如何构建DRF API并在同一项目中使用它

时间:2019-07-10 08:46:48

标签: django django-rest-framework django-views

我正在使用DRF API,我想在同一项目中使用该API,而不是使用Django ORM结构,

我已经成功登录用户并生成了令牌。 现在我想根据API调用的响应来限制Django视图

class Login(generic.FormView):
    template_name = 'registration/login.html'
    form_class = LoginForm
    success_url = reverse_lazy('customer_dashboard')

    def form_valid(self, form):
        parameters = {
            'username': str(form.cleaned_data['username']),
            'password': str(form.cleaned_data['password']),
        }
        #  Param from LOGIN form posted to API, if token response, means user is authenticated and active
        headers = {"Content-Type": 'application/json'}
        response = requests.post(str(settings.API_END_POINT + '/api-token-auth/'), json=parameters, headers=headers)
        data = response.json()

        #  response CODE 2xx means a success, if POST request is success, then save USE TOKEN and ID to session
        if response.status_code in settings.SUCCESS_CODES:
            self.request.session['validated_user_token'] = data['token']
            self.request.session['validated_user_id'] = data['user_id']

            #  get request from all_user end_point and match USER ID from before to list to fetch user details
            headers = {"Content-Type": 'application/json', "Authorization": "Token " + settings.API_TOKEN}
            response = requests.get(str(settings.API_END_POINT + '/users_api/'),  headers=headers)
            users = response.json()

            print(self.request.session['validated_user_id'])
            for user in users:
                if user['id'] == self.request.session['validated_user_id']:
                    messages.success(self.request, 'Hi' + ' ' + user['first_name'] + ' ' + user['last_name'])
        else:
            messages.error(self.request, 'Invalid Credentials')

        return super(Login, self).form_valid(form)

在这里,我有一个用户名,密码是传递给API发布请求的密码,用于验证凭据并返回Token和User_id。现在,基于i,我希望将仪表板(以下代码)限制为上面已通过身份验证的用户。

class CustomerDashboard(generic.TemplateView):
    template_name = 'customer/dashboard.html'

我希望CustomerDashboard()限于已通过API调用进行身份验证的用户

1 个答案:

答案 0 :(得分:1)

我不知道为什么您实际上使登录如此复杂。您可以使用内置身份验证。您可以对其进行任何其他调整。

urls.py 

from django.contrib.auth import views

urlpatterns = [
    path('login/', views.LoginView.as_view(redirect_authenticated_user=True), name='login'),
    path('dashboard/', dashboard.Dashboard.as_view(), name='dashboard'),
]

views.py 

from django.contrib.auth.mixins import LoginRequiredMixin
class Dashboard(LoginRequiredMixin, generic.TemplateView):
    template_name = "dashboard.html"
    ...

这对我来说很好。

相关问题
最新问题