ossetic'), ('pa', 'Punjabi'), ('pl', 'Polish'), ('pt', 'Portuguese'), ('pt-br', 'Brazilian Portuguese'), ('ro', 'Romanian'), ('ru', 'Russian'), ('sk', 'Slovak'), ('sl', 'Slovenian'), ('sq', 'Albanian'), ('sr', 'Serbian'), ('sr-latn', 'Serbian Latin'), ('sv', 'Swedish'), ('sw', 'Swahili'), ('ta', 'Tamil'), ('te', 'Telugu'), ('th', 'Thai'), ('tr', 'Turkish'), ('tt', 'Tatar'), ('udm', 'Udmurt'), ('uk', 'Ukrainian'), ('ur', 'Urdu'), ('vi', 'Vietnamese'), ('zh-hans', 'Simplified Chinese'), ('zh-hant', 'Traditional Chinese')]
LANGUAGES_BIDI = ['he', 'ar', 'fa', 'ur']
LANGUAGE_CODE = 'en-us'
LANGUAGE_COOKIE_AGE = None
LANGUAGE_COOKIE_DOMAIN = None
LANGUAGE_COOKIE_NAME = 'django_language'
LANGUAGE_COOKIE_PATH = '/'
LOCALE_PATHS = []
LOGGING = {}
LOGGING_CONFIG = 'logging.config.dictConfig'
LOGIN_REDIRECT_URL = '/accounts/profile/'
LOGIN_URL = '/accounts/login/'
LOGOUT_REDIRECT_URL = None
MANAGERS = []
MEDIA_ROOT = '//foody-dev.s3.amazonaws.com/media/'
MEDIA_URL = '//foody-dev.s3.amazonaws.com/media/'
MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage'
MIDDLEWARE = ['django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware']
MIGRATION_MODULES = {}
MONTH_DAY_FORMAT = 'F j'
NUMBER_GROUPING = 0
PASSWORD_HASHERS = '********************'
PASSWORD_RESET_TIMEOUT_DAYS = '********************'
PREPEND_WWW = False
REST_FRAMEWORK = {'DEFAULT_AUTHENTICATION_CLASSES': ('rest_framework.authentication.SessionAuthentication', 'rest_framework_jwt.authentication.JSONWebTokenAuthentication'), 'DEFAULT_PERMISSION_CLASSES': ()}
ROOT_URLCONF = 'api.urls'
S3DIRECT_REGION = 'us-west-2'
S3_URL = '//foody-dev.s3.amazonaws.com/'
SECRET_KEY = '********************'
SECURE_BROWSER_XSS_FILTER = False
SECURE_CONTENT_TYPE_NOSNIFF = False
SECURE_HSTS_INCLUDE_SUBDOMAINS = False
SECURE_HSTS_PRELOAD = False
SECURE_HSTS_SECONDS = 0
SECURE_PROXY_SSL_HEADER = None
SECURE_REDIRECT_EXEMPT = []
SECURE_SSL_HOST = None
SECURE_SSL_REDIRECT = False
SERVER_EMAIL = 'root#localhost'
SESSION_CACHE_ALIAS = 'default'
SESSION_COOKIE_AGE = 1209600
SESSION_COOKIE_DOMAIN = None
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_NAME = 'sessionid'
SESSION_COOKIE_PATH = '/'
SESSION_COOKIE_SECURE = False
SESSION_ENGINE = 'django.contrib.sessions.backends.db'
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
SESSION_FILE_PATH = None
SESSION_SAVE_EVERY_REQUEST = False
SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer'
SETTINGS_MODULE = 'api.settings'
SHORT_DATETIME_FORMAT = 'm/d/Y P'
SHORT_DATE_FORMAT = 'm/d/Y'
SIGNING_BACKEND = 'django.core.signing.TimestampSigner'
SILENCED_SYSTEM_CHECKS = []
STATICFILES_DIRS = ['/opt/python/current/app/staticfiles']
STATICFILES_FINDERS = ['django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder']
STATICFILES_STORAGE = 'api.aws.utils.StaticRootS3BotoStorage'
STATIC_ROOT = '/opt/python/current/staticfiles/static-cdn-local/../www'
STATIC_URL = '//foody-dev.s3.amazonaws.com/static/'
TEMPLATES = [{'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': {'context_processors': ['django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages']}}]
TEST_NON_SERIALIZED_APPS = []
TEST_RUNNER = 'django.test.runner.DiscoverRunner'
THOUSAND_SEPARATOR = ','
TIME_FORMAT = 'P'
TIME_INPUT_FORMATS = ['%H:%M:%S', '%H:%M:%S.%f', '%H:%M']
TIME_ZONE = 'UTC'
USE_ETAGS = False
USE_I18N = True
USE_L10N = True
USE_THOUSAND_SEPARATOR = False
