创建认证类
import itsdangerous
from rest_framework.authentication import BaseAuthentication
from rest_framework.exceptions import AuthenticationFailed
from App.models import User
from App.util import token_confirm
class MyAuthentaion(BaseAuthentication):
def authenticate(self, request):
token = request.query_params.get('token')
try:
uid = token_confirm.confirm_validate_token(token,expiration=3600)
except itsdangerous.exc.SignatureExpired as e:
print(e)
raise AuthenticationFailed("token过期")
except:
return None
try:
user = User.objects.get(pk=uid)
except:
print("数据库访问错误")
return None
print("认证通过")
return (user, None)
局部认证
class UserInfoView(GenericAPIView):
queryset = User.objects.all()
serializer_class = UserSerializer
authentication_classes = (MyAuthentaion,)
lookup_field = 'pk'
def get(self,request,pk):
obj = self.get_object()
us = UserSerializer(instance=obj)
return Response(us.data)
配置settings实现全局认证
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'应用名.token文件名.类名', ) }