drf——基于jwt的多方式登录以及自定义多方式登录
一、基于jwt的多方式登陆
1 手机号+密码 用户名+密码 邮箱+密码
2 流程分析(post请求):
-路由:自动生成(推荐自动生成,自己手写也行)
-视图类:ViewSet(ViewSetMixin, views.APIView)
-序列化类:重写validate方法,在这里面对用户名和密码进行校验
代码实现
models.py----->进行数据迁移
from django.db import models
from django.contrib.auth.models import AbstractUser
class UserInfo(AbstractUser):
phone = models.CharField(max_length=32, unique=True)
settings.py
INSTALLED_APPS = [
...
'rest_framework'
]
#扩写AUTH_USER表
AUTH_USER_MODEL = 'app01.UserInfo'
REST_FRAMEWORK = {
# 配置全局异常
'EXCEPTION_HANDLER': 'app01.utils.common_exception'
}
views.py
from rest_framework.viewsets import ViewSet
from app01.serializer import LoginSerializer
from app01.utils import APIResponse
class LoginViewSet(ViewSet):
def create(self, request, *args, **kwargs):
# 实例化得到一个序列化类的对象
# ser=LoginSerializer(data=request.data,context={'request':request})
ser = LoginSerializer(data=request.data)
# 序列化类的对象的校验方法
ser.is_valid(raise_exception=True) # 字段自己的校验,局部钩子校验,全局钩子校验
# 如果通过,表示登录成功,返回手动签发的token
token = ser.context.get('token')
username = ser.context.get('username')
return APIResponse(token=token, username=username)
# 如果失败,不用管了
serializer.py
from rest_framework import serializers
from app01.models import UserInfo
import re
from rest_framework.exceptions import ValidationError
from rest_framework_jwt.utils import jwt_encode_handler, jwt_payload_handler
class LoginSerializer(serializers.ModelSerializer):
#重写username不然报错
username = serializers.CharField()
class Meta:
model = UserInfo
fields = ['username', 'password']
def validate(self, attrs):
# username可能是邮箱,手机号,用户名
username = attrs.get('username')
password = attrs.get('password')
# 如果是手机号
if re.match('^1[3-9]\d{9}$', username):
# 以手机号登录
user = UserInfo.objects.filter(phone=username).first()
elif re.match('^.+@.+$', username):
# 以邮箱登录
user = UserInfo.objects.filter(email=username).first()
else:
# 以用户名登录
user = UserInfo.objects.filter(username=username).first()
# 如果user有值并且密码正确
if user and user.check_password(password):
# 登录成功,生成token
# drf-jwt中有通过user对象生成token的方法
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
# token是要在视图类中使用,现在我们在序列化类中
# self.context.get('request')
# 视图类和序列化类之间通过context这个字典来传递数据
self.context['token'] = token
self.context['username'] = user.username
#一定要记得return
return attrs
else:
raise ValidationError('用户名或密码错误')
utils.py
from rest_framework.response import Response
class APIResponse(Response):
def __init__(self, code=100, msg='成功', data=None, status=None,
headers=None, content_type=None, **kwargs):
dic = {'code': code, 'msg': msg}
if data:
dic['data'] = data
dic.update(kwargs)
super().__init__(data=dic, status=status, headers=headers, content_type=content_type)
from rest_framework.views import exception_handler
#全局异常捕获
def common_exception(exc, context):
# 先调用REST framework默认的异常处理方法获得标准错误响应对象
response = exception_handler(exc, context)
# 在此处补充自定义的异常处理
if response is None:
response = Response(data={'code':999,'msg':str(exc)})
return response
urls.py
注意:自动生成路由,四种对应关系
from django.urls import path
from rest_framework.routers import SimpleRouter
from app01 import views
router = SimpleRouter()
#必须要加,basename='login',不然会报错
router.register('login', views.LoginViewSet,basename='login')
print(router.urls)
urlpatterns = [
... #path('login/', views.LoginViewSet.as_view({'post':'create'})), 可以用这种自己手写的路由
]
urlpatterns += router.urls
登录方式:在http://127.0.0.1:8000/login/发送post请求,携带json格式username,password
二、自定义user表,签发token,认证类的代码实现多方式登录
models.py
