django rest框架和mongodb的jwt认证
mango-jwt的Python项目详细描述
mango jwt是django rest框架和mongodb的最小jwt用户身份验证工具。推荐给使用django rest框架和pymongo的开发人员。Django 2.0以下版本不支持。
pip install mango-jwt
快速启动
将“mongo-auth”添加到“rest-framework”下面的已安装应用程序设置中:
INSTALLED_APPS = [ ... 'rest_framework', 'mongo_auth', ]
在项目url.py中包含mongo_auth urlconf,如下所示:
path('mongo_auth/', include('mongo_auth.urls')),
在settings.py中添加数据库配置:-
# Minimal settings (all mandatory) MANGO_JWT_SETTINGS = { "db_host": "some_db_host", "db_port": "some_db_port", "db_name": "for_example_auth_db", "db_user": "username", "db_pass": "password" } # Or use Advanced Settings (including optional settings) MANGO_JWT_SETTINGS = { "db_host": "some_db_host", "db_port": "some_db_port", "db_name": "for_example_auth_db", "db_user": "username", "db_pass": "password", "auth_collection": "name_your_auth_collection", # default is "user_profile" "fields": ("email", "password"), # default "jwt_secret": "secret", # default "jwt_life": 7, # default (in days) "secondary_username_field": "mobile" # default is None }
如果提供secondary_username_字段,则用户可以使用此字段和“电子邮件”登录。这最适合希望用户使用其唯一字段之一登录的场景。
例如,您可能希望用户使用“email”或“mobile”登录。
您可以或不可以在“字段”中包含“secondary_username_field”。
Note: “secondary_username_field” cannot be “email” as its “primary_username” and “secondary_username_field” will be set to None instead.
在http://127.0.0.1:8000/mongo_auth/signup/上发出post请求,正文为:-
{ "email": "some_email@email.com", "password": "some_password", other_fields ... }
现在使用这些凭据登录http://127.0.0.1:8000/mongo_auth/login/:-
{ "username": "some_email@email.com or secondary_username_field_value", "password": "some_password" }
这将返回一个jwt。在请求的“authorization”头中传递此jwt。
仅认证
authenticatedOnly权限类只允许经过身份验证的用户访问您的端点。
from rest_framework.views import APIView from mongo_auth.permissions import AuthenticatedOnly from rest_framework.response import Response from rest_framework import status class GetTest(APIView): permission_classes = [AuthenticatedOnly] def get(self, request, format=None): try: print(request.user) # This is where magic happens return Response(status=status.HTTP_200_OK, data={"data": {"msg": "User Authenticated"}}) except: return Response(status=status.HTTP_404_NOT_FOUND)
或者,如果您将@api_视图decorator用于基于函数的视图。
from mongo_auth.permissions import AuthenticatedOnly from rest_framework.decorators import permission_classes from rest_framework.decorators import api_view from rest_framework.response import Response from rest_framework import status @api_view(["GET"]) @permission_classes([AuthenticatedOnly]) def get_test(request): try: print(request.user) return Response(status=status.HTTP_200_OK, data={"data": {"msg": "User Authenticated"}}) except: return Response(status=status.HTTP_404_NOT_FOUND)
在使用带有“authenticatedOnly”权限类的视图时,不要忘记在请求中传递“authorization”头。
Mongo_认证数据库
由于Mongo连接对象已经在包中初始化,您可以直接使用它:
from mongo_auth.db import database print(list(database["collection_name"].find({}, {"_id": 0}).limit(10)))
更多信息
- passlib用于密码加密,默认方案为“django_pbkdf2_sha256”。
- 仅适用于django 2.0及以上版本。
- 依赖于“django rest framework”和“pymongo”。