使用 DRF 框架 再带的登陆认证进行登陆
# userapp.urls.py ##
from django.urls import path
# drf自带的登陆认证,会自动生成 jwt-token
from rest_framework_jwt.views import obtain_jwt_token # 验证密码后返回token
from userapp.views import *
urlpatterns = [
path('login/', obtain_jwt_token), # 用户登录后返回token
]
## userapp.views.py ## 中自定义 登陆后返回的数据(函数名可自定义)
# 重新用户登录返回函数
def Login_Last(token, user=None, request=None):
'''
:param token: jwt生成的token值
:param user: User对象
:param request: 请求
'''
return {
'token': token,
# 'nick_name': user.nick_name,
'username': user.username,
'id': user.id
}
在setting.py 中告诉django使用我们定义的返回数据
JWT_AUTH = {
'JWT_AUTH_HEADER_PREFIX': 'JWT',
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
'JWT_RESPONSE_PAYLOAD_HANDLER':
'userapp.views.Login_Last', # 重新login登录返回函数
}
drf自带的权限认证
settings.py中指定验证方式
REST_FRAMEWORK = {
# 身份认证
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication', # 配置验证方式为Token验证
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
}
- 全局配置 《一般来说是关闭的,每次都会经过JWT 去验证》
REST_FRAMEWORK = {
# # 全局配置JWT验证设置
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated', # IsAuthenticated 只有登陆后携带token的用户才能访问
# 'rest_framework.permissions.IsAdminUser ', # IsAdminUser 只有超级用户才能访问
# 'rest_framework.permissions.AllowAny ', # AllowAny 允许所有人访问
),
}
- 局部配置
- userapp/views.py
from django.contrib.auth.hashers import make_password
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.permissions import IsAuthenticated, IsAdminUser, AllowAny
class Test(APIView):
permission_classes = [IsAuthenticated]
def get(self, request):
# return Response({'msg': 'OK'})
自定义权限认证
userapp.permissions.py中定义自己的认证方法(继承BasePermission)
from rest_framework.permissions import BasePermission
# 权限认证
from userapp.models import User
class Class2003Apermision(BasePermission):
message = '你的小名必须让人感觉到666'
def has_permission(self, request, view):
# 获取ID
id = request.user.id
if id:
# 判断
user_obj = User.objects.get(id=id)
if user_obj.nick_name == '666':
return True
else:
return False
else:
return False
- 局部配置
from django.contrib.auth.hashers import make_password
from rest_framework.views import APIView
from rest_framework.response import Response
from userapp.permission import VIPPermission
class Test(APIView):
permission_classes = [Class2003Apermision]
def get(self, request):
return Response({'msg': 'OK'})
- 全局配置
settings.py
REST_FRAMEWORK = {
# 认证、权限,全局配置
'DEFAULT_PERMISSION_CLASSER': (
'userapp.permission.VIPPermission'
)
}