使用 DRF 框架 再带的登陆认证进行登陆
userapp.urls.py
from django.urls import path
from userapp import views as userviews
from rest_framework_jwt.views import obtain_jwt_token
urlpatterns = [
path('login/', obtain_jwt_token),
]
userapp.views.py 中自定义 登陆后返回的数据(函数名可自定义)
def jwt_response_payload_handler(token, user=None, request=None):
"""
:param token: jwt生成的token值
:param user: User对象
:param request: 请求
"""
return {
'token': token,
'name': user.nick_name,
"username": user.username,
'id': user.id,
}
在setting.py 中告诉django使用我们定义的返回数据
import datetime
JWT_AUTH = {
'JWT_AUTH_HEADER_PREFIX': 'JWT',
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
'JWT_RESPONSE_PAYLOAD_HANDLER':
'userapp.views.jwt_response_payload_handler',
}
drf自带的权限认证
settings.py中指定验证方式
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
}
全局配置
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSER': (
'rest_framework.permissions.IsAuthenticated',
)
}
views.py
class Test(APIView):
permission_classes = [IsAuthenticated]
def get(self, request):
return Response({'msg': 'OK'})
局部配置
views.py 中类中指定认证方式
from django.contrib.auth.hashers import make_password
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.permissions import IsAuthenticated, IsAdminUser, AllowAny
class Test(APIView):
permission_classes = [IsAuthenticated]
def get(self, request):
return Response({'msg': 'OK'})
自定义权限认证
userapp.permission.py中定义自己的认证方法(继承BasePermission)
from rest_framework.permissions import BasePermission
from userapp.models import User
class VIPPermission(BasePermission):
message = '必须是VIP才能访问'
def has_permission(self, request, view):
print(request.user.id)
user_obj = User.objects.filter(id=request.user.id).first()
if user_obj.vip_id != 1:
return False
return True
局部配置
views.py
from django.contrib.auth.hashers import make_password
from rest_framework.views import APIView
from rest_framework.response import Response
from userapp.permission import VIPPermission
class Test(APIView):
permission_classes = [VIPPermission]
def get(self, request):
return Response({'msg': 'OK'})
全局配置
settings.py
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSER': (
'userapp.permission.VIPPermission'
)
}