🐛 Fix: [#33] 로그인, 토큰 재발급 samesite=None 설정

2025-04-15 22:47:01 +09:00
parent d372f88fd8
commit 536e8fb03d
1 changed files with 17 additions and 2 deletions
--- a/users/views.py
+++ b/users/views.py
@@ -12,6 +12,7 @@ from rest_framework.response import Response
 from rest_framework.permissions import AllowAny, IsAuthenticated

 from django.contrib.auth import authenticate
+from django.db.models import Case, When, Value, IntegerField, Q

 from .models import *
 from .serializers import *
@@ -30,7 +31,7 @@ class RefreshAPIView(APIView):
            serializer = TokenRefreshSerializer(data={'refresh': refresh})
            if serializer.is_valid():
                res = Response({"access": serializer.validated_data['access']}, status=status.HTTP_200_OK)
-            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG)
+            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=not settings.DEBUG)
            return res
        except TokenError as e:
            return Response({"message": f"Invalid token: {e}"}, status=status.HTTP_401_UNAUTHORIZED)
@@ -77,7 +78,7 @@ class LoginAPIView(APIView):
                    },
                    status=status.HTTP_200_OK,
                )
-                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG)
+                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=not settings.DEBUG)
                return res
            else:
                return Response(serializer.errors)
@@ -97,6 +98,20 @@ class NicknameAPIView(APIView):
        except:
            return Response({"message": "사용할 수 있는 닉네임입니다."}, status=status.HTTP_200_OK)
        
+class TagUserAPIView(APIView):
+    def get(self, request):
+        nickname = request.query_params.get(nickname)
+        users = User.objects.filter(nickname__icontains=nickname).annotate(
+            priority=Case(
+                When(nickname__iexact=nickname, then=Value(0)),
+                default=Value(1),
+                output_field=IntegerField()
+            )
+        ).order_by('priority').values('profile_image', 'nickname')[:5]
+        serializer = TagUserSerializer(users, many=True)
+        return Response({'users': serializer.data})
+
+
 class SetPortofolioRequiredInfoAPIView(APIView):
    def get(self, request):
        custom_url = request.GET.get('custom_url', None)