认证组件
-认证token py文件 from rest_framework import exceptions # 没查到,抛异常 from rest_framework.authentication import BaseAuthentication # 继不继承BaseAuthentication这个类都可以 from app01 import models # drf 认证token,写一个类 class LoginAuth(BaseAuthentication): def authenticate(self, request): # 从request对象中取出token token = request.query_params.get('token') # 去数据库过滤,查询 ret = models.UserToken.objects.filter(token=token).first() if ret: # 能查到,说明认证通过,返回空 return ret.user, ret # 没查到,抛异常 raise exceptions.APIException('你认证失败了')
登陆:
-登陆认证组件: from django.http import JsonResponse from rest_framework.views import APIView from app01 import models from django.core.exceptions import ObjectDoesNotExist from app01 import MyAuth # 认证token py文件 # 登陆 class Login(APIView): # 验证token值 authentication_classes = [MyAuth.LoginAuth,] # 为空就是不验证token authentication_classes = [] def post(self, request, *args, **kwargs): response = {'status': 100, 'msg': '登陆成功'} # 前台传过来的数据,drf统一都从data里取值 name = request.data.get('name') pwd = request.data.get('pwd') print(name,pwd) try: user = models.UserInfo.objects.get(name=name, pwd=pwd) # 校验通过,登陆成功,生成token,存token token = get_token(name) print(token) # 保存到数据库 models.UserToken.objects.update_or_create(user=user, defaults={'token': token}) response['token'] = token except ObjectDoesNotExist as e: response['status'] = 101 response['msg'] = '用户名或密码错误' except Exception as e: # 任何错误 response['status'] = 102 response['msg'] = str(e) # self = False 可以序列化列表等值 # return JsonResponse(response,self=False) return JsonResponse(response,safe=False)
认证组件全局配置
-全局配置 REST_FRAMEWORK = { # 登陆验证token全局配置 'DEFAULT_AUTHENTICATION_CLASSES': ['app01.MyAuth.LoginAuth', ], }
Md5加密token
补充知识点(1): MD5加密 import time import hashlib def Get_token(name): # 先生成一个md5对象 md5 = hashlib.md5() # 往对象里添加值 md5.update(str(time.time()).encode('utf-8')) md5.update(name.encode('uft-8')) return md5.hexdigest()
权限组件
from rest_framework.permissions import BasePermission class UserPermission(BasePermission): # message出错显示的中文 message = '你没有权限查看' # 函数名不能变 def has_permission(self, request, view): user_type = request.user.user_type # 取出字段对应的中文名字 # 固定用法:get _ 字段名 _ display() user_type_name = request.user.get_user_type_display() print(user_type_name) # 判断是不是超级会员 if user_type == 2: return True else: return False
全局配置使用
# 全局配置 REST_FRAMEWORK = { # 权限全局配置 'DEFAULT_PERMISSION_CLASSES': ['app01.MyAuth.UserPermission', ] }
权限组件的应用
-超级会员才能查看其他用户详情 class User(APIView): # 局部禁用 # permission_classes = [] def get(self, request, *args, **kwargs): response = {'status': 100, 'msg': '查询成功'} ret = models.UserInfo.objects.all() # 校验字段调用上面的权限组件 ser = Myserializers.UserInfoSerializer(ret, many=True) response['data'] = ser.data return JsonResponse(response, safe=False)
序列化组件
-先写一个序列化组件的类 from rest_framework import serializers from app01 import models class BookSerializer(serializers.ModelSerializer): 序列化所有字段 class Meta: model = models.Book fields = '__all__'
序列化组件的使用
-查看所有的书 from app01 import Myserializers class Books(APIView): # 验证token,从而判断了是否登陆了 authentication_classes = [MyAuth.LoginAuth, ] def get(self, request, *args, **kwargs): print(request.user) response = {'status': 100, 'msg': '查询成功'} # 查出所有的书 ret = models.Book.objects.all() # 序列化组件序列化所有字段 book_ser = Myserializers.BookSerializer(ret, many=True) # 调用上面的序列化组件来序列化 response['data'] = book_ser.data return JsonResponse(response, safe=False)