zoukankan html css js c++ java

rstful登陆认证并检查session是否过期

一：restful用户视图

#!/usr/bin/env python
# -*- coding:UTF-8 -*-
# Author:Leslie-x
from users import models
from rest_framework.decorators import action
from rest_framework.response import Response
from rest_framework import viewsets
from rest_framework import serializers
from django.contrib.auth import authenticate, login, logout


class UserSerializer(serializers.ModelSerializer):
    class Meta:
        model = models.User
        exclude = ('password',)
class UserViewSet(viewsets.ReadOnlyModelViewSet):
    serializer_class = UserSerializer
    queryset = User.objects.all()
    authentication_classes = (UserAuthentication,)

    @action(detail=False, methods=['post'])
    def register(self, request, *args, **kwargs):
        username = request.data.get("username")
        queryset = User.objects.filter(username=username)
        if queryset.exists():
            raise exceptions.PermissionDenied('该账号已经被注册')
        user = User.objects.create_user(**request.data)
        UserProfile.objects.create(user=user, nickname=user.username)
        data = self.get_serializer(user).data
        return Response(data)

    @action(detail=False, methods=['post'])
    def login(self, request, *args, **kwargs):
        username = request.data.get("username")
        password = request.data.get("password")
        user = authenticate(username=username, password=password)
        if not user:
            raise exceptions.PermissionDenied('用户名或密码错误')
        auth_id = request.session.get('_auth_user_id')
        if auth_id != str(user.pk):
            logout(request)
        login(request, user)
        data = self.get_serializer(user).data
        data['session_key'] = request.session.session_key
        return Response(data)

    @action(detail=False, methods=['post'])
    def logout(self, request, *args, **kwargs):
        logout(request)
        return Response()

二：检查session是否过期

from rest_framework.authentication import SessionAuthentication
from rest_framework.request import Request
from django.contrib.sessions.models import Session
from rest_framework import exceptions
import arrow


class CustomAuth(SessionAuthentication):

    def check_session(self, request):
        session_key = request.session.session_key
        queryset = Session.objects.filter(session_key=session_key)
        if not queryset.exists():
            raise exceptions.PermissionDenied('非法用户，拒绝访问')
        expire_date = queryset.first().expire_date
        now = arrow.now().format('YYYY-MM-DD HH:mm:ss')
        if not arrow.get(now) < arrow.get(expire_date):
            raise exceptions.PermissionDenied('session expired')

    def authenticate(self, request: Request):
        ret = super().authenticate(request)
　　　　 self.check_session(request)
　　　　 return ret

查看全文

相关阅读:
android在开发过程中的数据库存储位置
 JSONArray的初始化的形式
 Android中asset文件夹与raw文件夹的区别深入解析(转)
Android 建立Menu选单&&onOptionsItemSelected （转）
onItemLongClick＋onCreateContextMenu实现长按ListItem弹出不同菜单
 thrift框架
 64 位 win7 使用PLSQL Developer(转)
Java-->服务器的响应(Servlet--doGet&doPost)
JAVA printWriter中write()和println()区别
 JavaWeb学习总结（六）—HttpServletResponse

原文地址：https://www.cnblogs.com/li1992/p/10388501.html