背景:
用户后端与业务后端分离,登录接口及token验证接口均需在用户后端完成
业务后端代码views写法:
class MessageView(mixins.ListModelMixin):
permission_classes = []
authentication_classes = []
module_name = 'analysis'
pagination_class = Pagination
queryset = message_notification.objects.all()
serializer_class = MessageSerializers
@verification
def get(self, request, *args, **kwargs):
return self.list(request, *args, **kwargs)
装饰器(可定义在工具函数内):
def verification(fun):
def wrapped_func(*args, **kwargs):
token = args[1].headers.get('Authorization')
ip="127.0.0.1:5003"
if 'Authorization' not in args[1].headers.keys() or token == '':
return Response({'code': 500, 'message': '请检查请求头Authorization'})
response = requests.get(
'http://{}/api/v1/user/analysisToken/'.format(ip), headers={
'Authorization': token
})
if response.json()['result']:
args = args + (response.json()['username'], response.json()['user_id'],)
return fun(*args, **kwargs)
else:
return Response({'code': 500, 'message': 'Token验证失败'}, status=status.HTTP_401_UNAUTHORIZED)
return wrapped_func
"""
response说明:{
{'code': 200,
'result': True ,
'username': "admin",
'user_id': 1}
}
"""
如上便通过装饰器完成了Token的验证,对于Token的验证有很多办法,也可定义在中间键process_request中