Add NextAuth to frontend

app/api/api/urls.py

@@ -98,9 +98,9 @@
         name="scan-report-values",
     ),
     path(r"user/me/", views.UserDetailView.as_view(), name="currentuser"),
-    path(r"v2/users", views.UserViewSet.as_view(), name="users-list"),
-    path(r"v2/usersfilter", views.UserFilterViewSet.as_view(), name="usersfilter"),
-    path(r"v2/datapartners", views.DataPartnerViewSet.as_view(), name="datapartners"),
+    path(r"v2/users/", views.UserViewSet.as_view(), name="users-list"),
+    path(r"v2/usersfilter/", views.UserFilterViewSet.as_view(), name="usersfilter"),
+    path(r"v2/datapartners/", views.DataPartnerViewSet.as_view(), name="datapartners"),
     path(
         r"v2/omop/conceptsfilter",
         views.ConceptFilterViewSetV2.as_view(),

app/api/authn/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class AuthnConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "authn"

app/api/authn/urls.py

@@ -0,0 +1,16 @@
+from dj_rest_auth.jwt_auth import get_refresh_view
+from dj_rest_auth.registration.views import RegisterView
+from dj_rest_auth.views import LoginView, LogoutView, UserDetailsView
+from django.urls import path
+from django.views.decorators.csrf import get_token
+from rest_framework_simplejwt.views import TokenVerifyView
+
+urlpatterns = [
+    path("register/", RegisterView.as_view(), name="rest_register"),
+    path("login/", LoginView.as_view(), name="rest_login"),
+    path("logout/", LogoutView.as_view(), name="rest_logout"),
+    path("user/", UserDetailsView.as_view(), name="rest_user_details"),
+    path("token/verify/", TokenVerifyView.as_view(), name="token_verify"),
+    path("token/refresh/", get_refresh_view().as_view(), name="token_refresh"),
+    path("csrf-token/", get_token, name="api-csrf-token"),
+]

app/api/config/settings.py

@@ -11,6 +11,7 @@
 """
 
 import os
+from datetime import timedelta
 
 from dotenv import load_dotenv
 
@@ -50,6 +51,7 @@
 # Application definition
 
 INSTALLED_APPS = [
+    "django.contrib.sites",
     "django.contrib.admin",
     "django.contrib.auth",
     "django.contrib.contenttypes",
@@ -68,7 +70,12 @@
     "rest_framework.authtoken",
     "corsheaders",
     "test",
-    "revproxy",
+    "authn.apps.AuthnConfig",
+    "rest_framework_simplejwt",
+    "allauth",
+    "allauth.account",
+    "dj_rest_auth",
+    "dj_rest_auth.registration",
     "shared",
     "shared.files",
     "shared.jobs",
@@ -81,11 +88,15 @@
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "allauth.account.middleware.AccountMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
     "whitenoise.middleware.WhiteNoiseMiddleware",
 ]
 
+CSRF_TRUSTED_ORIGINS = [os.environ.get("NEXTJS_URL", "http://localhost:3000")]
+SITE_ID = 1
+
 STATICFILES_STORAGE = "whitenoise.storage.CompressedManifestStaticFilesStorage"
 
 ROOT_URLCONF = "config.urls"
@@ -178,6 +189,7 @@
     "DEFAULT_AUTHENTICATION_CLASSES": (
         "rest_framework.authentication.TokenAuthentication",
         "rest_framework.authentication.SessionAuthentication",
+        "rest_framework_simplejwt.authentication.JWTAuthentication",
     ),
     "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",),
 }
@@ -202,3 +214,24 @@
 AZ_RULES_NAME = os.environ.get("AZ_RULES_NAME", "RulesOrchestrator")
 AZ_RULES_KEY = os.environ.get("AZ_RULES_KEY", "")
 AZ_RULES_EXPORT_QUEUE = os.environ.get("AZ_RULES_EXPORT_QUEUE", "rules-exports-local")
+
+# Auth
+
+ACCOUNT_EMAIL_REQUIRED = False
+ACCOUNT_EMAIL_VERIFICATION = "none"
+
+SIMPLE_JWT = {
+    "ACCESS_TOKEN_LIFETIME": timedelta(minutes=60),
+    "REFRESH_TOKEN_LIFETIME": timedelta(days=7),
+    "ROTATE_REFRESH_TOKENS": False,
+    "BLACKLIST_AFTER_ROTATION": False,
+    "UPDATE_LAST_LOGIN": True,
+    "SIGNING_KEY": os.getenv("SIGNING_KEY"),
+    "ALGORITHM": "HS512",
+    "AUTH_HEADER_TYPES": ("JWT",),
+}
+
+REST_AUTH = {
+    "USE_JWT": True,
+    "JWT_AUTH_HTTPONLY": False,
+}

app/api/config/urls.py

@@ -1,21 +1,8 @@
-import os
-
-from config import settings
 from django.contrib import admin
-from django.urls import include, path, re_path
-from revproxy.views import ProxyView  # type: ignore
+from django.urls import include, path
 
 urlpatterns = [
     path("api/", include("api.urls")),
-    path("api_auth/", include("rest_framework.urls", namespace="rest_framework")),
+    path("api/auth/", include("authn.urls")),
     path("admin/", admin.site.urls),
-    path("accounts/", include("django.contrib.auth.urls")),
-    (
-        re_path(r"(?P<path>.*)", ProxyView.as_view(upstream=f"{settings.NEXTJS_URL}/"))
-        if os.environ.get("ENABLE_PROXY", "False").lower() == "true"
-        else None
-    ),
-    path("", include("shared.mapping.urls")),
 ]
-
-urlpatterns = [url for url in urlpatterns if url is not None]

app/api/pyproject.toml

@@ -24,9 +24,11 @@ graphviz = "^0.20.3"
 drf-dynamic-fields = "^0.4.0"
 django-cors-headers = "^4.4.0"
 python-dotenv = "^1.0.1"
-django-revproxy = "^0.12.0"
 shared = {path = "../shared", develop = true}
 azure-monitor-opentelemetry = "^1.6.0"
+djangorestframework-simplejwt = "^5.3.1"
+django-allauth = "0.61.1"
+dj-rest-auth = {extras = ["with-social"], version = "^6.0.0"}
 
 [tool.poetry.group.test.dependencies]
 pytest-django = "^4.8.0"

app/next-client-app/app/(protected)/layout.tsx

@@ -1,14 +1,16 @@
 import "react-tooltip/dist/react-tooltip.css";
 import React from "react";
-import { getCurrentUser } from "@/api/users";
+import { getServerSession } from "next-auth";
+import { options } from "@/auth/options";
 import { MenuBar } from "@/components/core/menubar";
 
 export default async function ProtectedLayout({
   children,
 }: Readonly<{
   children: React.ReactNode;
 }>) {
-  const user = await getCurrentUser();
+  const session = await getServerSession(options);
+  const user = session?.token?.user;
 
   return (
     <>