气象要素工具：增加接口登录权限认证

apps/QxzApp/urls.py

@@ -3,6 +3,8 @@ from django.conf.urls import url
 from . import views
 
 urlpatterns = [
+    url(r'^user/login/$', views.UserLoginView.as_view()),
+    url(r'^user/logout/$', views.UserLogoutView.as_view()),
     url(r'^type/list/$', views.QxzTypeConfigListView.as_view()),
     url(r'^type/add/$', views.QxzTypeConfigAddView.as_view()),
     url(r'^type/modify/$', views.QxzTypeConfigModifyView.as_view()),

apps/QxzApp/views.py

@@ -6,19 +6,48 @@ from django.shortcuts import render
 from rest_framework.response import Response
 from rest_framework import status
 from rest_framework.generics import GenericAPIView
+from rest_framework.views import APIView
 from django.db.models import ObjectDoesNotExist, Q
 from utils.JWTAuthentication_diy import MyJWTAuthentication
-from utils.permissions import ModulePermission
+from utils.permissions import QxzLoginPermission
 from utils.paginations import CustomPagination
 from .serializers import QxzTypeConfigAddSerializer, QxzTypeConfigModifySerializer, QxzTypeConfigDeleteSerializer, \
     QxzTypeConfigListSerializer, QxzElementAddSerializer, QxzElementModifySerializer, QxzElementDeleteSerializer, \
     QxzElementListSerializer, QxzDeviceAddSerializer, QxzDeviceListSerializer
 from .models import QxzTypeConfigModel, QxzElementConfigModel, QxzDeviceConfigModel
+import jwt
+
+class UserLoginView(APIView):
+    def post(self, request, *args, **kwargs):
+        """用户登录接口"""
+        username = request.data.get('username')
+        password = request.data.get('password')
+        print(username, password)
+        if username == "admin" and password == "hnyfqxz":
+            token = jwt.encode({"username": username, "password": password}, "secret", algorithm="HS256").decode('utf-8')
+
+            request.session["hnyfqxz"] = token
+            request.session.save()
+            return Response({'msg': "登录成功", "token": token}, status=200)
+        return Response({'msg': "登录失败，用户名或密码不正确"}, status=400)
+
+
+class UserLogoutView(APIView):
+    permission_classes = [QxzLoginPermission]
+
+    def post(self, request, *args, **kwargs):
+        """用户退出接口"""
+        try:
+            del request.session['hnyfqxz']
+            request.session.save()
+        except Exception as e:
+            pass
+        return Response({'msg': "退出成功"}, status=200)
 
 
 class QxzTypeConfigAddView(GenericAPIView):
     # authentication_classes = [MyJWTAuthentication]
-    # permission_classes = [ModulePermission]
+    permission_classes = [QxzLoginPermission]
     serializer_class = QxzTypeConfigAddSerializer
     queryset = QxzTypeConfigModel.objects.all()
 
@@ -49,7 +78,7 @@ class QxzTypeConfigAddView(GenericAPIView):
 
 class QxzTypeConfigModifyView(GenericAPIView):
     # authentication_classes = [MyJWTAuthentication]
-    # permission_classes = [ModulePermission]
+    permission_classes = [QxzLoginPermission]
     serializer_class = QxzTypeConfigModifySerializer
     queryset = QxzTypeConfigModel.objects.all()
 
@@ -86,7 +115,7 @@ class QxzTypeConfigModifyView(GenericAPIView):
 
 class QxzTypeConfigDeleteView(GenericAPIView):
     # authentication_classes = [MyJWTAuthentication]
-    # permission_classes = [ModulePermission]
+    permission_classes = [QxzLoginPermission]
     serializer_class = QxzTypeConfigDeleteSerializer
     queryset = QxzTypeConfigModel.objects.all()
 
