python拦截器
api_auth.py
import hashlib
import time
import hashlib
from django.http import HttpResponse
key = "shinvadsp1234567890"
visited_keys = {}
def md5(arg):
hs = hashlib.md5()
hs.update(arg.encode('utf-8'))
return hs.hexdigest()
def api_auth(func):
def inner(request, *args, **kwargs):
server_float_time = time.time()
auth_header_val = request.META.get("HTTP_TOKEN")
if auth_header_val is None:
response = HttpResponse()
response.status_code = 401
response.content = "未授权"
return response
client_md5_str, client_ctime = auth_header_val.split('|', maxsplit=1)
client_float_ctime = float(client_ctime)
# 第一关
if (client_float_ctime + 20) < server_float_time:
response = HttpResponse()
response.status_code = 403
response.content = "超时,禁止访问"
return response
# 第二关
server_md5_str = md5("%s|%s" % (key, client_ctime,))
if server_md5_str != client_md5_str:
response = HttpResponse()
response.status_code = 401
response.content = "未授权"
return response
# 第三关
if visited_keys.get(client_md5_str):
response = HttpResponse()
response.status_code = 401
response.content = "token被使用"
return response
visited_keys[client_md5_str] = client_float_ctime
return func(request, *args, **kwargs)
return inner
测试接口
api.py
from django.http import HttpResponse
from appsydw.action.api.api_auth import api_auth
@api_auth
def test(request):
return HttpResponse("测试")
uniapp/nodejs
请求类封装request.js
import config from './config.js'
import md5 from './md5.js'
/**
* md5生成token
*/
let genToken = function() {
let key = "shinvadsp1234567890"
let ctime = new Date().getTime() / 1000;
let new_key = key + "|" + ctime
let md5_str = md5.hex_md5(new_key)
let token = md5_str + '|' + ctime
return token
}
const request = function(options) {
options.url = config.config.baseURL + options.url;
try {
// 获取放入缓存的字段token
const token = genToken()
if (token) { // 如果存在token 配置请求头
options.header = {
'Token': token,
'Content-Type': 'application/json'
};
} else { // 不存在token 跳转至登录
uni.navigateTo({
url: '/pages/login'
});
return;
}
} catch (err) {
console.log(err)
}
// 这里对response进行处理,
// 401表示登录状态过期,需重新登录
options.complete = (response) => {
if (response.statusCode == 401) {
uni.navigateTo({
url: '/pages/login'
});
return;
}
}
return uni.request(options);
}
export default {
request
}
ajax请求测试
test() {
this.$request({
url: '/test',
method: 'get',
success(res){
console.log("API测试", res)
}
})
}