文章目錄
- 1,DjangoRestFramework基本使用
- 2,drf認證&權限 模塊
- 3,djangorestframework 序列化
- 4,djangorestframework 分頁
- 5,JWT:使用djangorestframework-jwt模塊進行用戶身份驗證
1、安裝
pip install djangorestframework
2、djangorestframework 介紹
- djangorestframework 主要使用 APIView,其實APIView實質是對 View 進行繼承加工了更多功能
- 請求來了 APIView首先執行 self.dispatch 方法,此方法對 request 進行了再次封裝
1,DjangoRestFramework基本使用
1、回顧CBV基本使用
- urls.py
from django.contrib import admin
from django.urls import path,re_path,include
urlpatterns = [
path('admin/', admin.site.urls),
re_path(r'users/',include(('users.urls', 'users'), namespace='users'))
]
- users/urls.py
from django.contrib import admin
from django.urls import path,re_path,include
urlpatterns = [
path('admin/', admin.site.urls),
re_path(r'users/',include(('users.urls', 'users'), namespace='users'))
]
- users/views.py
import json
from django.shortcuts import render,HttpResponse
from django.views import View
class HomeView(View):
def dispatch(self, request, *args, **kwargs):
return super(HomeView, self).dispatch(request, *args, **kwargs)
def get(self, request):
return HttpResponse('get')
def post(self, request):
return HttpResponse('post')
2、安裝DjangoRestFramework
pip install djangorestframework==3.9.2
pip install markdown==3.0.1 # Markdown support for the browsable API.
pip install django-filter==2.1.0 # Filtering support
3、DjangoRestFramework 基本使用
- urls.py
from django.contrib import admin
from django.urls import path,re_path,include
urlpatterns = [
path('admin/', admin.site.urls),
re_path(r'users/',include(('users.urls', 'users'), namespace='users'))
]
- users/urls.py
from django.urls import path,re_path,include
from users import views
urlpatterns = [
re_path(r'info', views.UserInfoViewSet.as_view(), name='user'),
]
- users/views.py
from rest_framework.views import APIView
from django.http import JsonResponse
class UserInfoViewSet(APIView):
def __init__(self):
super(UserInfoViewSet, self).__init__()
def get(self, request, *args, **kwargs):
result = {
'status': True,
'data': 'response data'
}
return JsonResponse(result, status=200)
def post(self, request, *args, **kwargs):
result = {
'status': True,
'data': 'response data'
}
return JsonResponse(result, status=200)
2,drf認證&權限 模塊
1、authentication基本使用
class UserInfoViewSet(APIView):
authentication_classes = [authentication.IsAuthenticated,] # 用戶認證模塊
permission_classes = (authentication.IsOwnerOrReadOnly,) # 用戶授權模塊
- urls.py
from django.contrib import admin
from django.urls import path,re_path,include
urlpatterns = [
path('admin/', admin.site.urls),
re_path(r'users/',include(('users.urls', 'users'), namespace='users'))
]
- users/urls.py
#! /usr/bin/env python
# -*- coding: utf-8 -*-
from django.urls import path,re_path,include
from users import views
urlpatterns = [
re_path(r'info', views.UserInfoViewSet.as_view(), name='user'),
]
- users/views.py
from rest_framework.views import APIView
from django.http import JsonResponse
from common.auth import authentication
class UserInfoViewSet(APIView):
authentication_classes = [authentication.IsAuthenticated,]
permission_classes = (authentication.IsOwnerOrReadOnly,)
def __init__(self):
super(UserInfoViewSet, self).__init__()
def get(self, request, *args, **kwargs):
result = {
'status': True,
'data': 'response data'
}
return JsonResponse(result, status=200)
def post(self, request, *args, **kwargs):
result = {
'status': True,
'data': 'response data'
}
return JsonResponse(result, status=200)
- common\auth\authentication.py
#! /usr/bin/env python
# -*- coding: utf-8 -*-
from rest_framework import authentication
from rest_framework import exceptions
from rest_framework import permissions
