安装配配置
pip install djangorestframework-jwt
配置setting
########### 1、在INSTALLED_APPS中加入'rest_framework.authtoken', ################# INSTALLED_APPS = [ ''' 'rest_framework.authtoken', # ''' ] ################### 2、配置jwt验证 ###################### REST_FRAMEWORK = { # 身份认证 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.BasicAuthentication', ), #全局配置JWT验证设置 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', ), } import datetime JWT_AUTH = { 'JWT_AUTH_HEADER_PREFIX': 'JWT', 'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1), 'JWT_RESPONSE_PAYLOAD_HANDLER': 'user.views.Login_return', # 重新login登录返回函数 }settings.py
配置全局路由
"""syl URL Configuration The `urlpatterns` list routes URLs to views. For more information please see: https://docs.djangoproject.com/en/2.2/topics/http/urls/ Examples: Function views 1. Add an import: from my_app import views 2. Add a URL to urlpatterns: path('', views.home, name='home') Class-based views 1. Add an import: from other_app.views import Home 2. Add a URL to urlpatterns: path('', Home.as_view(), name='home') Including another URLconf 1. Import the include() function: from django.urls import include, path 2. Add a URL to urlpatterns: path('blog/', include('blog.urls')) """ from django.contrib import admin from django.urls import path,include urlpatterns = [ path('admin/', admin.site.urls), path('user/', include('user.urls')), ]urls.py
配置局部路由
# -*- coding: utf-8 -*- from django.urls import include, path from rest_framework.authtoken.views import obtain_auth_token from user import views from user.views import * from rest_framework_jwt.views import obtain_jwt_token urlpatterns = [ path('jwtuser/',UserView.as_view()), path('login/',obtain_jwt_token), path('user/',UserInfoView.as_view()), ]user/urls.py
在model中添加
from django.db import models from django.contrib.auth.models import AbstractUser # Create your models here. from utils.MyBaseModel import Base class Vip(Base): vip_choise = ( ('0', '普通用户'), ('1', '普通会员'), ('2', '高级会员') ) title = models.CharField('vip名称', max_length=16) vip_type = models.CharField('Vip种类', choices=vip_choise, max_length=4) desc = models.CharField('vip描述', max_length=255) period = models.IntegerField('有效期', default=365) class Meta: db_table='tb_vip' def __str__(self): return self.title class User(AbstractUser): phone = models.CharField('手机号', max_length=20) img = models.ImageField(upload_to='user', null=True) nick_name = models.CharField('昵称', max_length=20) address = models.CharField('地址', max_length=255) vip = models.ForeignKey(Vip, on_delete=models.SET_NULL, default=None, null=True) vip_expration = models.DateTimeField('VIP到期时间',blank=True,default=None,null=True) class Meta: db_table = 'tb_user'models.py
在serializers中添加
# -*- coding: utf-8 -*- from django.contrib.auth.hashers import make_password from rest_framework import serializers from user.models import * from utils.MyBaseVIew import create_token class CreateUserSer(serializers.Serializer): username=serializers.CharField() password=serializers.CharField() email=serializers.CharField() phone=serializers.CharField() token=serializers.CharField(read_only=True) def create(self, validated_data): user=User.objects.create(**validated_data) password=make_password(validated_data.get("password")) user.password=password user.save() token=create_token(user) user.token=token return user class UserInfoSer(serializers.ModelSerializer): class Meta: model=User fields=("username","id","phone","email")user/serlizers.py
代码展示
from django.shortcuts import render from rest_framework.permissions import IsAuthenticated from rest_framework.views import APIView from rest_framework.response import Response from rest_framework_jwt.authentication import JSONWebTokenAuthentication from user import serializers from user import models # Create your views here. class UserView(APIView): def post(self, request): data = request.data if not all(["username", "phone", "email", "password", "password2"]): return Response({"code": 4003, 'msg': "参数不完整"}, status=200) if data["password"] != data["password2"]: return Response({"code": 4005, "msg": "两次密码不一致"}, status=200) try: user = serializers.CreateUserSer(data=data) user.is_valid() user.save() res_data = { "code": 0, "msg": "创建成功", "data": user.data } return Response(res_data) except Exception as e: res_data = { "code": 4009, "msg": "创建失败请重试" } return Response(res_data) def Login_return(token, user=None, request=None): return { 'token': token, 'user': user.username, 'userid': user.id, # "phone":user.phone } class UserInfoView(APIView): permission_classes = [IsAuthenticated] # 接口中加权限 authentication_classes = [JSONWebTokenAuthentication] def get(self,request): user=models.User.objects.all() ser=serializers.UserInfoSer(user,many=True) res_data={ "code":0, "msg":"请求成功", "data":ser.data } return Response(res_data)user/views
全局配置接口需要jwt验证
#jwt设置 REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.BasicAuthentication', ), #配置全部接口需要验证才能发访问,验证方式为登陆用户 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', ), }settings.py
局部接口解除jwt验证要求
class RegisterView(APIView): # 在此接口中允许所有用户访问,去除jwt的验证要求 permission_classes = [AllowAny] def post(self, request, *args, **kwargs): serializer = UserSerializer(data=request.data) if serializer.is_valid(): serializer.save() return Response(serializer.data, status=201) return Response(serializer.errors, status=400)user/views
自定义验证方式:要求手机或者邮箱也可作为登陆手段
AUTHENTICATION_BACKENDS = [ 'userapp.views.UsernameMobileAuthBackend', ]settings.py
from django.db.models import Q from django.contrib.auth.backends import ModelBackend #验证基类 class UsernameMobileAuthBackend(ModelBackend): #重写验证方式 def authenticate(self, request, username=None, password=None, **kwargs): user = MyUser.objects.get(Q(username=username) | Q(phone=username)) if user is not None and user.check_password(password): return user views.pyViews.py