基于 Django 自带的权限系统认证
-
创建用户
create_user方法from rest_framework.views import APIView from rest_framework.response import Response class UserRegisterView(APIView): '''注册用户''' def post(request, *args, **kwargs): # 添加用户入库 user_obj = User.objects.create_user(**request.data) # 判断是否添加成功 if not user_obj: return Response({"code":0, "msg":"failure" ,"data":{}}, 200) return Response({"code":1,"msg":"success","data":{}}, 200) -
根据用户名和密码登录
from rest_framework.views import APIView from rest_framework.response import Response from django.contrib import auth class UserLoginView(APIView): ''' 用户登录 ''' def post(self, request, *args, **kwargs): # 验证用户权限 auth_obj = auth.authenticate(request, **request.data) # 如果有权限则直接登录,并将信息写入session和request.user中 if auth_obj: # 将用户数据写入request.user中和session中 auth.login(request, auth_obj) # 填充载荷 payload = { "uid": request.user.id } # 生成 token token = jwt_encode(payload) # 返回数据 return Response({"code":1,"msg":"登录成功","data":{"token": token}}, 200) # 返回登陆失败数据 return Response({"code":0, "msg":"用户名或者密码错误" ,"data":{}}, 200) -
注销登录
from rest_framework.views import APIView from rest_framework.response import Response from django.contrib import auth class UserLogoutView(APIView): '''用户注销登录''' def post(request, *args, **kwargs): auth.logout(request) return Response({"code": 1,"msg": "用户登出成功", "data":{}}, 200) -
jwt编码和解码''' 安装 pyjwt: pip install pyjwt ''' import jwt, time SECRET_KEY = "e=-4xbvcg!%0*!d1+a$s(8zb_zljav8gd(mj_v2)@&@!ktpr5(" def jwt_encode(raw, expir=7200): '''jwt编码''' raw['exp'] = int(time.time()) + expir return jwt.encode(raw, SECRET_KEY, algorithm="HS256").decode() def jwt_decode(raw): '''jwt解码''' try: return jwt.decode(raw, SECRET_KEY, algorithms=["HS256"]) except: return {} -
新建中间件
from django.utils.deprecation import MiddlewareMixin from django.http import JsonResponse class UserCheckAuthMiddleware(MiddlewareMixin): '''检查用户登录''' def process_request(request, *args, **kwargs): # 判断请求地址是否在白名单中 if request.path not in ["login/", "logout/", "register/"]: token = request.headers.get("token", "") if not token: return JsonResponse({"code": -1, "msg": "缺省token", "data":{}}, 200) if not jwt_decode(token): return JsonResponse({"code": -1, "msg": "token已过期", "data":{}}, 200) if not request.user.is_active: return JsonResponse({"code": -1, "msg": "用户权限受限,请联系管理员", "data":{}}, 200) return None class ExceptionMiddleware(MiddlewareMixin): '''异常捕获''' def process_exception(self, request, exception): return JsonResponse({ "code": -1, "msg": "服务不可用", "detail": str(exception), "data": {} }) -
常用的方法
方法名 备注 create_user 创建用户 authenticate 登录验证 login 记录登录状态 logout 退出用户登录 is_authenticated 判断用户是否登录 login_required装饰器 进行登录判断