django Token权限认证
- 重写rest_framework中的TokenAuthentication,设置token的过期时间
-
users.models.py
# Create your models here. from rest_framework.authtoken.models import Token class PrivateToken(Token): """ 继承Token模型,方便后期扩展 """ class Meta: verbose_name = 'Private Token'
-
users.authentication.py
from datetime import timedelta from django.conf import settings from django.utils import timezone from django.utils.translation import ugettext_lazy as _ from rest_framework import authentication, exceptions from users.models import PrivateToken class PrivateTokenAuthentication(authentication.TokenAuthentication): """ API接口Token认证 """ model = PrivateToken def authenticate_credentials(self, key): model = self.get_model() try: token = model.objects.select_related('user').get(key=key) except model.DoesNotExist: raise exceptions.AuthenticationFailed(_('Invalid token.')) if not token.user.is_active: raise exceptions.AuthenticationFailed(_('User inactive or deleted.')) if timezone.now() > (token.created + timedelta(seconds=settings.TOKEN_EXPIRATION)): raise exceptions.AuthenticationFailed(_('Token has expired')) return (token.user, token)
-
settings.py
REST_FRAMEWORK = { # Use Django's standard `django.contrib.auth` permissions, # or allow read-only access for unauthenticated users. 'EXCEPTION_HANDLER': 'common.views.exception_handler', 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', ), 'DEFAULT_RENDERER_CLASSES': ( 'rest_framework.renderers.JSONRenderer', 'rest_framework.renderers.BrowsableAPIRenderer', ), 'DEFAULT_PARSER_CLASSES': ( 'rest_framework.parsers.JSONParser', 'rest_framework.parsers.FormParser', 'rest_framework.parsers.MultiPartParser', 'rest_framework.parsers.FileUploadParser', ), 'DEFAULT_AUTHENTICATION_CLASSES': ( 'users.authentication.PrivateTokenAuthentication', # 这里添加 # 'users.authentication.SessionAuthentication', ), 'DEFAULT_FILTER_BACKENDS': ( 'django_filters.rest_framework.DjangoFilterBackend', 'rest_framework.filters.SearchFilter', 'rest_framework.filters.OrderingFilter', ), 'ORDERING_PARAM': "order", 'SEARCH_PARAM': "search", 'DATETIME_FORMAT': '%Y-%m-%d %H:%M:%S %z', 'DATETIME_INPUT_FORMATS': ['%Y-%m-%d %H:%M:%S %z'], 'PAGINATE_BY': 10, 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination', 'PAGE_SIZE': 15 }