Backend Development
Python Tutorial
Building a Secure Authentication System for CollabSphere Part A Real-Time Communication Platform
Building a Secure Authentication System for CollabSphere Part A Real-Time Communication Platform
Dec 27, 2024 am 01:45 AM
Building a secure and scalable authentication system is crucial for any real-time communication platform in today's digital landscape. In this article, I'll walk you through how I built the authentication system for CollabSphere, a modern real-time collaboration platform, using Django and Django REST Framework.
System Overview
CollabSphere's authentication system is built with these key requirements in mind:
- Email-based authentication
- Role-based access control
- Real-time user status tracking
- Multi-device support
- Secure password management
- Email verification
Core Components
Custom User Model
At the heart of this system is a custom user model that extends Django's AbstractBaseUser:
class CustomUser(AbstractBaseUser, PermissionsMixin):
email = models.EmailField(unique=True)
username = models.CharField(max_length=50, unique=True)
full_name = models.CharField(max_length=255)
# Profile fields
avatar = models.ImageField(upload_to='avatars/', null=True)
bio = models.TextField(max_length=500, blank=True)
# Status tracking
is_online = models.BooleanField(default=False)
last_seen = models.DateTimeField(null=True)
#...
Role-Based Access Control
I implemented a flexible role system to manage user permissions:
class Role(models.Model):
name = models.CharField(max_length=50, unique=True)
description = models.TextField(blank=True)
created_at = models.DateTimeField(auto_now_add=True)
priority = models.IntegerField(default=0)
custom_permissions = models.JSONField(default=dict)
# Define permissions for each role
can_moderate = models.BooleanField(default=False)
can_manage_users = models.BooleanField(default=False)
can_manage_roles = models.BooleanField(default=False)
can_delete_messages = models.BooleanField(default=False)
can_ban_users = models.BooleanField(default=False)
class Meta:
verbose_name = _('role')
verbose_name_plural = _('roles')
ordering = ['-priority']
def __str__(self):
return self.name
Authentication Flow
Registration Process
Client -> RegisterView -> UserRegistrationSerializer -> CustomUserManager.create_user() -> Database
-> Send verification email
-> Assign default role
-> Generate JWT tokens
When a new user registers:
- User submits email, username, and password
- System validates the data
- Creates user account
- Sends verification email
- Assign default role
- Returns JWT tokens
Example registration endpoint:
class RegisterView(generics.CreateAPIView):
def create(self, request):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.save()
# Send verification email
user.send_verification_email()
# Generate tokens
refresh = RefreshToken.for_user(user)
return Response({
'user': UserSerializer(user).data,
'tokens': {
'refresh': str(refresh),
'access': str(refresh.access_token),
}
})
Login Process
Client -> LoginView -> UserLoginSerializer -> authenticate() -> JWT tokens
-> Update online status
-> Store device tokens
-> Return user permissions
The login flow includes:
- Email and password validation
- Verification check
- Online status update
- Device token management
- JWT token generation
Real-Time Status Management
The system tracks user status in real time:
def update_online_status(self, status):
self.is_online = status
self.last_seen = timezone.now()
self.save(update_fields=['is_online', 'last_seen'])
Security Features
Password Security
- Custom password validation
- Secure password hashing
- Password change verification
Email Verification
def send_verification_email(self):
token = self.generate_verification_token()
verification_url = f"{settings.FRONTEND_URL}/verify-email/{token}"
send_mail(
'Verify your email address',
render_to_string('users/verify_email.html', {
'user': self,
'verification_url': verification_url
}),
settings.DEFAULT_FROM_EMAIL,
[self.email]
)
JWT Authentication
The system uses JWT tokens for secure API access:
refresh = RefreshToken.for_user(user)
return {
'refresh': str(refresh),
'access': str(refresh.access_token)
}
Multi-Device Support
The system supports multiple devices per user:
device_tokens = models.JSONField(default=dict)
This allows:
- Device-specific push notifications
- Session management
- Last active device tracking
Best Practices Implemented
Separation of Concerns
- Models for data structure
- Serializers for validation
- Views for business logic
Security Measures
- Email verification
- Token-based authentication
- Password validation
- Role-based access control
Performance Optimization
- Efficient database queries
- Selective field updates
- Proper indexing
Testing the System
Here's how to test the authentication flow:
class CustomUser(AbstractBaseUser, PermissionsMixin):
email = models.EmailField(unique=True)
username = models.CharField(max_length=50, unique=True)
full_name = models.CharField(max_length=255)
# Profile fields
avatar = models.ImageField(upload_to='avatars/', null=True)
bio = models.TextField(max_length=500, blank=True)
# Status tracking
is_online = models.BooleanField(default=False)
last_seen = models.DateTimeField(null=True)
#...
Conclusion
Building a secure authentication system requires careful planning and implementation. Following Django's best practices and implementing proper security measures, we've created a robust system for CollabSphere that effectively handles user authentication, authorization, and real-time status management.
