python+django開發帶auth接口
# coding = utf-8
import base64
from django.contrib import auth as django_authfrom django.core.exceptions import ObjectDoesNotExist
from django.http import JsonResponsefrom sign.models import Eventdef user_auth(request):"""用戶認證"""# request.META是一個Python字典,包含了所有本次HTTP請求的Header信息,比如用戶認證、IP地址和用戶Agent(通常是瀏覽器的名稱和版本號)等。# HTTP_AUTHORIZATION用于獲取HTTP authorization。get_http_auth = request.META.get('HTTP_AUTHORIZATION', b'')# 通過split()方法將其拆分成list列表。拆分后的數據是這樣的:['', '']auth = get_http_auth.split()try:# 取出list中的加密串,通過base64對加密串進行解碼,得到的數據是元組auth_parts = base64.b64decode(auth[1]).decode('utf-8').partition(':')except IndexError:return 'null'# 取出元組中對應的用戶id和密碼userid, password = auth_parts[0], auth_parts[2]# 調用django的認證模塊,對得到Auth信息進行認證user = django_auth.authenticate(username=userid, password=password)if user is not None and user.is_active:django_auth.login(request, user)return 'success'else:return 'fail'def get_event_list(request):"""示例:查詢接口---增加用戶認證"""auth_result = user_auth(request) # 調用認證函數if auth_result == 'null':return JsonResponse({'status': 10011, 'message': 'user auth null'})if auth_result == 'fail':return JsonResponse({'status': 10012, 'message': 'user auth fail'})eid = request.GET.get('eid', '')name = request.GET.get('name', '')if eid == '' and name == '':return JsonResponse({'status': 10021, 'message': 'parameter error'})if eid != '':event = {}try:result = Event.objects.get(id=eid)except ObjectDoesNotExist:return JsonResponse({'status': 10022, 'message': 'query result is empty'})else:event['name'] = result.nameevent['limit'] = result.limitevent['status'] = result.statusevent['address'] = result.addressevent['start_time'] = result.start_timereturn JsonResponse({'status': 200, 'message': 'success', 'data': event})
使用postman運行,結果如下:
不填寫auth:
填寫auth:
)
)
![網安系列【6】之[特殊字符] SQL注入揭秘:從入門到防御實戰指南](http://pic.xiahunao.cn/網安系列【6】之[特殊字符] SQL注入揭秘:從入門到防御實戰指南)
深入解析)