赞
踩
目录
pip isntall pyjwt
- import jwt
- import datetime
- import platform
-
- from jwt import exceptions
-
-
- # 加密盐
- JWT_SALT = "ds()udsjo@jlsdosjf)wjd_#(#)$"
-
-
- def create_token(payload, timeout=20):
- # 声明类型,声明加密算法
- headers = {
- "type": "jwt",
- "alg": "HS256"
- }
- # 设置过期时间
- payload['exp'] = datetime.datetime.utcnow() + datetime.timedelta(minutes=36000)
- result = jwt.encode(payload=payload, key=JWT_SALT, algorithm="HS256", headers=headers)
- if platform.system() == "Windows":
- result = result.decode("utf-8")
- # 返回加密结果
- return result
-
-
- def parse_payload(token):
- """
- 用于解密
- :param token:
- :return:
- """
- result = {"status": False, "data": None, "error": None}
- try:
- # 进行解密
- verified_payload = jwt.decode(token, JWT_SALT, algorithms=["HS256"], verify=True)
- result["status"] = True
- result['data'] = verified_payload
- except exceptions.ExpiredSignatureError:
- result['error'] = 'token已失效'
- except jwt.DecodeError as e:
- result['error'] = 'token认证失败' + str(e)
- except jwt.InvalidTokenError:
- result['error'] = '非法的token'
- return result
- class LoginView(View):
- """登录"""
- def post(self, request):
- data_dict = json.loads(request.body.decode())
- username = data_dict.get('username', None)
- password = data_dict.get('password', None)
-
- user = authenticate(request, username=username, password=password) # 用户名密码认证
- if user is not None:
- token = create_token({"username": username}) # jwt加密生成token
- return JsonResponse({"status": 200, "token": token})
- else:
- return JsonResponse({"status": 400, "error": "用户名密码错误"})
在登录成功后会返回一个token
用于验证用户是否登录成功
- def decorator_login_require(func):
- """登录装饰器"""
- def wrapper(request, *args, **kwargs):
- authorization = request.META.get('HTTP_AUTHORIZATION', '') # 获取Headers里的Authorization值
- if authorization:
- payload = parse_payload(authorization) # 解密token
- status = payload['status']
- if status:
- username = payload['data']['username']
- user = UserProfile.objects.filter(username=username).first() # 解密后查询
- if user:
- request.user = user
- return func(request, *args, **kwargs)
- else:
- return JsonResponse({"status": 401, "msg": payload['error']})
- return JsonResponse({"status": 401, "msg": "对不起,您还未登录"})
- return wrapper
将decorator_login_require装饰器装饰在类视图的post方法上
- class OnlyLoginCanView(View)
- """只有登录的用户才能访问的视图"""
-
- @method_decorator(decorator_login_require)
- def post(self, request):
- # 具体的功能逻辑
- return JsonResponse({"status": 200, "msg": "成功"})
配置OnlyLoginCanView类视图的url后在请求时在Headers里需要添加参数名为Authorization值为登录时返回的token值登录,否则不能访问该视图
成功时
当传入的Authorization值不是登录时返回的token值时不能成功登录
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。