session_middleware.py
1.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# coding: utf-8
import requests
from django.conf import settings
from django.core.cache import caches
from django.contrib.auth import get_user_model
from django.contrib.auth.models import AnonymousUser
class SessionWithoutLocalUserMiddleware(object):
"""
统一权限(认证)中间件,Django系统本地不保存用户的情况使用
"""
def __init__(self):
self.cache_alias = settings.CACHE_MIDDLEWARE_ALIAS
self.cache = caches[self.cache_alias]
self.UserModel = get_user_model()
def process_request(self, request):
if hasattr(request, "user") and getattr(request.user, "is_superuser", False):
# 对于Django系统的admin用户,这里不做任何处理
pass
else:
pt = request.COOKIES.get('pt')
pu = request.COOKIES.get('pu')
if pt and pu:
# 能拿到统一认证session的情况,优先从缓存中拿用户
user = self.cache.get(pu)
if not user:
# 如果缓存未命中,则直接调用统一权限,查询当前session的状态,构造用户,并存入缓存
user_info = ''
manager = Manager()
user_info = manager.get_user_info(request)
if user_info is None:
# 查询session状态失败的情况,构造匿名用户
user = AnonymousUser()
else:
# 查询session状态成功的情况,构造QCCRUser
user = user_info
self.cache.set(pt, user, 60)
request.user = user
else:
# 拿不到统一认证的session,将当前用户设为匿名用户
request.user = AnonymousUser()
class Manager(object):
def __init__(self):
self.auth_domain = 'https://api.xiuyetang.com/sys/user/login'
def get_user_info(self, request):
pass