hse-mtc · startsev2000 · Nov 1, 2023 · Oct 13, 2023 · Oct 13, 2023 · Oct 20, 2023
diff --git a/back-end/src/ams/views/applicants.py b/back-end/src/ams/views/applicants.py
@@ -5,6 +5,7 @@
 import requests
 
 from django.db.models.query import QuerySet
+from django.http import FileResponse
 
 from rest_framework import status
 from rest_framework import pagination
@@ -20,6 +21,7 @@
 
 from drf_spectacular.views import extend_schema, OpenApiParameter
 
+from common.models.universities import Campus
 from conf import settings
 
 from common.constants import MUTATE_ACTIONS
@@ -231,8 +233,11 @@ def generate_excel_report(
         self,
         request: Request,
         excel_generator: tp.Callable[[QuerySet, QuerySet], Path],
-    ) -> Response:
-        if "campus" not in request.query_params:
+    ) -> tp.Union[FileResponse, Response]:
+        if (
+            "campus" not in request.query_params
+            or request.query_params["campus"] not in Campus
+        ):
             return Response(status=status.HTTP_400_BAD_REQUEST)
 
         students = self.get_queryset()
@@ -250,23 +255,16 @@ def generate_excel_report(
             students.filter(university_info__program__faculty__campus=campus),
             milspecialties,
         )
-        with open(path, "rb") as file:
-            export = file.read()
-        path.unlink(missing_ok=True)
 
-        return Response(
-            export,
-            headers={
-                "Content-Disposition": "attachment; filename=export.xlsx",
-            },
-            content_type="application/xlsx",
-            status=status.HTTP_200_OK,
-        )
+        campus_name = dict(Campus.choices)[campus]
+        response_file_name = f"{campus_name}.xlsx"
+
+        file = open(path, "rb")
+        return FileResponse(file, filename=response_file_name)
 
     def generate_docs(
         self,
     ) -> Response:
-
         applicants = self.get_queryset()
         data = [
             ApplicantSerializer(instance=applicant).data for applicant in applicants

diff --git a/back-end/src/common/middleware.py b/back-end/src/common/middleware.py
@@ -4,6 +4,26 @@
 from django.http import HttpResponse
 from rest_framework.response import Response
 
+from urllib.parse import unquote
+
+
+class BearerTokenMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        # Check if there's no Authorization header but there's an Authorization cookie
+        if (
+            not request.META.get("HTTP_AUTHORIZATION")
+            and "Authorization" in request.COOKIES
+        ):
+            request.META["HTTP_AUTHORIZATION"] = unquote(
+                request.COOKIES["Authorization"]
+            )
+
+        response = self.get_response(request)
+        return response
+
 
 class LoggingMiddleware:
     def __init__(self, get_response):

diff --git a/back-end/src/conf/settings.py b/back-end/src/conf/settings.py
@@ -65,6 +65,7 @@
 
 MIDDLEWARE = [
     "common.middleware.LoggingMiddleware",
+    "common.middleware.BearerTokenMiddleware",
     "corsheaders.middleware.CorsMiddleware",
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",

diff --git a/front-end/src/store/modules/user.js b/front-end/src/store/modules/user.js
@@ -10,6 +10,9 @@ import store, { UserModule } from "@/store";
 import { login, getUser } from "@/api/user";
 
 import { getError } from "@/utils/message";
+
+import Cookies from "js-cookie";
+
 import { tokenService } from "../../utils/tokenService";
 
 @Module({ store, name: "user", namespaced: true })
@@ -36,6 +39,7 @@ class User extends VuexModule {
   SET_TOKENS({ access, refresh }) {
     this.accessToken = access;
     this.refreshToken = refresh;
+    Cookies.set("Authorization", `Bearer ${access}`);
 
     tokenService.setTokens({ access, refresh });
   }
@@ -44,6 +48,7 @@ class User extends VuexModule {
   RESET_TOKENS() {
     this.accessToken = "";
     this.refreshToken = "";
+    Cookies.remove("Authorization");
 
     tokenService.clearTokens();
   }