我有2个应用程序,我想授权按应用程序分隔的2种类型的帐户。我编写了用于检查帐户并为其创建令牌的自定义中间件。在下面的代码中,我提取了HTTP授权值并手动检查了权限。没问题。但是我可以改进此方法吗?还有其他最佳方法吗?
import base64
from django.utils.deprecation import MiddlewareMixin
from oauth2_provider.models import Application
from django.shortcuts import get_object_or_404
from django.contrib.auth.models import User
from django.http import HttpResponse
class MyAuthMiddleware(MiddlewareMixin):
def process_request(self, request):
if request.path == '/o/token/':
decoded_header = base64.b64decode(request.META.get(
'HTTP_AUTHORIZATION', '').split(' ')[1])
client_id = decoded_header.decode('utf-8').split(':')[0]
username = request.POST.get('username', '')
user = get_object_or_404(User, username=username)
app = get_object_or_404(Application, client_id=client_id)
if app.name == 'PcSlicer' and not user.is_staff:
return HttpResponse('unauthorized', status=404)
return None