The complete code for this implementation is available on the GitHub repository.
The above is the detailed content of Building a Secure Authentication System for CollabSphere Part A Real-Time Communication Platform. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1794
16
1738
56
1590
29
267
587
Polymorphism in python classes
Jul 05, 2025 am 02:58 AM
Polymorphism is a core concept in Python object-oriented programming, referring to "one interface, multiple implementations", allowing for unified processing of different types of objects. 1. Polymorphism is implemented through method rewriting. Subclasses can redefine parent class methods. For example, the spoke() method of Animal class has different implementations in Dog and Cat subclasses. 2. The practical uses of polymorphism include simplifying the code structure and enhancing scalability, such as calling the draw() method uniformly in the graphical drawing program, or handling the common behavior of different characters in game development. 3. Python implementation polymorphism needs to satisfy: the parent class defines a method, and the child class overrides the method, but does not require inheritance of the same parent class. As long as the object implements the same method, this is called the "duck type". 4. Things to note include the maintenance
What is list slicing in python?
Jun 29, 2025 am 02:15 AM
ListslicinginPythonextractsaportionofalistusingindices.1.Itusesthesyntaxlist[start:end:step],wherestartisinclusive,endisexclusive,andstepdefinestheinterval.2.Ifstartorendareomitted,Pythondefaultstothebeginningorendofthelist.3.Commonusesincludegetting
Python `@classmethod` decorator explained
Jul 04, 2025 am 03:26 AM
A class method is a method defined in Python through the @classmethod decorator. Its first parameter is the class itself (cls), which is used to access or modify the class state. It can be called through a class or instance, which affects the entire class rather than a specific instance; for example, in the Person class, the show_count() method counts the number of objects created; when defining a class method, you need to use the @classmethod decorator and name the first parameter cls, such as the change_var(new_value) method to modify class variables; the class method is different from the instance method (self parameter) and static method (no automatic parameters), and is suitable for factory methods, alternative constructors, and management of class variables. Common uses include:
Python Function Arguments and Parameters
Jul 04, 2025 am 03:26 AM
Parameters are placeholders when defining a function, while arguments are specific values ??passed in when calling. 1. Position parameters need to be passed in order, and incorrect order will lead to errors in the result; 2. Keyword parameters are specified by parameter names, which can change the order and improve readability; 3. Default parameter values ??are assigned when defined to avoid duplicate code, but variable objects should be avoided as default values; 4. args and *kwargs can handle uncertain number of parameters and are suitable for general interfaces or decorators, but should be used with caution to maintain readability.
How do I use the csv module for working with CSV files in Python?
Jun 25, 2025 am 01:03 AM
Python's csv module provides an easy way to read and write CSV files. 1. When reading a CSV file, you can use csv.reader() to read line by line and return each line of data as a string list; if you need to access the data through column names, you can use csv.DictReader() to map each line into a dictionary. 2. When writing to a CSV file, use csv.writer() and call writerow() or writerows() methods to write single or multiple rows of data; if you want to write dictionary data, use csv.DictWriter(), you need to define the column name first and write the header through writeheader(). 3. When handling edge cases, the module automatically handles them
Explain Python generators and iterators.
Jul 05, 2025 am 02:55 AM
Iterators are objects that implement __iter__() and __next__() methods. The generator is a simplified version of iterators, which automatically implement these methods through the yield keyword. 1. The iterator returns an element every time he calls next() and throws a StopIteration exception when there are no more elements. 2. The generator uses function definition to generate data on demand, saving memory and supporting infinite sequences. 3. Use iterators when processing existing sets, use a generator when dynamically generating big data or lazy evaluation, such as loading line by line when reading large files. Note: Iterable objects such as lists are not iterators. They need to be recreated after the iterator reaches its end, and the generator can only traverse it once.
How to combine two lists in python?
Jun 30, 2025 am 02:04 AM
There are many ways to merge two lists, and choosing the right way can improve efficiency. 1. Use number splicing to generate a new list, such as list1 list2; 2. Use = to modify the original list, such as list1 =list2; 3. Use extend() method to operate on the original list, such as list1.extend(list2); 4. Use number to unpack and merge (Python3.5), such as [list1,*list2], which supports flexible combination of multiple lists or adding elements. Different methods are suitable for different scenarios, and you need to choose based on whether to modify the original list and Python version.
How to handle API authentication in Python
Jul 13, 2025 am 02:22 AM
The key to dealing with API authentication is to understand and use the authentication method correctly. 1. APIKey is the simplest authentication method, usually placed in the request header or URL parameters; 2. BasicAuth uses username and password for Base64 encoding transmission, which is suitable for internal systems; 3. OAuth2 needs to obtain the token first through client_id and client_secret, and then bring the BearerToken in the request header; 4. In order to deal with the token expiration, the token management class can be encapsulated and automatically refreshed the token; in short, selecting the appropriate method according to the document and safely storing the key information is the key.
