jwt的概念这边就不再阐述了,就是cookie的替代品
view.py
import jwt import datetime from rest_framework.decorators import api_view from rest_framework.response import Response import learn.utils as tool # Create your views here. from fingercode import settings from learn.models import User from learn.serializers import UserSerializer @api_view(('GET', 'POST')) def login(request): if request.method == 'POST': username = request.data.get('username') password = request.data.get('password') if username and password: try: if not request.META.get('HTTP_AUTHORIZATION', ''): password = tool.md5(password) # user_data = User.objects.get(username=username, password=password) user_dict = UserSerializer(User.objects.filter(username=username, password=password), many=True) payload = {'exp': datetime.datetime.utcnow() + datetime.timedelta(days=1), 'data': user_dict.data} headers = { "type": "jwt", "alg": "HS256" } token = jwt.encode(payload, settings.SECRET_KEY, headers=headers).decode() return Response({'data': token}) else: authorization = request.META.get('HTTP_AUTHORIZATION', '') auth = authorization.split() # 验证头信息的token信息是否合法 if not auth: return Response({'msg': '未获取到Authorization请求头'}) if auth[0].lower() != 'jwt': return Response({'msg': 'Authorization请求头中认证方式错误'}) if len(auth) == 1: return Response({'msg': "非法Authorization请求头"}) elif len(auth) > 2: return Response({'msg': "非法Authorization请求头"}) token = auth[1] payload = jwt.decode(token, settings.SECRET_KEY) return Response({'msg': payload}) except User.DoesNotExist: return Response({'msg': '用户名或者密码错误'}) else: return Response(status=404)
models.py
自定义吧,我感觉这个没啥关系,我的就是一个关于user的数据表
serializers.py
from rest_framework import serializers from learn.models import User class UserSerializer(serializers.ModelSerializer): class Meta: model = User exclude = ('password', )
接下来通过包含请求头访问
如果不包含
遇到的bug:
看views.py ,request.POST.get不适用api的post接收,感觉是表单的post提交,而要使用request.data.get
才能正确接收到post的值,这里我吃了大亏