django rest framework 认证

Lamire

于 2018-10-26 16:16:21 发布

阅读量112

点赞数

分类专栏： python

本文链接：https://blog.csdn.net/qq_37858720/article/details/83416494

版权

python 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

源码流程：

1.dispatch->封装request

2.self.initial->认证

3.self.perform_authentication(request)->实现认证

4.from rest_framework.request import Request->使用user

5.self._authenticate()->逐步认证

from django.shortcuts import render
from rest_framework.views import APIView
from rest_framework.request import Request
from rest_framework import exceptions
from django.http import JsonResponse, HttpResponse
from rest_framework.authentication import BasicAuthentication
from api import models


def md5(user):
    # 根据用户名生成随机字符串，付值给token
    import hashlib
    import time
    ctime = str(time.time())
    m = hashlib.md5(bytes(user, encoding='utf-8'))
    m.update(bytes(ctime, encoding='utf-8'))
    return m.hexdigest()


class AuthView(APIView):
    # 登录页面，校验密码，并产生token用来保存登陆状态
    authentication_classes = [ ]
    def post(self, request, *args, **kwargs):

        ret = {'code': 1000, 'msg': None}
        try:
            user = request._request.POST.get('username')
            pwd = request._request.POST.get('password')
            obj = models.UserInfo.objects.filter(username=user, password=pwd).first()
            if not obj:
                ret['code'] = 1001
                ret['msg'] = 'user or pwd wrong'
            # 为登陆用户创建token
            token = md5(user)
            # 更新 or 创建
            models.UserToken.objects.update_or_create(user=obj, defaults={'token': token})
            ret['token'] = token
        except Exception as e:
            ret['code'] = 1002
            ret['msg'] = 'error'

        return JsonResponse(ret)

class Authtication(BaseAuthentication):
    # 认证类
    def authenticate(self, request):
        token = request._request.GET.get('token')
        token_obj = models.UserToken.objects.filter(token=token).first()
        if not token_obj:
            raise exceptions.AuthenticationFailed('用户认证失败')
        # 在rest framework内部会将两个字段赋值给request，以供后续操作使用
        return (token_obj.user, token_obj) #request.user;request.auth固定格式

    def authenticate_header(self, request):
        pass

# 模拟订单
ORDER_DICT = {
    1: {
        'name': 'gay',
        'agy': 18,
        'gender': '男',
        'content': 'this is content',
    },
    2: {
        'name': 'dog',
        'agy': 2,
        'gender': '弓',
        'content': 'abc abc',
    }
}


class OrderView(APIView):
    # 订单相关页面,登陆成功才能访问
    # authentication_classes = [Authtication, ]  # 用户认证类,可以有多个认证类

    def get(self, request, *args, **kwargs):
        # request.user
        # request.auth
        # token = request._request.GET.get('token')
        # if not token:
        #     return HttpResponse('用户未登陆')
        ret = {'code': 1000, 'msg': None, 'data': None}
        try:
            ret['data'] = ORDER_DICT
        except Exception as e:
            pass
        return JsonResponse(ret)