运维开发网

drf-jwt

运维开发网 https://www.qedev.com 2020-07-15 21:01 出处:网络 作者:运维开发网整理
drf-jwt 官网 http://getblimp.github.io/django-rest-framework-jwt/ 安装子:虚拟环境 pip install djangorestframework-jwt 使用:user/urls.py from django.urls import path from rest_framework_jwt.views import obtain_jw

drf-jwt

官网
http://getblimp.github.io/django-rest-framework-jwt/
安装子:虚拟环境
pip install djangorestframework-jwt
使用:user/urls.py
from django.urls import path
from rest_framework_jwt.views import obtain_jwt_token
urlpatterns = [
    path('login/', obtain_jwt_token),
]
测试接口:post请求
"""
postman发生post请求

接口:http://api.luffy.cn:8000/user/login/

数据:
{
    "username":"admin",
    "password":"admin"
}
"""

自定义jwt登录(手动签发jwt)

1、View.py中定义一个类

from rest_framework.views import APIView
from rest_framework_jwt.serializers import jwt_payload_handler
from rest_framework_jwt.serializers import jwt_encode_handler
from django.contrib import auth
class LoginAPIView(APIView):
    def post(self,request,*args,**kwargs):
        username = request.data.get('username')
        password = request.data.get('password')
        if not (username and password):
            return Response({
                'error':'用户名或密码不能为空'
            })
        user_obj = auth.authenticate(username=username,password=password,is_active=True)
        if user_obj:
            payload = jwt_payload_handler(user_obj)
            token = jwt_encode_handler(payload)
            return Response({
                'status':0,
                'msg':'ok',
                'token':token
            })
        else:
            return Response({
                'status':1,
                'msg':'用户名或密码错误'
            })

2、serializers.py中定义基于auth_user的序列化与反序列化的类

class LoginModelSerializer(serializers.ModelSerializer):
    class Meta:
        model = models.User
        fields = ('username', 'password')
        extra_kwargs = {
            'password':{
                'write_only':True
            }
        }

3、url中设置指向路由

from api import views
url(r'^login/$', views.LoginAPIView.as_view()),

jwt过期时间

在setting中配置

import datetime

JWT_AUTH = {

‘JWT_EXPIRATION_DELTA‘: datetime.timedelta(seconds=300),

}

authentication_classes和permission_classes

两者配合使用可省略session

# 必须完成jwt校验才能得到登陆状态
    # authentication_classes = [JSONWebTokenAuthentication]
    authentication_classes = [JWTAuthentication]
    # 登陆后才能查看
    permission_classes = [IsAuthenticated]

基于drf-jwt的全局认证:user/authentications.py(自己创建)

import jwt
from rest_framework.exceptions import AuthenticationFailed
from rest_framework_jwt.authentication import jwt_decode_handler
from rest_framework_jwt.authentication import get_authorization_header
from rest_framework_jwt.authentication import BaseJSONWebTokenAuthentication

class JSONWebTokenAuthentication(BaseJSONWebTokenAuthentication):
    def authenticate(self, request):
        jwt_value = get_authorization_header(request)

        if not jwt_value:
            raise AuthenticationFailed('Authorization 字段是必须的')
        try:
            payload = jwt_decode_handler(jwt_value)
        except jwt.ExpiredSignature:
            raise AuthenticationFailed('签名过期')
        except jwt.InvalidTokenError:
            raise AuthenticationFailed('非法用户')
        user = self.authenticate_credentials(payload)

        return user, jwt_value

全局启用:settings/dev.py

REST_FRAMEWORK = {
    # 认证模块
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'user.authentications.JSONWebTokenAuthentication',
    ),
}

局部启用禁用:任何一个cbv类首行

# 局部禁用
authentication_classes = []

# 局部启用
from user.authentications import JSONWebTokenAuthentication
authentication_classes = [JSONWebTokenAuthentication]

自定义频率认证类

方法一设置scope

1\setting中配置

REST_FRAMEWORK = {

# 自定义频率类

‘DEFAULT_THROTTLE_CLASSES‘: [],

‘DEFAULT_THROTTLE_RATES‘: {

#‘user‘: ‘3/min‘,

#‘anon‘: ‘3/min‘,

‘time_scope‘: ‘3/min‘,

‘time_rate‘: ‘3/min‘,

},

}

2\自定义认证类中.py中

from rest_framework.throttling import SimpleRateThrottle
class MyRateThrottle(SimpleRateThrottle):
    scope = 'time_scope'
    def get_cache_key(self, request, view):
        return 'throttle_time_scope'

3\在View需要限制访问的类中

from . import throttles
# 自定义频率控制
# throttle_classes = [MyRateThrottle]
# throttle_classes = [throttles.TimeRateThrottle]

第二种设置rate

1\自定义认证类中.py中

class TimeRateThrottle(SimpleRateThrottle):
     rate = '3/min'
     def get_cache_key(self, request, view):
         return 'throttle_time_rate'

2\在View需要限制访问的类中

from . import throttles
# 自定义频率控制
# throttle_classes = [MyRateThrottle]
# throttle_classes = [throttles.TimeRateThrottle]

系统默认频率控制

1、setting中

REST_FRAMEWORK = {

# 自定义频率类

‘DEFAULT_THROTTLE_CLASSES‘: [],

‘DEFAULT_THROTTLE_RATES‘: {

‘user‘: ‘3/min‘,

‘anon‘: ‘3/min‘,

},

}

2、在View需要限制访问的类中

1\from rest_framework import throttling
2\authentication_classes = [JWTAuthentication]
3\# 系统频率控制
    # throttle_classes = [throttling.AnonRateThrottle]  # 只限制游客
    # throttle_classes = [throttling.UserRateThrottle]  # 登陆用户通过用户pk限制,游客通过ip限制
0

精彩评论

暂无评论...
验证码 换一张
取 消