网站制作比较好的制作公司小广告多的网站
系列文章目录
提示:阅读本章之前,请先阅读目录
文章目录
- 系列文章目录
- 一、前言
- User模型
- User的views
- User的serializers
- utils的md5加密
- 自定义认证方法
- 配置路由
- 总路由
- 分路由
- rest的配置
一、前言
之前的文章有写过通过jwt认证的文章,今天这一篇是通过自定义用户认证的;
使用场景:有些API需要用户登录成功之后,才能访问;有些无需登录就能访问
解决方法:创建两张表,一张用户表,一张token表,保存用户登录成功后生产的token;
然后需要认证的视图,前台每次请求需要在请求头中携带token,后端然后对token进行验证
缺点:每个用户登录一次就需要生成一条token记录保存在数据库里,当用户量大的时候,就会增加后台服务器压力!
User模型
class="language-python">from django.contrib.auth.hashers import make_password, check_password
from django.db import models# Create your models here.
class User(models.Model):"""用户模型类"""username = models.CharField(max_length=32,verbose_name='用户名')password = models.CharField(max_length=64,verbose_name='密码')mobile = models.CharField(max_length=11,unique=True,verbose_name='手机号')class Meta:db_table = 'user'verbose_name = "用户信息表"verbose_name_plural = verbose_namedef __str__(self):return self.usernamedef set_password(self,password):self.password = make_password(password)return Nonedef check_pwd(self,password):return check_password(self.password,password)class UserToken(models.Model):"""用户token表"""user = models.OneToOneField(User) # 与用户一对一关系token = models.CharField(max_length=64,verbose_name='token')class Meta:db_table = 'token'verbose_name = 'token表'verbose_name_plural = verbose_name
User的views
from django.shortcuts import render# Create your views here.
from rest_framework.generics import CreateAPIView, ListAPIView
from rest_framework.response import Response
from rest_framework.views import APIViewfrom .utils import md5
from . import models
from . import serclass UserLogin(APIView):'用户登录视图类'authentication_classes = []# 登录不需要认证def post(self,request):username = request.POST.get('username').strip()pwd = request.POST.get('password').strip()if not all([username,pwd]):return Response({'info':'参数不完整','code':400})user = models.User.objects.get(username=username)user.check_pwd(pwd)# 登录成功后生成tokentoken =md5(username)models.UserToken.objects.update_or_create(user=user,defaults={'token':token})res = {'info':'success','token':token,'code':200}res['data'] = ser.UserInfoSer(user).datareturn Response(res)class UserRegister(CreateAPIView):"""用户注册视图"""authentication_classes = []# 用户注册不需要认证serializer_class = ser.CreateUserSerclass UserInfoList(ListAPIView):"""用户详情页视图"""serializer_class = ser.UserInfoSerqueryset = models.User.objects.all()User的serializers
class="language-python">from rest_framework import serializersfrom . import modelsclass CreateUserSer(serializers.ModelSerializer):"""新增用户序列化器"""password2 = serializers.CharField(max_length=64,write_only=True)mobile = serializers.CharField(max_length=11,min_length=11,write_only=True)def validate(self, attrs):password = attrs['password']password2 = attrs['password2']if password != password2:raise serializers.ValidationError('两次密码不一致,请重新输入!')return attrsdef validate_mobile(self,value):import reif not re.match(r'1[3-9]\d{9}',value):raise serializers.ValidationError('手机号格式不正确请重新输入!')return valuedef create(self, validated_data):del validated_data['password2']user = super().create(validated_data)user.set_password(validated_data['password'])user.save()return userclass Meta:model = models.Userfields = '__all__'class UserInfoSer(serializers.ModelSerializer):"""用户详情信息序列化器"""class Meta:model = models.Userfields = ('id','username','mobile')
utils的md5加密
import hashlib
import timedef md5(user):"""md5 加密token"""ctime = str(time.time())m = hashlib.md5(bytes(user, encoding='utf-8'))m.update(bytes(ctime, encoding='utf-8'))return m.hexdigest()自定义认证方法
class Authtication(BaseAuthentication):def authenticate(self, request):try:token = request.META.get('HTTP_AUTHORIZATION', None)except:raise exceptions.AuthenticationFailed('用户认证失败')if token is None:raise exceptions.AuthenticationFailed('未提供认证信息')token = token.split(' ')[1]token_query = models.UserToken.objects.filter(token=token)if not token_query:raise exceptions.AuthenticationFailed('无效的token')# 返回(当前登录对象,token)return token_query.first().user, token_query.first()def authenticate_header(self, request):return 'Basic realm="user"'def authenticate_failed_response(self, exc):msg = str(exc)return Response({'msg': msg}, status=status.HTTP_401_UNAUTHORIZED)
配置路由
REST_FRAMEWORK = {# 全局使用的认证类"DEFAULT_AUTHENTICATION_CLASSES": ['users.auth.Authtication', ],"UNAUTHENTICATED_USER": None,"UNAUTHENTICATED_TOKEN": None,"DEFAULT_RENDERER_CLASSES": ['rest_framework.renderers.JSONRenderer','rest_framework.renderers.BrowsableAPIRenderer',]
}
总路由
urlpatterns = [url(r'^admin/', include(admin.site.urls)),url(r'^users/', include('users.urls')),
]
分路由
from django.conf.urls import include, url
from django.contrib import adminfrom . import views
urlpatterns = [url(r'^register/$',views.UserRegister.as_view()),url(r'^login/$',views.UserLogin.as_view()),url(r'^list/$',views.UserInfoList.as_view()),
]rest的配置
REST_FRAMEWORK = {# 分页器'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',# 分页'PAGE_SIZE': 10,# 返回的时间格式'DATETIME_FORMAT': '%Y-%m-%d %H:%M:%S',# 返回的数据格式'DEFAULT_RENDER_CLASSES': ['rest_framework.renderers.JSONRenderer',],# 解析request.data'DEFAULT_PARSER_CLASSES': ['rest_framework.parsers.JSONParser','rest_framework.parsers.FormParser','rest_framework.parsers.MultiPartParser',],# 全局权限'DEFAULT_PERMISSION_CLASSES': ['common.auth.Authtication'],# 认证方式'DEFAULT_AUTHENTICATION_CLASSES': ['rest_framework.authentication.TokenAuthentication',],# 自定义抛出异常格式'EXCEPTION_HANDLER': 'common.custom_exception_handler.custom_exception_handler'
}