一、登录

from django.contrib.auth import login, authenticate, logout
class LoginView(View):
    def post(self, request):
        # 1、提取参数
        data = json.loads(request.body.decode())
        username = data.get('username')
        password = data.get('password')
        remembered = data.get('remembered')
        # 2、校验参数
        if not all([username, password]):
            return JsonResponse({'code': 400, 'errmsg': '参数缺失！'})
        if not re.match(r'^\w{5,20}$', username):
            return JsonResponse({'code': 400, 'errmsg': '用户名格式有误'}, status=400)
        if not re.match(r'^\w{8,20}$', password):
            return JsonResponse({'code': 400, 'errmsg': '密码格式有误'}, status=400)
        # 3、数据处理(验证用户名和密码)
        # try:
        #     user = User.objects.get(username=username)
        # except User.DoesNotExist as e:
        #     return JsonResponse({'code': 400, 'errmsg': '用户名错误！'})
        # if not user.check_password(password):
        #     return JsonResponse({'code': 400, 'errmsg': '密码错误！'})
        # authenticate():功能、参数、返回值
        # 功能：传统身份验证——验证用户名和密码
        # 参数：request请求对象，username用户名和password密码
        # 返回值：认证成功返回用户对象，否则返回None
        user = authenticate(request, username=username, password=password)
        if not user:
            return JsonResponse({"code": 400, 'errmsg': '您提供的身份信息无法验证！'}, status=401)
        # 状态保持
        login(request, user)
        if remembered:
            # 设置session有效期默认2周
            request.session.set_expiry(None)
        else:
            # 设置session有效期为关闭浏览器页面则失效
            request.session.set_expiry(0)  # 设置为0表示关闭浏览器清楚sessionid
        # 4、构建响应
        response = JsonResponse({'code': 0, 'errmsg': 'ok'})
        response.set_cookie(
            'username',
            username,
            max_age=3600 * 24 * 7
        )
        return response

re_path(r'^login/$', LoginView.as_view()),

"""
自定义身份认证后端，来实现多账号登陆
"""
from django.contrib.auth.backends import ModelBackend
from .models import User
class UsernameMobileAuthBackend(ModelBackend):
    # 重写authenticate实力方法，实现多账号登陆
    # 默认ModelBackend只会根据username过滤用户
    def authenticate(self, request, username=None, password=None, **kwargs):
        # request: 请求对象
        # username: 用户名或手机号
        # password: 密码
        # 1、根据用户名过滤
        try:
            user = User.objects.get(username=username)
        except User.DoesNotExist as e:
            # 2、根据手机号过滤
            try:
                user = User.objects.get(mobile=username)
            except User.DoesNotExist as e:
                return None
        # 3、其中某一个过滤出用户，再校验密码
        if user.check_password(password):
            return user

# 自定义认证后端
AUTHENTICATION_BACKENDS = [
    "users.utils.UsernameMobileAuthBackend"
]

二、退出

class LogoutView(View):
    def delete(self, request):
        # 1、获取用户对象
        # request.user是当前登陆的用户 或 是一个匿名用户
        # user是用户模型类对象 或  AnonymousUser匿名用户对象
        # user = request.user
        # 2、调用logout函数清除用户session数据
        # 通过request对象提取cookie中是sessionid，进一步删除redis中的用户数据
        logout(request)
        # 3、构建响应
        response = JsonResponse({'code': 0, 'errmsg': 'ok'})
        response.delete_cookie('username')
        return response

re_path(r'^logout/$', LogoutView.as_view()),

三、定义模型基类

from django.db import models
class BaseModel(models.Model):
    """为模型类补充字段"""
    create_time = models.DateTimeField(auto_now_add=True, verbose_name="创建时间")
    update_time = models.DateTimeField(auto_now=True, verbose_name="更新时间")
    class Meta:
        abstract = True  # 说明是抽象模型类, 用于继承使用，数据库迁移时不会创建BaseModel的表