创建一个名为API的Django工程目录和一个名为Blog_RestApi的app
API—>urls.py:
from django.contrib import admin
from django.urls import path, include
urlpatterns = [
path('admin/', admin.site.urls),
path('api/',include('Blog_RestApi.urls'))
]
API—>Blog_RestApi—>urls.py:
from django.urls import path, include
from Blog_RestApi import views
urlpatterns=[
path('login/',views.LoginView.as_view()),
path('register/',views.RegisterView.as_view()),
path('order/',views.TokenView.as_view()),
]
Blog_RestApi—>models.py:
from django.db import models
class User(models.Model):
username=models.CharField(max_length=32)
passwd=models.CharField(max_length=64)
##允许这个字符串为空
token=models.CharField(max_length=64,blank=True)
Blog_RestApi—>views.py:
from Blog_RestApi.models import User
from rest_framework.views import APIView
from rest_framework.response import Response
import uuid
class RegisterView(APIView):
def post(self,request,*args,**kwargs):
#获取用户提交的数据
#session:request.session.get('')
user=request.query_params.get('username')
"""
def query_params(self):
#More semantically correct name for request.GET.
return self._request.GET
相当于:user=request._request.GET('username')
"""
pwd=request.query_params.get('password')
#实例化用户表
userinfo=User()
userinfo.username=user
userinfo.passwd=pwd
userinfo.save()
return Response({'code':200,'successful':'注册成功'})
class LoginView(APIView):
def post(self,request,*args,**kwargs):
#request.data返回请求正文的解析内容
user=request.data.get('username')
pwd=request.data.get('password')
"""
user_object=User.objects.filter(username=user,passwd=pwd).first()
try:
p = Article.objects.order_by('title', 'pub_date')[0]
except IndexError:
p = None
print(type(user_object))
1.加first()就是一个User对象
<class 'Blog_RestApi.models.User'>
2.不加first()的话就是一个Queryset对象
<class 'django.db.models.query.QuerySet'>
不能save:AttributeError: 'QuerySet' object has no attribute 'save'
"""
##通过用户名和密码在数据库中找user对象
user_object=User.objects.filter(username=user,passwd=pwd).first()
#print(type(user_object))
##如果用户名和密码不正确
if not user_object:
return Response({'code':403,'error':'用户名或密码错误'})
#生成token:随机字符串
random_str=str(uuid.uuid4())
user_object.token=random_str
#每post一次随机字符串token会变,数据库也会更新token
user_object.save()
#返回给用户token
return Response({'code':200,'data':random_str})
class TokenView(APIView):
def get(self,request,*args,**kwargs):
##request.query_params.get()就是通过url接收参数
token=request.query_params.get('token')
if not token:
return Response({'code':403,'error':'请先登陆'})
#验证用户的token是否存在数据库中,目前这个token是没有时间限制的
user_object=User.objects.filter(token=token).first()
if not user_object:
return Response({'code':403,'error':'无效token'})
return Response('token验证成功')
测试:
1.注册用户:
2.登陆
(这个返回的data就是token)
3.token验证: