Merge pull request #54 from plers-org/sm/#53

Sm/#53
2025-05-13 15:24:13 +09:00
parent e3f5539fd2 5b55d82917
commit 5e881313ab
3 changed files with 15 additions and 6 deletions
--- a/config/settings.py
+++ b/config/settings.py
@@ -174,7 +174,7 @@ REST_FRAMEWORK = {
 REST_USE_JWT = True

 SIMPLE_JWT = {
-    'ACCESS_TOKEN_LIFETIME': timedelta(days=7), # minutes = 15
+    'ACCESS_TOKEN_LIFETIME': timedelta(minutes= 15),
    'REFRESH_TOKEN_LIFETIME': timedelta(days=7),
    'ROTATE_REFRESH_TOKENS': True,
    'BLACKLIST_AFTER_ROTATION': True,
@@ -213,7 +213,7 @@ SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 SESSION_COOKIE_AGE = 86400

 # https에서만 세션 쿠키가 전송 (default false) https 배포 시 true로
-SESSION_COOKIE_SECURE = False
+SESSION_COOKIE_SECURE = True

 GOOGLE_CLIENT_ID = env('GOOGLE_CLIENT_ID')

--- a/users/serializers.py
+++ b/users/serializers.py
@@ -30,6 +30,15 @@ class SetPortofolioRequiredInfoSerializer(serializers.ModelSerializer):
        model = User
        fields = ['custom_url', 'job_and_interests']

+    def validate(self, attrs):
+        custom_url = attrs.get("custom_url")
+
+        if custom_url and (" " in custom_url or "." in custom_url):
+            raise serializers.ValidationError({
+                "message": "하지말라면 하지 좀 마"
+            })
+        
+        return super().validate(attrs)
 class TagUserSerializer(serializers.ModelSerializer):
    class Meta:
        model = User
--- a/users/views.py
+++ b/users/views.py
@@ -42,7 +42,7 @@ class RefreshAPIView(APIView):
            serializer = TokenRefreshSerializer(data={'refresh': refresh})
            if serializer.is_valid():
                res = Response({"access": serializer.validated_data['access']}, status=status.HTTP_200_OK)
-            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=not settings.DEBUG)
+            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=True)
            return res
        except TokenError as e:
            return Response({"message": f"Invalid token: {e}"}, status=status.HTTP_401_UNAUTHORIZED)
@@ -93,7 +93,7 @@ class GoogleLoginAPIView(APIView):
                    },
                    status=status.HTTP_200_OK,
                )
-            res.set_cookie("refresh", str(refresh), httponly=True, samesite=None, secure=not settings.DEBUG)
+            res.set_cookie("refresh", str(refresh), httponly=True, samesite=None, secure=True)
            return res
        else:
            return Response(
@@ -154,7 +154,7 @@ class LoginAPIView(APIView):
                    },
                    status=status.HTTP_200_OK,
                )
-                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=not settings.DEBUG)
+                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=True)
                return res
            else:
                return Response(serializer.errors)
@@ -206,7 +206,7 @@ class SetPortofolioRequiredInfoAPIView(APIView):
    def patch(self, request):
        user = request.user
        serializer = SetPortofolioRequiredInfoSerializer(user, data=request.data)
-        if serializer.is_valid():
+        if serializer.is_valid(raise_exception=True):
            serializer.save()
            user.is_custom_url = True
            user.save()