2021-07-09 drf请求全局和局部配置 基于jwt的认证类 基于自定义User表,签发token 多方式登录

1 drf请求全局和局部配置(2星)

1 请求支持三种编码格式,urlencoded,json,formdata
2 如果不配置,默认支持三种
   'DEFAULT_PARSER_CLASSES': [
        'rest_framework.parsers.JSONParser',  # 解析application/json格式
        'rest_framework.parsers.FormParser', # 解析application/x-www-form-urlencoded
        'rest_framework.parsers.MultiPartParser' # multipart/form-data
    ]
        
        
3 全局配置,在项目的配置文件中配置
REST_FRAMEWORK = {
    'DEFAULT_PARSER_CLASSES': [
        # 'rest_framework.parsers.JSONParser',  # 解析application/json格式
        'rest_framework.parsers.FormParser',  # 解析application/x-www-form-urlencoded
        # 'rest_framework.parsers.MultiPartParser'  # multipart/form-data
    ]
}

4 局部配置
from rest_framework.parsers import JSONParser
class BookView(ViewSetMixin,ListAPIView,CreateAPIView):
    parser_classes = [JSONParser,]

2 基于jwt的认证类

1 重点逻辑authenticate方法中
	-取出客户端传入的token(后端自己规定,写道接口文档中过了),请求头中,请求地址。。。
    -验证jwt的签名(模块提供了)
    -通过payload得到当前登录用户对象(模块提供了)
    -return user,token
    from rest_framework.exceptions import AuthenticationFailed
from rest_framework_jwt.settings import api_settings
import jwt
# from rest_framework_jwt.utils import jwt_decode_handler
jwt_decode_handler = api_settings.JWT_DECODE_HANDLER
jwt_get_username_from_payload = api_settings.JWT_PAYLOAD_GET_USERNAME_HANDLER
from rest_framework_jwt.authentication import BaseJSONWebTokenAuthentication
from django.contrib.auth.models import User
# BaseJSONWebTokenAuthentication
class JWTAuthentication(BaseJSONWebTokenAuthentication):
    # def authenticate_credentials(self, payload):
    #     username = jwt_get_username_from_payload(payload)
    #     if not username:
    #         raise AuthenticationFailed()
    #     try:
    #         user = User.objects.get_by_natural_key(username)
    #     except User.DoesNotExist:
    #         msg = 'Invalid signature.'
    #         raise AuthenticationFailed(msg)
    #
    #     if not user.is_active:
    #         msg ='User account is disabled.'
    #         raise AuthenticationFailed(msg)
    #     return user
    def authenticate(self, request):
        print(request.META)
        # token=request.query_params.get('HTTP_AUTHORIZATION',None)
        token=request.META.get('HTTP_AUTHORIZATION',None)
        if token:
            # 校验token是不是过期了,是不是合法,
            try:
                payload = jwt_decode_handler(token)
                print(payload)
            except jwt.ExpiredSignature:

                raise AuthenticationFailed('token过期')
            except jwt.DecodeError:

                raise AuthenticationFailed('token认证失败')
            except jwt.InvalidTokenError:
                raise AuthenticationFailed('token不合法')
        else:
           raise AuthenticationFailed('token没有携带')

        '''
        # 三种方案得到user
            -继承BaseJSONWebTokenAuthentication,self.authenticate_credentials
            -直接把BaseJSONWebTokenAuthentication,authenticate_credentials方法拿出来,放到自己类中
            -完全自己写

        '''

        user = self.authenticate_credentials(payload)

        return (user, token)

3 基于自定义User表,签发token(5星)

3.1 路由

from rest_framework.routers import DefaultRouter,SimpleRouter
router=SimpleRouter()
router.register('books',views.BookView)
router.register('user',views.UserInfoView,basename='user')
urlpatterns = [
    path('', include(router.urls)),
]

