chat ws with pfp is working

2026-05-28 17:23:04 +02:00
parent f19375254f
commit 8269d044a2
28 changed files with 299 additions and 90 deletions
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -2,11 +2,14 @@ FROM python:3.12-slim

 WORKDIR /app

+# Trust Windows/corporate root CAs before any network operations
+COPY certs/windows-ca-bundle.crt /usr/local/share/ca-certificates/windows-ca-bundle.crt
+RUN update-ca-certificates
+
 # Install system dependencies including Node.js for yt-dlp JavaScript runtime
-RUN apt update && apt install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
    weasyprint \
    libcairo2 \
-    pango1.0-tools \
    libpango-1.0-0 \
    libgobject-2.0-0 \
    ffmpeg \
@@ -14,9 +17,9 @@ RUN apt update && apt install -y \
    curl \
    libmagic1 \
    && curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
-    && apt install -y nodejs \
+    && apt-get install -y --no-install-recommends nodejs \
    && update-ca-certificates \
-    && apt clean \
+    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

 COPY requirements.txt .
--- a/backend/social/chat/consumers.py
+++ b/backend/social/chat/consumers.py
@@ -51,7 +51,9 @@ class ChatConsumer(AsyncWebsocketConsumer):
                "type": "chat.message",
                "message_id": message.id,
                "message": message.content,
+                "sender_id": user.id,
                "sender": user.username,
+                "sender_avatar": user.avatar.url if user.avatar else None,
            })

        elif msg_type == "new_reply_chat_message":
@@ -66,7 +68,9 @@ class ChatConsumer(AsyncWebsocketConsumer):
                "message_id": message.id,
                "message": message.content,
                "reply_to_id": data.get("reply_to_id"),
+                "sender_id": user.id,
                "sender": user.username,
+                "sender_avatar": user.avatar.url if user.avatar else None,
            })

        elif msg_type == "reaction":
@@ -116,7 +120,9 @@ class ChatConsumer(AsyncWebsocketConsumer):
            "type": "new_chat_message",
            "message_id": event["message_id"],
            "message": event["message"],
+            "sender_id": event["sender_id"],
            "sender": event["sender"],
+            "sender_avatar": event["sender_avatar"],
        }))

    async def reply_chat_message(self, event):
@@ -125,7 +131,9 @@ class ChatConsumer(AsyncWebsocketConsumer):
            "message_id": event["message_id"],
            "message": event["message"],
            "reply_to_id": event["reply_to_id"],
+            "sender_id": event["sender_id"],
            "sender": event["sender"],
+            "sender_avatar": event["sender_avatar"],
        }))

    async def edit_message(self, event):
@@ -178,7 +186,8 @@ class ChatConsumer(AsyncWebsocketConsumer):

@database_sync_to_async
 def _is_chat_member(chat_id, user):
-    return Chat.objects.filter(pk=chat_id, members=user).exists()
+    from django.db.models import Q
+    return Chat.objects.filter(Q(pk=chat_id), Q(members=user) | Q(owner=user)).exists()


@database_sync_to_async
--- a/backend/social/chat/serializers.py
+++ b/backend/social/chat/serializers.py
@@ -1,8 +1,24 @@
+from django.contrib.auth import get_user_model
 from rest_framework import serializers
 from drf_spectacular.utils import extend_schema_field
 from .models import Chat, ChatReadStatus, Message, MessageFile, MessageHistory, MessageReaction


+class MessageSenderSerializer(serializers.ModelSerializer):
+    avatar = serializers.SerializerMethodField()
+
+    def get_avatar(self, obj):
+        from django.conf import settings
+        if obj.avatar:
+            return settings.MEDIA_URL + obj.avatar.name
+        return None
+
+    class Meta:
+        model = get_user_model()
+        fields = ['id', 'username', 'avatar']
+        read_only_fields = ['id', 'username']
+
+
 class MessageFileSerializer(serializers.ModelSerializer):
    class Meta:
        model = MessageFile
@@ -25,6 +41,7 @@ class MessageHistorySerializer(serializers.ModelSerializer):


 class MessageSerializer(serializers.ModelSerializer):
+    sender = MessageSenderSerializer(read_only=True)
    media_files = MessageFileSerializer(many=True, read_only=True)
    reactions = MessageReactionSerializer(many=True, read_only=True)

--- a/backend/social/chat/views.py
+++ b/backend/social/chat/views.py
@@ -1,6 +1,7 @@
 from asgiref.sync import async_to_sync
 from channels.layers import get_channel_layer
 from django.contrib.auth import get_user_model
+from django.db.models import Q
 from rest_framework import status, viewsets
 from rest_framework.decorators import action
 from rest_framework.exceptions import PermissionDenied, ValidationError
@@ -49,7 +50,7 @@ class ChatViewSet(viewsets.ModelViewSet):
        user = self.request.user
        if user.is_superuser:
            return Chat.objects.all()
-        return Chat.objects.filter(members=user)
+        return Chat.objects.filter(Q(members=user) | Q(owner=user)).distinct()

