1 drf请求全局和局部配置(2星)
1 请求支持三种编码格式,urlencoded,json,formdata
2 如果不配置,默认支持三种
'DEFAULT_PARSER_CLASSES': [
'rest_framework.parsers.JSONParser', # 解析application/json格式
'rest_framework.parsers.FormParser', # 解析application/x-www-form-urlencoded
'rest_framework.parsers.MultiPartParser' # multipart/form-data
]
3 全局配置,在项目的配置文件中配置
REST_FRAMEWORK = {
'DEFAULT_PARSER_CLASSES': [
# 'rest_framework.parsers.JSONParser', # 解析application/json格式
'rest_framework.parsers.FormParser', # 解析application/x-www-form-urlencoded
# 'rest_framework.parsers.MultiPartParser' # multipart/form-data
]
}
4 局部配置
from rest_framework.parsers import JSONParser
class BookView(ViewSetMixin,ListAPIView,CreateAPIView):
parser_classes = [JSONParser,]
2 基于jwt的认证类
1 重点逻辑authenticate方法中
-取出客户端传入的token(后端自己规定,写道接口文档中过了),请求头中,请求地址。。。
-验证jwt的签名(模块提供了)
-通过payload得到当前登录用户对象(模块提供了)
-return user,token
from rest_framework.exceptions import AuthenticationFailed
from rest_framework_jwt.settings import api_settings
import jwt
# from rest_framework_jwt.utils import jwt_decode_handler
jwt_decode_handler = api_settings.JWT_DECODE_HANDLER
jwt_get_username_from_payload = api_settings.JWT_PAYLOAD_GET_USERNAME_HANDLER
from rest_framework_jwt.authentication import BaseJSONWebTokenAuthentication
from django.contrib.auth.models import User
# BaseJSONWebTokenAuthentication
class JWTAuthentication(BaseJSONWebTokenAuthentication):
# def authenticate_credentials(self, payload):
# username = jwt_get_username_from_payload(payload)
# if not username:
# raise AuthenticationFailed()
# try:
# user = User.objects.get_by_natural_key(username)
# except User.DoesNotExist:
# msg = 'Invalid signature.'
# raise AuthenticationFailed(msg)
#
# if not user.is_active:
# msg ='User account is disabled.'
# raise AuthenticationFailed(msg)
# return user
def authenticate(self, request):
print(request.META)
# token=request.query_params.get('HTTP_AUTHORIZATION',None)
token=request.META.get('HTTP_AUTHORIZATION',None)
if token:
# 校验token是不是过期了,是不是合法,
try:
payload = jwt_decode_handler(token)
print(payload)
except jwt.ExpiredSignature:
raise AuthenticationFailed('token过期')
except jwt.DecodeError:
raise AuthenticationFailed('token认证失败')
except jwt.InvalidTokenError:
raise AuthenticationFailed('token不合法')
else:
raise AuthenticationFailed('token没有携带')
'''
# 三种方案得到user
-继承BaseJSONWebTokenAuthentication,self.authenticate_credentials
-直接把BaseJSONWebTokenAuthentication,authenticate_credentials方法拿出来,放到自己类中
-完全自己写
'''
user = self.authenticate_credentials(payload)
return (user, token)
3 基于自定义User表,签发token(5星)
3.1 路由
from rest_framework.routers import DefaultRouter,SimpleRouter
router=SimpleRouter()
router.register('books',views.BookView)
router.register('user',views.UserInfoView,basename='user')
urlpatterns = [
path('', include(router.urls)),
]
##3.2 视图类
from rest_framework.viewsets import ViewSet
from rest_framework.decorators import action
from rest_framework.response import Response
from .models import User
from rest_framework_jwt.settings import api_settings
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
class UserInfoView(ViewSet):
@action(methods=['POST'],detail=False)
def login(self,request):
username=request.data.get('username')
password=request.data.get('password')
res={'code':'100','msg':'登录成功'}
user=User.objects.filter(username=username,password=password).first()
