zoukankan      html  css  js  c++  java
  • rstful登陆认证并检查session是否过期

    一:restful用户视图 

    #!/usr/bin/env python
    # -*- coding:UTF-8 -*-
    # Author:Leslie-x
    from users import models
    from rest_framework.decorators import action
    from rest_framework.response import Response
    from rest_framework import viewsets
    from rest_framework import serializers
    from django.contrib.auth import authenticate, login, logout
    
    
    class UserSerializer(serializers.ModelSerializer):
        class Meta:
            model = models.User
            exclude = ('password',)
    class UserViewSet(viewsets.ReadOnlyModelViewSet):
        serializer_class = UserSerializer
        queryset = User.objects.all()
        authentication_classes = (UserAuthentication,)
    
        @action(detail=False, methods=['post'])
        def register(self, request, *args, **kwargs):
            username = request.data.get("username")
            queryset = User.objects.filter(username=username)
            if queryset.exists():
                raise exceptions.PermissionDenied('该账号已经被注册')
            user = User.objects.create_user(**request.data)
            UserProfile.objects.create(user=user, nickname=user.username)
            data = self.get_serializer(user).data
            return Response(data)
    
        @action(detail=False, methods=['post'])
        def login(self, request, *args, **kwargs):
            username = request.data.get("username")
            password = request.data.get("password")
            user = authenticate(username=username, password=password)
            if not user:
                raise exceptions.PermissionDenied('用户名或密码错误')
            auth_id = request.session.get('_auth_user_id')
            if auth_id != str(user.pk):
                logout(request)
            login(request, user)
            data = self.get_serializer(user).data
            data['session_key'] = request.session.session_key
            return Response(data)
    
        @action(detail=False, methods=['post'])
        def logout(self, request, *args, **kwargs):
            logout(request)
            return Response()

    二:检查session是否过期

    from rest_framework.authentication import SessionAuthentication
    from rest_framework.request import Request
    from django.contrib.sessions.models import Session
    from rest_framework import exceptions
    import arrow
    
    
    class CustomAuth(SessionAuthentication):
    
        def check_session(self, request):
            session_key = request.session.session_key
            queryset = Session.objects.filter(session_key=session_key)
            if not queryset.exists():
                raise exceptions.PermissionDenied('非法用户,拒绝访问')
            expire_date = queryset.first().expire_date
            now = arrow.now().format('YYYY-MM-DD HH:mm:ss')
            if not arrow.get(now) < arrow.get(expire_date):
                raise exceptions.PermissionDenied('session expired')
    
        def authenticate(self, request: Request):
            ret = super().authenticate(request)
         self.check_session(request)
         return ret
  • 相关阅读:
    LeetCode Power of Three
    LeetCode Nim Game
    LeetCode,ugly number
    LeetCode Binary Tree Paths
    LeetCode Word Pattern
    LeetCode Bulls and Cows
    LeeCode Odd Even Linked List
    LeetCode twoSum
    549. Binary Tree Longest Consecutive Sequence II
    113. Path Sum II
  • 原文地址:https://www.cnblogs.com/li1992/p/10388501.html
Copyright © 2011-2022 走看看