zoukankan      html  css  js  c++  java
  • jwt安装配置

    jwt安装配置

    1.登录接口

    2.刷新接口

    3.自定义返回格式

    1.JWT安装配置

    1.1 安装JWT

    pip install djangorestframework-jwt==1.11.0

    1.2 syl/settings.py 配置jwt载荷中的有效期设置

     

     

    # jwt载荷中的有效期设置
    JWT_AUTH = {
    # 1.token前缀:headers中 Authorization 值的前缀
    'JWT_AUTH_HEADER_PREFIX': 'JWT',
    # 2.token有效期:一天有效
    'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
    # 3.刷新token:允许使用旧的token换新token
    'JWT_ALLOW_REFRESH': True,
    # 4.token有效期:token在24小时内过期, 可续期token
    'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(hours=24),
    # 5.自定义JWT载荷信息:自定义返回格式,需要手工创建
    'JWT_RESPONSE_PAYLOAD_HANDLER': 'user.utils.jwt_response_payload_handler',
    }

    1.3 syl/settings.py JWT结合DRF进行认证权限配置

    ################### 配置jwt验证 ######################
    REST_FRAMEWORK = {
    # 身份认证
    'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
    'rest_framework.authentication.SessionAuthentication',
    'rest_framework.authentication.BasicAuthentication',

    ),
    # 全局配置JWT验证设置
    # 'DEFAULT_PERMISSION_CLASSES': (
    # # 'rest_framework.permissions.IsAuthenticated',
    #
    # # 'rest_framework.permissions.IsAuthenticated',
    # ),

    }

    import datetime

    # AUTHENTICATION_BACKENDS = [
    # # 'usersapp.views.CustomBackend'
    # ]
    JWT_AUTH = {
    'JWT_AUTH_HEADER_PREFIX': 'JWT',
    'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
    'JWT_RESPONSE_PAYLOAD_HANDLER':
    'user.views.jwt_response_payload_handler', # 重新login登录返回函数
    }

    1.4 user/urls.py 增加获取token接口和刷新token接口

    
    
    from django.urls import path
    from rest_framework_jwt.views import obtain_jwt_token # 验证密码后返回token
    from user.views import *


    urlpatterns = [
    path('login/', obtain_jwt_token),
    #path('register/',RegisterView.as_view()),
    ]

    1.5 在user/utils.py中从写jwt_response_payload_handler

    
    
    def jwt_response_payload_handler(token, user=None, request=None, role=None):
    """
    自定义jwt认证成功返回数据
    :token 返回的jwt
    :user 当前登录的用户信息[对象]
    :request 当前本次客户端提交过来的数据
    :role 角色
    """
    if user.first_name:
    name = user.first_name
    else:
    name = user.username
    return {
    'authenticated': 'true',
    'id': user.id,
    "role": role,
    'name': name,
    'username': user.username,
    'email': user.email,
    'token': token,
    }
    user/utils.py

    2.postman测试接口

    2.1 测试登录接口,获取token

    http://192.168.56.100:8888/user/login/


    '''自定义认证和权限优先级更高,可以覆盖settings.py中的 '''
    # 自定义权限类
    permission_classes = (MyPermission,)
    # 自定义认证类, 自定义会覆盖全局配置
    authentication_classes = (JSONWebTokenAuthentication,)

    2.2 使用获得的token获取所有用户信息

    http://192.168.56.100:8888/user/user/

    3.源码分析


    class JSONWebTokenAPIView(APIView):
    """
    Base API View that various JWT interactions inherit from.
    """
    permission_classes = ()
    authentication_classes = ()
    def get_serializer_context(self):
    """
    Extra context provided to the serializer class.
    """
    return {
       'request': self.request,
    'view': self,
    }
    def get_serializer_class(self):
    """
    Return the class to use for the serializer.
    Defaults to using `self.serializer_class`.
    You may want to override this if you need to provide different
    serializations depending on the incoming request.
    (Eg. admins get full serialization, others get basic serialization)
    """
    assert self.serializer_class is not None, (
    "'%s' should either include a `serializer_class` attribute, "
    "or override the `get_serializer_class()` method."
    % self.__class__.__name__)
    return self.serializer_class
    def get_serializer(self, *args, **kwargs):
    """
    Return the serializer instance that should be used for validating and
    deserializing input, and for serializing output.
    """
    serializer_class = self.get_serializer_class()
    kwargs['context'] = self.get_serializer_context()
    return serializer_class(*args, **kwargs)
    def post(self, request, *args, **kwargs):
    serializer = self.get_serializer(data=request.data)
    if serializer.is_valid():
    user = serializer.object.get('user') or request.user # User表对象
    token = serializer.object.get('token') # 获取到生成的
    token
    response_data = jwt_response_payload_handler(token, user, request)
    response = Response(response_data)
    if api_settings.JWT_AUTH_COOKIE:
    expiration = (datetime.utcnow() +
    api_settings.JWT_EXPIRATION_DELTA)
    response.set_cookie(api_settings.JWT_AUTH_COOKIE,
    token,
    expires=expiration,
    httponly=True)
    return response
    return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
  • 相关阅读:
    20175122邱昕 网络对抗技术exp2后门的原理与实践
    2019-2020 20175122邱昕《网络对抗技术》Exp1 PC平台逆向破解
    day04 python——进程和线程
    day 03 python——面向对象编程进阶
    day02 python——面向对象进阶
    day01 python——面向对象编程基础
    day05
    day04 五层模型之间的通信过程及Linux的目录相关内容
    day03 计算机的性能及系统启动
    Linux入门终端命令
  • 原文地址:https://www.cnblogs.com/Aurora-y/p/13916013.html
Copyright © 2011-2022 走看看