介绍

创建系统管理app，用于管理系统的用户，角色，权限，登录等功能，项目中将使用django-rest_framework进行用户认证和权限解析。这里将完成用户认证

用户验证

rest_framework.authentication模块中的认证类，例如：
session认证：SessionAuthentication（基于session）
token 认证：TokenAuthentication（API Token）
自定义认证：BasicAuthentication（HTTP Basic Auth）

1. 这里采用djangorestframework-simplejwt设计自定义认证类和自定义登录

pip install djangorestframework-simplejwt

2. 创建用户模型表user

from django.db import models from django.contrib.auth.hashers import make_password, check_password# Create your models here.class User(models.Model):username = models.CharField(max_length=255, unique=True, verbose_name="手机号")password = models.CharField(max_length=255, unique=False, verbose_name="密码")is_vip = models.BooleanField(default=False,verbose_name="是否为vip")vip_expires_at = models.DateTimeField(auto_now_add=True,verbose_name="vip过期时间")is_active = models.BooleanField(default=True)class Meta:db_table = "user"verbose_name = "用户账号表"verbose_name_plural = verbose_name

3. 数据库迁移

python manage.py makemigrations
python manage.py migrate 

4. 在根目录下创建utils目录，在utils目录中创建文件Authentication.py和jwt.py

 ## Authentication.pyfrom rest_framework_simplejwt.serializers import TokenObtainPairSerializer
from rest_framework_simplejwt.views import TokenObtainPairView
from rest_framework import serializers
from user.models import User# 自定义认证类
class MyTokenObtainPairSerializer(TokenObtainPairSerializer):"""自定义登录认证，使用自有用户表username、password这两个字段为必传字段因为 DRF 要检查这些字段是否有效username_field = 'phone_number'  这是重命名了，username必传字段设置为了phone_number字段必传phone_number = serializers.CharField(required=False) # 这个是设置了自定义的字段是否必传"""def validate(self, attrs):username = attrs.get("username")password = attrs.get("password")if not username or not password:raise serializers.ValidationError("phone_number and password are required")try:user = User.objects.get(username=username, password=password)except User.DoesNotExist:raise serializers.ValidationError("No user found with this username and password.")print(user)refresh = self.get_token(user)data = {"userId": user.id, "token": str(refresh.access_token), "refresh": str(refresh),'is_vip': user.is_vip}return dataclass MyTokenObtainPairView(TokenObtainPairView):serializer_class = MyTokenObtainPairSerializer

## jwt.py
from rest_framework_simplejwt.authentication import JWTAuthentication
from rest_framework_simplejwt.exceptions import InvalidToken, AuthenticationFailed
from django.utils.translation import gettext_lazy as _
# 自定义的用户模型
from user.models import Userclass MyJWTAuthentication(JWTAuthentication):'''修改JWT认证类，返回自定义User表对象'''def get_user(self, validated_token):try:user_id = validated_token['user_id']except KeyError:raise InvalidToken(_('Token contained no recognizable user identification'))try:user = User.objects.get(**{'id': user_id})except User.DoesNotExist:raise AuthenticationFailed(_('User not found'), code='user_not_found')return user

5. 在settings.py同级目录下创建drf_settings.py 并引入settings.py 中

## drf_settings.py
REST_FRAMEWORK = {'DEFAULT_PERMISSION_CLASSES': ['rest_framework.permissions.IsAuthenticated',],'DEFAULT_AUTHENTICATION_CLASSES': ['utils.jwt.MyJWTAuthentication' # 认证方式为自定义的认证类],
}

引入settings中

import drf_settings
REST_FRAMEWORK = drf_settings.REST_FRAMEWORK

6. 创建一个app:userauth，在views.py中写入一个接口视图

from django.shortcuts import render
from rest_framework.views import APIView
from rest_framework.response import Response# Create your views here.class UserTestView(APIView):def post(self, request,*args, **kwargs):s = str(request.user.__dict__)return Response(s)

7. 在app:userauth:urls中设置路由

from django.urls import path, include
from rest_framework import routers
from rest_framework_simplejwt.views import TokenVerifyView, TokenRefreshView
from utils.authentication import MyTokenObtainPairView
from userauth.views import UserTestViewrouter = routers.DefaultRouter()urlpatterns = [path("login/", MyTokenObtainPairView.as_view()),                           # 登录path("refresh/", TokenRefreshView.as_view(), name="token_refresh"),        # 刷新tokenpath("verify/", TokenVerifyView.as_view(), name="token_verify"),            # 验证tokenpath("test/", UserTestView.as_view(), name="test")
]
urlpatterns.append(path('', include(router.urls)))

8. 这里没有写注册功能，所以只有手动在数据库中创建一个用户
   

9. 使用postman进行登录测试
   

10. 刷新token测试
    

11. 接口测试
    

参考链接：https://blog.csdn.net/qq_42410176/article/details/130568130?spm=1001.2014.3001.5502