DRF利用JWT实现用户认证

import datetime

import jwt
from django.conf import settings
from jwt import exceptions
from rest_framework.authentication import BaseAuthentication
from rest_framework.exceptions import AuthenticationFailed


def create_token(payload, exp=30):
    headers = {'typ': 'jwt', 'alg': 'HS256'}
    payload['exp'] = datetime.datetime.utcnow() + datetime.timedelta(days=exp)
    return jwt.encode(payload, settings.SECRET_KEY, "HS256", headers)


class JwtAuthentication(BaseAuthentication):

    def authenticate(self, request):
        # 获取请求头中Token
        token = request.META.get('HTTP_TOKEN')
        try:
            payload = jwt.decode(token, settings.SECRET_KEY, "HS256")
        except exceptions.ExpiredSignatureError:
            raise AuthenticationFailed({'code': 204, 'msg': 'Token已失效'})
        except jwt.DecodeError:
            raise AuthenticationFailed({'code': 204, 'msg': 'Token认证失败'})
        except jwt.InvalidTokenError:
            raise AuthenticationFailed({'code': 204, 'msg': 'Token非法'})
        return payload, token

REST_FRAMEWORK = {
    "DEFAULT_AUTHENTICATION_CLASSES": ['utils.auth.JwtAuthentication']
}

# Create your views here.
from rest_framework.views import APIView

from utils.auth import create_token
from utils.commen import standard_response


class LoginView(APIView):
    authentication_classes = []

    @staticmethod
    def post(request, *args, **kwargs):
        username = request.data.get('username')
        password = request.data.get('password')
        if not username == 'lan' and password == 'password':
            return standard_response(None, msg='用户名或密码错误')
        token = create_token({'username': username})
        return standard_response(data=token, msg='登陆成功')


class IndexView(APIView):

    @staticmethod
    def post(request, *args, **kwargs):
        return standard_response(data='来源网站：www.lanol.cn', msg=f'欢迎您{request.user["username"]}')