文章目錄
TOKEN
項目文件樹形圖
配置
#1 settings.py
INSTALLED_APPS = [
...
'app', # app
'rest_framework', # 使用Django restframework
'rest_framework.authtoken', #TOKEN 驗證
]
...
AUTH_USER_MODEL = 'app.UserProfile' # 因爲models使用AbstractUser
import datetime
JWT_AUTH = {
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),# token的有效期
'JWT_ISSUER': 'http://fasfdas.baicu',
'JWT_AUTH_HEADER_PREFIX': 'TOKEN',
'JWT_ALLOW_REFRESH': True,
'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(days=1)
}
...
#2 models.py
from django.db import models
from django.contrib.auth.models import AbstractUser
class UserProfile(AbstractUser):
age = models.IntegerField(verbose_name="年齡",default="1")
#3 views.py
from django.shortcuts import render
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework import status
from app import models
from django.contrib.auth import login
from rest_framework_jwt.settings import api_settings
from django.contrib.auth import authenticate
from django.shortcuts import Http404
from rest_framework import mixins
from rest_framework.viewsets import GenericViewSet
from rest_framework import serializers
from drf_dynamic_fields import DynamicFieldsMixin
from rest_framework import permissions
from rest_framework_jwt.authentication import JSONWebTokenAuthentication
"""1. 登陸"""
class loginView(APIView):
"""登陸成功後,獲取TOKEN"""
def post(self,request):
user = authenticate(username=request.data["username"], password=request.data["password"])
if not user:
raise Http404("賬號密碼不匹配")
login(request, user)
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
return Response({ "success": True, "msg": "登錄成功","results": token},status=status.HTTP_200_OK)
"""2. 新增玩家"""
class UserSerializer(DynamicFieldsMixin,serializers.ModelSerializer):
class Meta:
model = models.UserProfile
fields = ["username","password",]
def create(self, validated_data):
user= models.UserProfile.objects.create_user(**validated_data) # 這裏新增玩家必須用create_user,否則密碼不是祕文
return user
class createUser(mixins.CreateModelMixin,GenericViewSet):
queryset = models.UserProfile.objects.all()
serializer_class = UserSerializer
"""3. 獲取用戶列表(驗證token)"""
class getUser(mixins.ListModelMixin,GenericViewSet):
authentication_classes = (JSONWebTokenAuthentication,)
permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
queryset = models.UserProfile.objects.all()
serializer_class = UserSerializer
#4 urls.py
from django.contrib import admin
from django.urls import path,include
from app import views
from rest_framework import routers
from app import views
createUserViewRouter = routers.DefaultRouter() # 新增用戶
createUserViewRouter.register('', views.createUser,)
getUserRouter = routers.DefaultRouter() # 查看用戶列表
getUserRouter.register('', views.getUser,)
urlpatterns = [
path('admin/', admin.site.urls),
path('gettoken/',views.loginView.as_view()), # 獲取 token
path('createuser/',include(createUserViewRouter.urls)), # 新增用戶
path('getuser/',include(getUserRouter.urls)), # 新增用戶
]
獲取TOKEN
創建一個用戶(調用新增用戶接口)
http://127.0.0.1:8000/createuser/
登陸用戶,獲取token
http://127.0.0.1:8000/gettoken/
驗證token
未加token驗證
class getUser(mixins.ListModelMixin,GenericViewSet):
queryset = models.UserProfile.objects.all()
serializer_class = UserSerializer
http://127.0.0.1:8000/getuser/
加token驗證
class getUser(mixins.ListModelMixin,GenericViewSet):
authentication_classes = (JSONWebTokenAuthentication,) # 驗證token
permission_classes = (permissions.IsAuthenticated,) # 只允許登陸成功的用戶訪問
queryset = models.UserProfile.objects.all()
serializer_class = UserSerializer
http://127.0.0.1:8000/getuser/
權限
permission_classes = (permissions.AllowAny,) # 所有用戶
permission_classes = (permissions.IsAuthenticated,) # 登陸成功的token
permission_classes = (permissions.IsAuthenticatedOrReadOnly,) # 登陸成功的token,只能讀操作
permission_classes = (permissions.IsAdminUser,) # 登陸成功的管理員token
Github
https://github.com/Coxhuang/TOKEN.git
官方文檔
http://getblimp.github.io/django-rest-framework-jwt/
新的文檔地址:
http://jpadilla.github.io/django-rest-framework-jwt/