USE_TZ = True
USE_X_FORWARDED_HOST = False
USE_X_FORWARDED_PORT = False
WSGI_APPLICATION = 'api.wsgi.application'
X_FRAME_OPTIONS = 'SAMEORIGIN'
YEAR_MONTH_FORMAT = 'F Y'
My backend looks like this :
urls.py :
from django.contrib import admin
from django.views.generic import TemplateView
from django.urls import path, include, re_path
from django.conf.urls.static import static
from django.conf import settings
from rest_framework_jwt.views import obtain_jwt_token, refresh_jwt_token
urlpatterns = [
path('admin/', admin.site.urls),
path('api/auth/jwt/', obtain_jwt_token),
path('api/auth/jwt/refresh/', refresh_jwt_token),
path('api/meals/', include('foody.urls'))
]+ static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
settings.py
"""
Django settings for api project.
Generated by 'django-admin startproject' using Django 1.11.8.
For more information on this file, see
https://docs.djangoproject.com/en/1.11/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/1.11/ref/settings/
"""
import os
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.environ.get('SECRET_KEY','qj$in1cz)+2e#kc14q(6#0dx&jjq0wn$77u08!ncdq%-knz0y0')
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
ALLOWED_HOSTS = ['127.0.0.1','foody-delivery.herokuapp.com','.herokuapp.com', 'www.velty.fr','www.velty.fr.herokudns.com','foody-dev-dev.eu-west-3.elasticbeanstalk.com']
# Application definition
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'storages',
'corsheaders',
'rest_framework',
'rest_auth',
'foody',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
ROOT_URLCONF = 'api.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
WSGI_APPLICATION = 'api.wsgi.application'
# Database
# https://docs.djangoproject.com/en/1.11/ref/settings/#databases
AWS_ACCESS_KEY_ID = "AKIAIL3JMMDWLIYBOYMA"
AWS_SECRET_ACCESS_KEY = "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"
if 'RDS_DB_NAME' in os.environ:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': os.environ['RDS_DB_NAME'],
'USER': os.environ['RDS_USERNAME'],
'PASSWORD': os.environ['RDS_PASSWORD'],
'HOST': os.environ['RDS_HOSTNAME'],
'PORT': os.environ['RDS_PORT'],
}
}
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
}
}
# add this
import dj_database_url
db_from_env = dj_database_url.config()
DATABASES['default'].update(db_from_env)
DATABASES['default']['CONN_MAX_AGE'] = 500
# Password validation
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
# Internationalization
# https://docs.djangoproject.com/en/1.11/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.11/howto/static-files/
STATIC_URL = '/static/'
STATICFILES_DIRS = [
os.path.join(BASE_DIR, 'staticfiles'),
]
STATIC_ROOT = os.path.join(os.path.dirname(BASE_DIR), 'staticfiles', 'static-cdn-local','..', 'www')
MEDIA_ROOT = os.path.join((BASE_DIR) ,'staticfiles', 'media-root')
MEDIA_URL = '/media/'
CORS_URLS_REGEX = r'^/api.*'
CORS_ORIGIN_ALLOW_ALL = True
CORS_ORIGIN_ALLOW_HEADERS = (
"Content-Type",
"Access-Control-Allow-Headers",
"Authorization",
"AUTHORIZATION",
"X-Requested-With",
"credentials"
)
CORS_ORIGIN_WHITELIST = (
'*',
'your-domain.com',
'your-bucket-here.s3-us-west-2.amazonaws.com',
'foody-dev-dev.eu-west-3.elasticbeanstalk.com'
)
from api.restconf.main import *
from api.aws.conf import *
views.py :
from rest_framework import generics, permissions
from .serializers import MealSerializer
from .models import Meal
from .permissions import IsOwnerOrReadOnly
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.authentication import SessionAuthentication
class MealDetailAPIView(generics.RetrieveUpdateDestroyAPIView):
queryset = Meal.objects.all()
serializer_class = MealSerializer
lookup_field = 'id'
permission_classes = [IsOwnerOrReadOnly]
class MealListCreateAPIView(generics.ListCreateAPIView):
queryset = Meal.objects.all()
serializer_class = MealSerializer
permission_classes = [permissions.IsAuthenticatedOrReadOnly]
def get_queryset(self):
request = self.request
qs = Meal.objects.filter(user = request.user).order_by("-id")
query = request.GET.get('q')
if query is not None:
qs = qs.filter(name__icontains=query, description__icontains=query)
return qs
def perform_create(self, serializer):
serializer.save(user = self.request.user)
Thanks in advance for your help
I have an AngularJS front-end and a Django backend.
The front-end calls the backend using the following two $http calls:
athleticsApp.controller('athletesListController', ['$scope', '$http', function($scope, $http) {
$scope.athletes = [];
$scope.getAthletes = function(){
$http
.get('http://serverip:8666/athletics/athletes/')
.success(function(result) {
$scope.athletes = result;
})
.error(function(data, status) {
console.log(data);
console.log(status);
});
}
$scope.init = function() {
$scope.getAthletes();
}
$scope.init();
}]);
athleticsApp.controller('athleteNewController', ['$scope', '$http', function($scope, $http) {
$scope.athlete = {
firstName : '',
lastName : ''
};
$scope.postNewAthlete = function(){
$http
.post('http://serverip:8666/athletics/athletes/', $scope.athlete)
.success(function(result) {
// set url fraction identifier to list athletes
})
}
}]);
The GET call is a success. The POST call generates the following error:
400 (BAD REQUEST)
When I run the Python debugger I can see that serializer.is_valid() is false.
(Pdb) serializer = AthleteSerializer(data=request.data)
(Pdb) serializer
AthleteSerializer(data={u'lastName': u'Smith', u'firstName': u'John'}):
first_name = CharField(max_length=30)
last_name = CharField(max_length=30)
(Pdb) serializer.is_valid()
False
The Django code looks like this:
urls.py
from django.conf.urls import patterns, url
from views import Athletes
urlpatterns = [
url(r'^athletes/', Athletes.as_view()),
]
views.py
from rest_framework.response import Response
from rest_framework.views import APIView
from .models import Athlete
from django.shortcuts import get_object_or_404, render
from athletics.serializers import AthleteSerializer
class Athletes(APIView):
def get(self, request, format=None):
import pdb; pdb.set_trace()
all_athletes = Athlete.objects.all()
serializer = AthleteSerializer(all_athletes, many=True)
return Response(serializer.data)
def post(self, request, format=None):
import pdb; pdb.set_trace()
serializer = AthleteSerializer(data=request.data)
if serializer.is_valid(raise_exception=True):
creation_data = serializer.save()
return Response()
def index(request):
return render(request, 'athletics/index.html')
serializers.py
from rest_framework import serializers
from .models import Athlete
class AthleteSerializer(serializers.ModelSerializer):
class Meta:
model = Athlete
fields = (
'first_name',
'last_name'
)
settings.py
"""
Django settings for mysitedjango project.
Generated by 'django-admin startproject' using Django 1.8.5.
