django-签名加密模块It's dangerous--加密token
2024-09-05 16:13:57
https://juejin.im/entry/56b30250df0eea0054375e1d
安装
pip install itsdangerous
使用
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer # 导入itsdangerous里面的类 实现加密
from django.conf import settings # 创建序列化对象
# Serializer(私钥, 生命周期(秒))
# serializer = Serializer('secretkey', 3600) # 私钥不能公开,不然就能被篡改 可以借助django里setting.py配置文件中的SECRET_KEY
serializer = Serializer(settings.SECRET_KEY, 3600)
info = {'confirm':1}
# 通过序列化器dumps方法进行加密
data = serializer.dumps(info) # dumps里传的是键值对 是二进制
# 编码
data = data.decode('utf-8')
print(data) # 解密
res = serializer.loads(data)
print(res)
实例user/views.py
from django.shortcuts import render, redirect
from django.http import HttpResponse, JsonResponse
from django.core.urlresolvers import reverse # 反响解析
from django.views.generic import View # 导入类试图
from django.conf import settings # 导入配置文件 获取私钥
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer # 导入itsdangerous里面的类 实现加密 import re
from user.models import *
# Create your views here. class RegisterView(View):
'''注册'''
def get(self, request):
'''显示注册页面'''
return render(request, 'register.html') def post(self, request):
'''进行注册处理'''
# 接受数据
username = request.POST.get('user_name')
password = request.POST.get('pwd')
email = request.POST.get('email')
allow = request.POST.get('allow')
# 校验
# 数据完整度
if not all([username, password, email]):
return render(request, 'register.html', {'errmsg': '数据不完整'})
# 邮箱验证
if not re.match(r'^[A-Za-z0-9\u4e00-\u9fa5]+@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$', email):
return render(request, 'register.html', {'errmsg': '邮箱格式不正确'})
# 校验协议
if allow != 'on':
return render(request, 'register.html', {'errmsg': '请同意协议'})
# 校验用户是否存在
try:
user = User.objects.get(username=username)
except Exception as e:
user = None
if user:
# 用户已存在
return render(request, 'register.html', {'errmsg': '用户名已存在'}) # 进行用户注册
# create_user() 注册用户
user = User.objects.create_user(username, email, password)
user.is_active = 0 # 0为未激活状态
user.save() # 进行token加密
serializer = Serializer(settings.SECRET_KEY, 3600)
info = {'confirm':user.id}
token = serializer.dumps(info).decode('utf-8') return redirect(reverse('goods:index')) # 用户激活
from itsdangerous import SignatureExpired # 解密信息过期错误
class ActiveView(View):
def get(self, request, token):
'''进行用户激活'''
# 进行解密 获取要激活的用户信息
serializer = Serializer(settings.SECRET_KEY, 3600)
try:
info = serializer.loads(token)
# 获取待激活用户id
user_id = info['confirm'] # 根据id获取用户信息
user = User.objects.get(id=user_id)
user.is_active = 1
user.save() # 跳转登录页面
return redirect(reverse('user:login'))
except SignatureExpired as e:
# 激活链接已过期
return HttpResponse('激活链接已过期')
最新文章
- Redis/HBase/Tair比较
- CSS中对图片(background)的一些设置心得总结
- EPSON LQ610K 设置税控盘打印发票的格式
- 解压jar
- CSS 知识积累
- linux C(hello world)
- 杨氏矩阵 leecode 提
- poj2299
- 一个简单的RPC框架
- top batch output
- 控制结构(6) 最近最少使用(LRU)
- 干了这杯Java之Vector
- <二>企业级开源仓库nexus3实战应用–使用nexus3配置docker私有仓库
- bzoj1398 Necklace
- Git SSH密钥对生成以及多个SSH存在情况配置
- leetcode965
- NGS检测SNP
- ZeroMQ API(五) 传输模式
- HDU 3360 National Treasures(二分匹配,最小点覆盖)
- dojo 代码调试