安装配配置
pip install djangorestframework-jwt
配置setting
########### 1、在INSTALLED_APPS中加入'rest_framework.authtoken', #################
INSTALLED_APPS = [
'''
'rest_framework.authtoken', #
'''
]
################### 2、配置jwt验证 ######################
REST_FRAMEWORK = {
# 身份认证
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
#全局配置JWT验证设置
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}
import datetime
JWT_AUTH = {
'JWT_AUTH_HEADER_PREFIX': 'JWT',
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
'JWT_RESPONSE_PAYLOAD_HANDLER':
'user.views.Login_return', # 重新login登录返回函数
}
settings.py
配置全局路由
"""syl URL Configuration
The `urlpatterns` list routes URLs to views. For more information please see:
https://docs.djangoproject.com/en/2.2/topics/http/urls/
Examples:
Function views
1. Add an import: from my_app import views
2. Add a URL to urlpatterns: path('', views.home, name='home')
Class-based views
1. Add an import: from other_app.views import Home
2. Add a URL to urlpatterns: path('', Home.as_view(), name='home')
Including another URLconf
1. Import the include() function: from django.urls import include, path
2. Add a URL to urlpatterns: path('blog/', include('blog.urls'))
"""
from django.contrib import admin
from django.urls import path,include
urlpatterns = [
path('admin/', admin.site.urls),
path('user/', include('user.urls')),
]
urls.py
配置局部路由
# -*- coding: utf-8 -*-
from django.urls import include, path
from rest_framework.authtoken.views import obtain_auth_token
from user import views
from user.views import *
from rest_framework_jwt.views import obtain_jwt_token
urlpatterns = [
path('jwtuser/',UserView.as_view()),
path('login/',obtain_jwt_token),
path('user/',UserInfoView.as_view()),
]
user/urls.py
在model中添加
from django.db import models
from django.contrib.auth.models import AbstractUser
# Create your models here.
from utils.MyBaseModel import Base
class Vip(Base):
vip_choise = (
('0', '普通用户'),
('1', '普通会员'),
('2', '高级会员')
)
title = models.CharField('vip名称', max_length=16)
vip_type = models.CharField('Vip种类', choices=vip_choise, max_length=4)
desc = models.CharField('vip描述', max_length=255)
period = models.IntegerField('有效期', default=365)
class Meta:
db_table='tb_vip'
def __str__(self):
return self.title
class User(AbstractUser):
phone = models.CharField('手机号', max_length=20)
img = models.ImageField(upload_to='user', null=True)
nick_name = models.CharField('昵称', max_length=20)
address = models.CharField('地址', max_length=255)
vip = models.ForeignKey(Vip, on_delete=models.SET_NULL, default=None, null=True)
vip_expration = models.DateTimeField('VIP到期时间',blank=True,default=None,null=True)
class Meta:
db_table = 'tb_user'
models.py
在serializers中添加
# -*- coding: utf-8 -*-
from django.contrib.auth.hashers import make_password
from rest_framework import serializers
from user.models import *
from utils.MyBaseVIew import create_token
class CreateUserSer(serializers.Serializer):
username=serializers.CharField()
password=serializers.CharField()
email=serializers.CharField()
phone=serializers.CharField()
token=serializers.CharField(read_only=True)
def create(self, validated_data):
user=User.objects.create(**validated_data)
password=make_password(validated_data.get("password"))
user.password=password
user.save()
token=create_token(user)
user.token=token
return user
class UserInfoSer(serializers.ModelSerializer):
class Meta:
model=User
fields=("username","id","phone","email")
user/serlizers.py
代码展示
from django.shortcuts import render
from rest_framework.permissions import IsAuthenticated
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework_jwt.authentication import JSONWebTokenAuthentication
from user import serializers
from user import models
# Create your views here.
class UserView(APIView):
def post(self, request):
data = request.data
if not all(["username", "phone", "email", "password", "password2"]):
return Response({"code": 4003, 'msg': "参数不完整"}, status=200)
if data["password"] != data["password2"]:
return Response({"code": 4005, "msg": "两次密码不一致"}, status=200)
try:
user = serializers.CreateUserSer(data=data)
user.is_valid()
user.save()
res_data = {
"code": 0,
"msg": "创建成功",
"data": user.data
}
return Response(res_data)
except Exception as e:
res_data = {
"code": 4009,
"msg": "创建失败请重试"
}
return Response(res_data)
def Login_return(token, user=None, request=None):
return {
'token': token,
'user': user.username,
'userid': user.id,
# "phone":user.phone
}
class UserInfoView(APIView):
permission_classes = [IsAuthenticated] # 接口中加权限
authentication_classes = [JSONWebTokenAuthentication]
def get(self,request):
user=models.User.objects.all()
ser=serializers.UserInfoSer(user,many=True)
res_data={
"code":0,
"msg":"请求成功",
"data":ser.data
}
return Response(res_data)
user/views
全局配置接口需要jwt验证
#jwt设置
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
#配置全部接口需要验证才能发访问,验证方式为登陆用户
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}
settings.py
局部接口解除jwt验证要求
class RegisterView(APIView):
# 在此接口中允许所有用户访问,去除jwt的验证要求
permission_classes = [AllowAny]
def post(self, request, *args, **kwargs):
serializer = UserSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=201)
return Response(serializer.errors, status=400)
user/views
自定义验证方式:要求手机或者邮箱也可作为登陆手段
AUTHENTICATION_BACKENDS = [
'userapp.views.UsernameMobileAuthBackend',
]
settings.py
from django.db.models import Q
from django.contrib.auth.backends import ModelBackend #验证基类
class UsernameMobileAuthBackend(ModelBackend):
#重写验证方式
def authenticate(self, request, username=None, password=None, **kwargs):
user = MyUser.objects.get(Q(username=username) | Q(phone=username))
if user is not None and user.check_password(password):
return user
views.py
Views.py