Certification Category
Certification is divided into RBAC and we Django Auth is RBAC
RBAC So what is it? It is role-based access control
Such a table is provided and is divided into 3 Table 5 Table 6 Table
Table Design
Table 5 produced many-CAUSE
One is to have some exceptional user permissions, does not depend on the identity of the table
This table is django
Correspondence between the corresponding user and the identity and authority of which indicate which user group permissions which
Permissions table analysis Considerations
Because the user there is also the other fields need to inherit and tell DJango use its own user list
If after that time no longer use the database migration so be sure to inherit AsbrUser before migrating
JWT
Although certification do not have to check a database session, but the server encountered when landing registered or need to generate session and save, also need io operation
Have to go check session so we simply do not check the
So with the second JWT
You gave me the information I give you a token is generated by the algorithm, next time you ask me, you take the token
Next time you asked me when I take this token is decrypted, if there is no problem I'll let you through
jwt shortcomings
JWT once issued, will always be valid for such period
JWT use
# Download PIP djangorestframework- the install JWT #post successful login request returns token from django.urls Import path from rest_framework_jwt.views Import obtain_jwt_token the urlpatterns = [ path ( ' Login / ' , obtain_jwt_token), ]
# use their own return token method Import datetime JWT_AUTH = { # expiration time ' JWT_EXPIRATION_DELTA ' : the datetime.timedelta (Days =. 1 ), # custom authentication result: see below and custom serialization user Response 'JWT_RESPONSE_PAYLOAD_HANDLER': 'user.utils.jwt_response_payload_handler', }
Custom return token (you can re-write your own util module because it is public)
from .serializers import UserModelSerializers def jwt_response_payload_handler(token, user=None, request=None): return { 'token': token, 'user': UserModelSerializer(user).data }
from rest_framework import serializers from .models import User class UserModelSerializer(serializers.ModelSerializer): """轮播图序列化器""" class Meta: model = User fields = ["username", "mobile"]
Start the authentication user / authentications.py (create your own)
import jwt from rest_framework.exceptions import AuthenticationFailed from rest_framework_jwt.authentication import jwt_decode_handler from rest_framework_jwt.authentication import get_authorization_header from rest_framework_jwt.authentication import BaseJSONWebTokenAuthentication class JSONWebTokenAuthentication(BaseJSONWebTokenAuthentication): def authenticate(self, request): # 采用drf获取token的手段 - HTTP_AUTHORIZATION - Authorization token =get_authorization_header (Request) IF not token: The raise AuthenticationFailed ( ' the Authorization field is required ' ) # you can add pocketing measures: The original function is token prefix # DRF-certified calibration algorithm jwt the try : payload = jwt_decode_handler (token) the except jwt .ExpiredSignature: The raise AuthenticationFailed ( ' signature expired ' ) the except jwt.InvalidTokenError: The raise AuthenticationFailed ( ' illegal user ') User = self.authenticate_credentials (payload) # authentication result of the lost DRF return User, token
Global Configuration local configuration
REST_FRAMEWORK = { # 认证模块 'DEFAULT_AUTHENTICATION_CLASSES': ( 'user.authentications.JSONWebTokenAuthentication', ), }
# Disable local
authentication_classes = []
# 局部启用
from user.authentications import JSONWebTokenAuthentication
authentication_classes = [JSONWebTokenAuthentication]
Multi-Log
Configuration
AUTHENTICATION_BACKENDS = ['user.utils.JWTModelBackend']
from django.contrib.auth.backends import ModelBackend from .models import User import re class JWTModelBackend(ModelBackend): def authenticate(self, request, username=None, password=None, **kwargs): """ :param request: :param username: 前台传入的用户名 :param password: 前台传入的密码 :param kwargs: :return: """ try: if re.match(r'^1[3-9]\d{9}$', username): user User.objects.get = (Mobile = username) elif re.match (R & lt ' .. * @ * ' , Username): User = User.objects.get (In Email = username) the else : User = User.objects.get ( = username username) the except User.DoesNotExist: return None # authentication failure to return None, jwt can not delete token # user exists, through password verification, user is alive is_active field 1 IF the user and user.check_password (password ) and self.user_can_authenticate (the User): return the User # Authentication returned to the user to generate a token jwt