Restrict reviews to purchased products and improve Docker configuration

Author: Yosef-AlSabbah

.gitignore

@@ -8,4 +8,4 @@ __pycache__/
 *.pyd
 *.DS_Store
 *.sock
-.env
+.env

Dockerfile

@@ -2,21 +2,37 @@
 FROM python:3.12.3-slim
 
 # Install system dependencies
+# This layer is cached unless the base image or the list of packages changes
 RUN apt-get update && apt-get install -y \
     build-essential \
     libpq-dev \
+    curl \
     && rm -rf /var/lib/apt/lists/*
 
 # Set environment variables
+# These layers are cached as they don't depend on external files
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 
 # Set work directory
+# This layer is cached unless the work directory path changes
 WORKDIR /code
 
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
+
 # Install dependencies
+# Copying `requirements.txt` first ensures this layer is cached if dependencies don't change
 COPY requirements.txt .
-RUN pip install --upgrade pip && pip install -r requirements.txt
+RUN uv pip install --upgrade pip -r requirements.txt --system
 
 # Copy the Django project
+# This layer is rebuilt only if the project files change
 COPY . .
+
+# Expose the application port
+# This layer is cached unless the exposed port changes
+EXPOSE 8000
+
+# Default command to run the application
+# This layer is cached unless the command changes
+CMD ["entrypoint.sh"]

chat/consumers.py

@@ -12,6 +12,14 @@
 class ChatConsumer(AsyncWebsocketConsumer):
     """WebSocket consumer for handling private product chats between sellers and buyers."""
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.user = None
+        self.product = None
+        self.room_name = None
+        self.room_group_name = None
+        self.product_id = None
+
     async def connect(self):
         """
         Handle WebSocket connection.
@@ -33,14 +41,14 @@ async def connect(self):
         self.product_id = self.scope['url_route']['kwargs']['product_id']
 
         try:
-            self.product = await Product.objects.aget(id=self.product_id)
+            self.product = await Product.objects.aget(product_id=self.product_id)
         except Product.DoesNotExist:
             await self.close()
             return
 
         # Create a unique room name for the seller-buyer-product combination
         # Sort user IDs to ensure same room name regardless of who connects first
-        user_ids = sorted([str(self.user.id), str(self.product.seller.id)])
+        user_ids = sorted([str(self.user.id), str(self.product.user.id)])
         self.room_name = f'chat_product_{self.product_id}_users_{"_".join(user_ids)}'
         self.room_group_name = f'chat_{self.room_name}'
 

chat/tests.py

@@ -1,10 +1,13 @@
+from channels.testing import WebsocketCommunicator
 from django.contrib.auth import get_user_model
+from django.test import TestCase
 from django.urls import reverse
 from rest_framework.test import APITestCase
 from rest_framework_simplejwt.tokens import RefreshToken
 
+from chat.consumers import ChatConsumer
 from chat.models import Message
-from shop.models import Product
+from shop.models import Product, Category
 
 User = get_user_model()
 
@@ -52,3 +55,48 @@ def test_api_get_messages(self):
         response = self.client.get(self.url)
         self.assertEqual(response.status_code, 200)
         self.assertIn('data', response.data)
+
+
+class ChatConsumerTest(TestCase):
+    def setUp(self):
+        # Create test users
+        self.User = get_user_model()
+        self.seller = self.User.objects.create_user(username='seller', password='password', email='[email protected]')
+        self.buyer = self.User.objects.create_user(username='buyer', password='password', email='[email protected]')
+
+        # Create a test product
+        self.category = Category.objects.create(name='TestCat', slug='testcat')
+        self.product = Product.objects.create(name='Test Product', user=self.seller, price=10.00, stock=5, category=self.category)
+
+    async def test_chat_consumer(self):
+        # Simulate WebSocket connection for the buyer
+        communicator = WebsocketCommunicator(
+            ChatConsumer.as_asgi(),
+            f'/ws/chat/{self.product.product_id}/'
+        )
+        communicator.scope['user'] = self.buyer
+        communicator.scope['url_route'] = {'kwargs': {'product_id': self.product.product_id}}
+
+        connected, _ = await communicator.connect()
+        self.assertTrue(connected)
+
+        # Send a message from the buyer
+        message = 'Hello, I am interested in your product!'
+        await communicator.send_json_to({
+            'message': message
+        })
+
+        # Receive the message from the WebSocket
+        response = await communicator.receive_json_from()
+        self.assertEqual(response['message'], message)
+        self.assertEqual(response['sender'], self.buyer.username)
+
+        # Check if the message was saved in the database
+        saved_message = Message.objects.get(content=message)
+        self.assertEqual(saved_message.sender, self.buyer)
+        self.assertEqual(saved_message.recipient, self.seller)
+        self.assertEqual(saved_message.product, self.product)
+
+        # Disconnect the WebSocket
+        await communicator.disconnect()
+

