diff --git a/EduSystemServer/API/middle.py b/EduSystemServer/API/middle.py index eaa433a..209280a 100644 --- a/EduSystemServer/API/middle.py +++ b/EduSystemServer/API/middle.py @@ -8,6 +8,9 @@ from teacher.models import Teacher class JWTMiddleware: + """ + JWT中间件,验证用户是否登录 + """ def __init__(self, get_response): self.get_response = get_response @@ -28,13 +31,13 @@ class JWTMiddleware: # 将解码后的 Token 数据存储在 request 中,以便视图可以访问 if payload.get("type") == "student": if not Student.objects.filter(username=payload.get("username")).exists(): - return JsonResponse(ResponseUtil.error("登录失效!")) + return JsonResponse(ResponseUtil.error("错误信息!"), status=401) if payload.get("type") == "teacher": if not Teacher.objects.filter(username=payload.get("username")).exists(): - return JsonResponse(ResponseUtil.error("登录失效!")) + return JsonResponse(ResponseUtil.error("错误信息!"), status=401) if payload.get("type") == "admin": if not Admin.objects.filter(username=payload.get("username")).exists(): - return JsonResponse(ResponseUtil.error("登录失效!")) + return JsonResponse(ResponseUtil.error("错误信息!"), status=401) request.jwt_payload = payload except jwt.ExpiredSignatureError: return JsonResponse(ResponseUtil.error("登录失效!"), status=401) diff --git a/EduSystemServer/API/views.py b/EduSystemServer/API/views.py index f37abf4..17abca2 100644 --- a/EduSystemServer/API/views.py +++ b/EduSystemServer/API/views.py @@ -26,6 +26,9 @@ def generate_jwt_token(user, _type): @csrf_exempt def login(request): + """ + 登录 + """ username = request.POST.get("username") password = request.POST.get("password") _type = request.POST.get("type") @@ -54,6 +57,9 @@ def login(request): @csrf_exempt def get_user_info(request): + """ + 返回用户信息 + """ _type = request.jwt_payload.get("type") username = request.jwt_payload.get("username") if _type == "student": diff --git a/EduSystemServer/EduSystemServer/settings.py b/EduSystemServer/EduSystemServer/settings.py index 21709f6..48bc023 100644 --- a/EduSystemServer/EduSystemServer/settings.py +++ b/EduSystemServer/EduSystemServer/settings.py @@ -174,4 +174,5 @@ CORS_ALLOW_HEADERS = ( 'Cookie', # 添加Cookie到允许的头部 ) +# token密钥 TOKEN_KEY = "eduSystem" \ No newline at end of file diff --git a/EduSystemServer/EduSystemServer/utils.py b/EduSystemServer/EduSystemServer/utils.py index 558caa6..ae7fc00 100644 --- a/EduSystemServer/EduSystemServer/utils.py +++ b/EduSystemServer/EduSystemServer/utils.py @@ -5,6 +5,7 @@ from django.http import HttpResponseForbidden, JsonResponse def permission(allowed_roles): """ 装饰器:权限控制 + 使用装饰器对路由视图进行权限控制 """ def decorator(view_func): @wraps(view_func) @@ -16,6 +17,7 @@ def permission(allowed_roles): return _wrapped_view return decorator + class ResponseUtil: @staticmethod def ok(data, message="success!"): diff --git a/EduSystemServer/Student/views.py b/EduSystemServer/Student/views.py index a8b59e4..f75a453 100644 --- a/EduSystemServer/Student/views.py +++ b/EduSystemServer/Student/views.py @@ -16,6 +16,9 @@ from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger @csrf_exempt @permission(allowed_roles=["admin", "teacher"]) def add_student(request): + """ + 添加学生 + """ if not request.method == "POST": return JsonResponse(ResponseUtil.error("request method error!")) try: @@ -37,6 +40,9 @@ def add_student(request): @csrf_exempt @permission(allowed_roles=["admin", "teacher"]) def search_student(request): + """ + 根据表单对学生进行模糊查询,以及将查询的数据进行分页 + """ currentPage = request.GET.get("currentPage") pageSize = request.GET.get("pageSize") request_data = request.POST @@ -67,6 +73,9 @@ def search_student(request): @csrf_exempt @permission(allowed_roles=["admin", "teacher"]) def del_student(request): + """ + 根据学生ID删除学生 + """ if not request.method == "GET": return JsonResponse(ResponseUtil.error("request method error!")) try: @@ -82,6 +91,9 @@ def del_student(request): @csrf_exempt @permission(allowed_roles=["admin", "student", "teacher"]) def select_course(request): + """ + 选课 + """ if not request.method == "POST": return JsonResponse(ResponseUtil.error("request method error!")) try: