A Django REST Framework backend for managing perfume products with JWT and session authentication, Postgres database, filtering, and role-aware permissions via a custom user model.
- Django 5 + DRF for REST APIs
- Auth: JWT (SimpleJWT), Session, and DRF Token (Bearer)
- PostgreSQL database
- Custom user model with roles: admin, manager, customer
- Filtering, searching, ordering on product endpoints
- Optional Algolia indexing (requires extra dependencies)
python3 -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activatepip install -r requirements.txtIf you keep Algolia integration enabled (see INSTALLED_APPS), also install:
pip install algoliasearch-django algoliasearchCreate a .env file in the repository root:
SECRET_KEY=your_secret_key
# PostgreSQL
DATABASE_NAME=your_db_name
DATABASE_USER=your_db_user
DATABASE_PASSWORD=your_db_password
DATABASE_HOST=localhost
DATABASE_PORT=5432
# Optional: Algolia (only if you enable search indexing)
APPLICATION_ID=your_algolia_app_id
API_KEY=your_algolia_admin_api_keyNotes:
DEBUGis currently set toTruein settings. For production, updateDEBUGandALLOWED_HOSTSinperfume_api/settings.py.- The project expects PostgreSQL. Adjust
DATABASESin settings if you prefer SQLite.
python manage.py makemigrations
python manage.py migrate
python manage.py createsuperuser # optional but recommended
python manage.py runserverThe project enables the following auth backends (in order):
- SessionAuthentication
- JWT via SimpleJWT
- DRF TokenAuthentication (Bearer)
JWT endpoints:
POST /api/token/— obtain access/refresh tokensPOST /api/token/refresh/— refresh access tokenPOST /api/token/verify/— verify a token
Use header:
Authorization: Bearer <access_or_drf_token>
api.CustomUser(extendsAbstractUser)role: one ofadmin,manager,customer
api.Categorygender: string
api.PerfumeDetailsuser(FK toCustomUser, optional)name,description,image,image2,price,category(FK),in_stock
Validation highlights:
imagemust be unique (case-insensitive) and must not contain the word "robot".
Base URLs are registered at the project root. Key routes:
-
Item API (ModelViewSet over
PerfumeDetails)GET /item_list/— listPOST /item_list/— createGET /item_list/{id}/— retrievePUT /item_list/{id}/— updatePATCH /item_list/{id}/— partial updateDELETE /item_list/{id}/— delete- Permissions: read for everyone, write restricted (includes admin-only in viewset)
-
Product API (GenericViewSet + mixins over
PerfumeDetails)GET /listing/— listPOST /listing/— createGET /listing/{id}/— retrievePUT /listing/{id}/— updatePATCH /listing/{id}/— partial updateDELETE /listing/{id}/— delete
Filtering and search:
- Query params supported:
search,ordering, and exact field filters forname,category,price. - Examples:
GET /item_list/?search=citrus&ordering=priceGET /item_list/?name=Acqua&price=120
Request/response schema (create/update PerfumeDetails):
{
"user": 1,
"name": "Acqua di Gio",
"category": 2,
"price": 120,
"description": "Citrus aquatic notes",
"image": "https://example.com/img1.jpg"
}Admin:
- Django admin at
/admin/(use the superuser you created)
.
├── manage.py
├── requirements.txt
├── perfume_api/
│ ├── settings.py
│ ├── urls.py
│ ├── asgi.py
│ └── wsgi.py
└── api/
├── models.py
├── views.py
├── serializers.py
├── filters.py
├── permissions.py
├── authentication.py
└── urls.py
- The router in
api/urls.pyregisters asearchroute, butSearchViewSetis not defined in the codebase. Remove or implement it to avoid import errors. algoliasearch_djangoandalgoliasearchare referenced in settings for indexing but are not listed inrequirements.txt. Install them if you enable indexing, or remove them fromINSTALLED_APPS.- For production, configure
ALLOWED_HOSTS, static files, secure settings, and database credentials appropriately.
Issues and pull requests are welcome.
Made with ❤️ using Django + DRF.