diff --git a/apps/account/API_ERRORS.md b/apps/account/API_ERRORS.md new file mode 100644 index 0000000..26e43c9 --- /dev/null +++ b/apps/account/API_ERRORS.md @@ -0,0 +1,100 @@ +# Account API Error Documentation + +This document lists the potential errors returned by the registration and account endpoints in the `account` app, including the error messages and the reasons they occur. + +## Common Error Format +All errors follow a standardized JSON structure defined in the project's custom exception handler: + +```json +{ + "status": "error", + "code": "validation_error", + "status_code": 400, + "message": "There were validation errors.", + "errors": [ + { + "field": "email", + "message": "This email is already registered." + } + ] +} +``` + +--- + +## 1. Registration Endpoints +**Endpoints:** `POST /register/`, `POST /web/register/` + +| Error Message | Field | Reason | +| :--- | :--- | :--- | +| `This email is already registered.` | `email` | The email address is already associated with an existing account. | +| `Enter a valid email address.` | `email` | The provided email format is incorrect (e.g., missing `@` or domain). | +| `This field is required.` | Multiple | A mandatory field (like `email`, `fullname`, or `password` for web) was missing from the request. | +| `This password is too short...` | `password` | (Web only) The password does not meet Django's security requirements (length, complexity). | + +--- + +## 2. Verification Endpoint +**Endpoint:** `POST /verify/` + +| Error Message | Field | Reason | +| :--- | :--- | :--- | +| `Verification data not found or expired.` | `code` | There is no active registration session in Redis for this email. Usually occurs if the user waits too long or tries to verify an email they didn't just register. | +| `The verification code has expired.` | `code` | The OTP code's Time-To-Live (TTL) has passed (usually 5-10 minutes). | +| `code notfound` | `code` | The provided OTP code is incorrect. | +| `enter code numeric` | `code` | The provided code contains non-numeric characters. | + +--- + +## 3. Authentication & Login +**Endpoint:** `POST /login/` + +| Error Message | Field | Reason | +| :--- | :--- | :--- | +| `user not exists with this email` | `email` | No user account was found with the provided email address. | +| `password is incorrect` | `password` | The email is correct, but the password does not match the record in the database. | +| `Unable to log in with provided credentials.` | `non_field_errors` | Catch-all for failed authentication attempts. | + +--- + +## 4. Guest Account Endpoints +**Endpoints:** `POST /guest/`, `POST /web/guest/` + +| Error Message | Field | Reason | +| :--- | :--- | :--- | +| `Device ID is required for guest users.` | `device_id` | (Mobile) The unique device identifier was not sent in the request. | +| `Device ID is required for web guest users.` | `device_id` | (Web) Internal error where the identifier generation failed. | + +--- + +## 5. Token Exchange (Mobile Auth) +**Endpoint:** `POST /exchange-token/` + +| Error Message | Status Code | Reason | +| :--- | :--- | :--- | +| `توکن ارسال نشده است` | 400 | The `temp_token` was missing from the request body. | +| `توکن نامعتبر یا منقضی شده است` | 404 | The temporary token from the login redirect has expired or is invalid. | +| `توکن نامعتبر است` | 400 | The token exists but is missing required session data (`user_id`). | +| `کاربر یافت نشد` | 404 | The user account associated with the token has been deleted. | + +--- + +## 6. Profile & Password Management +**Endpoints:** `GET/PUT /profile/update/`, `POST /reset/` + +| Error Message | Status Code | Reason | +| :--- | :--- | :--- | +| `Authentication credentials were not provided.` | 401 | Missing or incorrect `Authorization: Token ` header. | +| `Invalid token.` | 401 | The provided token has expired or belongs to a deleted user. | +| `This password is too common.` | 400 | Password reset failed because the new password is too simple. | +| `You do not have permission...` | 403 | The user's account has been deactivated (inactive). | + +--- + +## 7. Account Deletion +**Endpoint:** `DELETE /profile/delete/` + +| Error Message | Status Code | Reason | +| :--- | :--- | :--- | +| `Unable to log in with provided credentials.` | 204 | Attempted to delete the protected primary administrator account (`admin@gmail.com`). | +| `User does not exist.` | 404 | The system could not find the user object to perform the soft-delete. | diff --git a/apps/library/views.py b/apps/library/views.py index c972e23..ff42c48 100644 --- a/apps/library/views.py +++ b/apps/library/views.py @@ -140,23 +140,18 @@ class BookListView(ListAPIView): # Filter by bookmarked books if requested is_bookmark = self.request.query_params.get('is_bookmark', '').lower() - if is_bookmark == 'true': + if is_bookmark == 'true' and self.request.user.is_authenticated: # Import Bookmark model here to avoid circular imports from apps.bookmark.models import Bookmark - # DEBUG: Hardcode user to root@admin.com - # user = User.objects.get(email='root@admin.com') - # # Get all bookmarked book IDs for the current user + # Get all bookmarked book IDs for the current user bookmarked_ids = Bookmark.objects.filter( user=self.request.user, service=Bookmark.ServiceChoices.LIBRARY, status=True ).values_list('content_id', flat=True) - # bookmarked_ids = Bookmark.objects.filter( - # user=user, - # service=Bookmark.ServiceChoices.LIBRARY, - # status=True - # ).values_list('content_id', flat=True) + + queryset = queryset.filter(id__in=bookmarked_ids) # Import Rate here to avoid circular imports if any from apps.bookmark.models.rate import Rate