Django rstful登陆认证并检查session是否过期代码实例
这篇文章主要介绍了Djangorstful登陆认证并检查session是否过期代码实例,下面我们可以来一起学习一下。
一:restful用户视图
#!/usr/bin/envpython
#-*-coding:UTF-8-*-
#Author:Leslie-x
fromusersimportmodels
fromrest_framework.decoratorsimportaction
fromrest_framework.responseimportResponse
fromrest_frameworkimportviewsets
fromrest_frameworkimportserializers
fromdjango.contrib.authimportauthenticate,login,logout
classUserSerializer(serializers.ModelSerializer):
classMeta:
model=models.User
exclude=('password',)
classUserViewSet(viewsets.ReadOnlyModelViewSet):
serializer_class=UserSerializer
queryset=User.objects.all()
authentication_classes=(UserAuthentication,)
@action(detail=False,methods=['post'])
defregister(self,request,*args,**kwargs):
username=request.data.get("username")
queryset=User.objects.filter(username=username)
ifqueryset.exists():
raiseexceptions.PermissionDenied('该账号已经被注册')
user=User.objects.create_user(**request.data)
UserProfile.objects.create(user=user,nickname=user.username)
data=self.get_serializer(user).data
returnResponse(data)
@action(detail=False,methods=['post'])
deflogin(self,request,*args,**kwargs):
username=request.data.get("username")
password=request.data.get("password")
user=authenticate(username=username,password=password)
ifnotuser:
raiseexceptions.PermissionDenied('用户名或密码错误')
auth_id=request.session.get('_auth_user_id')
ifauth_id!=str(user.pk):
logout(request)
login(request,user)
data=self.get_serializer(user).data
data['session_key']=request.session.session_key
returnResponse(data)
@action(detail=False,methods=['post'])
deflogout(self,request,*args,**kwargs):
logout(request)
returnResponse()
二:检查session是否过期
fromrest_framework.authenticationimportSessionAuthentication
fromrest_framework.requestimportRequest
fromdjango.contrib.sessions.modelsimportSession
fromrest_frameworkimportexceptions
importarrow
classCustomAuth(SessionAuthentication):
defcheck_session(self,request):
session_key=request.session.session_key
queryset=Session.objects.filter(session_key=session_key)
ifnotqueryset.exists():
raiseexceptions.PermissionDenied('非法用户,拒绝访问')
expire_date=queryset.first().expire_date
now=arrow.now().format('YYYY-MM-DDHH:mm:ss')
ifnotarrow.get(now)
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持毛票票。