class IsOwnerOrReadOnly(permissions.BasePermission):
def has_permission(self, request, view):
if False: # 這裏暫且不進行權限驗證
raise exceptions.ParseError('您沒有操作的權限')
return True
class IsAuthenticated(authentication.BaseAuthentication):
def authenticate(self, request):
auth = request.META.get('HTTP_AUTHORIZATION', None) # 獲取 header中的 Authorization
if auth is None:
raise exceptions.NotAuthenticated()
'''這裏應該是驗證token是否合法邏輯'''
# token = Token.objects.filter(key=auth)
# try:
# request.user = token[0].user
# except IndexError:
# raise exceptions.NotAuthenticated('Invalid input Authenticated')
return (request, None)
def authenticate_header(self, request):
msg = 'Invalid token.Please get token first'
return exceptions.NotAuthenticated(msg)
2、測試接口
3,djangorestframework 序列化
- 序列化常用字段參數
'''1. 選項參數'''
name = serializers.CharField(min_length=3,max_length=20)
max_length # 最大長度
min_lenght # 最小長度
allow_blank # 是否允許爲空
max_value # 最大值
min_value # 最小值
'''2. 通用參數'''
gp = serializers.SerializerMethodField(read_only=True)
read_only # 表明該字段僅用於序列化輸出,默認False
write_only # 表明該字段僅用於反序列化輸入,默認False
required # 表明該字段在反序列化時必須輸入,默認True
default # 反序列化時使用的默認值
allow_null # 表明該字段是否允許傳入None,默認False
validators # 該字段使用的驗證器
label # 用於HTML展示API頁面時,顯示的字段名稱
help_text # 用於HTML展示API頁面時,顯示的字段幫助提示信息
error_messages # 包含錯誤編號與錯誤信息的字典
1、序列化使用
- settings.py 註冊App
INSTALLED_APPS = [
'rest_framework',
'users',
]
- urls.py 定義總路由
from django.contrib import admin
from django.urls import path,re_path,include
urlpatterns = [
path('admin/', admin.site.urls),
re_path(r'users/',include(('users.urls', 'users'), namespace='users'))
]
- users/urls.py
#! /usr/bin/env python
# -*- coding: utf-8 -*-
from django.urls import path,re_path
from users import views
urlpatterns = [
re_path(r'^info/$', views.UserInfoViewSet.as_view(), name='userinfo'),
]
- users/models.py
from django.db import models
class UserInfo(models.Model):
name = models.CharField(max_length=64,unique=True)
ut = models.ForeignKey(to='UserType', on_delete=models.CASCADE)
gp = models.ManyToManyField(to='UserGroup')
def __str__(self):
return self.name
class UserType(models.Model):
type_name = models.CharField(max_length=64,unique=True)
def __str__(self):
return self.type_name
class UserGroup(models.Model):
group = models.CharField(max_length=64)
def __str__(self):
return self.group
- users/views.py
from rest_framework.views import APIView
from rest_framework.views import Response
import json
from users import serializers
from users import models as users_model
class UserInfoViewSet(APIView):
# 查詢用戶信息
def get(self, request, *args, **kwargs):
# 一對多、多對多查詢都是一樣的語法
obj = users_model.UserInfo.objects.all()
ser = serializers.UserInfoSerializer(instance=obj,many=True) # 關聯數據多個
# ser = serializers.UserInfoSerializer(instance=obj[0]) # 關聯數據一個
return Response(ser.data, status=200)
# 創建用戶
'''創建用戶'''
def post(self,request):
ser = serializers.UserInfoSerializer(data=request.data)
if ser.is_valid():
ser.save()
return Response(data=ser.data, status=201)
return Response(data=ser.errors,status=400)
# 更新用戶信息
def put(self, request):
pk = request.data.get('pk')
userinfo = users_model.UserInfo.objects.get(id = pk)
# 創建序列化對象,並將要反序列化的數據傳遞給data構造參數,進而進行驗證
ser = serializers.UserInfoSerializer(userinfo,data=request.data)
if ser.is_valid():
ser.save()
return Response(data=ser.data, status=201)
return Response(data=ser.errors,status=400)
- users/serializers.py
from rest_framework import serializers
from users.models import UserInfo
class UserInfoSerializer(serializers.Serializer):
name = serializers.CharField(min_length=3,max_length=20) # 顯示普通字段
ut_id = serializers.IntegerField(write_only=True) # 外鍵約束,關聯字段要定義
ut = serializers.CharField(source='ut.type_name',required=False) # 顯示一對多字段名稱
gp = serializers.SerializerMethodField(read_only=True) # 自定義顯示(顯示多對多)
xxx = serializers.CharField(source='name',required=False) # 也可以自定義顯示字段名稱
'''PrimaryKeyRelatedField和StringRelatedField:可以用對 一對多 和 多對多 關聯對象序列化'''
# gp = serializers.PrimaryKeyRelatedField(read_only=True, many=True)
# gp = serializers.StringRelatedField(read_only=True,many=True)
class Meta:
model = UserInfo
# 自定義顯示 多對多 字段
def get_gp(self,row):
'''row: 傳過來的正是 UserInfo表的對象'''
gp_obj_list = row.gp.all().values('id','group') # 獲取用戶所有組
return gp_obj_list
# 定義創建語法
def create(self, validated_data):
return UserInfo.objects.create(**validated_data)
# 定義更新方法
def update(self, instance, validated_data):
if validated_data.get('name'):
instance.name = validated_data['name']
if validated_data.get('ut_id'):
instance.ut_id = validated_data['ut_id']
instance.save()
return instance
# 定義單一字段驗證的方法
def validate_name(self, value):
if value == 'root':
raise serializers.ValidationError('不能創建root管理員賬號')
return value
# 定義多字段驗證方法
def validate(self, attrs):
if attrs['name'] == 'admin':
raise serializers.ValidationError('不能創建admin用戶')
return attrs
# 一對多序列化(反向查找)
class UserTypeSerializer(serializers.Serializer):
type_name = serializers.CharField()
# 法1一對多關聯對象序列化:此字段將被序列化爲關聯對象的主鍵
userinfo_set = serializers.PrimaryKeyRelatedField(read_only=True, many=True)
# 法2一對多關聯對象序列化:此字段將被序列化爲關聯對象的字符串表示方式(即__str__方法的返回值)
# userinfo_set = serializers.StringRelatedField(read_only=True,many=True)
# 法3一對多關聯對象序列化:使用關聯對象的序列化器
# userinfo_set = UserInfoSerializer(many=True)
# 多對多序列化(反向)
class UserGroupSerializer(serializers.Serializer):
group = serializers.CharField()
# 法1一對多關聯對象序列化:此字段將被序列化爲關聯對象的主鍵
# userinfo_set = serializers.PrimaryKeyRelatedField(read_only=True, many=True)
# 法2一對多關聯對象序列化:此字段將被序列化爲關聯對象的字符串表示方式(即__str__方法的返回值)
# userinfo_set = serializers.StringRelatedField(read_only=True,many=True)
# 法3一對多關聯對象序列化:使用關聯對象的序列化器
# userinfo_set = UserInfoSerializer(many=True)
2、序列化(serializers.Serializer)
- 1)序列化(正向查找)
from rest_framework import serializers
from users.models import UserInfo
class UserInfoSerializer(serializers.Serializer):
name = serializers.CharField(min_length=3,max_length=20) # 顯示普通字段
ut = serializers.CharField(source='ut.type_name',required=False) # 顯示一對多字段名稱
gp = serializers.SerializerMethodField(read_only=True) # 自定義顯示(顯示多對多)
xxx = serializers.CharField(source='name',required=False) # 也可以自定義顯示字段名稱
ut_id = serializers.IntegerField(write_only=True) # 一對多關聯字段定義(外鍵約束)
'''PrimaryKeyRelatedField和StringRelatedField:可以用對 一對多 和 多對多 關聯對象序列化'''
# gp = serializers.PrimaryKeyRelatedField(read_only=True, many=True)
# gp = serializers.StringRelatedField(read_only=True,many=True)
class Meta:
model = UserInfo
# 自定義顯示 多對多 字段
def get_gp(self,row):
'''row: 傳過來的正是 UserInfo表的對象'''
gp_obj_list = row.gp.all().values('id','group') # 獲取用戶所有組
return gp_obj_list
- 2)序列化(反向查找)
''' 一對多序列化(反向查找)'''
class UserTypeSerializer(serializers.Serializer):
type_name = serializers.CharField()
# 法1一對多關聯對象序列化:此字段將被序列化爲關聯對象的主鍵
userinfo_set = serializers.PrimaryKeyRelatedField(read_only=True, many=True)
# 法2一對多關聯對象序列化:此字段將被序列化爲關聯對象的字符串表示方式(即__str__方法的返回值)
# userinfo_set = serializers.StringRelatedField(read_only=True,many=True)
# 法3一對多關聯對象序列化:使用關聯對象的序列化器
# userinfo_set = UserInfoSerializer(many=True)
- 3)視圖函數中使用序列化
class UserInfoViewSet(APIView):
def get(self, request, *args, **kwargs):
# 一對多、多對多查詢都是一樣的語法
obj = users_model.UserInfo.objects.all()
ser = serializers.UserInfoSerializer(instance=obj,many=True) # 關聯數據多條
# ser = serializers.UserInfoSerializer(instance=obj[0]) # 關聯數據一條
return Response(ser.data, status=200)
3、反序列化
- 1)使用反序列化保存數據
