django-rest-framework登陆认证

# -*- coding: utf-8 -*-
__author__ = 'YongCong Wu'
# @Time    : 2018/10/23 15:05
# @Email   :  : 1922878025@qq.com
from rest_framework import exceptions
from app import models


class FirstAuthtication(object):
    def authenticate(self, request):
        pass

    def authenticate_header(self, request):
        pass


class Authtication(object):
    def authenticate(self, request):
        token = request._request.GET.get('token')
        token_obj = models.UserToken.objects.filter(token=token).first()
        if not token_obj:
            raise exceptions.AuthenticationFailed('用户认证失败')
        # 在rest framework内部将整个两个字段赋值给request，以供后续操作使用。
        return (token_obj.user, token_obj)

    def authenticate_header(self, request):
        pass

from django.shortcuts import render, HttpResponse
from django.contrib.auth.models import User, Group
from rest_framework import viewsets
from app.serializers import UserSerializer, GroupSerializer
from rest_framework.views import APIView
from rest_framework.request import Request
from rest_framework.authentication import BasicAuthentication
from rest_framework import exceptions
from django.http import JsonResponse
from app import models
import hashlib
import time

# Create your views here.


class UserViewSet(viewsets.ModelViewSet):
    queryset = User.objects.all()
    serializer_class = UserSerializer


class GroupViewSet(viewsets.ModelViewSet):
    queryset = Group.objects.all()
    serializer_class = GroupSerializer

# 生成md5
def md5(user):
    ctime = str(time.time())
    m = hashlib.md5(bytes(user, encoding='utf-8'))
    m.update(bytes(ctime, encoding='utf-8'))
    return m.hexdigest()


# 请求Token认证
class GetUserData(APIView):
    """
    用于用户登陆认证
    """
    authentication_classes = []
    def post(self, request, *args, **kwargs):
        ret = {'code': 1000, 'msg': None}
        try:
            user = request._request.POST.get('username')
            pwd = request._request.POST.get('password')
            obj = models.UserInfo.objects.filter(username=user, password=pwd).first()
            if not obj:
                ret['code'] = 1001
                ret['msg'] = '用户名或密码错误'
            # 为当前登陆用户创建Token
            token = md5(user)
            models.UserToken.objects.update_or_create(user=obj, defaults={'token':token})
            ret['token'] = token
        except Exception as e:
            ret['code'] = 1002
            ret['msg'] = '请求异常'
        return JsonResponse(ret)



# 测试数据
ORDER_DICT = {
    1: {
        'name': '书包',
        'sku': 1002,
        'price': 500
    },
    2: {
        'name': '键盘',
        'sku': 1052,
        'price': 258
    }
}

class OrderView(APIView):
    """
    用于订单    rest framework
    """
    # 通过authentication_classes添加用户认证
    def get(self, request, *args, **kwargs):
        """
        用户登陆成功，才可以查看订单数据
        """
        ret = {'code': 1000, 'msg': None, 'data': None}
        try:
            ret['data'] = ORDER_DICT
        except Exception as e:
            pass
        return JsonResponse(ret)

# 用户中心
class UserInfoView(APIView):
    """
    用于订单    rest framework
    """
    # 通过authentication_classes添加用户认证
    def get(self, request, *args, **kwargs):
        return HttpResponse('用户信息')

from django.db import models

# Create your models here.


class UserInfo(models.Model):
    user_type_choices = (
        (1, '普通用户'),
        (2, 'VIP'),
        (3, 'SVIP')
    )
    user_type = models.IntegerField(choices=user_type_choices)
    username = models.CharField(max_length=32, unique=True)
    password = models.CharField(max_length=64)


class UserToken(models.Model):
    user = models.OneToOneField(to='UserInfo')
    token = models.CharField(max_length=64)

# -*- coding:utf-8 -*-


from django.conf.urls import url, include
from rest_framework import routers
from app import views



# 注册视图
router = routers.DefaultRouter()
router.register(r'users', views.UserViewSet)
router.register(r'groups', views.GroupViewSet)
router.register(r'pwd', views.GroupViewSet)



# 二级路由
urlpatterns = [
    url(r'apb/',include(router.urls)),
    url(r'1/',include(router.urls)),
    url(r'auth/$', views.GetUserData.as_view()),            # 登陆认证
    url(r'order/$', views.OrderView.as_view())               # 订单
]

from django.conf.urls import url, include
from django.contrib import admin
from rest_framework import routers, serializers, viewsets
from app import views


# django-rest-swagger
from rest_framework.schemas import get_schema_view
from rest_framework_swagger.renderers import SwaggerUIRenderer, OpenAPIRenderer
schema_view = get_schema_view(title='User API', renderer_classes=[OpenAPIRenderer, SwaggerUIRenderer])


urlpatterns = [
    url(r'^docs/', schema_view, name='docs'),
    url(r'^admin/', admin.site.urls),
    url(r'^api', include('rest_framework.urls', namespace='rest_framework')),
    url(r'^user/', include('app.urls'))

settings.py配置全局认证

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': ['app.utils.auth.FirstAuthtication', 'app.utils.auth.Authtication']
}

django-rest-swagger配置

# Swagger样式配置
SWAGGER_SETTINGS = {
    'SECURITY_DEFINITIONS': {
        'basic': {
            'type': 'basic'
        }
    },
    'LOGIN_URL': 'rest_framework:login',
    'LOGOUT_URL': 'rest_framework:logout',
    # 接口文档中方法列表以首字母升序排列
    'APIS_SORTER': 'alpha',
    # 如果支持json提交，则接口文档中包含json输入框
    'JSON_EDITOR': True,
    # 方法列表字母排序
    'OPERTIONS_SORTER': 'alpha',
    'VALIDATOR_URL': None
}

app/serializers.py

# -*- coding:utf-8 -*-
from django.contrib.auth.models import User, Group
from rest_framework import serializers


# 返回数据
class UserSerializer(serializers.HyperlinkedModelSerializer):
    class Meta:
        model = User
        fields = ('url', 'username', 'email', 'groups')


class GroupSerializer(serializers.HyperlinkedModelSerializer):
    class Meta:
        model = Group
        fields = ('url', 'name')