Implementing JWT Authentication for File Uploads

[bapehnkk]

Hello,

I've been working on a project using DRF + React with rest_framework_simplejwt for authentication. While integrating JWT authentication for file uploads, I faced some challenges with the django-ckeditor-5 library. To move forward, I ended up adding my own method to the library for handling file uploads with JWT. This method simply checks if the request is a POST and verifies if the user is a staff member before processing the file upload. Here's what I came up with:

from rest_framework.decorators import api_view, permission_classes
from rest_framework.permissions import IsAuthenticated
from django.http import JsonResponse, Http404
from .forms import UploadFileForm
from django.utils.translation import gettext_lazy as _

@api_view(['POST'])
@permission_classes([IsAuthenticated])
def upload_file_jwt(request):
    if request.method == "POST" and request.user.is_staff:
        form = UploadFileForm(request.POST, request.FILES)
        try:
            image_verify(request.FILES["upload"])
        except NoImageException as ex:
            return JsonResponse({"error": {"message": str(ex)}})
        if form.is_valid():
            url = handle_uploaded_file(request.FILES["upload"])
            return JsonResponse({"url": url})
    raise Http404(_("Page not found."))

While this approach works, it feels more like a temporary fix rather than a robust, long-term solution. I'm reaching out to the community for advice on how to better integrate JWT authentication for file uploads within the django-ckeditor-5 framework. Specifically, I'm interested in any best practices, existing middleware, or third-party packages that could streamline this process and make it more secure and efficient.

Thank you for your time and assistance.