simpleui集成监控大屏与restframework-jwt执行流程分析

simpleui集成监控大屏

1.可以从gitee上找到开源的前端页面，集成到项目中即可
https://gitee.com/lvyeyou/DaShuJuZhiDaPingZhanShi?_from=gitee_search

restframework-jwt执行流程分析

1.双token认证
1.1用户在app或应用中操作时，token突然过期，此时用户不得不返回登录页面，重新登录，这种用户体验极差，于是引入双token校验机制
1.2实现原理:登录时服务端返回两个token，accessToken和refreshToken，accessToken过期时间短，refreshToken过期时间长，如果accessToken过期了，重新发请求，携带refreshToken发送请求，并且这次响应中又带了accessToken

'在django中顶格写的代码(没有缩进)，都会执行'
2.签发流程
2.1obtain_jwt_token内的核心ObtainJSONWebToken.as_view()是个视图类，实现了登录功能，ObtainJSONWebToken中
class ObtainJSONWebToken(JSONWebTokenAPIView):
    serializer_class = JSONWebTokenSerializer
-继承的父类JSONWebTokenAPIView中
class JSONWebTokenAPIView(APIView):
    # 局部禁用掉的权限和认证
    permission_classes = ()
    authentication_classes = ()

    def get_serializer_context(self):
        return {
            'request': self.request,
            'view': self,
        }

    def get_serializer_class(self):
        return self.serializer_class

    def get_serializer(self, *args, **kwargs):
        serializer_class = self.get_serializer_class()
        kwargs['context'] = self.get_serializer_context()
        return serializer_class(*args, **kwargs)

    def post(self, request, *args, **kwargs):
        # post请求执行，JSONWebTokenSerializer实例化得到的序列化类的对象，传入前端传的值
        serializer = self.get_serializer(data=request.data)

        # 校验前端传入的数据是否合法
        if serializer.is_valid():
            # 字段自己的规则、局部钩子、全局钩子(序列化类的validate方法)
            # 从序列化类中取出当前登录用户
            user = serializer.object.get('user') or request.user
            # 从序列化类对象中农取出token
            token = serializer.object.get('token')
            # 返回的格式
            response_data = jwt_response_payload_handler(token, user, request)
            response = Response(response_data)
            return response
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)    
    
2.2序列化类JSONWebTokenSerializer
class JSONWebTokenSerializer(Serializer):
    # attrs是校验过后的数据
    def validate(self, attrs):
        credentials = {
            # 'username': attrs.get('username')
            self.username_field: attrs.get(self.username_field),
            'password': attrs.get('password')
        }
        # 判断credentials有没有值
        if all(credentials.values()):
            # auth的校验用户名和密码是否正确
            user = authenticate(**credentials)
            if user:
                # 通过用户获得payload: {}
                payload = jwt_payload_handler(user)

                return {
                    # 返回校验过后的数据
                    'token': jwt_encode_handler(payload),
                    'user': user
                }
            else:
                # 根据用户名和密码查不到用户抛异常
                raise serializers.ValidationError(msg)
                else:
                    # 用户名和密码没传或传多了都不行
                    raise serializers.ValidationError(msg)

3.认证
3.1认证类JSONWebTokenAuthentication中
class JSONWebTokenAuthentication(BaseJSONWebTokenAuthentication):
    def get_jwt_value(self, request):
        # get_authorization_header(request)根据请求头中获取用户传入的HTTP_AUTHORIZATION，获取token
        # .split()将token转换为auth=['jwt','真正的token']格式
        auth = get_authorization_header(request).split()
        auth_header_prefix = api_settings.JWT_AUTH_HEADER_PREFIX.lower()
        # 判断auth有没有值
        if not auth:
            if api_settings.JWT_AUTH_COOKIE:
                # auth没有值就从cookie中在获取
                return request.COOKIES.get(api_settings.JWT_AUTH_COOKIE)
            return None
        if smart_text(auth[0].lower()) != auth_header_prefix:
            return None
        # 判断auth的长度等于1抛异常
        if len(auth) == 1:
            msg = _('Invalid Authorization header. No credentials provided.')
            raise exceptions.AuthenticationFailed(msg)
        # 判断auth的长度大于2抛异常
        elif len(auth) > 2:
            msg = _('Invalid Authorization header. Credentials string '
                    'should not contain spaces.')
            raise exceptions.AuthenticationFailed(msg)
        return auth[1]

3.2父类中BaseJSONWebTokenAuthentication中
class BaseJSONWebTokenAuthentication(BaseAuthentication):
    # 认证就会走authenticate
    def authenticate(self, request):
        # jwt_value前端传入的token
        jwt_value = self.get_jwt_value(request)
        # 前端没有传入token，返回None，没有带token，认证类也能过，所以才加权限类
        if jwt_value is None:
            return None
        try:
            # 验证token，token合法就返回payload
            payload = jwt_decode_handler(jwt_value)
        except jwt.ExpiredSignature:
            msg = _('Signature has expired.')
            raise exceptions.AuthenticationFailed(msg)
        except jwt.DecodeError:
            msg = _('Error decoding signature.')
            raise exceptions.AuthenticationFailed(msg)
        except jwt.InvalidTokenError:
            raise exceptions.AuthenticationFailed()
        # 通过payload得到当前登录用户
        user = self.authenticate_credentials(payload)
        # 后期的request.user就是当前登录用户
        return (user, jwt_value)
-
'这个认证类只要带了token，request.user就有值，如果没带token，就继续往后走'