token:信息保存在浏览器,信息+签名密钥;服务端只负责对加密校验
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import redirect, HttpResponse
from app01 import models, tools
import json
class TokenMiddleware(MiddlewareMixin):
def process_request(self, request):
print(request.path)
if request.path in [\'/login/\',]:
return None
token = request.COOKIES.get(\'token_id\')
if not token:
return redirect(\'login\')
token_list = token.split(\'|\')
if not tools.md5(token_list[0]) == token_list[1]:
return HttpResponse(\'无效的token\')
def process_response(self, request, response):
if request.user.is_authenticated:
json_data = json.dumps({"user_id": f"{request.user.id}"})
token_key = tools.md5(json_data)
token = \'|\'.join([json_data, token_key])
response.set_cookie(\'token_id\', token)
return response