    def perform_create(self, serializer):
        serializer.save(owner=self.request.user)
--- a/backend/vontor_cz/asgi.py
+++ b/backend/vontor_cz/asgi.py
@@ -16,15 +16,17 @@ from django.core.asgi import get_asgi_application
 django_asgi_app = get_asgi_application()

 from channels.routing import ProtocolTypeRouter, URLRouter
-from channels.auth import AuthMiddlewareStack
-import social.chat.routing
+from social.chat.routing import websocket_urlpatterns as social_ws
 from thirdparty.downloader.routing import websocket_urlpatterns as downloader_ws
+from vontor_cz.middleware import JWTAuthMiddleware
+
+websocket_urlpatterns = downloader_ws + social_ws

 application = ProtocolTypeRouter({
    "http": django_asgi_app,
-    "websocket": AuthMiddlewareStack(
+    "websocket": JWTAuthMiddleware(
        URLRouter(
-            downloader_ws + social.chat.routing.websocket_urlpatterns
+            websocket_urlpatterns
        )
    ),
 })
--- a/backend/vontor_cz/middleware.py
+++ b/backend/vontor_cz/middleware.py
@@ -0,0 +1,83 @@
+import logging
+
+from channels.db import database_sync_to_async
+from channels.middleware import BaseMiddleware
+from django.contrib.auth.models import AnonymousUser
+from rest_framework_simplejwt.exceptions import InvalidToken, TokenError
+from rest_framework_simplejwt.tokens import AccessToken
+
+logger = logging.getLogger(__name__)
+
+
+# ---------- WEBSOCKET JWT AUTH VALIDATION -----------
+
+@database_sync_to_async
+def get_user_from_token(token_string):
+    """
+    Validate JWT token and return user
+    """
+    try:
+        # Validate the token
+        access_token = AccessToken(token_string)
+
+        # Get user ID from token
+        user_id = access_token.get('user_id')
+
+        if not user_id:
+            return AnonymousUser()
+
+        # Import here to avoid circular imports
+        from account.models import CustomUser
+
+        # Get user from database
+        try:
+            user = CustomUser.objects.get(id=user_id)
+            return user
+        except CustomUser.DoesNotExist:
+            return AnonymousUser()
+
+    except (TokenError, InvalidToken, Exception) as e:
+        logger.warning(f"JWT validation failed in websocket: {e}")
+        return AnonymousUser()
+
+
+class JWTAuthMiddleware(BaseMiddleware):
+    """
+    Custom middleware to authenticate WebSocket connections using JWT from cookies.
+    Replaces AuthMiddlewareStack / CSRF validation for WebSocket routes.
+    """
+
+    async def __call__(self, scope, receive, send):
+        # Get headers from scope
+        headers = dict(scope.get('headers', []))
+
+        # Extract cookies from headers
+        cookie_header = headers.get(b'cookie', b'').decode('utf-8')
+
+        logger.info(f"[WS] cookie header present: {bool(cookie_header)} | keys: {[c.split('=')[0].strip() for c in cookie_header.split('; ') if '=' in c]}")
+
+        # Parse cookies
+        cookies = {}
+        if cookie_header:
+            for cookie in cookie_header.split('; '):
+                if '=' in cookie:
+                    key, value = cookie.split('=', 1)
+                    cookies[key.strip()] = value
+
+        # Get access_token from cookies
+        token = cookies.get('access_token')
+
+        logger.info(f"[WS] token found: {bool(token)}")
+
+        # Authenticate user
+        if token:
+            scope['user'] = await get_user_from_token(token)
+        else:
+            scope['user'] = AnonymousUser()
+
+        logger.info(f"[WS] authenticated as: {scope['user']} | is_authenticated: {getattr(scope['user'], 'is_authenticated', False)}")
+
+        return await super().__call__(scope, receive, send)
+
+
+# ---------- END | WEBSOCKET JWT AUTH VALIDATION -----------
--- a/backend/vontor_cz/settings.py
+++ b/backend/vontor_cz/settings.py
@@ -306,12 +306,8 @@ else:
 REST_FRAMEWORK = {
 	"DATETIME_FORMAT": "%Y-%m-%d %H:%M",  # Pavel
 	'DEFAULT_AUTHENTICATION_CLASSES': (
-		# In DEBUG keep Session + JWT + your cookie class for convenience
-		'rest_framework.authentication.SessionAuthentication',
 		'rest_framework_simplejwt.authentication.JWTAuthentication',
 		'account.tokens.CookieJWTAuthentication',
-	) if DEBUG else (
-		'account.tokens.CookieJWTAuthentication',
 	),
 	'DEFAULT_PERMISSION_CLASSES': (
 		'rest_framework.permissions.AllowAny',
@@ -427,7 +423,6 @@ MIDDLEWARE = [
    'silk.middleware.SilkyMiddleware',

 	'django.contrib.sessions.middleware.SessionMiddleware',
-	'django.middleware.csrf.CsrfViewMiddleware',
 	'django.contrib.auth.middleware.AuthenticationMiddleware',
 	'django.contrib.messages.middleware.MessageMiddleware',
 	'django.middleware.clickjacking.XFrameOptionsMiddleware',