配置key和时间【在setting中添加】
token_key = secrets.token_hex(16)
JWT_SECRET_KEY = token_key
JWT_EXPIRATION_DELTA = datetime.timedelta(days=1)
设置【在setting中添加】
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
# 其他认证类...
),
}
创建一个构造函数
def create_jwt_token(username, password, role):
# payload 可以更改
payload = {
'password': password,
'username': username,
'role': role,
'exp': datetime.utcnow() + settings.JWT_EXPIRATION_DELTA
}
return jwt.encode(payload, settings.JWT_SECRET_KEY, algorithm='HS256')
使用构造函数生成token
token = create_jwt_token(username, password, role)
res['token'] = token.decode('utf-8')
验证
前端在登录时候储存信息
login() {
axios.post("http://localhost:8000/api/login/", this.user).then(res => {
if (res.data.code === 200) {
this.$message.success(res.data.msg)
localStorage.setItem('jwtToken', token);
setTimeout(() => {
location.href = "/"
}, 400)
} else {
this.$message.error(res.data.msg)
}
})
调用储存的token
methods: {
get_username() {
// 获取存储在本地存储中的JWT令牌
const token = localStorage.getItem('jwtToken');
// 如果没有令牌,你可能需要进行一些处理,比如重定向到登录页面或者显示错误信息
if (!token) {
console.error("未找到JWT令牌");
return;
}
// 将JWT令牌添加到请求标头中
const headers = {
'Authorization': `Bearer ${token}`
};
axios.get("http://localhost:8000/api/get_username/",
{ headers }
).then(res => {
console.log(res);
if (res.data.code[0] === 200) {
this.username = res.data.username[0]
} else {
this.$message.error(res.data.msg)
}
})
}
},
created() {
this.get_username()
}
后端解析jwt
import jwt
from django.conf import settings
from django.http import JsonResponse
from django.views import View
class IndexView(View):
def get(self, request):
res = {
"msg": "获取token失败",
"code": 425,
"username": None,
"role": None
}
token = request.headers.get('Authorization')
# 解析token
if not token:
return JsonResponse(res)
token = token.split(" ")[1]
try:
decoded_token = jwt.decode(token, settings.JWT_SECRET_KEY, algorithms=['HS256'])
username = decoded_token['username']
role = decoded_token['role']
except jwt.ExpiredSignatureError:
res["msg"] = "token已过期"
return JsonResponse(res)
except jwt.InvalidTokenError:
res["msg"] = "token无效"
return JsonResponse(res)
res["code"] = 200,
res["msg"] = "获取成功",
res["username"] = username,
res["role"] = role
return JsonResponse(res)