源码流程:
1.dispatch->封装request
2.self.initial->认证
3.self.perform_authentication(request)->实现认证
4.from rest_framework.request import Request->使用user
5.self._authenticate()->逐步认证
from django.shortcuts import render
from rest_framework.views import APIView
from rest_framework.request import Request
from rest_framework import exceptions
from django.http import JsonResponse, HttpResponse
from rest_framework.authentication import BasicAuthentication
from api import models
def md5(user):
# 根据用户名生成随机字符串,付值给token
import hashlib
import time
ctime = str(time.time())
m = hashlib.md5(bytes(user, encoding='utf-8'))
m.update(bytes(ctime, encoding='utf-8'))
return m.hexdigest()
class AuthView(APIView):
# 登录页面,校验密码,并产生token用来保存登陆状态
authentication_classes = [ ]
def post(self, request, *args, **kwargs):
ret = {'code': 1000, 'msg': None}
try:
user = request._request.POST.get('username')
pwd = request._request.POST.get('password')
obj = models.UserInfo.objects.filter(username=user, password=pwd).first()
if not obj:
ret['code'] = 1001
ret['msg'] = 'user or pwd wrong'
# 为登陆用户创建token
token = md5(user)
# 更新 or 创建
models.UserToken.objects.update_or_create(user=obj, defaults={'token': token})
ret['token'] = token
except Exception as e:
ret['code'] = 1002
ret['msg'] = 'error'
return JsonResponse(ret)
class Authtication(BaseAuthentication):
# 认证类
def authenticate(self, request):
token = request._request.GET.get('token')
token_obj = models.UserToken.objects.filter(token=token).first()
if not token_obj:
raise exceptions.AuthenticationFailed('用户认证失败')
# 在rest framework内部会将两个字段赋值给request,以供后续操作使用
return (token_obj.user, token_obj) #request.user;request.auth固定格式
def authenticate_header(self, request):
pass
# 模拟订单
ORDER_DICT = {
1: {
'name': 'gay',
'agy': 18,
'gender': '男',
'content': 'this is content',
},
2: {
'name': 'dog',
'agy': 2,
'gender': '弓',
'content': 'abc abc',
}
}
class OrderView(APIView):
# 订单相关页面,登陆成功才能访问
# authentication_classes = [Authtication, ] # 用户认证类,可以有多个认证类
def get(self, request, *args, **kwargs):
# request.user
# request.auth
# token = request._request.GET.get('token')
# if not token:
# return HttpResponse('用户未登陆')
ret = {'code': 1000, 'msg': None, 'data': None}
try:
ret['data'] = ORDER_DICT
except Exception as e:
pass
return JsonResponse(ret)