当前位置：首页 > news >正文

drf 使用jwt

news 来源：原创 2025/5/11 8:55:19

安装jwt

pip install pyJwt

添加登录url'

    path("jwt/login",views.JwtLoginView.as_view(),name='jwt-login'),path("jwt/order",views.JwtOrderView.as_view(),name='jwt-order'),

创建视图

from django.contrib.auth import authenticateimport jwt
from jwt import exceptions
import datetimeclass JwtLoginView(APIView):def post(self,request,*args,**kwargs):username = request.data.get("username")password = request.data.get("password")user_object = authenticate(username=username, password=password)if not user_object:return Response(data={"msg": "没有此用户信息"}, status=status.HTTP_404_NOT_FOUND)headers = {'typ':'jwt','alg':'HS256'}payload = {'user_id':user_object.id,'username':user_object.username,'exp':datetime.datetime.now()+datetime.timedelta(minutes=5)}token = jwt.encode(headers=headers,payload=payload,key=salt,algorithm="HS256").encode("utf-8")return Response(data=token, status=status.HTTP_200_OK)class JwtOrderView(APIView):def get(self, request, *args, **kwargs):token = request.data.get("token")print(token)payload = Nonemsg = Nonetry:payload = jwt.decode(token,salt,algorithms='HS256')except exceptions.ExpiredSignatureError:msg = 'token已失效'except exceptions.DecodeError:msg = 'token认证失败'except exceptions.InvalidTokenError:msg = '非法的token'if not  payload:return  Response({'code':1003,'error':msg})return Response("list")

抽取登录、验证操作

生成token #course/utils/jwt_auth.py


import jwt
import datetime
from django.conf import settingsdef create_token(payload, timeout=1):salt = settings.SECRET_KEYheaders = {'typ': 'jwt','alg': 'HS256'}payload['exp'] = datetime.datetime.now() + datetime.timedelta(minutes=timeout)token = jwt.encode(headers=headers, payload=payload, key=salt, algorithm="HS256").encode("utf-8")return token

登录验证 #course/extensions/auth.py


from rest_framework.authentication import BaseAuthentication
import jwt
from jwt import exceptions
import datetime
from rest_framework.exceptions import AuthenticationFailed
from django.conf import settingsclass JwtAuthentication(BaseAuthentication):def authenticate(self, request):token = request.data.get("token")salt = settings.SECRET_KEYpayload = Nonetry:payload = jwt.decode(token, salt, algorithms='HS256')except exceptions.ExpiredSignatureError:raise AuthenticationFailed({'code': 1003, 'errors': 'token已失效'})except exceptions.DecodeError:raise AuthenticationFailed({'code': 1003, 'errors': 'token认证失败'})except exceptions.InvalidTokenError:raise AuthenticationFailed({'code': 1003, 'errors': '非法的token'})return (payload, token)

调用


class ProLoginView(APIView):authentication_classes=[]def post(self,request,*args,**kwargs):username = request.data.get("username")password = request.data.get("password")user_object = authenticate(username=username, password=password)if not user_object:return Response(data={"msg": "没有此用户信息"}, status=status.HTTP_404_NOT_FOUND)token = create_token({'id':user_object.id,'name':user_object.username})return Response(data=token, status=status.HTTP_200_OK)class ProOrderView(APIView):authentication_classes(JwtAuthentication)def get(self, request, *args, **kwargs):print(request.user)return Response("list")

修改setting.py

 'DEFAULT_AUTHENTICATION_CLASSES':[# 'rest_framework.authentication.BasicAuthentication',#基本的用户名密码验证# 'rest_framework.authentication.SessionAuthentication',# 'rest_framework.authentication.TokenAuthentication','course.extensions.auth.JwtAuthentication'],