快捷導(dǎo)航

Django rstful登陸認(rèn)證并檢查session是否過期代碼實例

更新時間：2019年08月13日 09:48:23 作者：Leslie-x

這篇文章主要介紹了Django rstful登陸認(rèn)證并檢查session是否過期代碼實例,文中通過示例代碼介紹的非常詳細(xì)，對大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價值,需要的朋友可以參考下

這篇文章主要介紹了Django rstful登陸認(rèn)證并檢查session是否過期代碼實例，下面我們可以來一起學(xué)習(xí)一下。

一：restful用戶視圖

#!/usr/bin/env python
# -*- coding:UTF-8 -*-
# Author:Leslie-x
from users import models
from rest_framework.decorators import action
from rest_framework.response import Response
from rest_framework import viewsets
from rest_framework import serializers
from django.contrib.auth import authenticate, login, logout
class UserSerializer(serializers.ModelSerializer):
  class Meta:
    model = models.User
    exclude = ('password',)
class UserViewSet(viewsets.ReadOnlyModelViewSet):
  serializer_class = UserSerializer
  queryset = User.objects.all()
  authentication_classes = (UserAuthentication,)

  @action(detail=False, methods=['post'])
  def register(self, request, *args, **kwargs):
    username = request.data.get("username")
    queryset = User.objects.filter(username=username)
    if queryset.exists():
      raise exceptions.PermissionDenied('該賬號已經(jīng)被注冊')
    user = User.objects.create_user(**request.data)
    UserProfile.objects.create(user=user, nickname=user.username)
    data = self.get_serializer(user).data
    return Response(data)

  @action(detail=False, methods=['post'])
  def login(self, request, *args, **kwargs):
    username = request.data.get("username")
    password = request.data.get("password")
    user = authenticate(username=username, password=password)
    if not user:
      raise exceptions.PermissionDenied('用戶名或密碼錯誤')
    auth_id = request.session.get('_auth_user_id')
    if auth_id != str(user.pk):
      logout(request)
    login(request, user)
    data = self.get_serializer(user).data
    data['session_key'] = request.session.session_key
    return Response(data)

  @action(detail=False, methods=['post'])
  def logout(self, request, *args, **kwargs):
    logout(request)
    return Response()

二：檢查session是否過期

from rest_framework.authentication import SessionAuthentication
from rest_framework.request import Request
from django.contrib.sessions.models import Session
from rest_framework import exceptions
import arrow
class CustomAuth(SessionAuthentication):
  def check_session(self, request):
    session_key = request.session.session_key
    queryset = Session.objects.filter(session_key=session_key)
    if not queryset.exists():
      raise exceptions.PermissionDenied('非法用戶，拒絕訪問')
    expire_date = queryset.first().expire_date
    now = arrow.now().format('YYYY-MM-DD HH:mm:ss')
    if not arrow.get(now) < arrow.get(expire_date):
      raise exceptions.PermissionDenied('session expired')

  def authenticate(self, request: Request):
    ret = super().authenticate(request)
　　　　 self.check_session(request)
　　　　 return ret

以上就是本文的全部內(nèi)容，希望對大家的學(xué)習(xí)有所幫助，也希望大家多多支持腳本之家。

您可能感興趣的文章: