[Python自学] restframework (3) (认证组件)

一、实现登录验证

1.创建User和Token表

User表用作用户名密码认证，Token表用于存放用户每次成功登陆后的随机Token。

在models.py中添加以下两张表：

# 用户表
class User(models.Model):
    username = models.CharField(max_length=32)
    password = models.CharField(max_length=32)


# token表
class Token(models.Model):
    user = models.OneToOneField("User", on_delete=models.CASCADE)
    token = models.CharField(max_length=128)

执行命令，生成数据库表：

python manage.py makemigrations
python manage.py migrate

2.实现登录验证操作

添加路由条目：

urlpatterns = [
    path('admin/', admin.site.urls),
    re_path('^publishes/$', views.PublishView.as_view(), name="publish"),
    re_path('^publishes/(?P<pk>\d+)/$', views.PublishDetailView.as_view(), name="publishdetail"),
    re_path('^books/$', views.BookView.as_view(), name="book"),
    re_path('^books/(?P<pk>\d+)/$', views.BookDetailView.as_view(), name="bookdetail"),
    re_path('^authors/$', views.AuthorViewSet.as_view({"get": "list", "post": "create"}), name="author"),
    re_path('^authors/(?P<pk>\d+)/$', views.AuthorViewSet.as_view(
        {"get": "retrieve", "put": "update", "patch": "partial_update", "delete": "destroy"}), name="authordetail"),
    re_path('^login/$', views.LoginView.as_view(), name="login"),
]

实现视图类LoginView：

# 导入User和Token的model类
from .models import User
from .models import Token


# 生成一个随机token，username和ctime的MD5加密值
def get_random_str(user):
    import hashlib
    import time
    # 获取当前时间
    ctime = str(time.time())
    # username的md5
    md5 = hashlib.md5(bytes(user, encoding='utf-8'))
    # 加上ctime
    md5.update(bytes(ctime, encoding='utf-8'))
    return md5.hexdigest()


class LoginView(APIView):
    def post(self, request):
        res = {'code': 1000, "msg": None}
        try:
            # 从post请求中获取用户提交的用户名和密码
            username = request.data.get("username")
            password = request.data.get("password")
            # 判断数据库中的数据是否匹配
            user_obj = User.objects.filter(username=username, password=password).first()
            # 如果不匹配，返回登录失败
            if not user_obj:
                res['code'] = 1001
                res['msg'] = "用户名或密码错误"
            else:
                # 如果匹配，则生成一个随机token
                token = get_random_str(username)
                # 如果token已经存在，则更新，如果不存在，则创建
                Token.objects.update_or_create(user=user_obj, defaults={'token': token})
        except Exception as e:
            res['code'] = 1002
            res['msg'] = e

66