溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章主要介紹了Django rstful登陸認證并檢查session是否過期代碼實例,下面我們可以來一起學習一下。
一:restful用戶視圖
#!/usr/bin/env python
# -*- coding:UTF-8 -*-
# Author:Leslie-x
from users import models
from rest_framework.decorators import action
from rest_framework.response import Response
from rest_framework import viewsets
from rest_framework import serializers
from django.contrib.auth import authenticate, login, logout
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = models.User
exclude = ('password',)
class UserViewSet(viewsets.ReadOnlyModelViewSet):
serializer_class = UserSerializer
queryset = User.objects.all()
authentication_classes = (UserAuthentication,)
@action(detail=False, methods=['post'])
def register(self, request, *args, **kwargs):
username = request.data.get("username")
queryset = User.objects.filter(username=username)
if queryset.exists():
raise exceptions.PermissionDenied('該賬號已經被注冊')
user = User.objects.create_user(**request.data)
UserProfile.objects.create(user=user, nickname=user.username)
data = self.get_serializer(user).data
return Response(data)
@action(detail=False, methods=['post'])
def login(self, request, *args, **kwargs):
username = request.data.get("username")
password = request.data.get("password")
user = authenticate(username=username, password=password)
if not user:
raise exceptions.PermissionDenied('用戶名或密碼錯誤')
auth_id = request.session.get('_auth_user_id')
if auth_id != str(user.pk):
logout(request)
login(request, user)
data = self.get_serializer(user).data
data['session_key'] = request.session.session_key
return Response(data)
@action(detail=False, methods=['post'])
def logout(self, request, *args, **kwargs):
logout(request)
return Response()
二:檢查session是否過期
from rest_framework.authentication import SessionAuthentication
from rest_framework.request import Request
from django.contrib.sessions.models import Session
from rest_framework import exceptions
import arrow
class CustomAuth(SessionAuthentication):
def check_session(self, request):
session_key = request.session.session_key
queryset = Session.objects.filter(session_key=session_key)
if not queryset.exists():
raise exceptions.PermissionDenied('非法用戶,拒絕訪問')
expire_date = queryset.first().expire_date
now = arrow.now().format('YYYY-MM-DD HH:mm:ss')
if not arrow.get(now) < arrow.get(expire_date):
raise exceptions.PermissionDenied('session expired')
def authenticate(self, request: Request):
ret = super().authenticate(request)
self.check_session(request)
return ret
以上就是本文的全部內容,希望對大家的學習有所幫助,也希望大家多多支持億速云。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