'''創建用戶'''
def post(self,request):
ser = serializers.UserInfoSerializer(data=request.data)
if ser.is_valid():
ser.save()
return Response(data=ser.data, status=201)
return Response(data=ser.errors,status=400)
- 2)反序列化定義創建和更新方法
# 定義創建語法
def create(self, validated_data):
return UserInfo.objects.create(**validated_data)
# 定義更新方法
def update(self, instance, validated_data):
if validated_data.get('name'):
instance.name = validated_data['name']
if validated_data.get('ut_id'):
instance.ut_id = validated_data['ut_id']
instance.save()
return instance
# 定義單一字段驗證的方法
def validate_name(self, value):
if value == 'root':
raise serializers.ValidationError('不能創建root管理員賬號')
return value
# 定義多字段驗證方法
def validate(self, attrs):
if attrs['name'] == 'admin':
raise serializers.ValidationError('不能創建admin用戶')
return attrs
4、序列化使用舉例(serializers.ModelSerializer)
- 1.ModelSerializer本質是繼承了Serielizer類添加了部分功能
- 2.在使用上ModelSerializer可以使用 fields = ‘all’ 定義要顯示的字段
# serializers.ModelSerializer使用
'''users/serializers/userinfo_serializers.py'''
from rest_framework import serializers
from users.models import UserInfo
class UserInfoSerializer(serializers.ModelSerializer):
# name = serializers.CharField() # 顯示普通字段
ut = serializers.CharField(source='ut.type_name') # 顯示一對多字段
gp = serializers.SerializerMethodField() # 自定義顯示(顯示多對多)
xxx = serializers.CharField(source='name') # 也可以自定義顯示字段名稱
class Meta:
model = UserInfo
# fields = "__all__"
fields = ["name",'ut','gp','xxx'] # 定義顯示那些字段
def get_gp(self,row):
'''row: 傳過來的正是 UserInfo表的對象'''
gp_obj_list = row.gp.all() # 獲取用戶所有組
ret = []
for item in gp_obj_list:
ret.append({'id':item.id,'gp':item.group})
return ret
5、使用serializers.ModelSerializer 進行數據驗證
- users/views.py
from rest_framework.views import APIView
from users.serializers.userinfo_serializers import UserInfoSerializer
from users.models import UserInfo
class UserInfoViewSet(APIView):
def get(self, request, *args, **kwargs):
obj = UserInfo.objects.all()
ser = UserInfoSerializer(instance=obj,many=True)
ret = json.dumps(ser.data,ensure_ascii=False)
return HttpResponse(ret)
def post(self, request, *args, **kwargs):
ser = UserInfoSerializer(data=request.data) # 驗證,對請求發來的數據進行驗證
if ser.is_valid():
print(ser.validated_data) # post請求數據字典
else:
print(ser.errors) # form驗證錯誤信息
return HttpResponse(json.dumps({'status':True}))
- users/serializers/userinfo_serializers.py
'''users/serializers/userinfo_serializers.py'''
from rest_framework import serializers
from django.core.exceptions import ValidationError
from users.models import UserInfo
class UserInfoSerializer(serializers.ModelSerializer):
name = serializers.CharField(min_length=10, error_messages={'required': '該字段必填'}) # 顯示普通字段
ut = serializers.CharField(source='ut.type_name',required=False) # 顯示一對多字段
gp = serializers.SerializerMethodField(required=False) # 自定義顯示(顯示多對多)
xxx = serializers.CharField(source='name', required=False) # 也可以自定義顯示字段名稱
class Meta:
model = UserInfo
# fields = "__all__"
fields = ["name",'ut','gp','xxx'] # 定義顯示那些字段
# 局部鉤子:
def validate_name(self, value): # value 是name字段提交的值
if value.startswith('sb'): # 不能以sb開頭
raise ValidationError('不能以sb開頭')
else:
return value
# 全局鉤子找到了
def validate(self, value): # value是所有校驗通過數據的字典
name = value.get('name')
if False:
raise ValidationError('全局鉤子引發異常')
return value
'''1、ser.is_valid()'''
# 驗證post請求中數據是否合法
'''2、全局校驗鉤子'''
def validate(self, value): # value是所有校驗通過數據的字典
'''3、局部鉤子'''
def validate_name(self, value): # value 是name字段提交的值
4,djangorestframework 分頁
1、分頁中基本語法
'''1、實例化一個Paginator對象'''
paginator = Paginator(objs, page_size) # paginator對象
'''2、獲取總數量&總頁數'''
total_count = paginator.count # 總數量
total = paginator.num_pages # 總頁數
