一、rest认证
在RestView.py中定义如下:
def token_md5(username): """ :Function: 生成随机字符串Md5, :param username: :return: Md5随机字符串 """ import hashlib import time ctime = str(time.time()) token_a = hashlib.md5(bytes(username, encoding='utf-8')) token_a.update(bytes(ctime, encoding='utf-8')) return token_a.hexdigest()
class AuthView(APIView): """ 用户登录,设置token随机字符串 """ authentication_classes = [] permission_classes = []
#throttle_classes=[] def post(self, request, *args, **kwargs): ret = {'code': 1000, 'msg': None} username = request._request.POST.get('username') passwd = request._request.POST.get('passwd') obj = models.User.objects.filter(username=username, passwd=passwd).first() if not obj: ret['code'] = 1001 ret['msg'] = "登录失败" else: token = token_md5(username) ret['token'] = token ret['code'] = 200 ret['msg'] = '登录成功' # token数据中添加token随机字符串 co, created = models.UserToken.objects.update_or_create(user=obj, defaults={'token': token}) return JsonResponse(ret, json_dumps_params={'ensure_ascii': False})#这边要写ensure_ascii:False保证中文不乱吗
在App的utils中定义auth(认证),permission(权限),Mythrottling(访问频率)
utils中的auth.py
from cmdb import models from rest_framework import exceptions from rest_framework.authentication import BaseAuthentication class Authenticate(BaseAuthentication): """ 用户认证 """ def authenticate(self, request, *args, **kwargs): """ :Function: 验证是否含有token随机字符串 :param request: :param args: :param kwargs: :return: request.user, request.auth 请求用户名和认证 """ token_obj = request._request.GET.get('token') select_auth_result = models.UserToken.objects.filter(token=token_obj).first() if not select_auth_result: raise exceptions.AuthenticationFailed('登录失败oo!') return (select_auth_result.user, select_auth_result)#源码中返回一个user,和一个auth的元组 def authenticate_header(self,request): pass
permission.py:
from rest_framework.permissions import BasePermission class VipUserPermission(BasePermission): message='你不是Svip用户,没有权利访问' def has_permission(self, request, view): if request.user.user_type != 3: return False return True
Mythrottlings.py:
from rest_framework.throttling import BaseThrottle, SimpleRateThrottle class My_login_throtte(SimpleRateThrottle): scope = 'AuthGet' def get_cache_key(self, request, view): return self.get_ident(request)
扫描二维码关注公众号,回复:
3671920 查看本文章
在全局settings配置中配置如下:
REST_FRAMEWORK = { "DEFAULT_AUTHENTICATION_CLASSES": ['cmdb.utils.auth.Authenticate', ], # 其中写认证的类的路径,不要在views中,这里我放在了utils目录下auth.py中 "UNAUTHENTICATED_USER": lambda: "匿名", # 匿名用户配置,只需要函数或类的对应的返回值,对应request.user="匿名" "UNAUTHENTICATED_token": None, # 匿名token,只需要函数或类的对应的返回值,对应request.auth=None "DEFAULT_PERMISSION_CLASSES" : ['cmdb.utils.permission.VipUserPermission',], #权限控制 "DEFAULT_THROTTLE_CLASSES" : ['cmdb.utils.Mythrottling.My_login_throtte',], #访问频率控制 "DEFAULT_THROTTLE_RATES":{ 'AuthGet': '5/m', } #设置源码中的rate值
}
在指定的视图中用
authentication_classes = []
permission_classes = []
throttle_classes=[]
来表示不适用全局配置: