Python 根据标头身份验证令牌筛选API请求
我想根据随GET请求一起发送的令牌头来过滤对象 我的请求正在发送标头中的令牌(Python 根据标头身份验证令牌筛选API请求,python,django,django-rest-framework,Python,Django,Django Rest Framework,我想根据随GET请求一起发送的令牌头来过滤对象 我的请求正在发送标头中的令牌(get curl-H“Authorization:token 3f3fzzz”https://1.com/api) 下面的代码不返回任何结果(只是一个空数组-没有错误)。我无法确定请求对象头的位置 我的猜测是,我需要一些中间件函数来改变响应,并将用户对象也放入其中 视图.py class AllViewSet(viewsets.ModelViewSet): queryset = Movie.objects.or
get curl-H“Authorization:token 3f3fzzz”https://1.com/api
)
下面的代码不返回任何结果(只是一个空数组-没有错误)。我无法确定请求对象头的位置
我的猜测是,我需要一些中间件函数来改变响应,并将用户对象也放入其中
视图.py
class AllViewSet(viewsets.ModelViewSet):
queryset = Movie.objects.order_by('-created',)
serializer_class = AllSerializer
def get_queryset(self):
Movie.objects.filter(owner = self.request.user)
@receiver(post_save, sender=settings.AUTH_USER_MODEL)
def create_auth_token(sender, instance=None, created=False, **kwargs):
if created:
Token.objects.create(user=instance)
class Movie(models.Model):
title = models.CharField("Title", max_length=10000, blank=True)
tag = models.ManyToManyField('Tag', blank=True)
created = models.DateTimeField("Created", auto_now_add=True)
owner = models.ForeignKey('auth.User', blank=True, null=True)
REST_FRAMEWORK = {
'DEFAULT_FILTER_BACKENDS': ('rest_framework.filters.DjangoFilterBackend',),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
)
}
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
)
在def_queryset之后,我尝试了一些调试(使用import pdb;pdb.set_trace()
)
def(选择请求)
返回:
下面是我的代码中可能相关的其他部分
型号.py
class AllViewSet(viewsets.ModelViewSet):
queryset = Movie.objects.order_by('-created',)
serializer_class = AllSerializer
def get_queryset(self):
Movie.objects.filter(owner = self.request.user)
@receiver(post_save, sender=settings.AUTH_USER_MODEL)
def create_auth_token(sender, instance=None, created=False, **kwargs):
if created:
Token.objects.create(user=instance)
class Movie(models.Model):
title = models.CharField("Title", max_length=10000, blank=True)
tag = models.ManyToManyField('Tag', blank=True)
created = models.DateTimeField("Created", auto_now_add=True)
owner = models.ForeignKey('auth.User', blank=True, null=True)
REST_FRAMEWORK = {
'DEFAULT_FILTER_BACKENDS': ('rest_framework.filters.DjangoFilterBackend',),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
)
}
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
)
设置.py
class AllViewSet(viewsets.ModelViewSet):
queryset = Movie.objects.order_by('-created',)
serializer_class = AllSerializer
def get_queryset(self):
Movie.objects.filter(owner = self.request.user)
@receiver(post_save, sender=settings.AUTH_USER_MODEL)
def create_auth_token(sender, instance=None, created=False, **kwargs):
if created:
Token.objects.create(user=instance)
class Movie(models.Model):
title = models.CharField("Title", max_length=10000, blank=True)
tag = models.ManyToManyField('Tag', blank=True)
created = models.DateTimeField("Created", auto_now_add=True)
owner = models.ForeignKey('auth.User', blank=True, null=True)
REST_FRAMEWORK = {
'DEFAULT_FILTER_BACKENDS': ('rest_framework.filters.DjangoFilterBackend',),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
)
}
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
)
如果希望此视图始终返回所有者电影的queryset,则可以通过请求对象访问标头(标头应可用,请查看文档中的内容类型),然后解码令牌以查找连接到它的关联用户 所以在你的queryset里
def get_queryset(self):
access_token = self.request.META.get('TOKEN')
user_from_token = find_user_given_token(access_token)
return Movie.objects.filter(owner = user_from_token)
或者,如果meta由于某些奇怪的原因或配置不可用,则可以通过查询参数传递令牌<代码>'https://1.com/api?token= 3f3fzzz'
然后在您看来,您可以通过self.request.query\u params['token']
此外,您需要提供如何获取令牌,以便破译如何解码令牌。您可以编写自定义筛选器后端
您不需要中间件,您需要实现过滤器后端。你说的“按令牌过滤”到底是什么意思。令牌是用户的表示。所以你想按用户过滤?正确,按用户过滤(由标题令牌表示),谢谢,但是我应该如何处理
查找用户\u给定的\u令牌(访问\u令牌)
部分?另外,在您的示例中,我在access\u token=self.request.META.get('token')
行之后使用了调试器。但是,键入“access\u token”返回空。通过在身份验证后序列化用户生成令牌。用于编码用户的同一类应该具有解码用户的逻辑。我编辑了我的答案以提供替代解决方案太棒了!你能给我举一个我发布/发布的例子吗?因此,它携带正确的用户。它会属于序列化程序吗?@Ycon你所说的POST/PUT携带正确的用户是什么意思?我已经提出了另一个问题-会更清楚。Thx-