您好,登錄后才能下訂單哦!
這篇文章主要介紹了Django rstful登陸認(rèn)證并檢查session是否過期代碼實(shí)例,下面我們可以來一起學(xué)習(xí)一下。
一:restful用戶視圖
#!/usr/bin/env python # -*- coding:UTF-8 -*- # Author:Leslie-x from users import models from rest_framework.decorators import action from rest_framework.response import Response from rest_framework import viewsets from rest_framework import serializers from django.contrib.auth import authenticate, login, logout class UserSerializer(serializers.ModelSerializer): class Meta: model = models.User exclude = ('password',) class UserViewSet(viewsets.ReadOnlyModelViewSet): serializer_class = UserSerializer queryset = User.objects.all() authentication_classes = (UserAuthentication,) @action(detail=False, methods=['post']) def register(self, request, *args, **kwargs): username = request.data.get("username") queryset = User.objects.filter(username=username) if queryset.exists(): raise exceptions.PermissionDenied('該賬號(hào)已經(jīng)被注冊(cè)') user = User.objects.create_user(**request.data) UserProfile.objects.create(user=user, nickname=user.username) data = self.get_serializer(user).data return Response(data) @action(detail=False, methods=['post']) def login(self, request, *args, **kwargs): username = request.data.get("username") password = request.data.get("password") user = authenticate(username=username, password=password) if not user: raise exceptions.PermissionDenied('用戶名或密碼錯(cuò)誤') auth_id = request.session.get('_auth_user_id') if auth_id != str(user.pk): logout(request) login(request, user) data = self.get_serializer(user).data data['session_key'] = request.session.session_key return Response(data) @action(detail=False, methods=['post']) def logout(self, request, *args, **kwargs): logout(request) return Response()
二:檢查session是否過期
from rest_framework.authentication import SessionAuthentication from rest_framework.request import Request from django.contrib.sessions.models import Session from rest_framework import exceptions import arrow class CustomAuth(SessionAuthentication): def check_session(self, request): session_key = request.session.session_key queryset = Session.objects.filter(session_key=session_key) if not queryset.exists(): raise exceptions.PermissionDenied('非法用戶,拒絕訪問') expire_date = queryset.first().expire_date now = arrow.now().format('YYYY-MM-DD HH:mm:ss') if not arrow.get(now) < arrow.get(expire_date): raise exceptions.PermissionDenied('session expired') def authenticate(self, request: Request): ret = super().authenticate(request) self.check_session(request) return ret
以上就是本文的全部?jī)?nèi)容,希望對(duì)大家的學(xué)習(xí)有所幫助,也希望大家多多支持億速云。
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。