Django rest-framework框架-认证组件的简单实例

发布时间：2020-12-20 11:01:54 所属栏目：Python 来源：网络整理

导读：第一版：自己写函数实现用户认证 #modelsfrom django.db import models#用户表class UserInfo(models.Model): user_type_choices=((1,‘普通用户‘),(2,‘VIP‘),(3,‘SVIP‘)) user_type = models.IntegerField(choices=user_type_choices) username = mo

第一版：

自己写函数实现用户认证

#models
from django.db import models
#用户表
class UserInfo(models.Model):
      user_type_choices=((1,‘普通用户‘),(2,‘VIP‘),(3,‘SVIP‘))
      user_type = models.IntegerField(choices=user_type_choices)
      username = models.CharFiled(max_length=32,uniquw=True)
      password = models.CharFiled(max_length=64)
# 用登录成功的token
class UserToken(models.Model):
      user = models.OneToOneFiled(to=‘UserInfo‘)
      token = models.CharFiled(max_length=64)
# urls
uplpatters= [
    url(r‘^api/v1/auth/$‘,views.AuthView.as_view()),]

#views
from  rest_framework.views import APIView
from api import models

# 生成随机字符串
def Md5(user):
    import hashlib
    import time
    ctime = str(time.time())
    m = hashlib,md5(bytes(user,encodeing=‘utf-8‘))
    m.update(bytes(ctime,encodeing=‘utf-8‘))
    return m.hexdigest()

class AuthView(APIView):
      """
      用户登录认证
      """
      def post(self,request,*args,**kwargs):
          try:
            user = request._reqeust.POST.get(‘username‘)
            pwd = request._reqeust.POST.get(‘password‘)
            obj = models.UserInfo.objects.filter(username=user,password=pwd).first()
            if not obj:
               ret[‘code‘] = 1001
               ret[‘msg‘] = ‘用户名密码错误‘
            # 为用户创建token
            token = Md5(user)
            # 如果存在token就更新 不存在就创建
            models.UserToken.objects.update_or_create(user=obj,defualts={‘token‘:token})
            ret[‘token‘] = token
          except Exception as e:
            ret[‘code‘] = 1002
            ret[‘msg‘] = ‘请求异常‘
          return JsonResponse()

ORDER_DICT = {
    1:{
        ‘name‘: ‘x‘,‘age‘: 18,‘gender‘:‘y‘,‘content‘: ‘...‘
    },2:{
        ‘name‘: ‘z‘,‘gender‘: ‘h‘,‘content‘: ‘...‘
    }
}
 class OrderView(APIView):
       """
       订单业务
       """
       def get(self,**kwargs):
           # token验证
           token = request._reqeust.GET.get(‘token‘)
           if not token:
               return HttpResponse(‘用户未登录‘)
           
           ret={‘code‘:1000,‘msg‘:None,‘data‘:None}
           try:
               ret[‘data‘] = ORDER_DICT
           except Exception as e:
               pass
           return JsonResponse(ret)

第二版：改进版?

使用restramework的authentication功能实现用户认证

#models
from django.db import models
#用户表
class UserInfo(models.Model):
      user_type_choices=((1,encodeing=‘utf-8‘))
    return m.hexdigest()

class AuthView(APIView):
      """
      用户登录认证
      """
      def post(self,defualts={‘token‘:token})
            ret[‘token‘] = token
          except Exception as e:
            ret[‘code‘] = 1002
            ret[‘msg‘] = ‘请求异常‘
          return JsonResponse()



ORDER_DICT = {
    1:{
        ‘name‘: ‘x‘,‘content‘: ‘...‘
    }
}

from  rest_framework.request import Request
from  rest_framework import exceptions
class Authtication(object):
      """
      用户登录认证类
      """
      def authenticate(self,request):
          token = request._reqeust.GET.get(‘token‘)
          token_obj = models.UserToken.objects.filter(token=token).first()
          if not token_obj:
              raise exceptions.AuthenticationFiled(‘用户认证失败‘)
          # 在restframework 内部会将这两个字段 赋值给request， 以供后续操作使用
          return (token_obj.user,token_obj)

      def anthentication_header(self,request):
          pass

class OrderView(APIView):
       """
       订单业务
       """
       # restframework 自带功能能够验证 用户是否登录
       authentication = [Authtication,]
       def get(self,**kwargs):

           ret={‘code‘:1000,‘data‘:None}
           try:
               ret[‘data‘] = ORDER_DICT
           except Exception as e:
               pass
           return JsonResponse(ret)

?rest_framework源码执行流程：

流程：
0-----------
authentication_class = api_settings.DEFAULT_AUTHENTICATION_CLASSES
1-----------
def dispatch():
	self.initial(request)
2-----------
def initial():
    self.perform_authenticate()
3-----------
def perform_authenticate():
	reuqest.user
4-----------
@porperty
def user():
    _authenticate()
5-----------
def _anthenticate():
	循环认证类所有对象
6-----------
anthentication_class = [Authenticate,]
7-----------
Authenticate()  执行自定义的验证方法
返回 user对象 和 token对象

?全局配置：

REAT_FRAMEWORK = {
    ‘DEFAULT_AUTNENTICATINO_CLASSES‘: [‘api.utils.auth.Authtication‘,]  
}

局部不使用：

class OrderView(APIView):
       """
       订单业务
       """
       #  写一个空列表 就可以到达不用使用authentication_classes = [Authtication,] 达到不用登录验证的目的
       authentication_classes = []
       def get(self,**kwargs):
           return JsonResponse(ret)

配置匿名用户：

REAT_FRAMEWORK = {
    # 推荐配置restframework的匿名用户为None
    "UNAUTHENTCATION_USER": None，    # request.user = None
    "UNAUTHENTICATION_TOKEN" None,# request.token = None
}

第三版：?

继承BaseAuthentication

from  rest_framework.authentication import BaseAuthentication
class Authtication(BaseAuthentication):
      """
      用户登录认证类
      """
      def authenticate(self,token_obj)

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!