'''3、使用objs對象獲取指定頁數內容'''
objs = paginator.page(page)
'''4、對分頁後的數據進行序列化操作'''
serializer = Serializer(objs, many=True) # 序列化操作
2、分頁模塊使用舉例
- common/utils/api_paginator.py 自定義分頁模塊
#!/usr/bin/python
# -*- coding: utf-8 -*-
from django.conf import settings
from rest_framework import status
from django.core.paginator import EmptyPage, Paginator, PageNotAnInteger
from rest_framework.views import Response
def Paginators(objs, request, Serializer):
"""
objs : 實體對象, queryset
request : 請求對象
Serializer : 對應實體對象的類
page_size : 每頁顯示多少條數據
page : 顯示第幾頁數據
total_count :總共有多少條數據
total :總頁數
"""
try:
page_size = int(request.GET.get('page_size', settings.REST_FRAMEWORK['PAGE_SIZE']))
page = int(request.GET.get('page', 1))
except (TypeError, ValueError):
return Response(status=400)
paginator = Paginator(objs, page_size) # paginator對象
total_count = paginator.count
total = paginator.num_pages # 總頁數
try:
objs = paginator.page(page)
except PageNotAnInteger:
objs = paginator.page(1)
except EmptyPage:
objs = paginator.page(paginator.num_pages)
serializer = Serializer(objs, many=True) # 序列化操作
return Response(
data={
'detail': serializer.data,
'page': page,
'page_size': page_size,
'total': total,
'total_count': total_count
}
)
- settings.py
# 分頁
REST_FRAMEWORK = {
# 全局分頁
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
# 關閉api root頁面展示
'DEFAULT_RENDERER_CLASSES': (
'rest_framework.renderers.JSONRenderer',
),
'UNICODE_JSON': False,
# 自定義異常處理
'EXCEPTION_HANDLER': (
'common.utils.custom_exception_handler'
),
'PAGE_SIZE': 10
}
- users/serializers/userinfo_serializer.py
'''users/serializers/userinfo_serializers.py'''
from rest_framework import serializers
from users.models import UserInfo
class UserInfoSerializer(serializers.Serializer):
name = serializers.CharField() # 顯示普通字段
ut = serializers.CharField(source='ut.type_name') # 顯示一對多字段
gp = serializers.SerializerMethodField() # 自定義顯示(顯示多對多)
xxx = serializers.CharField(source='name') # 也可以自定義顯示字段名稱
class Meta:
model = UserInfo
def get_gp(self,row):
'''row: 傳過來的正是 UserInfo表的對象'''
gp_obj_list = row.gp.all() # 獲取用戶所有組
ret = []
for item in gp_obj_list:
ret.append({'id':item.id,'gp':item.group})
return ret
- users/views.py
''' users/views.py'''
from rest_framework.views import APIView
from rest_framework.views import Response
from users.serializers.userinfo_serializers import UserInfoSerializer
from users.models import UserInfo
from common.utils.api_paginator import Paginators
class UserInfoViewSet(APIView):
queryset = UserInfo.objects.all().order_by('id')
serializer_class = UserInfoSerializer
def get(self, request, *args, **kwargs):
self.queryset = self.queryset.all()
ret = Paginators(self.queryset, request, self.serializer_class)
print(json.dumps(ret.data)) # ret.data 返回的是最終查詢的json數據
return Response(ret.data)
# http://127.0.0.1:8000/users/info/?page_size=1
'''
{
"detail": [
{
"name": "zhangsan",
"ut": "學生",
"gp": [
{
"id": 1,
"gp": "group01"
},
{
"id": 2,
"gp": "group02"
}
],
"xxx": "zhangsan"
}
],
"page": 1,
"page_size": 1,
"total": 3,
"total_count": 3
}
'''
5,JWT:使用djangorestframework-jwt模塊進行用戶身份驗證
安裝: pip install djangorestframework-jwt
添加應用:python manage.py startapp users
官方網站:https://jpadilla.github.io/django-rest-framework-jwt/
1、JWT配置使用
- settings.py 配置使用JWT
########### 1、在INSTALLED_APPS中加入'rest_framework.authtoken', #################
INSTALLED_APPS = [
'''
'rest_framework.authtoken', #
'''
]
################### 2、配置jwt驗證 ######################
REST_FRAMEWORK = {
# 身份認證
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
}
import datetime
JWT_AUTH = {
'JWT_AUTH_HEADER_PREFIX': 'JWT',
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
