1.认证
python
复制代码
import jwt
from rest_framework.authentication import BaseAuthentication
from rest_framework.exceptions import AuthenticationFailed
from rbac import settings
class User(object):
def __init__(self, id, username, role, exp):
self.id = id
self.username = username
self.role = role
self.exp = exp
class RbacAuthentication(BaseAuthentication):
def authenticate(self, request):
# 1. 获取jwt token
jwt_token = request.query_params.get("token")
if not jwt_token:
return AuthenticationFailed("认证失败")
# 2.校验jwt token合法性
try:
verified_payload = jwt.decode(jwt_token, settings.SECRET_KEY, algorithms="HS256")
print(verified_payload)
except Exception as e:
raise AuthenticationFailed("认证失败")
# 3. 返回
user = User(**verified_payload)
return user, jwt
def authenticate_header(self, request):
return "API"
2.权限
python
复制代码
from rest_framework.permissions import BasePermission
from rbac import settings
class RbacPermission(BasePermission):
def has_permission(self, request, view):
# 1.当前用户角色
user_role = request.user.role
# 2.获取当前权限
user_total_permission = settings.PERMISSION.get(user_role)
# 3.当前用户请求的路由信息
router_name = request.resolver_match.view_name
method = request.method.lower()
method_list = user_total_permission.get(router_name)
if not method_list:
return False
if method not in method_list:
return False
return True
3.全局配置
python
复制代码
REST_FRAMEWORK = {
"UNAUTHENTICATED_USER": None,
"UNAUTHENTICATED_TOKEN": None,
"DEFAULT_AUTHENTICATION_CLASSES": ["utils.auth.RbacAuthentication"],
"DEFAULT_PERMISSION_CLASSES": ["utils.permission.RbacPermission"]
}