From 536e8fb03d8db2b15a0d1c5c1005f50d50a25268 Mon Sep 17 00:00:00 2001
From: sm4640 <s1m0611@naver.com>
Date: Tue, 15 Apr 2025 22:47:01 +0900
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix:=20[#33]=20=EB=A1=9C?=
 =?UTF-8?q?=EA=B7=B8=EC=9D=B8,=20=ED=86=A0=ED=81=B0=20=EC=9E=AC=EB=B0=9C?=
 =?UTF-8?q?=EA=B8=89=20samesite=3DNone=20=EC=84=A4=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 users/views.py | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/users/views.py b/users/views.py
index b70013f..6c88955 100644
--- a/users/views.py
+++ b/users/views.py
@@ -12,6 +12,7 @@ from rest_framework.response import Response
 from rest_framework.permissions import AllowAny, IsAuthenticated
 
 from django.contrib.auth import authenticate
+from django.db.models import Case, When, Value, IntegerField, Q
 
 from .models import *
 from .serializers import *
@@ -30,7 +31,7 @@ class RefreshAPIView(APIView):
             serializer = TokenRefreshSerializer(data={'refresh': refresh})
             if serializer.is_valid():
                 res = Response({"access": serializer.validated_data['access']}, status=status.HTTP_200_OK)
-            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG)
+            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=not settings.DEBUG)
             return res
         except TokenError as e:
             return Response({"message": f"Invalid token: {e}"}, status=status.HTTP_401_UNAUTHORIZED)
@@ -77,7 +78,7 @@ class LoginAPIView(APIView):
                     },
                     status=status.HTTP_200_OK,
                 )
-                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG)
+                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=not settings.DEBUG)
                 return res
             else:
                 return Response(serializer.errors)
@@ -96,6 +97,20 @@ class NicknameAPIView(APIView):
             return Response({"message": "해당 닉네임은 사용할 수 없습니다."}, status=status.HTTP_400_BAD_REQUEST)
         except:
             return Response({"message": "사용할 수 있는 닉네임입니다."}, status=status.HTTP_200_OK)
+        
+class TagUserAPIView(APIView):
+    def get(self, request):
+        nickname = request.query_params.get(nickname)
+        users = User.objects.filter(nickname__icontains=nickname).annotate(
+            priority=Case(
+                When(nickname__iexact=nickname, then=Value(0)),
+                default=Value(1),
+                output_field=IntegerField()
+            )
+        ).order_by('priority').values('profile_image', 'nickname')[:5]
+        serializer = TagUserSerializer(users, many=True)
+        return Response({'users': serializer.data})
+
 
 class SetPortofolioRequiredInfoAPIView(APIView):
     def get(self, request):