##3.2 视图类

from rest_framework.viewsets import ViewSet
from rest_framework.decorators import action
from rest_framework.response import Response
from .models import User
from rest_framework_jwt.settings import api_settings
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
class UserInfoView(ViewSet):
    @action(methods=['POST'],detail=False)
    def login(self,request):
        username=request.data.get('username')
        password=request.data.get('password')
        res={'code':'100','msg':'登录成功'}
        user=User.objects.filter(username=username,password=password).first()
        if user:
            # 登录成功,生成token,提供了(去找)
            payload = jwt_payload_handler(user)
            token=jwt_encode_handler(payload)
            res['token']=token

        else:
            res['code']=101
            res['msg']='用户名或密码错误'
        return Response(res)

3.3 认证类

from .models import User
class JWTMyUserAuthentication(BaseAuthentication):
    def authenticate(self, request):
        token=request.META.get('HTTP_AUTHORIZATION',None)
        if token:
            try:
                payload = jwt_decode_handler(token)
                print(payload)
            except jwt.ExpiredSignature:

                raise AuthenticationFailed('token过期')
            except jwt.DecodeError:

                raise AuthenticationFailed('token认证失败')
            except jwt.InvalidTokenError:
                raise AuthenticationFailed('token不合法')
        else:
           raise AuthenticationFailed('token没有携带')

        user=User.objects.get(pk=payload.get('user_id'))
        # user=User(id=payload.get('user_id'),username=payload.get('username'))
        # 优化,减少数据库压力()
        # user={'id':payload.get('user_id'),'username':payload.get('username')}
        return (user, token)

3.4 Book接口

在这里插入代码片from .auth import JWTMyUserAuthentication

class BookView(ViewSetMixin,ListAPIView,CreateAPIView):
    queryset = Books.objects.all()
    serializer_class = BookSerializer
    authentication_classes = [JWTMyUserAuthentication,]


    def list(self, request, *args, **kwargs):
        print(request.user['id'])
        return super().list(request, *args, **kwargs)

4 多方式登录(5星)

1 使用用户名,邮箱,手机号+密码都能登录成功
2 可以使用auth 的user表,也可以自定义用户表
3 扩写auth的user表,要么不用,要用一定要在项目开始就使用(没有迁移之前)
4 如果已经迁移了(正常是不能再使用了),如果还想用,解决方案:
	-删库
    -删除迁移记录(app的迁移记录,auth app的迁移记录(源码中),admin app的迁移记录(源码中))

4.1 视图类

from rest_framework.decorators import action
from rest_framework.response import Response
from rest_framework.viewsets import ViewSet
from .serizlizer import UserSerializer


class UserInfoView(ViewSet):
    @action(methods=['POST'], detail=False)
    def login(self, request):
        # 把认证逻辑和签发token逻辑,放到序列化类中写
        res = {'code': 100, 'msg': '登录成功', 'token': None}
        # ser=UserSerializer(data=request.data,context={'request':request})
        ser = UserSerializer(data=request.data)
        if ser.is_valid():
            res['token'] = ser.context['token']

        else:
            res['code'] = 101
            res['msg'] = ser.errors
        return Response(res)

4.2 序列化类

from .models import User
import re
from rest_framework import serializers
from rest_framework.exceptions import ValidationError
from rest_framework_jwt.settings import api_settings
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
class UserSerializer(serializers.ModelSerializer):
    username=serializers.CharField()  # 一定要重写username字段
    class Meta:
        model=User
        fields=['username','password']


    def validate(self, attrs):

        # username:可能是手机号,可能是邮箱,可能是用户名
        user=self._get_user(attrs)

        # 签发token
        token=self._get_token(user)

        self.context['token']=token

        return attrs

    def _get_user(self,attrs):
        username = attrs.get('username')# username:可能是手机号,可能是邮箱,可能是用户名
        password = attrs.get('password')
        # 使用正则去匹配,手机号,邮箱或者其他
        if re.match(r'^1[3-9][0-9]{9}$', username):
            user=User.objects.filter(phone=username).first()
        elif re.match(r'^.+@.+$', username):
            user = User.objects.filter(email=username).first()
        else:
            user = User.objects.filter(username=username).first()
        if user:
            if user.check_password(password):

                return user
            else:
                raise ValidationError('密码错误')
        else:
            raise ValidationError('用户不存在')

    def _get_token(self,user):
        payload = jwt_payload_handler(user)
        token=jwt_encode_handler(payload)
        return token

版权声明:本文为m0_56274379原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。