djano jwt 的使用
2024-10-09 15:18:25
1.5 JWT:使用djangorestframework-jwt模块进行用户身份验证
安装: pip install djangorestframework-jwt
添加应用:python manage.py startapp users
官方网站:https://jpadilla.github.io/django-rest-framework-jwt/
########### 1、在INSTALLED_APPS中加入'rest_framework.authtoken', #################
INSTALLED_APPS = [
'''
'rest_framework.authtoken', #
'''
] ################### 2、配置jwt验证 ######################
REST_FRAMEWORK = {
# 身份认证
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
} import datetime JWT_AUTH = {
'JWT_AUTH_HEADER_PREFIX': 'JWT',
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
'JWT_RESPONSE_PAYLOAD_HANDLER':
'users.views.jwt_response_payload_handler', # 重新login登录返回函数
}
AUTH_USER_MODEL='users.User' # 指定使用users APP中的 model User进行验证
settings.py 配置使用JWT from django.contrib import admin
from django.urls import path,re_path,include urlpatterns = [
path('admin/', admin.site.urls),
re_path(r'users/',include(('users.urls','users'),namespace='users'))
] urls.py #! /usr/bin/env python
# -*- coding: utf-8 -*-
from django.urls import path,re_path,include
from users import views
from rest_framework_jwt.views import obtain_jwt_token # 验证密码后返回token urlpatterns = [
path('v1/register/', views.RegisterView.as_view(), name='register'), # 注册用户
path('v1/login/', obtain_jwt_token,name='login'), # 用户登录后返回token
path('v1/list/', views.UserList.as_view(), name='register'), # 测试需要携带token才能访问
] users/urls.py from django.db import models
from django.contrib.auth.models import AbstractUser class User(AbstractUser):
username = models.CharField(max_length=64, unique=True)
password = models.CharField(max_length=255)
phone = models.CharField(max_length=64)
token = models.CharField(max_length=255) #! /usr/bin/env python
# -*- coding: utf-8 -*-
from rest_framework_jwt.settings import api_settings
from rest_framework import serializers
from users.models import User class UserSerializer(serializers.Serializer):
username = serializers.CharField()
password = serializers.CharField()
phone = serializers.CharField()
token = serializers.CharField(read_only=True) def create(self, data):
user = User.objects.create(**data)
user.set_password(data.get('password'))
user.save()
# 补充生成记录登录状态的token
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
user.token = token
return user users/serializers.py 使用Serializer的create方法创建token from django.shortcuts import render
import json
from rest_framework.views import APIView
from rest_framework.views import Response
from rest_framework.permissions import IsAuthenticated
from rest_framework_jwt.authentication import JSONWebTokenAuthentication
from users.serializers import UserSerializer # 用户注册
class RegisterView(APIView):
def post(self, request, *args, **kwargs):
serializer = UserSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=201)
return Response(serializer.errors, status=400) # 重新用户登录返回函数
def jwt_response_payload_handler(token, user=None, request=None):
'''
:param token: jwt生成的token值
:param user: User对象
:param request: 请求
'''
return {
'token': token,
'user': user.username,
'userid': user.id
} # 测试必须携带token才能访问接口
class UserList(APIView):
permission_classes = [IsAuthenticated] # 接口中加权限
authentication_classes = [JSONWebTokenAuthentication] def get(self,request, *args, **kwargs):
print(request.META.get('HTTP_AUTHORIZATION', None))
return Response({'name':'zhangsan'})
def post(self,request, *args, **kwargs):
return Response({'name':'zhangsan'}) users/views.py users/models.py 添加用户认证的User表 #1、指定允许的hosts,否则通过 http://jack.com:8888/index/ 无法访问jack_django程序
ALLOWED_HOSTS = ['*'] #2、将corsheaders 注册到app中
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'corsheaders',
'app01',
] #3、将下面两条添加到中间件重
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
] #4、配置 django-cors-headers 中的参数
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
# CORS_ORIGIN_WHITELIST = (
# '*',
# ) CORS_ALLOW_METHODS = (
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
'VIEW',
) CORS_ALLOW_HEADERS = (
'XMLHttpRequest',
'X_FILENAME',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
'Pragma',
) settings.py 前后端分离配置cors # 通过用户token获取用户信息
from rest_framework_jwt.utils import jwt_decode_handler
toke_user = jwt_decode_handler(token)
# {'user_id': 2, 'username': 'lisi', 'exp': 1561504444, 'email': ''}
最新文章
- ABP框架 - 授权
- TensorFlow 在android上的Demo(1)
- iOS系统app崩溃日志手动符号化
- 随笔2 PAT1001.A+B Format (20)
- Properties --- C++读配置信息的类(一)
- 【 D3.js 高级系列 — 5.0 】 颜色
- js--小结⑦---格式转换
- Spring的IOC
- cowboy rest
- CSS vertical-align属性
- vs2012中使用localdb实例还原一个sql server 2008r2版本的数据库
- JS对url进行编码和解码(三种方式区别)
- Windows安装paramiko和PyCharm工程导入
- django基于存储在前端的token用户认证
- [项目实践] 在项目实战中提升代码效率的的一次应用实践-----使用列表解析式输出当前android设备的CPU核数
- Java 正则表达式 过滤html标签
- js动态添加和删除table的行例子
- Java多线程之线程的状态以及线程间协作通信导致的线程状态转换
- Php面向对象 – 类常量
- 通过url获取参数信息