0
点赞
收藏
分享

微信扫一扫

【详细讲解React 快速入门教程】

登高且赋 20小时前 阅读 0

1.登录成功后返回token,这里使用authenticate进行校验是否存在该用户

def login(request):
    try:
        data = json.loads(request.body)
        username = data.get('username')
        password = data.get('password')
        if not all([username, password]):
            return to_response(status=400, msg='参数不完整!')
        user = authenticate(username=username, password=password)
        if user:
            expiration_date = datetime.utcnow() + timedelta(seconds=settings.TOKEN_EXPIRED_TIME)
            payload = {'id': user.id, 'username': user.username, 'exp': expiration_date}
            token = encode(payload, settings.SECRET_KEY, algorithm='HS256')
            data = {
                'user': {'id': user.id, 'username': user.username},
                'token': token,
            }
            return to_response(status=200, data=data, msg='登录成功!')
        else:
            return to_response(status=400, msg='用户名或密码错误!')
    except Exception as e:
        return to_response(status=500, msg=str(e))

2.定义自定义认证后端,并在其中校验token

from django.contrib.auth.backends import BaseBackend
from users.models import UserProfile
from django.conf import settings
from jwt import decode


class MyModelBackend(BaseBackend):
    def authenticate(self, request, token=None):
        if token:
            token_info = decode(token, settings.SECRET_KEY, algorithms=['HS256'])
            user_id = token_info.get('id')
            user = UserProfile.objects.get(id=user_id)
            if user:
                return user
            else:
                return None
        else:
            return None

    def get_user(self, user_id):
        try:
            return UserProfile.objects.get(pk=user_id)
        except UserProfile.DoesNotExist:
            return None


##################在settings中配置######################################
AUTHENTICATION_BACKENDS = [
    'django.contrib.auth.backends.ModelBackend',  # 默认的 ModelBackend 也可以保留
    'django325.utils.MyModelBackend.MyModelBackend',  # 自定义的 ModelBackend'
]

3.分装装饰器

from django.contrib.auth import authenticate
from jwt import InvalidTokenError, ExpiredSignatureError

from django325.utils.response import to_response
from functools import wraps


def token_required(func):
    @wraps(func)
    def wrapper(request, *args, **kwargs):
        token = request.headers.get('Authorization')
        if token:
            try:
                user = authenticate(request=request, token=token)
            except ExpiredSignatureError:
                return to_response(status=401, msg='token已过期!')
            except InvalidTokenError:
                return to_response(status=401, msg='token验证失败')
            except Exception as e:
                return to_response(status=401, msg=str(e))
            if user:
                request.user = user
                return func(request, *args, **kwargs)
        # 用户未认证,返回错误响应
        return to_response(status=401, msg='用户未认证')

    return wrapper

4.使用

@token_required
def test(request):
    return to_response(status=200, msg='测试成功!')
举报

相关推荐

0 条评论