For more information on this file, see
https://docs.djangoproject.com/en/1.8/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/1.8/ref/settings/
"""
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
import os
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'secretkey'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
INTERNAL_IPS = (
'myip'
)
CORS_ORIGIN_ALLOW_ALL = True
ALLOWED_HOSTS = []
# Application definition
REQUIRED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
# Third party apps
'rest_framework',
)
PROJECT_APPS = (
# This project
'athletics',
'testetics',
)
INSTALLED_APPS = REQUIRED_APPS + PROJECT_APPS
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'corsheaders.middleware.CorsMiddleware',
)
ROOT_URLCONF = 'mysitedjango.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
WSGI_APPLICATION = 'mysitedjango.wsgi.application'
# Database
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
}
}
# Internationalization
# https://docs.djangoproject.com/en/1.8/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'Europe/Stockholm'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.8/howto/static-files/
STATIC_URL = '/static/'
I have an AngularJS front-end and a Django backend.
The front-end calls the backend using the following two $http calls:
athleticsApp.controller('athletesListController', ['$scope', '$http', function($scope, $http) {
$scope.athletes = [];
$scope.getAthletes = function(){
$http
.get('http://serverip:8666/athletics/athletes/')
.success(function(result) {
$scope.athletes = result;
})
.error(function(data, status) {
console.log(data);
console.log(status);
});
}
$scope.init = function() {
$scope.getAthletes();
}
$scope.init();
}]);
athleticsApp.controller('athleteNewController', ['$scope', '$http', function($scope, $http) {
$scope.athlete = {
firstName : '',
lastName : ''
};
$scope.postNewAthlete = function(){
$http
.post('http://serverip:8666/athletics/athletes/', $scope.athlete)
.success(function(result) {
// set url fraction identifier to list athletes
})
}
}]);
The GET call is a success. The POST call generates the following error:
POST http://serverip:8666/athletics/athletes/ 403 (FORBIDDEN)
Why does it generate an error?
The Django code looks like this:
urls.py
from django.conf.urls import patterns, url
from views import Athletes
urlpatterns = [
url(r'^athletes/', Athletes.as_view()),
]
views.py
from rest_framework.response import Response
from rest_framework.views import APIView
from .models import Athlete
from django.shortcuts import get_object_or_404, render
from athletics.serializers import AthleteSerializer
class Athletes(APIView):
def get(self, request, format=None):
all_athletes = Athlete.objects.all()
serializer = AthleteSerializer(all_athletes, many=True)
return Response(serializer.data)
def post(self, request, format=None):
serializer = AthleteSerializer(data=request.data)
if serializer.is_valid(raise_exception=True):
creation_data = serializer.save()
return Response()
serializers.py
class AthleteSerializer(serializers.ModelSerializer):
class Meta:
model = Athlete
fields = (
'first_name',
'last_name'
)
settings.py
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
import os
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'characters'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
INTERNAL_IPS = (
'myip'
)
CORS_ORIGIN_ALLOW_ALL = True
ALLOWED_HOSTS = []
# Application definition
REQUIRED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
# Third party apps
'rest_framework',
)
PROJECT_APPS = (
# This project
'athletics',
'testetics',
)
INSTALLED_APPS = REQUIRED_APPS + PROJECT_APPS
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'corsheaders.middleware.CorsMiddleware',
)
ROOT_URLCONF = 'mysitedjango.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
WSGI_APPLICATION = 'mysitedjango.wsgi.application'
# Database
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
}
}
# Internationalization
# https://docs.djangoproject.com/en/1.8/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'Europe/Stockholm'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.8/howto/static-files/
STATIC_URL = '/static/'
EDIT: I added settings.py
Add :
#api_view(['POST', 'GET'])
just before your Athletes class.
You need to make sure CSRF is sent if you're using the session based authentication.
Django documentation has a full explanation on how to do it: https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
Note that there must be angular plugins that handles that already though I don't have one to recommend as I'm not using angular for my APIs.
Could you post the full error you are getting?
Django normally tells you why your request was rejected.
If the issue is the CSRF, have a look at:
XSRF headers not being set in AngularJS
which solved the issue I had accessing the django backend.