Python3+Django2的Authorization Token验证

转载请著名出处:https://blog.csdn.net/qq_32506429/article/details/89641123

初学Python Web,环境是python3 +Django2,然后Web想做简单的用户token验证,验证通过才能进行其他操作;在网上找了好久,先学了装饰器,才看懂很多教程,但是没有直接上代码的,对伸手党的我很不友好(>.<羞耻...),所以研究了一天后决定写一篇博客,好了不废话,上干货。

第一步:引入pyjwt:

pip3 install pyjwt

第二步:在models里建立自己的用户类 Member

from django.db import models
from DjangoUeditor.models import UEditorField
import jwt
from InterviewQA import settings
import datetime


class Member(models.Model):
    username = models.CharField(max_length=11, verbose_name='用户名')
    password = models.CharField(max_length=48, verbose_name='密码')
    create_time = models.DateTimeField(auto_now_add=True, verbose_name='添加时间')
    phone = models.CharField(max_length=11, verbose_name='手机号')
    account_type_choice = ((1, "普通会员"), (2, "高级会员"), (3, "企业普通会员"),
                           (4, "企业高级会员"))
    account_type = models.IntegerField(choices=account_type_choice, default=1,
                                       verbose_name='账号类型')
    age = models.IntegerField(default=0, verbose_name='年龄')
    birthday = models.DateField(verbose_name='生日', auto_now=True, blank=True)
    update_time = models.DateTimeField(auto_now=True, verbose_name='修改时间', blank=True, null=True)
    #real_name = models.OneToOneField("RealName", on_delete=models.SET_NULL, null=True, blank=True)
    nick_name = models.CharField(max_length=24, verbose_name='昵称', default="新用户")
    login_time = models.DateTimeField(verbose_name='登录时间', auto_now=True, blank=True)
    last_login_time = models.DateTimeField(verbose_name='上次登录时间', auto_now=False, blank=True,
                                           default=datetime.datetime.utcnow())
    vip_start_time = models.DateTimeField(verbose_name='会员开始时间', auto_now=True, blank=True)
    vip_end_time = models.DateTimeField(verbose_name='会员结束时间', auto_now=True, blank=True)
    account_status_choice = ((1, "正常"), (2, "冻结"), (3, "删除"))
    account_status = models.IntegerField(choices=account_status_choice, default=1,
                                         verbose_name='账户状态')
    email = models.EmailField(verbose_name='邮箱', blank=True)
    QQ = models.CharField(max_length=24, verbose_name='QQ', blank=True)
    WeChart = models.CharField(max_length=32, verbose_name='微信', blank=True)
    sign = models.CharField(max_length=32, verbose_name='签名', blank=True)
    balance = models.DecimalField(max_digits=10, decimal_places=2, verbose_name='余额', blank=True, default=0.00)
    integral = models.DecimalField(max_digits=10, decimal_places=2, verbose_name='积分', blank=True, default=0.00)
    head = models.ImageField(upload_to="head", default='head/7d9d46ae3c9edc877151647bf9c6560020190422165247_90.jpg',
                             verbose_name='头像', null=True, blank=True)

    exp_time = models.DateTimeField(verbose_name='Token过期时间', auto_now=False, blank=True,
                                    default=datetime.datetime.utcnow() + datetime.timedelta(days=1))

    def __str__(self):
        return self.nick_name

    @property
    def token(self):
        return self._generate_jwt_token()

    def _generate_jwt_token(self):
        exp = datetime.datetime.utcnow() + datetime.timedelta(days=1)
        token = jwt.encode({
            'exp': exp,
            'iat': datetime.datetime.utcnow(),
            'data': {
                'username': self.username
            }
        }, settings.SECRET_KEY, algorithm='HS256')
        lt = self.login_time
        nt = datetime.datetime.utcnow()
        # print("exp=", exp)
        self.exp_time = exp
        self.last_login_time = lt
        self.login_time = nt
        self.save()
        return token.decode('utf-8')

    class Meta:
        verbose_name = '用户'
        verbose_name_plural = '用户' 

第三步:创建验证token的装饰器

from django.conf import settings
from django.http import JsonResponse
from django.core.exceptions import PermissionDenied
import jwt

# 引入自己建的数据库model类
from app.models import Member


def auth_permission_required(perm):
    def decorator(view_func):
        def _wrapped_view(request, *args, **kwargs):
            # 格式化权限
            perms = (perm,) if isinstance(perm, str) else perm

            if request.user.is_authenticated:
                # 正常登录用户判断是否有权限
                if not request.user.has_perms(perms):
                    raise PermissionDenied
            else:
                try:
                    auth = request.META.get('HTTP_AUTHORIZATION').split()
                except AttributeError:
                    return JsonResponse({'status': 0, 'err': '缺少参数Token'})
                    # return JsonResponse({"code": 401, "message": "No authenticate header"})

                # 用户通过API获取数据验证流程
                if auth[0].lower() == 'token':
                    try:
                        dict = jwt.decode(auth[1], settings.SECRET_KEY, algorithms=['HS256'])
                        username = dict.get('data').get('username')
                    except jwt.ExpiredSignatureError:
                        return JsonResponse({'status': 0, 'err': 'Token已过期'})
                        # return JsonResponse({"status_code": 401, "message": "Token expired"})
                    except jwt.InvalidTokenError:
                        return JsonResponse({'status': 0, 'err': '无效的Token'})
                    except Exception as e:
                        return JsonResponse({'status': 0, 'err': '获取用户失败'})

                    try:
                        user = Member.objects.get(username=username)
                    except Member.DoesNotExist:
                        return JsonResponse({'status': 0, 'err': "用户不存在"})

                    if user.account_status != 1:
                        return JsonResponse({'status': 0, 'err': "账户异常"})

