drf 登录鉴权简单实战

建表

from django.db import models

class UserInfo(models.Model):
    username = models.CharField(verbose_name='用户名', max_length=32)
    password = models.CharField(verbose_name='密码', max_length=32)
    token = models.CharField(verbose_name='token', max_length=64, null=True, blank=True)

登录逻辑

class LoginView(APIView):
    authentication_classes = []

    def post(self, request):
        username = request.data.get('username')
        password = request.data.get('password')
        user = models.UserInfo.objects.filter(username=username, password=password).first()
        if not user:
            return Response({'status': False, 'msg': '用户名密码错误', 'data': ''})
        token = user.token = uuid.uuid4()
        user.save()
        return Response({'status': True, 'msg': '登录成功', 'data': token})

认证逻辑

from api import models


# 参数取值认证
class ParamsAuthentication(BaseAuthentication):
    def authenticate(self, request):
        token = request.query_params.get('token')
        if not token:
            return
        user = models.UserInfo.objects.filter(token=token).first()
        if user:
            return user, token
        return

    def authenticate_header(self, request):
        return 'API'


# 兜底认证，直接失败
class NoAuthentication(BaseAuthentication):
    def authenticate(self, request):
        raise AuthenticationFailed({"status": False, 'code': 10001, 'msg': '认证失败'})

    def authenticate_header(self, request):
        return 'API'

需要token的接口

# 需登录
class OrderView(APIView):
    def get(self, request):
        print(request.user, request.auth)
        return Response({'status': 'OrderView'})

# 需登录
class UserView(APIView):
    def get(self, request):
        print(request.user, request.auth)
        return Response({'status': 'UserView'})