Deployed Django Rest Framework API gives "Server got itself in trouble" on any call with payload

I am deploying my Django Rest API to a web server running on Ubuntu 24.04 LTS Linux and using the Apache web server. This web server is external; I have not set it up, and so some of the details on how it works is a blackbox to me.

I have run into a very annoying error in which I will get a 500 error saying "Server got itself in trouble" whenever I add payload to any sort of request. It doesn't matter the method: it can be a GET, POST, PUT, PATCH or DELETE and it will still run into the error... For instance, a GET request with some payload will give this error

However, when I run a request without a payload, I don't run into this error (I run into expected errors for not including expected request data instead)... The same request, but without a request body

Here are some details on the server, that could give insight:

Diagram of how the external server works

  • The app runs within a Gunicorn container
  • Client requests go to a reverse proxy and they are redirected to the app
  • The app handles incoming requests and is listening out for them

Here is also the settings.py I am using. I have DEBUG=True for now to try to get to the root of the issue...

"""
Django settings for server project.

Generated by 'django-admin startproject' using Django 5.1.4.

For more information on this file, see
https://docs.djangoproject.com/en/5.1/topics/settings/

For the full list of settings and their values, see
https://docs.djangoproject.com/en/5.1/ref/settings/
"""

from pathlib import Path
from datetime import timedelta
from cryptography.fernet import Fernet
import sys
import environ 
import os

env = environ.Env()
environ.Env.read_env()

USE_X_FORWARDED_HOST = True

# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent

# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/5.1/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'django-insecure-(ltwgqma)#6=y3!dcw4b&8sog&%y@i51d1ye*(w_fk$9p0tvip'

ENCRYPTED_FIELDS_KEY = env('ENCRYPTED_FIELDS_KEY')

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True

ALLOWED_HOSTS = ['*']


# Application definition

INSTALLED_APPS = [
    'daphne',
    'django_eventstream',
    
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    
    'django_extensions',
    
    'django_apscheduler',
    'rest_framework',
    'rest_framework_simplejwt.token_blacklist',
    'corsheaders',
    
    'apps.api'
]

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

ROOT_URLCONF = 'server.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

# WSGI_APPLICATION = 'server.wsgi.application'
ASGI_APPLICATION = "server.asgi.application"

# Database
# https://docs.djangoproject.com/en/5.1/ref/settings/#databases

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'HOST': 'server.com',
        'NAME': env('DB_NAME'),
        'USER': env('DB_USERNAME'),
        'PASSWORD': env('DB_PASSWORD')
    }
}

# Password validation
# https://docs.djangoproject.com/en/5.1/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]


LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_TZ = True

FIXTURE_DIRS = [
    'fixtures'
]

STATIC_URL = 'static/'

MEDIA_ROOT =  os.path.join(os.path.dirname(BASE_DIR), "server/media")

DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'

CORS_ALLOW_ALL_ORIGINS = True

AUTH_USER_MODEL = "users.User"

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.AllowAny',
    ],
     'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ],
    'DEFAULT_RENDERER_CLASSES': [
        'rest_framework.renderers.JSONRenderer',
    ],
    'DEFAULT_PARSER_CLASSES': [
        'rest_framework.parsers.JSONParser',
    ]
}
SIMPLE_JWT = {
     'ACCESS_TOKEN_LIFETIME': timedelta(minutes=10),
     'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
     'ROTATE_REFRESH_TOKENS': True,
     'BLACKLIST_AFTER_ROTATION': False,
     
     'USER_ID_FIELD': 'user_id'
}

LOGGING = {
    "version": 1,
    "disable_existing_loggers": False,
    "handlers": {
        "console": {
            "class": "logging.StreamHandler",
        },
    },
    "root": {
        "handlers": ["console"],
        "level": "WARNING",
    },
}

if 'test' in sys.argv:
    DATABASES['default'] = {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': 'test'
    }

There are logs I can access, but there is nothing there other than api/users 404: Bad request that indicate the error.

Thank you to anyone who can help me get to the bottom on this!

The error appears to be occurring because the view isn't checking if the user is authenticated before accessing its attributes. Django uses AnonymousUser to handle unauthenticated user sessions, and this model doesn't have a user_id field, which is causing the 500 error.

Check your view to see if you're ensuring the user is authenticated before attempting to access the user_id. Something like this might help:

if not request.user.is_authenticated:
    return JsonResponse({"error": "User not authenticated"}, status=401)

However, to help you better, could you share the code for your full view? Specifically, how you're getting the user and accessing their attributes.

Вернуться на верх