(1)自定义中间件的方法
django项目跟目录下新建文件middleware, -> 新建middleware.py
# setting中配置中间件
MIDDLEWARE = [
'middleware.middleware.CheckUserMiddleware',
]
import jwt
from django.utils.deprecation import MiddlewareMixin
# 自定义中间件
from project1 import settings
class CheckUserMiddleware(MiddlewareMixin):
def process_request(self, request):
# 注意:以后需要的身份认证的请求,都将身份认证信息(jwt)添加在请求头中
# 请求头的解析方式request.headers.get('token')
token = request.headers.get('token')
# 2.判断token是否存在
# 给request增加一个字段user_info, 保存用户信息
if not token:
request.user_info = None
# 3.token存在,解析token中的内容
else:
payload = jwt.decode(token, key=settings.SECRET_KEY, algorithms='HS256')
# 4.保存解析到的用户信息
request.user_info = payload
中间件在视图中的用法:
中间件在视图中的用法
class UserCenter(APIView):
def put(self, request):
try:
user_info = request.user_info
user = User.objects.get(id=user_info.get("id"))
except Exception as e:
print(e)
return Response({"code": 204, "msg": "用户未登录或不存在"})
(2)用户强登装饰器
class OrderInfo(APIView):
@check_login #装饰器加在要装饰的函数上面
def get(self, request):
request.user_id # 用户id
request.user # 用户模型类对象
import jwt
from rest_framework.response import Response
from p9_s import settings
from user.models import User
def check_login(func):
def wrapper(self, request, *args, **kwargs):
token = request.headers.get('token')
try:
payload = jwt.decode(token, key=settings.SECRET_KEY, algorithms='HS256')
except:
return Response({
'code': 403, 'msg': '用户未登录'
})
request.user_id = payload.get('user_id')
request.user = User.objects.filter(id=request.user_id).first()
return func(self, request, *args, **kwargs)
return wrapper
vue#########
前端请求中 给一个token的携带参数
this.$axios
.get("/goods/user/collection/", { //请求头携带一个token数据
headers:{'token':localStorage.getItem("token")||"", platform:"web"}
})