1)pip install djangorestframework-simplejwt安装simplejwt库(python版本>=3.8)
2)在settings.py中注册rest-framework-simplejwt应用,如下
INSTALLED_APPS = [
......
'rest_framework_simplejwt',
]
3)在settings.py中设置JWT鉴权,如下
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
......
'rest_framework_simplejwt.authentication.JWTAuthentication',
],
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated', //设置全局所有视图需要JWT鉴权
]
}
4)自定义用户模型类,需继承AbstractUser,AbstractUser类包含username、password等属性,自定义用户类无需额外添加,只需添加自定义的字段即可,举例如下
class userInfo(AbstractUser):
email = models.EmailField(max_length=20, verbose_name='邮箱')
age = models.IntegerField(verbose_name='年龄', default=18)
def __str__(self):
return self.username
class Meta:
db_table = 'userInfo'
verbose_name = '用户表'
verbose_name_plural = verbose_name
5)创建自定义用户模型对应的序列化器类
class userInfoSerializer(serializers.ModelSerializer):
class Meta:
model = userInfo
fields = '__all__'
6)自定义登录视图,继承TokenObtainPairView类,重新post方法,如下
class LoginView(TokenObtainPairView):
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
return Response(serializer.validated_data, status=status.HTTP_200_OK)
7)用户注册视图实现,需注意用户密码需要加密存储(标红部分,重要!),否则使用注册的账号密码会鉴权失败,如下
class UserList(APIView):
def post(self, request):
serializer = userInfoSerializer(data=request.data)
if serializer.is_valid():
user = userInfo(**serializer.validated_data)
user.set_password(serializer.validated_data['password'])
user.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
8)在settings.py中设置使用自定义用户类进行JWT鉴权,设置如下(其中myservice为app真实名称,userInfo为自定义用户模型类的类名)
AUTH_USER_MODEL = 'myservice.userInfo'
9)如果某个视图函数不需要JWT鉴权,可加如下装饰器去除鉴权
from rest_framework.decorators import authentication_classes
from rest_framework.decorators import permission_classes
@authentication_classes([])
@permission_classes([])
def myfunc(request):
return JsonResponse({'msg': "Hello, world!"})