if user:
# 登录成功,生成token,提供了(去找)
payload = jwt_payload_handler(user)
token=jwt_encode_handler(payload)
res['token']=token
else:
res['code']=101
res['msg']='用户名或密码错误'
return Response(res)
3.3 认证类
from .models import User
class JWTMyUserAuthentication(BaseAuthentication):
def authenticate(self, request):
token=request.META.get('HTTP_AUTHORIZATION',None)
if token:
try:
payload = jwt_decode_handler(token)
print(payload)
except jwt.ExpiredSignature:
raise AuthenticationFailed('token过期')
except jwt.DecodeError:
raise AuthenticationFailed('token认证失败')
except jwt.InvalidTokenError:
raise AuthenticationFailed('token不合法')
else:
raise AuthenticationFailed('token没有携带')
user=User.objects.get(pk=payload.get('user_id'))
# user=User(id=payload.get('user_id'),username=payload.get('username'))
# 优化,减少数据库压力()
# user={'id':payload.get('user_id'),'username':payload.get('username')}
return (user, token)
3.4 Book接口
在这里插入代码片from .auth import JWTMyUserAuthentication
class BookView(ViewSetMixin,ListAPIView,CreateAPIView):
queryset = Books.objects.all()
serializer_class = BookSerializer
authentication_classes = [JWTMyUserAuthentication,]
def list(self, request, *args, **kwargs):
print(request.user['id'])
return super().list(request, *args, **kwargs)
4 多方式登录(5星)
1 使用用户名,邮箱,手机号+密码都能登录成功
2 可以使用auth 的user表,也可以自定义用户表
3 扩写auth的user表,要么不用,要用一定要在项目开始就使用(没有迁移之前)
4 如果已经迁移了(正常是不能再使用了),如果还想用,解决方案:
-删库
-删除迁移记录(app的迁移记录,auth app的迁移记录(源码中),admin app的迁移记录(源码中))
4.1 视图类
from rest_framework.decorators import action
from rest_framework.response import Response
from rest_framework.viewsets import ViewSet
from .serizlizer import UserSerializer
class UserInfoView(ViewSet):
@action(methods=['POST'], detail=False)
def login(self, request):
# 把认证逻辑和签发token逻辑,放到序列化类中写
res = {'code': 100, 'msg': '登录成功', 'token': None}
# ser=UserSerializer(data=request.data,context={'request':request})
ser = UserSerializer(data=request.data)
if ser.is_valid():
res['token'] = ser.context['token']
else:
res['code'] = 101
res['msg'] = ser.errors
return Response(res)
4.2 序列化类
from .models import User
import re
from rest_framework import serializers
from rest_framework.exceptions import ValidationError
from rest_framework_jwt.settings import api_settings
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
class UserSerializer(serializers.ModelSerializer):
username=serializers.CharField() # 一定要重写username字段
class Meta:
model=User
fields=['username','password']
def validate(self, attrs):
# username:可能是手机号,可能是邮箱,可能是用户名
user=self._get_user(attrs)
# 签发token
token=self._get_token(user)
self.context['token']=token
return attrs
def _get_user(self,attrs):
username = attrs.get('username')# username:可能是手机号,可能是邮箱,可能是用户名
password = attrs.get('password')
# 使用正则去匹配,手机号,邮箱或者其他
if re.match(r'^1[3-9][0-9]{9}$', username):
user=User.objects.filter(phone=username).first()
elif re.match(r'^.+@.+$', username):
user = User.objects.filter(email=username).first()
else:
user = User.objects.filter(username=username).first()
if user:
if user.check_password(password):
return user
else:
raise ValidationError('密码错误')
else:
raise ValidationError('用户不存在')
def _get_token(self,user):
payload = jwt_payload_handler(user)
token=jwt_encode_handler(payload)
return token
版权声明:本文为m0_56274379原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。