认证
定义user表和token表
class UserInfo(models.Model):
username = models.CharField(verbose_name='用户名', max_length=32)
pwd = models.CharField(max_length=64)
type = models.SmallIntegerField(
choices=((1, '普通用户'), (2, 'VIP用户')),
default=1
)
class UserToken(models.Model):
user = models.OneToOneField(to='UserInfo',on_delete=models.CASCADE)
token = models.CharField(max_length=64)
定义一个登录视图
class AuthView(APIView):
def post(self, request, *args, **kwargs):
ret = {'code': 1000}
username = request.data.get('username')
pwd = request.data.get('pwd')
print(username, pwd)
user = models.UserInfo.objects.filter(username=username, pwd=pwd).first()
if not user:
ret['code'] = 1001
ret['error'] = '用户名或密码错误'
else:
token = uuid.uuid4()
models.UserToken.objects.update_or_create(user=user, defaults={'token': token})
ret['token'] = str(token)
return Response(ret)
定义一个认证类
class MyAuth(BaseAuthentication):
def authenticate(self, request):
if request.method in ["POST", "PUT", "DELETE"]: #认证post等方法
request_token = request.data.get("token", None)
elif request.method in ['GET']: #认证get方法
request_token = request.query_params.get('token', None)
else:
return None, None
if not request_token:
raise AuthenticationFailed('缺少token')
token_obj = models.UserToken.objects.filter(token=request_token).first()
if not token_obj:
raise AuthenticationFailed('无效的token')
return token_obj.user.username, token_obj
视图级别认证
class BookViewSet(viewsets.ModelViewSet):
#认证类
authentication_classes = [MyAuth, ]
queryset = Book.objects.all()
serializer_class = BookSerializers
全局级别认证
# 在settings.py中配置
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": ["api.auth.auth.MyAuth", ]
}
权限
自定义一个权限类
class MyPermission(BasePermission):
message = 'VIP用户才能访问'
def has_permission(self, request, view):
"""
自定义权限只有VIP用户才能访问
"""
# 因为在进行权限判断之前已经做了认证判断,所以这里可以直接拿到request.user
if request.user and request.user.type == 2: # 如果是VIP用户
return True
else:
return False
视图级别配置
class BookViewsSet(viewsets.ModelViewSet):
authentication_classes = [MyAuth, ]
# 权限
permission_classes = [MyPermission, ]
queryset = Book.objects.all()
serializer_class = BookModelSerializer
全局级别设置
# 在settings.py中设置rest framework相关配置项
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": ["api.auth.auth.MyAuth", ],
"DEFAULT_PERMISSION_CLASSES": ["api.auth.auth.MyPermission", ]
}
限制(待续)