from django.db import models
class MyUser(models.Model):
username = models.CharField(max_length=32) #字段名一定要叫username不然要自己重写,具体看源码
password = models.CharField(max_length=32)
phone = models.CharField(max_length=32)
email = models.EmailField()
utils.py
from rest_framework.response import Response
class APIResponse(Response):
def __init__(self, code=100, msg='成功', data=None, status=None,
headers=None, content_type=None, **kwargs):
dic = {'code': code, 'msg': msg}
if data:
dic['data'] = data
dic.update(kwargs)
super().__init__(data=dic, status=status, headers=headers, content_type=content_type)
from rest_framework.views import exception_handler
#全局异常捕获
def common_exception(exc, context):
# 先调用REST framework默认的异常处理方法获得标准错误响应对象
response = exception_handler(exc, context)
# 在此处补充自定义的异常处理
if response is None:
response = Response(data={'code':999,'msg':str(exc)})
return response
views.py
from rest_framework.views import APIView
from app01.utils import APIResponse
import re
from app01.models import MyUser
from rest_framework_jwt.settings import api_settings
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
from rest_framework_jwt.views import obtain_jwt_token
class MyLoginView(APIView):
def post(self, request, *args, **kwargs):
username = request.data.get('username')
password = request.data.get('password')
# 如果是手机号
if re.match('^1[3-9]\d{9}$', username):
# 以手机号登录
user = MyUser.objects.filter(phone=username).first()
elif re.match('^.+@.+$', username):
# 以邮箱登录
user = MyUser.objects.filter(email=username).first()
else:
# 以用户名登录
user = MyUser.objects.filter(username=username).first()
# 如果user有值并且密码正确,注意这里user.password == password
if user and user.password == password:
# 登录成功,生成token
# drf-jwt中有通过user对象生成token的方法
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
return APIResponse(token=token, username=user.username)
else:
return APIResponse(code=101, msg='用户名或密码错误')
urls.py
from django.contrib import admin
from django.urls import path
from app01 import views
urlpatterns = [
path('login2/', views.MyLoginView.as_view()),
]
settings.py
INSTALLED_APPS = [
...
'rest_framework'
]
REST_FRAMEWORK = {
# 配置全局异常
'EXCEPTION_HANDLER': 'app01.utils.common_exception'
}
在自定义登录的基础上,加上自定义的认证,来查询订单信息
auth.py
from rest_framework_jwt.utils import jwt_decode_handler
import jwt
from rest_framework.exceptions import AuthenticationFailed
from rest_framework_jwt.authentication import BaseJSONWebTokenAuthentication
from app01.models import MyUser
class JwtAuthentication(BaseJSONWebTokenAuthentication):
def authenticate(self, request):
token=request.META.get('HTTP_Authorization'.upper())
try:
payload = jwt_decode_handler(token)
except jwt.ExpiredSignature:
raise AuthenticationFailed('过期了')
except jwt.DecodeError:
raise AuthenticationFailed('解码错误')
except jwt.InvalidTokenError:
raise AuthenticationFailed('不合法的token')
# 得到的user对象,应该是自己user表的user对象
print(payload)
# user=MyUser.objects.get(id=payload['user_id']) 这样写不好,会每次都查一次数据库
user=payload #不用每次查数据库#或者user = MyUser(id=payload["user_id"], username = payload["username"])不用每次查数据库
return (user, token)
views.py 加上以下认证代码
from app01.auth import JwtAuthentication
class OrderAPIView(APIView):
authentication_classes = [JwtAuthentication, ]
def get(self, request):
# print(request.user) # 自己的user对象
print(request.user) # user是个字典,内部有user_id,
# 后续要查询该用户的所有订单,直接根据user_id查询即可
return APIResponse(msg='查询订单成功')
urls.py
urlpatterns = [
path('order/', views.OrderAPIView.as_view()),
]
赞 (0)