1.pip install django-simplejwt
2.settings中配置
# 鉴权
INSTALLED_APPS.insert(0, 'rest_framework_simplejwt')
REST_FRAMEWORK = {
# 使用JsonWebToken
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework_simplejwt.authentication.JWTAuthentication',
],
# 全局权限认证
# 'DEFAULT_PERMISSION_CLASSES': [
# 'rest_framework.permissions.IsAuthenticated'
# ]
# 自定义异常处理
'EXCEPTION_HANDLER': 'utils.exceptions.custom_exception_handler'
}
3.serializers配置
# 登录认证
class CustomObtanSerializer(TokenObtainPairSerializer):
def validate(self, attrs): # validate()走玩 => ser.validate_data
# 解包字典
username, password = attrs.values()
# 用户名或者手机查询用户是否存在
user = User.objects.filter(Q(username=username) | Q(mobile=username)).first() # filter找不到包返回None get找不到报错
# 用户存在,并且校验通过
if user and user.check_password(password) and user.is_authenticated: # 判断用户是否登陆 还没动懂
refresh = self.get_token(user)
#在token上追加pyload
refresh["cao"] = "cao"
res = {"code": status.HTTP_200_OK, "data": {}}
res["data"].update({
"token": str(refresh.access_token),
"refresh": str(refresh),
})
return res
else:
""""
登录失败时候修改状态码4种方式
1.# ser = serializers.ValidationError({'msg': 'user no exits'}, 200)
# ser.status_code = 200
2.自定义类 继承APIException
3.在views.exception_handelr处理
4.直接当校验通过return
"""
return {
"message": '用户不存在或账号密码错误',
"code": 400
}
# 登陆的多种方法
# 使用TokenObtainSerializer自带认证方法(只有username和 password)
def f2(self, attrs):
data = super().validate(attrs) # => self.user =>data{'access':xx,'refresh':xxx}
return data
# token新增payload参数
def extendPayload(self, attrs):
data = super().validate(attrs)
refresh = self.get_token(
self.user) # TokenObtainSerializer.get_token() type: <class 'rest_framework_simplejwt.tokens.RefreshToken'>
refresh['extra'] = 'extra info'
data["access"] = str(refresh.access_token)
data["refresh"] = str("refresh")
return data
4.views配置
class CustomObtainView(TokenObtainPairView): #
# 解释了这里的serializer怎么来的 https://blog.csdn.net/HXC_HUANG1/article/details/127736954
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
print(serializer.user)
except TokenError as e:
raise InvalidToken(e.args[0])
# 也可以在views补充需要返回的字段, 扩充 serializer.validated_data
return Response(serializer.validated_data, status=status.HTTP_200_OK)