from django.conf.urls import url
from django.contrib import admin
from app02 import views as app02_view


urlpatterns = [
    url(r‘^admin/‘, admin.site.urls),
    url(r‘^hosts/‘,app02_view.HostView.as_view()),
    url(r‘^auth/$‘,app02_view.AuthView.as_view()),
    url(r‘^salary/‘,app02_view.SalaryView.as_view()),
    url(r‘user/‘,app02_view.UserView.as_view())
]

from django.shortcuts import render,HttpResponse
from rest_framework.request import Request
from rest_framework.exceptions import APIException
from rest_framework.response import Response
from rest_framework.authentication import BaseAuthentication
from app02 import models




class MyAuthentication(BaseAuthentication):
    def authenticate(self,request):
        token = request.query_params.get(‘token‘)
        obj = models.Userinfo.objects.filter(token=token).first()
        if obj:
            return obj(obj.username,obj)
        raise  APIException(‘用户认证失败‘)

from django.shortcuts import render,HttpResponse
from rest_framework.views import APIView
from rest_framework.request import Request
from rest_framework.exceptions import APIException
from rest_framework.response import Response
from rest_framework.authentication import BaseAuthentication
import time
import hashlib
# Create your views here.

from app02 import models


#认证的时候用到，生成token， 权限这快可以不需要。
class MyAuthentication(BaseAuthentication):
    """
    All authentication classes should extend BaseAuthentication.
    """

    def authenticate(self, request):
        """
        Authenticate the request and return a two-tuple of (user, token).
        """
        token = request.query_params.get(‘token‘)
        obj = models.Userinfo.objects.filter(token=token).first()
        if obj:
            return (obj.username,obj)
        return None

    def authenticate_header(self, request):
        """
        Return a string to be used as the value of the `WWW-Authenticate`
        header in a `401 Unauthenticated` response, or `None` if the
        authentication scheme should return `403 Permission Denied` responses.
        """
        pass

class MyPermission(object):
    message = "无权访问"
    def has_permission(self,request,view):
        if request.user:
            # print(request.user)
            return True
        return False

class AdminPermission(object):
    message = "无权访问"
    def has_permission(self,request,view):
        if request.user == ‘zxc‘:
            return True
        return False

class AuthView(APIView):
    authentication_classes = []
    def get(self,request):
        ‘‘‘
        接收用户名和密码
        :param request:
        :return:
        ‘‘‘
        ret ={"code":1000,"msg":None}
        user = request.query_params.get(‘user‘)
        pwd = request.query_params.get(‘pwd‘)
        user_obj = models.Userinfo.objects.filter(username=user,password=pwd).first()
        if not user_obj:
            ret[‘code‘] = 1001
            ret[‘msg‘] = "用户名或密码错误"
            return  Response(ret)

        #创建随机字符串
        ctime = time.time()
        key = "%s|%s"%(user,pwd)
        m = hashlib.md5()
        m.update(key.encode(‘utf-8‘))
        token = m.hexdigest()
        #保存到数据
        user_obj.token = token
        user_obj.save()

        ret[‘token‘] = token
        # return Response(ret)


class HostView(APIView):
    ‘‘‘
    匿名用户和管理用户都能访问
    ‘‘‘
    authentication_classes = [MyAuthentication,]
    permission_classes = []

    def get(self,request,*args,**kwargs):

        self.dispatch
        # print(request.user)
        # print(request.auth)
        return Response(‘主机列表‘)

class UserView(APIView):
    ‘‘‘
    用户能访问
    ‘‘‘
    authentication_classes = [MyAuthentication,]
    permission_classes = [MyPermission]

    def get(self,request,*args,**kwargs):
        print(‘========‘,request.user)
        return Response(‘用户列表‘)

class SalaryView(APIView):
    ‘‘‘
    管理员能访问
    ‘‘‘
    authentication_classes = [MyAuthentication,]
    permission_classes = [MyPermission,AdminPermission]

    def get(self,request,*args,**kwargs):
        return Response(‘薪资列表‘)