Ready: Cors

.github/ISSUE_TEMPLATE/update-table.md

@@ -1,6 +1,6 @@
 ---
 name: Update Table
-about: Describe this issue template's purpose here.
+about: Describe the purpose of the template here.
 title: 'Update Table: [TABLE NAME]'
 labels: 'feature: update table, good first issue, milestone: missing, role: back end,
   size: 0.25pt, stakeholder: missing'
@@ -25,7 +25,7 @@ Current name in code | Updated Name | Updated Type (may already be this type)
 
 - [ ] Add the following items in the code
 Name | Type
--- | -- 
+-- | --
 [Replace with ADD TABLE]
 - [ ] Write a test for the new relationships this model will have with other models (e.g., creating a user and assigning them a set of permissions on a project) if any.
 - [ ] Update API end point
@@ -41,7 +41,7 @@ Name | Type
    - 1.01.01 [/app/core/models.py](https://github.com/hackforla/peopledepot/blob/main/app/core/models.py)
    - 1.01.02 [/app/core/admin.py](https://github.com/hackforla/peopledepot/blob/main/app/core/admin.py)
    - 1.01.03 [/app/core/api/serializers.py](https://github.com/hackforla/peopledepot/blob/main/app/core/api/serializers.py)
-   - 1.01.04 
+   - 1.01.04
 - 1.02 [People Depot Resources wiki page](https://github.com/hackforla/peopledepot/wiki/Resources-and-Links) for links
   - ERD
   - Table and Field Definitions

app/.env.docker-example

@@ -6,6 +6,8 @@ DJANGO_SUPERUSER_USERNAME=admin1111
 [email protected]
 DJANGO_SUPERUSER_PASSWORD=admin
 
+CORS_ALLOWED_ORIGINS="http://localhost:3000 https://your-production-server.com"
+
 # postgres settings for docker
 SQL_ENGINE=django.db.backends.postgresql
 SQL_DATABASE=people_depot_dev
@@ -15,24 +17,6 @@ SQL_HOST=db
 SQL_PORT=5432
 DATABASE=postgres
 
-# postgres settings for local development
-# SQL_ENGINE=django.db.backends.postgresql
-# SQL_DATABASE=postgres
-# SQL_USER=
-# SQL_PASSWORD=
-# SQL_HOST=localhost
-# SQL_PORT=5432
-# DATABASE=postgres
-
-# sqlite settings for local development
-# SQL_ENGINE=
-# SQL_DATABASE=
-# SQL_USER=
-# SQL_PASSWORD=
-# SQL_HOST=
-# SQL_PORT=
-# DATABASE=
-
 COGNITO_DOMAIN=peopledepot
 COGNITO_AWS_REGION=us-west-2
 COGNITO_USER_POOL=us-west-2_Fn4rkZpuB

app/Dockerfile

@@ -14,7 +14,7 @@ RUN \
   --mount=type=cache,target=/var/cache/apk \
   --mount=type=cache,target=/etc/apk/cache \
   apk add \
-  'graphviz=~9.0'
+  'graphviz=~12.2'
 
 # install font for graphviz
 COPY Roboto-Regular.ttf /root/.fonts/

app/core/api/views.py

@@ -10,6 +10,7 @@
 from rest_framework.mixins import RetrieveModelMixin
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.permissions import IsAuthenticatedOrReadOnly
+from rest_framework.response import Response
 
 from ..models import Affiliate
 from ..models import Affiliation
@@ -67,6 +68,22 @@ def get(self, request, *args, **kwargs):
         """
         return self.retrieve(request, *args, **kwargs)
 
+    def patch(self, request, *args, **kwargs):
+        """
+        Update the profile of the current logged-in user.
+        """
+        user = self.get_object()  # Get the logged-in user
+        serializer = self.serializer_class(user, data=request.data, partial=True)
+
+        if serializer.is_valid():
+            # Save the updated user data
+            serializer.save()
+            return Response({"data": serializer.data})  # Return the updated user data
+
+        return Response(
+            serializer.errors, status=400
+        )  # Return validation errors if invalid data
+
 
 @extend_schema_view(
     list=extend_schema(

app/peopledepot/settings.py

@@ -61,6 +61,7 @@
 # Application definition
 
 INSTALLED_APPS = [
+    "corsheaders",
     "django.contrib.admin",
     "django.contrib.auth",
     "django.contrib.contenttypes",
@@ -70,6 +71,7 @@
     # 3rd party
     "django_extensions",
     "rest_framework",
+    "rest_framework.authtoken",
     "drf_spectacular",
     "phonenumber_field",
     "timezone_field",
@@ -79,7 +81,21 @@
     "data",
 ]
 
+# Allow specific origins (like your React dev and production URLs)
+CORS_ALLOWED_ORIGINS = os.getenv("CORS_ALLOWED_ORIGINS").split(" ")
+
+# Optional: Allow credentials (for cookies or tokens)
+CORS_ALLOW_CREDENTIALS = True
+
+# Optional: Control which headers are allowed
+CORS_ALLOW_HEADERS = [
+    "Authorization",
+    "Content-Type",
+]
+
+
 MIDDLEWARE = [
+    "corsheaders.middleware.CorsMiddleware",
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.common.CommonMiddleware",
@@ -183,8 +199,8 @@
 }
 
 JWT_AUTH = {
-    "JWT_PAYLOAD_GET_USERNAME_HANDLER": "core.utils.jwt.get_username_from_payload_handler",
-    "JWT_DECODE_HANDLER": "core.utils.jwt.cognito_jwt_decode_handler",
+    "JWT_PAYLOAD_GET_USERNAME_HANDLER": "core.utils.jwt_handler.get_username_from_payload_handler",
+    "JWT_DECODE_HANDLER": "core.utils.jwt_handler.cognito_jwt_decode_handler",
     "JWT_PUBLIC_KEY": rsa_keys,
     "JWT_ALGORITHM": "RS256",
     "JWT_AUDIENCE": COGNITO_AUDIENCE,

app/requirements.txt

@@ -22,6 +22,7 @@ django==4.2.11
     #   djangorestframework
     #   drf-jwt
     #   drf-spectacular
+django-cors-headers==4.5.0
 django-extensions==3.2.3
 django-linear-migrations==2.12.0
 django-phonenumber-field==7.3.0