security-first-validatorlisted

# Security-First Validator Enforces security requirements for all Django REST Framework API endpoints. ## Activation Triggers This skill activates when: - Creating API views or viewsets - Creating serializers - Mentioning "endpoint", "API", "view", "route" - Writing DRF classes (APIView, ViewSet, Serializer) - Creating URL patterns for APIs - Discussing authentication or permissions ## Security Requirements (MANDATORY) Every API endpoint MUST have: ### 1. Permission Classes (REQUIRED) ```python from rest_framework import viewsets from rest_framework.permissions import IsAuthenticated class UserViewSet(viewsets.ModelViewSet): permission_classes = [IsAuthenticated] # ✅ REQUIRED # ... ``` ### 2. Serializer Validation (REQUIRED) ```python from rest_framework import serializers class UserSerializer(serializers.ModelSerializer): class Meta: model = User fields = ['id', 'email', 'first_name'] # NO sensitive fields exposed ✅ def validate_email(self, value): # Custom validation ✅ if not value.endswith('@company.com'): raise serializers.ValidationError("Must use company email") return value ``` ### 3. No Raw SQL (REQUIRED) ```python # ❌ DANGEROUS User.objects.raw(f"SELECT * FROM users WHERE id = {user_id}") # ✅ SAFE User.objects.filter(id=user_id) ``` ### 4. Rate Limiting (REQUIRED for sensitive endpoints) ```python from rest_framework.throttling import UserRateThrottle class LoginView(APIVie