                    # # Token登录的用户判断是否有权限
                    # if not user.has_perms(perms):
                    #     return JsonResponse({'status': 0, 'err': "未授权用户,被拒绝访问"})
                else:
                    return JsonResponse({'status': 0, 'err': "不支持身份验证类型"})

            return view_func(request, *args, **kwargs)

        return _wrapped_view

    return decorator


def get_user(req):
    auth = req.META.get('HTTP_AUTHORIZATION').split()
    dict = jwt.decode(auth[1], settings.SECRET_KEY, algorithms=['HS256'])
    username = dict.get('data').get('username')
    try:
        user = Member.objects.get(username=username)
    except Member.DoesNotExist:
        return JsonResponse({'status': 0, 'err': "用户不存在"})

    return user
 

第四步:登录获取token

 

from app.models import Member
#登录
def login(req):
    res = {'status': 1, 'err': '',
           'data': {'is_success': False, "token": "",
                    'last_login_time': '', 'login_time': '', 'exp_time': ''}}
    if req.method == 'POST':
        phone = req.POST.get("phone")
        pwd = req.POST.get("password")
        print(phone, pwd)
        if not phone:
            res["err"] = "请输入手机号"
            return json_response(res)
        if not pwd:
            res["err"] = "请输入密码"
            return json_response(res)
        try:
            user = Member.objects.get(username=phone)
        except Member.DoesNotExist:
            res["err"] = "用户不存在"
            return json_response(res)

        if user:
            if user.account_status == 1:
                print(user.nick_name)
                p = sha1_encode(pwd)
                if p != user.password:
                    res["err"] = "用户名密码错误"
                    return json_response(res)
                else:
                    res["msg"] = "登录成功"
                    res["data"]["is_success"] = True
                    #调用user.token会创建token
                    res["data"]["token"] = user.token
                    res["data"]["last_login_time"] = user.last_login_time
                    res["data"]["login_time"] = user.login_time
                    res["data"]["exp_time"] = user.exp_time
                    return json_response(res)
            res["err"] = "用户不存在"
            return json_response(res)
        else:
            res["err"] = "用户不存在"
            return json_response(res)

    else:
        res["err"] = "请求方式错误"
        return json_response(res) 

 

第五步:用token获取用户信息、通过token修改用户信息等等

from app.decorator.UserAuth import auth_permission_required, get_user
from app.models import Member
# token验证装饰器
@auth_permission_required('account.select_user')
def info(req):
    res = {'status': 1, 'err': '', 'data': {}}
    if req.method == 'GET':
        user = get_user(req)

        res['data']["username"] = user.username
        res['data']["phone"] = user.phone
        res['data']["account_type"] = user.account_type
        res['data']["age"] = user.age
        res['data']["birthday"] = user.birthday
        res['data']["real_name"] = user.real_name
        res['data']["nick_name"] = user.nick_name
        res['data']["account_status"] = user.account_status
        res['data']["email"] = user.email
        res['data']["QQ"] = user.QQ
        res['data']["WeChart"] = user.WeChart
        res['data']["sign"] = user.sign
        res['data']["balance"] = user.balance
        res['data']["integral"] = user.integral
        res['data']["head"] = settings.HTTP_PORT + user.head.url
        return json_response(res)
    res["err"] = "请求方式错误"
    return json_response(res)

 

# token验证装饰器
@auth_permission_required('account.change_user')
def update(req):
    res = {'status': 1, 'err': '', 'data': {'is_success': False}}
    if req.method == 'POST':
        nick_name = req.POST.get("nickname")
        phone = req.POST.get("phone")
        head = req.POST.get("head")
        QQ = req.POST.get("QQ")
        email = req.POST.get("email")
        WeChart = req.POST.get("WeChart")
        sign = req.POST.get("sign")
        birthday = req.POST.get("birthday")

        user = get_user(req)

        try:
            with transaction.atomic():
                if phone:
                    user.username = phone
                    user.phone = phone
                if nick_name:
                    user.nick_name = nick_name
                if head:
                    user.head = head
                if QQ:
                    user.QQ = QQ
                if email:
                    user.email = email
                if WeChart:
                    user.WeChart = WeChart
                if sign:
                    user.sign = sign
                if birthday:
                    user.birthday = birthday

                user.update_time = datetime.datetime.utcnow()
                user.save()

                res["msg"] = "修改成功"
                res["data"]["is_success"] = True
                return json_response(res)

        except Exception as e:
            print(e)
            res["err"] = "修改失败"
            return json_response(res)

    else:
        res["err"] = "请求方式错误"
        return json_response(res)

 

登录:

登录获取token

 

获取用户信息:header里添加Authorization  值为"Token  登录时返回的token" ;"Token"后有个空格;

 

 

用token修改用户信息:

 

修改前:

 

修改后:

 

参考资料:https://www.jb51.net/article/155177.htm 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值