目录

templates/login/login.html

 templates/login/404.html

views/login.py

utils/pwd_data.py

auth.py

settings.py

登录及权限

登录

views.py

中间件

auth.py

---

templates/login/login.html

{% load static %}
<!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><title>Title</title><link rel="stylesheet" href="{% static 'css/bootstrap.css'%}">
</head>
<body>
<!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>Document</title><style>* {margin: 0;padding: 0;}html {height: 100%;}body {height: 100%;}.container {height: 100%;width: 100%;background-image: linear-gradient(to right, #fbc2eb, #a6c1ee);}.login-wrapper {background-color: #fff;width: 358px;height: 588px;border-radius: 15px;padding: 0 50px;position: relative;left: 50%;top: 50%;transform: translate(-50%, -50%);}.header {font-size: 38px;font-weight: bold;text-align: center;line-height: 200px;}.input-item {display: block;width: 100%;margin-bottom: 20px;border: 0;padding: 10px;border-bottom: 1px solid rgb(128, 125, 125);font-size: 15px;outline: none;}.input-item:placeholder {text-transform: uppercase;}.btn {text-align: center;padding: 10px;width: 100%;margin-top: 40px;background-image: linear-gradient(to right, #a6c1ee, #fbc2eb);color: #fff;}.msg {text-align: center;line-height: 88px;}a {text-decoration-line: none;color: #abc1ee;}</style>
</head>
<body><div class="container"><div class="login-wrapper"><div class="header">Login</div><div class="form-wrapper"><form method="post" novalidate>{% csrf_token %}{{ form.username }}{{ form.password }}<span style="color: red">{{ form.password.errors.0 }}</span><button class="btn" type="submit">Login</button></form></div></div></div>
</body>
</html></body>
</html>

---

 templates/login/404.html

--防止越权访问目录及文件...

<!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><title>Title</title>
</head>
<body><div style="background-color: red;width: 500px; height: 500px">没权限</div>
</body>
</html>

---

views/login.py

# -*- coding:utf-8 -*-
import requests
from django.shortcuts import render, redirect, HttpResponse
from demo_one.utils import pwd_data
from django import forms
from demo_one import modelsclass LoginForm(forms.Form):username = forms.CharField(label="用户名", widget=forms.TextInput(attrs={"class": "input-item", "autocomplete": "off", "placeholder": "请输入用户名"}))password = forms.CharField(label="密码", widget=forms.PasswordInput(attrs={"class": "input-item", "autocomplete": "off", "placeholder": "请输入密码"}))def clean_password(self):pwd = self.cleaned_data.get("password")# print(self.cleaned_data)return pwd_data.md5(pwd)def login(request):if request.method == "GET":form = LoginForm()return render(request, "login/login.html", {"form": form})form = LoginForm(data=request.POST)if form.is_valid():# 去数据库进行校验# print(form.cleaned_data)admin_object = models.Adminrole.objects.filter(**form.cleaned_data).first()if not admin_object:# 给输入框添加一个错误提示form.add_error("password", "用户名或密码错误")return render(request, "login/login.html", {"form": form})# 登录成功之后# 将登录信息存储在session当中request.session["info"] = {"id": admin_object.id, "username": admin_object.username,"password": admin_object.password, "role": admin_object.role}# 时效性request.session.set_expiry(60 * 60 * 24 * 30)# 登录成功后跳转到首页return redirect("/")return render(request, "login/login.html", {"form": form})def logout(request):request.session.clear()return redirect("/login/")

---

utils/pwd_data.py

--登录密码进行加密传输.

# -*- coding:utf-8 -*-
import hashlibSECRET_KEY = ''
def md5(data):# 加盐obj_md5 = hashlib.md5(SECRET_KEY.encode("utf-8"))obj_md5.update(data.encode("utf-8"))return obj_md5.hexdigest()

---

auth.py

--登录&权限进行校验.(不同权限看到的内容信息量不一样.)

# -*- coding:utf-8 -*-
import requests
from django.shortcuts import redirect,HttpResponse,render
from django.utils.deprecation import MiddlewareMixin
from django.conf import settingsclass AuthMiddleware(MiddlewareMixin):# 登录校验def process_request(self, request):# 登录页无需校验if request.path_info in ["/login/", "/logout/"]:return# 读取当前用户的信息，如果读取到了，说明已经登录成功info_dict = request.session.get("info")if info_dict:request.unicom_id = info_dict["id"]request.unicom_username = info_dict["username"]request.unicom_role = info_dict["role"]returnreturn redirect("/login/")# 权限校验def process_view(self, request, view_func, args, kwargs):if request.path_info in ["/login/", "/logout/"]:return# 获取当前用户的角色身份role = request.unicom_role# 获取当前角色不具备的权限user_permission_list = settings.UNICOM_PERMISSION[role]# 当前身份有哪些权限if request.resolver_match.url_name not in user_permission_list:returnreturn render(request, "login/404.html")

---

settings.py

(不同权限看到的内容信息量不一样.)

---

登录及权限

登录

• views.py

  # -*- coding:utf-8 -*-
  import requests
  from django.shortcuts import render, redirect, HttpResponse
  from demo_one.utils import pwd_data
  from django import forms
  from demo_one import models
  ​
  ​
  class LoginForm(forms.Form):username = forms.CharField(label="用户名", widget=forms.TextInput(attrs={"class": "input-item", "autocomplete": "off", "placeholder": "请输入用户名"}))password = forms.CharField(label="密码", widget=forms.PasswordInput(attrs={"class": "input-item", "autocomplete": "off", "placeholder": "请输入密码"}))
  ​def clean_password(self):pwd = self.cleaned_data.get("password")# print(self.cleaned_data)return pwd_data.md5(pwd)
  ​
  ​
  def login(request):if request.method == "GET":form = LoginForm()return render(request, "login/login.html", {"form": form})
  ​form = LoginForm(data=request.POST)if form.is_valid():# 去数据库进行校验# print(form.cleaned_data)
  ​admin_object = models.Adminrole.objects.filter(**form.cleaned_data).first()if not admin_object:# 给输入框添加一个错误提示form.add_error("password", "用户名或密码错误")return render(request, "login/login.html", {"form": form})# 登录成功之后# 将登录信息存储在session当中request.session["info"] = {"id": admin_object.id, "username": admin_object.username,"password": admin_object.password, "role": admin_object.role}# 时效性request.session.set_expiry(60 * 60 * 24 * 30)# 登录成功后跳转到首页return redirect("/")return render(request, "login/login.html", {"form": form})
  ​
  ​
  def logout(request):request.session.clear()return redirect("/login/")

中间件

• auth.py

  # -*- coding:utf-8 -*-
  import requests
  from django.shortcuts import redirect,HttpResponse,render
  from django.utils.deprecation import MiddlewareMixin
  from django.conf import settings
  ​
  class AuthMiddleware(MiddlewareMixin):# 登录校验def process_request(self, request):# 登录页无需校验if request.path_info in ["/login/", "/logout/"]:return
  ​# 读取当前用户的信息，如果读取到了，说明已经登录成功info_dict = request.session.get("info")if info_dict:request.unicom_id = info_dict["id"]request.unicom_username = info_dict["username"]request.unicom_role = info_dict["role"]
  ​returnreturn redirect("/login/")
  ​
  ​# 权限校验def process_view(self, request, view_func, args, kwargs):if request.path_info in ["/login/", "/logout/"]:return
  ​# 获取当前用户的角色身份role = request.unicom_role
  ​# 获取当前角色不具备的权限user_permission_list = settings.UNICOM_PERMISSION[role]
  ​# 当前身份有哪些权限if request.resolver_match.url_name not in user_permission_list:returnreturn render(request, "login/404.html")

• settings.py

  UNICOM_PERMISSION = {"admin": [],"teacher": ["admin_list", "add_admin", "modify_admin", "del_admin", "reset_admin"],"user": ["admin_list", "add_admin", "modify_admin", "del_admin", "reset_admin","asset_data", "add_asset", "modify_asset", "delete_asset", "del_data"]
  }

---