docker-compose.yml

@@ -1,29 +1,45 @@
 services:
-  db:
+  database:
     image: postgres:17.4
+    container_name: database
     restart: always
     volumes:
-      - db_data:/var/lib/postgresql/data
-    env_file:
-      - .env
+      - database:/var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: ${POSTGRES_DB}
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
 
   cache:
     image: redis:7.4.2
+    container_name: cache
     restart: always
     ports:
       - "6379:6379"
 
   rabbitmq:
     image: rabbitmq:3-management
+    container_name: broker
     restart: always
     ports:
       - "15672:15672"
       - "5672:5672"
     env_file:
       - .env
+    healthcheck:
+      test: [ "CMD", "rabbitmq-diagnostics", "ping" ]
+      interval: 10s
+      timeout: 5s
+      retries: 3
 
   web:
     build: .
+    container_name: backend
     command: [ "./wait-for-it.sh", "db:5432", "--",
                "uwsgi", "--ini", "/code/config/uwsgi/uwsgi.ini" ]
     restart: always
@@ -34,12 +50,13 @@ services:
     env_file:
       - .env
     depends_on:
-      - db
       - cache
       - rabbitmq
+      - database
 
   nginx:
     image: nginx:1.27.4
+    container_name: nginx
     restart: always
     volumes:
       - ./config/nginx:/etc/nginx/templates
@@ -48,4 +65,4 @@ services:
       - "80:80"
 
 volumes:
-  db_data:
+  database:

ecommerce_api/settings/base.py

@@ -122,11 +122,11 @@
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.postgresql',
-        'NAME': config('DB_NAME'),
-        'USER': config('DB_USER'),
-        'PASSWORD': config('DB_PASSWORD'),
+        'NAME': config('POSTGRES_DB'),
+        'USER': config('POSTGRES_USER'),
+        'PASSWORD': config('POSTGRES_PASSWORD'),
         'HOST': config('DB_HOST'),
-        'PORT': 5432,
+        'PORT': config('DB_PORT'),
     }
 }
 

entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+echo "Running migrations..."
+python manage.py migrate
+
+echo "Starting server..."
+python manage.py runserver 0.0.0.0:8000

shop/migrations/0004_alter_review_unique_together_and_more.py

@@ -0,0 +1,27 @@
+# Generated by Django 5.2 on 2025-04-29 11:58
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('shop', '0003_rename_image_product_thumbnail'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AlterUniqueTogether(
+            name='review',
+            unique_together={('product', 'user')},
+        ),
+        migrations.AddIndex(
+            model_name='review',
+            index=models.Index(fields=['product'], name='shop_review_product_d2a5c4_idx'),
+        ),
+        migrations.AddIndex(
+            model_name='review',
+            index=models.Index(fields=['user'], name='shop_review_user_id_fcb4ba_idx'),
+        ),
+    ]

shop/models.py

@@ -142,6 +142,23 @@ class Meta:
         verbose_name = "Review"
         verbose_name_plural = "Reviews"
         ordering = ["-created"]
+        indexes = [
+            models.Index(fields=['product']),
+            models.Index(fields=['user']),
+        ]
+        constraints = [
+            models.UniqueConstraint(
+                fields=['user', 'product'],
+                name='unique_user_product_review',
+                violation_error_message='A user can only leave one review per product.'
+            )
+        ]
+
+    def save(self, *args, **kwargs):
+        from django.core.exceptions import ValidationError
+        if not self.product.order_items.filter(order__user=self.user).exists():
+            raise ValidationError("You can only review products you have purchased.")
+        super().save(*args, **kwargs)
 
     def __str__(self):
         return f"Review by {self.user} for {self.product} - {self.rating} stars"

shop/views.py

@@ -101,7 +101,7 @@ class ReviewViewSet(viewsets.ModelViewSet):
     """
     API endpoint for creating, updating, deleting, and listing reviews for a specific product.
     Only authenticated users can create reviews. Only the review owner or a staff member can delete reviews.
-    Only the review owner can update reviews.
+    Only the review owner can update reviews. Users can only leave one review per product, and only for products they have purchased.
     """
     serializer_class = ReviewSerializer
     permission_classes = [IsAuthenticatedOrReadOnly]