@@ -112,7 +141,7 @@ class QxzTypeConfigDeleteView(GenericAPIView):
 
 class QxzTypeConfigListView(GenericAPIView):
     # authentication_classes = [MyJWTAuthentication]
-    # permission_classes = [ModulePermission]
+    permission_classes = [QxzLoginPermission]
     pagination_class = CustomPagination
     serializer_class = QxzTypeConfigListSerializer
     queryset = QxzTypeConfigModel.objects.all().order_by('-id')
@@ -137,7 +166,7 @@ class QxzTypeConfigListView(GenericAPIView):
 
 class QxzElementAddView(GenericAPIView):
     # authentication_classes = [MyJWTAuthentication]
-    # permission_classes = [ModulePermission]
+    permission_classes = [QxzLoginPermission]
     serializer_class = QxzElementAddSerializer
     queryset = QxzElementConfigModel.objects.all().order_by('-id')
 
@@ -191,7 +220,7 @@ class QxzElementAddView(GenericAPIView):
 
 class QxzElementModifyView(GenericAPIView):
     # authentication_classes = [MyJWTAuthentication]
-    # permission_classes = [ModulePermission]
+    permission_classes = [QxzLoginPermission]
     serializer_class = QxzElementModifySerializer
     queryset = QxzElementConfigModel.objects.all().order_by('-id')
 
@@ -238,7 +267,7 @@ class QxzElementModifyView(GenericAPIView):
 
 class QxzElementDeleteView(GenericAPIView):
     # authentication_classes = [MyJWTAuthentication]
-    # permission_classes = [ModulePermission]
+    permission_classes = [QxzLoginPermission]
     serializer_class = QxzElementDeleteSerializer
     queryset = QxzElementConfigModel.objects.all().order_by('-id')
 
@@ -260,7 +289,7 @@ class QxzElementDeleteView(GenericAPIView):
 
 class QxzElementListView(GenericAPIView):
     # authentication_classes = [MyJWTAuthentication]
-    # permission_classes = [ModulePermission]
+    permission_classes = [QxzLoginPermission]
     pagination_class = CustomPagination
     serializer_class = QxzElementListSerializer
     queryset = QxzElementConfigModel.objects.all().order_by('-id')
@@ -285,7 +314,7 @@ class QxzElementListView(GenericAPIView):
 
 class QxzDeviceAddView(GenericAPIView):
     # authentication_classes = [MyJWTAuthentication]
-    # permission_classes = [ModulePermission]
+    permission_classes = [QxzLoginPermission]
     serializer_class = QxzDeviceAddSerializer
     queryset = QxzDeviceConfigModel.objects.all().order_by('-id')
 
@@ -387,7 +416,7 @@ class QxzDeviceAddView(GenericAPIView):
 
 class QxzDeviceModifyView(GenericAPIView):
     # authentication_classes = [MyJWTAuthentication]
-    # permission_classes = [ModulePermission]
+    permission_classes = [QxzLoginPermission]
     serializer_class = QxzDeviceAddSerializer
     queryset = QxzDeviceConfigModel.objects.all().order_by('-id')
 
@@ -488,7 +517,7 @@ class QxzDeviceModifyView(GenericAPIView):
 
 class QxzDeviceListView(GenericAPIView):
     # authentication_classes = [MyJWTAuthentication]
-    # permission_classes = [ModulePermission]
+    permission_classes = [QxzLoginPermission]
     pagination_class = CustomPagination
     serializer_class = QxzDeviceListSerializer
     queryset = QxzDeviceConfigModel.objects.all().order_by('-id')

utils/permissions.py

@@ -3,6 +3,23 @@ from django.core.cache import cache as default_cache
 from utils.db_utils import MongoDBTools
 
 
+class QxzLoginPermission(BasePermission):
+    message = "error no permissions"
+
+    def has_permission(self, request, view):
+        try:
+            auth_info = request.META.get('HTTP_AUTHORIZATION')
+            new_token = auth_info.replace('Bearer ', '')
+            print('8888888888', request.session['hnyfqxz'])
+            old_token = request.session['hnyfqxz']
+            if new_token != old_token:
+                raise Exception()
+        except Exception as e:
+            print('999999999999', e)
+            return False
+        return True
+
+
 class RegisterViewPermission(BasePermission):
     def has_permission(self, request, view):
         try: