如何在 Django 中设置授权标头？

Question

我想在授权标头中设置不记名令牌。为什么？因为 我在我的 Django 项目中使用 rest_framework_simplejwt。我要实施授权 使用智威汤逊。为此，我创建了一个访问令牌并在用户登录时将其保存在 cookie 中。

现在我想检查存储在 cookie 中的访问令牌是否无效或过期？因此，用户可以看到从数据库中获取的数据。 让我告诉你一些更详细的信息，然后我就可以告诉你我的问题了。

当我手动更改 cookie 中的令牌并刷新它时 它只是表明我正在登录。

是否有任何最好的方法可以通过包含在标头中将此令牌发送到前端，或者我们是否可以在登录视图中通过新令牌更新以前的令牌。 我不知道如何使用 Django REST Framework 默认 authtoken。请指导我使用基于令牌的身份验证的标准流程是什么

view.py

ACCESS_TOKEN_GLOBAL=None
class Register(APIView):
RegisterSerializer_Class=RegisterSerializer
def get(self,request):
    return render(request, 'register.html')
def post(self,request,format=None):
    serializer=self.RegisterSerializer_Class(data=request.data)
    if serializer.is_valid():
        serializer.save()
        msg={
            'msg':"Registered Successfully"
        }
        return render(request, 'login.html',msg)
    else:
        return Response({"Message":serializer.errors,"status":status.HTTP_400_BAD_REQUEST})

class Login(APIView):
def get(self,request):
    if 'logged_in' in request.COOKIES and 'Access_Token' in request.COOKIES:
        context = {
            'Access_Token': request.COOKIES['Access_Token'],
            'logged_in': request.COOKIES.get('logged_in'),
        }
        return render(request, 'abc.html', context)
    else:
        return render(request, 'login.html')

def post(self,request,format=None):
    email = request.POST.get('email')
    password = request.POST.get('password')
    print(email,password)
    user = User.objects.filter(email=email).first()

    if user is None:
        raise AuthenticationFailed('User not found!')

    if not user.check_password(password):
        raise AuthenticationFailed('Incorrect password!')


    refresh = RefreshToken.for_user(user)
    # request.headers['Authorization']=str(refresh.access_token)
    # request.
    global ACCESS_TOKEN_GLOBAL
    ACCESS_TOKEN_GLOBAL=str(refresh.access_token)
    response=render(request,'students.html')
    response.set_cookie('Access_Token',str(refresh.access_token))
    response.set_cookie('logged_in', True)
    return response

class StudentData(APIView):
   StudentSerializer_Class=StudentSerializer
   permission_classes=[IsAuthenticated]
def get(self,request,format=None):
    token = request.COOKIES.get('jwt')
    if token!=ACCESS_TOKEN_GLOBAL:
        raise AuthenticationFailed('Unauthenticated!')
    DataObj=Student.objects.all()
    serializer=self.StudentSerializer_Class(DataObj,many=True)
    serializerData=serializer.data
    return Response({"status":status.HTTP_200_OK,"User":serializerData})

def post(self,request,format=None):
    serializer=self.StudentSerializer_Class(data=request.data)
    if serializer.is_valid():
        serializer.save()
        serializerData=serializer.data
        return Response({"status":status.HTTP_200_OK,"User":serializerData})
    else:
        return Response({"Message":serializer.errors,"status":status.HTTP_400_BAD_REQUEST})

class Logout(APIView):
def post(self,request):
    try:

        response = HttpResponseRedirect(reverse('login'))

        # deleting cookies
        response.delete_cookie('Access_Token')
        response.delete_cookie('logged_in')

        return response
    except:
        return Response({"status":status.HTTP_400_BAD_REQUEST})

here is the image I get when I go on the student route to see the data.How I can fix it?

I have the token but how I will tell the server via that access_token and show the data using HTML page rather than just pass it to postman's bearer field

Answer 1

对于邮递员：

1. 点击“标题”。

2. 创建一个新的 KEY: Authorization with VALUE: Token

就是这样，你的令牌授权在标题中。

您可以在邮递员创建的每个请求中执行此操作。我仍在寻找一种方法来更改基于类的视图中的标头以添加令牌授权，因为它在 APIView 中不起作用。