微信小程序python token验证_微信小程序-drf登录认证组件

微信小程序-drf登录认证组件

- 通过全局的用户判断是否登录

- 登录用户则校验用户的token值

1. config - settings.js

- api.js

- settings.js

# 模块化：登录页面路由

module.exports = {

loginPage: "/pages/login/login"

}

2. utils - auth.js

- auth.js

# 获取应用实例

var settings = require('../config/settings.js')

var app = getApp()

function authentication() {

if (!app.globalData.userInfo) {

wx.navigateTo({

// settings.loginPage,登录路由

url: settings.loginPage

})

return false

}

return true

}

# 认证函数模块化

module.exports = {

authentication: authentication

}

3. 示例：用户评论

pages

- newsDetail

- newsDetail.js

// pages/newsDetail/newsDetail.js

var api = require("../../config/api.js")

var auth = require('../../utils/auth.js')

var app = getApp()

# 评论之前判断用户是否登录

onClickShowCommentModal: function(e) {

if (!auth.authentication()) {

return

}

var replyInfo = e.currentTarget.dataset;

this.setData({

isShowCommentModal: true,

reply: replyInfo,

});

},

4. 提交评论-- 用户已登录，发送请求携带token值

'''

# 请求头携带用户的token值，此处涉及到js的三元运算

header: {

Authorization: userInfo ? "token " + userInfo.token : ""

},

'''

onClickPostComment: function() {

// 发布评论，将评论数据发送到后台接口

var userInfo = app.globalData.userInfo;

wx.request({

url: api.Comment,

data: this.data.reply,

method: 'POST',

dataType: 'json',

header: {

Authorization: userInfo ? "token " + userInfo.token : ""

},

responseType: 'text',

success: (res) => {

...

}

})

}

5. 后端校验 token值是否一致

utils

- auth.py

'''

如果用户已登录，则在request.user和request.auth中赋值；未登录则做任何操作。

用户需要在请求头Authorization中传递token，格式如下：

Authorization: token 401f7ac837da42b97f613d789819ff93537bee6a

建议：配合和配置文件一起使用，未认证的用户request.user和request.auth的值为None

REST_FRAMEWORK = {

"UNAUTHENTICATED_USER":None,

"UNAUTHENTICATED_TOKEN":None

}

'''

通用认证

#!/usr/bin/env python

# -*- coding:utf-8 -*-

from rest_framework.authentication import BaseAuthentication

from rest_framework.authentication import get_authorization_header

from apps.api import models

from rest_framework import exceptions

class GeneralAuthentication(BaseAuthentication):

"""

通用认证(所有页面都可以应用)

"""

keyword = "token"

def authenticate(self, request):

# 认证元组

auth_tuple = get_authorization_header(request).split()

# 1.如果没有传token，则通过本次认证，进行之后的认证

if not auth_tuple:

return None

# 2.如果传递token，格式不符，则通过本次认证，进行之后的认证

if len(auth_tuple) != 2:

return None

# 3.如果传递了token，但token的名称不符，则通过本次认证，进行之后的认证

if auth_tuple[0].lower() != self.keyword.lower().encode():

return None

# 4.对token进行认证，如果通过了则给request.user和request.auth赋值，否则返回None

try:

token = auth_tuple[1].decode()

user_object = models.UserInfo.objects.get(token=token)

return (user_object, token)

except Exception as e:

return None

用户认证

class UserAuthentication(BaseAuthentication):

"""

token 认证

"""

keyword = "token"

def authenticate(self, request):

auth_tuple = get_authorization_header(request).split()

'''

print(auth_tuple)

auth_tuple = [b'token', b'a33409078e8ff69c16e813442ac1ce5d']

'''

if not auth_tuple:

raise exceptions.AuthenticationFailed('认证失败')

if len(auth_tuple) != 2:

raise exceptions.AuthenticationFailed('认证失败')

if auth_tuple[0].lower() != self.keyword.lower().encode():

raise exceptions.AuthenticationFailed('认证失败')

try:

token = auth_tuple[1].decode()

user_object = models.UserInfo.objects.get(token=token)

return (user_object, token)

except Exception as e:

raise exceptions.AuthenticationFailed('认证失败')

视图函数添加认证类 --评论

from utils.auth import UserAuthentication, GeneralAuthentication

class CommentView(CreateAPIView, ListAPIView):

'''

POST请求提交评论：用户认证类

'''

serializer_class = CommentModelSerializer

queryset = models.CommentRecord.objects

filter_backends = [ChildCommentFilter, ]

def get_authenticators(self):

if self.request.method == 'POST':

return [UserAuthentication(), ]

return [GeneralAuthentication(), ]