'JWT_RESPONSE_PAYLOAD_HANDLER':
'users.views.jwt_response_payload_handler', # 重新login登錄返回函數
}
AUTH_USER_MODEL='users.User' # 指定使用users APP中的 model User進行驗證
- urls.py
from django.contrib import admin
from django.urls import path,re_path,include
urlpatterns = [
path('admin/', admin.site.urls),
re_path(r'users/',include(('users.urls','users'),namespace='users'))
]
- users/urls.py
#! /usr/bin/env python
# -*- coding: utf-8 -*-
from django.urls import path,re_path,include
from users import views
from rest_framework_jwt.views import obtain_jwt_token # 驗證密碼後返回token
urlpatterns = [
path('v1/register/', views.RegisterView.as_view(), name='register'), # 註冊用戶
path('v1/login/', obtain_jwt_token,name='login'), # 用戶登錄後返回token
path('v1/list/', views.UserList.as_view(), name='register'), # 測試需要攜帶token才能訪問
]
- users/models.py 添加用戶認證的User表
from django.db import models
from django.contrib.auth.models import AbstractUser
class User(AbstractUser):
username = models.CharField(max_length=64, unique=True)
password = models.CharField(max_length=255)
phone = models.CharField(max_length=64)
token = models.CharField(max_length=255)
- users/serializers.py 使用Serializer的create方法創建token
#! /usr/bin/env python
# -*- coding: utf-8 -*-
from rest_framework_jwt.settings import api_settings
from rest_framework import serializers
from users.models import User
class UserSerializer(serializers.Serializer):
username = serializers.CharField()
password = serializers.CharField()
phone = serializers.CharField()
token = serializers.CharField(read_only=True)
def create(self, data):
user = User.objects.create(**data)
user.set_password(data.get('password'))
user.save()
# 補充生成記錄登錄狀態的token
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
user.token = token
return user
- users/views.py
from django.shortcuts import render
import json
from rest_framework.views import APIView
from rest_framework.views import Response
from rest_framework.permissions import IsAuthenticated
from rest_framework_jwt.authentication import JSONWebTokenAuthentication
from users.serializers import UserSerializer
# 用戶註冊
class RegisterView(APIView):
def post(self, request, *args, **kwargs):
serializer = UserSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=201)
return Response(serializer.errors, status=400)
# 重新用戶登錄返回函數
def jwt_response_payload_handler(token, user=None, request=None):
'''
:param token: jwt生成的token值
:param user: User對象
:param request: 請求
'''
return {
'token': token,
'user': user.username,
'userid': user.id
}
# 測試必須攜帶token才能訪問接口
class UserList(APIView):
permission_classes = [IsAuthenticated] # 接口中加權限
authentication_classes = [JSONWebTokenAuthentication]
def get(self,request, *args, **kwargs):
print(request.META.get('HTTP_AUTHORIZATION', None))
return Response({'name':'zhangsan'})
def post(self,request, *args, **kwargs):
return Response({'name':'zhangsan'})
- settings.py 前後端分離配置cors
#1、指定允許的hosts,否則通過 http://jack.com:8888/index/ 無法訪問jack_django程序
ALLOWED_HOSTS = ['*']
#2、將corsheaders 註冊到app中
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'corsheaders',
'app01',
]
#3、將下面兩條添加到中間件重
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
]
#4、配置 django-cors-headers 中的參數
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
# CORS_ORIGIN_WHITELIST = (
# '*',
# )
CORS_ALLOW_METHODS = (
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
'VIEW',
)
CORS_ALLOW_HEADERS = (
'XMLHttpRequest',
'X_FILENAME',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
'Pragma',
)
# 通過用戶token獲取用戶信息
from rest_framework_jwt.utils import jwt_decode_handler
toke_user = jwt_decode_handler(token)
# {'user_id': 2, 'username': 'lisi', 'exp': 1561504444, 'email': ''}