Django rstful登陆认证并检查session是否过期代码实例

这篇文章主要介绍了Django rstful登陆认证并检查session是否过期代码实例，下面我们可以来一起学习一下。

一：restful用户视图

#!/usr/bin/env python
# -*- coding:UTF-8 -*-
# Author:Leslie-x
from users import models
from rest_framework.decorators import action
from rest_framework.response import Response
from rest_framework import viewsets
from rest_framework import serializers
from django.contrib.auth import authenticate, login, logout
class UserSerializer(serializers.ModelSerializer):
 class Meta:
   model = models.User
   exclude = ('password',)
class UserViewSet(viewsets.ReadOnlyModelViewSet):
 serializer_class = UserSerializer
 queryset = User.objects.all()
 authentication_classes = (UserAuthentication,)

@action(detail=False, methods=['post'])
 def register(self, request, *args, **kwargs):
   username = request.data.get("username")
   queryset = User.objects.filter(username=username)
   if queryset.exists():
     raise exceptions.PermissionDenied('该账号已经被注册')
   user = User.objects.create_user(**request.data)
   UserProfile.objects.create(user=user, nickname=user.username)
   data = self.get_serializer(user).data
   return Response(data)

@action(detail=False, methods=['post'])
 def login(self, request, *args, **kwargs):
   username = request.data.get("username")
   password = request.data.get("password")
   user = authenticate(username=username, password=password)
   if not user:
     raise exceptions.PermissionDenied('用户名或密码错误')
   auth_id = request.session.get('_auth_user_id')
   if auth_id != str(user.pk):
     logout(request)
   login(request, user)
   data = self.get_serializer(user).data
   data['session_key'] = request.session.session_key
   return Response(data)

@action(detail=False, methods=['post'])
 def logout(self, request, *args, **kwargs):
   logout(request)
   return Response()

二：检查session是否过期

from rest_framework.authentication import SessionAuthentication
from rest_framework.request import Request
from django.contrib.sessions.models import Session
from rest_framework import exceptions
import arrow
class CustomAuth(SessionAuthentication):
 def check_session(self, request):
   session_key = request.session.session_key
   queryset = Session.objects.filter(session_key=session_key)
   if not queryset.exists():
     raise exceptions.PermissionDenied('非法用户，拒绝访问')
   expire_date = queryset.first().expire_date
   now = arrow.now().format('YYYY-MM-DD HH:mm:ss')
   if not arrow.get(now) < arrow.get(expire_date):
     raise exceptions.PermissionDenied('session expired')

def authenticate(self, request: Request):
   ret = super().authenticate(request)
self.check_session(request)
return ret

来源：https://www.cnblogs.com/li1992/p/10388501.html