lf 前后端分离 (1) auth,token认证

一.关于登录验证

用户在登录的时候会通过验证以及滑动解锁,注意的是需要后端if verify(request.data):

来判断是否发送了那三个验证数据

通过

random_str=str(uuid.uuid4())
Token.objects.update_or_create(user=user_obj, defaults={"key":random_str, "created": datetime.datetime.now()}, )

在token表中创建关联用户,在前端通过cookie来验证,当登录成功后,会带着token回到服务器

import uuid
import datetime

from rest_framework.views import APIView
from rest_framework.response import Response

from app01.models import *

from django.contrib import auth
from app01.jiyan.captcha_verify import verify

class LoginView(APIView):

    def post(self,request):
        print(request.data)

        # 1 获取数据
        user = request.data.get("username")
        pwd = request.data.get("password")
        user_obj = auth.authenticate(username=user, password=pwd)

        res = {"error_no":0, "user": None, "msg": None}
        if verify(request.data):
            if user_obj:
                random_str=str(uuid.uuid4())
                Token.objects.update_or_create(user=user_obj, defaults={"key":random_str, "created": datetime.datetime.now()}, )
                # 基于auth表的对象
                res["username"] = user_obj.username
                res["access_token"] = random_str

            else:
                res["msg"] = "用户名或者密码错误！"
        else:
            res["msg"] = "验证码错误!"
        print("res", res)
        return Response(res)

关于在后端接收验证token

在用户在前端发送数据,后端会进行

token = request.META.get("HTTP_AUTHORIZATION")
接收数据,并在token数据库中查找,
存在,会记录登录时间以及有效期,并存储redis缓存中,
在下次登录直接校验缓存即可直接登录

from rest_framework.authentication import BaseAuthentication
from rest_framework.exceptions import AuthenticationFailed
from app01.models import Token
import datetime
from django.core.cache import cache
import pytz


class LoginAuth(BaseAuthentication):
    def authenticate(self, request):
        if request.method == "OPTIONS":
            return None

        token = request.META.get("HTTP_AUTHORIZATION")
        print("token", token)
        # 1.缓存检查
        # 这里的user 是放在redis 里面的user对象
        user = cache.get(token)
        if user:
            return user, token
        # 2.数据库校验
        token_obj = Token.objects.filter(key=token).first()
        if not token_obj:
            raise AuthenticationFailed("认证失败!")
        print(token_obj.created)
        now = datetime.datetime.now()

        now = now.replace(tzinfo=pytz.timezone('UTC'))
        print(now)
        delta = now - token_obj.created
        print(delta)
        state = delta < datetime.timedelta(weeks=2)
        if state:
            delta = datetime.timedelta(weeks=2)-delta
            print(delta)
            # 返回关联的token值,以及用户对象
            cache.set(token_obj.key, token_obj.user, min(delta.total_seconds(), 3600*24*7))
            return token_obj.user, token_obj.key
        else:
            raise AuthenticationFailed("认证超时!")