一、认证组件
需求:用户在认证通过后才能查询书籍的详细信息
urls.py 文件
from django.conf.urls import url from django.contrib import admin from app01 import views urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^book/$', views.Book.as_view()), url(r'^login/$', views.Login.as_view()), ]
models.py 文件
class User(models.Model): name = models.CharField(max_length=32) pwd = models.CharField(max_length=64) class UserToken(models.Model): token = models.CharField(max_length=64) user = models.OneToOneField(to='User')
views.py 文件
from rest_framework import exceptions from rest_framework.views import APIView from django.core.exceptions import ObjectDoesNotExist import hashlib import time def get_token(name): # 生成随机字符串 md = hashlib.md5() md.update(name.encode('utf-8')) md.update(str(time.time()).encode('utf-8')) return md.hexdigest() class Login(APIView): # 用户登录接口 def post(self, request): response = {'status': 100, 'msg': '登录成功'} name = request.data.get('name') pwd = request.data.get('pwd') try: user = models.User.objects.filter(name=name, pwd=pwd).first() # 生成一个随机字符串 token = get_token(name) # 将token更新或新增到数据库 models.UserToken.objects.update_or_create(user=user, defaults={'token': token}) # 将token返回给用户 response['token'] = token except ObjectDoesNotExist as e: response['status'] = 101 response['msg'] = '用户名或密码错误' except Exception as e: response['status'] = 102 response['msg'] = str(e) return JsonResponse(response, safe=False) # 新建一个认证类 class UserLogin(APIView): # 函数名必须是authenticate def authenticate(self, request): token = request.GET.get('token') ret = models.UserToken.objects.filter(token=token).first() if ret: # 返回当前登录用户 ret.user return ret.user, ret raise exceptions.APIException('认证失败') class Book(APIView): # 经过authentication_classes进行认证拦截 authentication_classes = [UserLogin] def get(self, request, *args, **kwargs): response = {'status': 100, 'msg': '查询成功'} ret = models.Book.objects.all() book_ser = work_ser.BookSerial(ret, many=True) response['data'] = book_ser.data return JsonResponse(response, safe=False)