美文网首页
drf tooken

drf tooken

作者: 晨颜 | 来源:发表于2023-06-03 17:47 被阅读0次

    1.基于user表快速签发

    from rest_framework_jwt.views import obtain_jwt_token
    path('login/', obtain_jwt_token),  # 快速签发
    

    2.修改快速签发的过期时间,返回格式

    import datetime
    JWT_AUTH = {
        'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
        'JWT_RESPONSE_PAYLOAD_HANDLER': 'app01.utils.jwt_response_payload_handler',
    }
    #utils.py
    def jwt_response_payload_handler(token, user=None, request=None):
        return {'status': 100,'msg': '登录成功','username':user.username,'token': token}
    

    3自己写签发

    class UserView(ViewSet):
        @action(methods=['POST'], detail=False)
        def login(self, request):
            username = request.data.get('username')
            password = request.data.get('password')
            user = authenticate(username=username, password=password)
            if user:
                # 通过user拿到payload
                payload = jwt_payload_handler(user)
                # 通过payload拿到token
                token = jwt_encode_handler(payload)
                return Response({'code': 100, 'msg': '登录成功', 'token': token})
             return Response({'code': 101, 'msg': '用户名或密码错误'})
    

    4.注册普通用户
    如果,直接注册,则密码明文表示,想要密文表示,需要make_password
    方法1

    #views
    class UserView(ViewSet):
        from rest_framework.decorators import action
        @action(methods=['POST'], detail=False)
        def register(self,request):
            username = request.data.get('username')
            password = request.data.get('password')
            userobj=User.objects.filter(username=username)
            if userobj:return Response({'code':101,'msg':'用户名存在'})
            User.objects.create(username=username,password=password)
            return Response({'code': 100, 'msg': 'ok'})
    #modles
    class User(AbstractUser):
        mobile=models.CharField(max_length=11)
        password = models.CharField(max_length=128)
        def save(self, *args, **kwargs):
            from django.contrib.auth.hashers import make_password
            self.password=make_password(self.password)
            super().save(*args, **kwargs)
    

    方法2,直接在视图类加密密码

    class UserView(ViewSet):
        from rest_framework.decorators import action
        @action(methods=['POST'], detail=False)
        def register(self,request):
            username = request.data.get('username')
            password = request.data.get('password')
            from django.contrib.auth.hashers import make_password
            password=make_password(password)
            userobj=User.objects.filter(username=username)
            if userobj:return Response({'code':101,'msg':'用户名存在'})
            User.objects.create(username=username,password=password)
            return Response({'code': 100, 'msg': 'ok'})
    

    tooken校验#重点看,还没有吃透

    # JWTAuthentication.py
    from rest_framework.authentication import BaseAuthentication
    from rest_framework.exceptions import AuthenticationFailed
    
    import jwt
    from rest_framework_jwt.settings import api_settings
    from .models import User
    
    jwt_decode_handler = api_settings.JWT_DECODE_HANDLER
    class JWTAuthentication(BaseAuthentication):
        def authenticate(self, request):
            token=request.META.get("HTTP_TOKEN")#{'user_id': 1, 'username': 'zs', 'exp': datetime.datetime(2023, 5, 30, 11, 18, 56, 707060), 'email': '4@qq.com'}
            try:
                payload=jwt_decode_handler(token)
                user_id = payload.get('user_id')
                # 每个需要登录后,才能访问的接口,都会走这个认证类,一旦走到这个认证类,机会去数据库查询一次数据,会对数据造成压力
    
                #####重点看下面推导过程
                # 1.
                # user = User.objects.get(pk=user_id)
                # 2
                # user={'username': payload.get('user_username'),'id':user_id}
                # 3
                user=User(username=payload.get('username'),id=user_id)
                print(user.username,user.id)
    
            except jwt.ExpiredSignature:raise AuthenticationFailed('token过期')
            except jwt.DecodeError:raise AuthenticationFailed('解码失败')
            except jwt.InvalidTokenError:raise AuthenticationFailed('token认证异常')
            except Exception:raise AuthenticationFailed('token认证异常')
            return user, token
    

    继承djangouser表
    setting.py

    AUTH_USER_MODEL = 'app01.User'
    
    
    
    
    from django.contrib.auth.models import AbstractUser

    相关文章

      网友评论

          本文标题:drf tooken

          本文链接:https://www.haomeiwen.com/subject/gafmedtx.html