DRF用户权限和Django发送邮件、itsdangerous模块的使用
DRF的用户权限
看官方文档:https://www.django-rest-framework.org/api-guide/permissions/
全局设置权限
DEFAULT_PERMISSION_CLASSES用来设置默认权限策略
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
# 默认都需要登录验证
'rest_framework.permissions.IsAuthenticated',
)
}
如果未指定,则此设置默认为允许不受限制的访问:
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.AllowAny',
)
单个视图设置
APIView:
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from rest_framework.views import APIView
class ExampleView(APIView):
permission_classes = (IsAuthenticated,)
def get(self, request, format=None):
content = {
'status': 'request was permitted'
}
return Response(content)
或者,如果您使用的是@api_view具有基于功能的视图的装饰器。
from rest_framework.decorators import api_view, permission_classes
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
@api_view(['GET'])
@permission_classes((IsAuthenticated, ))
def example_view(request, format=None):
content = {
'status': 'request was permitted'
}
return Response(content)
Django的发送邮件功能
先在自己的设置settings.py文件配置
# 默认邮箱配置
EMAIL_USE_SSL = True
EMAIL_HOST = 'smtp.qq.com' # smtp服务器地址,163是smtp.163.com
EMAIL_PORT = 465 # 端口
EMAIL_HOST_USER = '[email protected]' # 帐号
EMAIL_HOST_PASSWORD = 'bftekkiohcuybfei' # QQ邮箱的独立授权码
EMAIL_FROM = 'SHANGHUI<[email protected]>' # 收件人看到的发件人,尖括号中的必须与上面的user一致
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
在serializers.py文件发送邮件
from django.core.mail import send_mail
from shanghuishop.settings import dev
# 发送邮件
from_email = dev.DEFAULT_FROM_EMAIL
send_mail('测试验证邮件', 'hhhhhh', from_email, ['[email protected]', ])
Django的itsdangerous模块
先pip安装
pip install itsdangerous
使用加密token
from itsdangerous import TimedJSONWebSignatureSerializer as TJWSS
from shanghuishop.settings import dev
# # tjwss = TJWSS(秘钥, 有效期(单位秒)) 不写的话默认时间为3600秒
# Django项目中setting中自带了一个秘钥直接使用,其他地方 可以先生成一个秘钥,再使用
tjwss = TJWSS(dev.SECRET_KEY, 60*10)
# 要加密的数据
data = {
"email": validated_data['email'],
}
# 加密 tjwss.dumps(数据), 返回bytes类型
token = tjwss.dumps(data).decode()
解密token
from itsdangerous import TimedJSONWebSignatureSerializer as TJWSS
from shanghuishop.settings import dev
# 解密 需要跟加密使用一样的秘钥以及有效期
tjwss = TJWSS(dev.SECRET_KEY, 300)
try:
data = tjwss.loads(token)
# 验证失败,会抛出itsdangerous.BadData异常
except BadData:
return None