实现效果:除登录接口无需认证,其他接口如果从params或者头部AUTHORIZATION没有获取到token,则直接认证失败。如果去掉NoAuthentication,则支持匿名访问
认证类
from rest_framework.authentication import BaseAuthentication
from rest_framework.exceptions import AuthenticationFailed
# 参数取值认证
class ParamsAuthentication(BaseAuthentication):
def authenticate(self, request):
token = request.query_params.get('token')
if not token:
return
return 'szw', token
# header取值
class HeaderAuthentication(BaseAuthentication):
def authenticate(self, request):
token = request.META.get('HTTP_AUTHORIZATION')
if not token:
return
return 'szw', token
# 兜底认证,直接失败
class NoAuthentication(BaseAuthentication):
def authenticate(self, request):
raise AuthenticationFailed('认证失败')
settings配置
REST_FRAMEWORK = {
"UNAUTHENTICATED_USER": None,
# 认证类
"DEFAULT_AUTHENTICATION_CLASSES": ['ext.auth.ParamsAuthentication', 'ext.auth.HeaderAuthentication',
'ext.auth.NoAuthentication']
}
视图
# 无需登录
class LoginView(APIView):
# 优先读取配置项,在读取这里,后读取覆盖先读取
authentication_classes = []
def get(self, request):
print(request.user, request.auth)
return Response({'status': 'LoginView'})
# 需登录
class OrderView(APIView):
def get(self, request):
print(request.user, request.auth)
return Response({'status': 'OrderView'})
# 需登录
class UserView(APIView):
def get(self, request):
return Response({'status': 'UserView'})