一、认证组件
需求:用户在认证通过后才能查询书籍的详细信息
urls.py 文件
from django.conf.urls import url
from django.contrib import admin
from app01 import views
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^book/$', views.Book.as_view()),
url(r'^login/$', views.Login.as_view()),
]
models.py 文件
class User(models.Model):
name = models.CharField(max_length=32)
pwd = models.CharField(max_length=64)
class UserToken(models.Model):
token = models.CharField(max_length=64)
user = models.OneToOneField(to='User')
views.py 文件
from rest_framework import exceptions
from rest_framework.views import APIView
from django.core.exceptions import ObjectDoesNotExist
import hashlib
import time
def get_token(name):
# 生成随机字符串
md = hashlib.md5()
md.update(name.encode('utf-8'))
md.update(str(time.time()).encode('utf-8'))
return md.hexdigest()
class Login(APIView):
# 用户登录接口
def post(self, request):
response = {'status': 100, 'msg': '登录成功'}
name = request.data.get('name')
pwd = request.data.get('pwd')
try:
user = models.User.objects.filter(name=name, pwd=pwd).first()
# 生成一个随机字符串
token = get_token(name)
# 将token更新或新增到数据库
models.UserToken.objects.update_or_create(user=user, defaults={'token': token})
# 将token返回给用户
response['token'] = token
except ObjectDoesNotExist as e:
response['status'] = 101
response['msg'] = '用户名或密码错误'
except Exception as e:
response['status'] = 102
response['msg'] = str(e)
return JsonResponse(response, safe=False)
# 新建一个认证类
class UserLogin(APIView):
# 函数名必须是authenticate
def authenticate(self, request):
token = request.GET.get('token')
ret = models.UserToken.objects.filter(token=token).first()
if ret:
# 返回当前登录用户 ret.user
return ret.user, ret
raise exceptions.APIException('认证失败')
class Book(APIView):
# 经过authentication_classes进行认证拦截
authentication_classes = [UserLogin]
def get(self, request, *args, **kwargs):
response = {'status': 100, 'msg': '查询成功'}
ret = models.Book.objects.all()
book_ser = work_ser.BookSerial(ret, many=True)
response['data'] = book_ser.data
return JsonResponse(response, safe=False)