""" Django settings for config project. Generated by 'django-admin startproject' using Django 5.2.1. For more information on this file, see https://docs.djangoproject.com/en/5.2/topics/settings/ For the full list of settings and their values, see https://docs.djangoproject.com/en/5.2/ref/settings/ """ import os from pathlib import Path # Path 通常也在顶部 from pathlib import Path from datetime import timedelta # 确保这行在 settings.py 文件顶部 # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/5.2/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = "django-insecure-12o%i9mzoyn8ua+j#l!8fed0-4d&y$x3%vtk00y82@97f9702+" # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True ALLOWED_HOSTS = [] # Application definition INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'rest_framework_simplejwt', 'accounts', # <--- 确保是这个,并且没有拼写错误 ] MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", "django.middleware.common.CommonMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", ] ROOT_URLCONF = "config.urls" TEMPLATES = [ { "BACKEND": "django.template.backends.django.DjangoTemplates", "DIRS": [], "APP_DIRS": True, "OPTIONS": { "context_processors": [ "django.template.context_processors.request", "django.contrib.auth.context_processors.auth", "django.contrib.messages.context_processors.messages", ], }, }, ] WSGI_APPLICATION = "config.wsgi.application" # Database # https://docs.djangoproject.com/en/5.2/ref/settings/#databases DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': 'tongqu_v2_db', # 你创建的数据库名 'USER': 'postgres', # 你的PostgreSQL用户名 (如果是默认超级用户) # 或者 'tongqu_v2_user' (如果你创建了专用用户) 'PASSWORD': '20030316', # 你的PostgreSQL密码 'HOST': 'localhost', # 或者 '127.0.0.1' 'PORT': '5432', # PostgreSQL默认端口 } } # Password validation # https://docs.djangoproject.com/en/5.2/ref/settings/#auth-password-validators AUTH_PASSWORD_VALIDATORS = [ { "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", }, { "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", }, { "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", }, { "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", }, ] # Internationalization # https://docs.djangoproject.com/en/5.2/topics/i18n/ LANGUAGE_CODE = 'zh-hans' TIME_ZONE = 'Asia/Shanghai' USE_I18N = True USE_TZ = True # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/5.2/howto/static-files/ STATIC_URL = 'static/' # Django 在开发时查找静态文件的目录列表 STATICFILES_DIRS = [ os.path.join(BASE_DIR, 'static'), # 我们将在项目根目录创建这个 'static' 文件夹 ] # `collectstatic` 命令收集静态文件到这个目录,主要用于生产环境 STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles_collected') # Default primary key field type # https://docs.djangoproject.com/en/5.2/ref/settings/#default-auto-field DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField" STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles_collected') # 运行 collectstatic 时文件的存放位置 STATICFILES_DIRS = [ os.path.join(BASE_DIR, 'static'), # 项目级static文件夹 ] MEDIA_URL = '/media/' MEDIA_ROOT = os.path.join(BASE_DIR, 'media') AUTH_USER_MODEL = 'accounts.CustomUser' from datetime import timedelta # 确保在文件顶部导入 REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_simplejwt.authentication.JWTAuthentication', # 使用JWT进行API认证 # 如果你希望在浏览器中测试API时也能使用Django的session认证(比如DRF的可浏览API),可以取消下面这行的注释 # 'rest_framework.authentication.SessionAuthentication', ), 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', # 默认情况下,所有API端点都需要用户进行身份验证 # 除非在视图中明确设置了 permission_classes = [permissions.AllowAny] (例如注册和登录接口) ), # 你可以根据需要添加其他全局DRF设置,例如: # 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination', # 'PAGE_SIZE': 10, # 每页返回10条数据 # 'DEFAULT_RENDERER_CLASSES': ( # API的默认输出格式 # 'rest_framework.renderers.JSONRenderer', # # 'rest_framework.renderers.BrowsableAPIRenderer', # 如果你想在浏览器中看到可浏览的API界面 (通常DEBUG=True时自动启用) # ), # 'DEFAULT_PARSER_CLASSES': ( # API接受的输入格式 # 'rest_framework.parsers.JSONParser', # 'rest_framework.parsers.FormParser', # 'rest_framework.parsers.MultiPartParser', # 支持文件上传 # ) } SIMPLE_JWT = { 'ACCESS_TOKEN_LIFETIME': timedelta(minutes=60), # Access Token 的有效期,例如 60 分钟 'REFRESH_TOKEN_LIFETIME': timedelta(days=1), # Refresh Token 的有效期,例如 1 天 'ROTATE_REFRESH_TOKENS': False, # 如果为True, 每次刷新token时,旧的refresh token会失效,返回一个新的 'BLACKLIST_AFTER_ROTATION': True, # 和上面配合使用 'UPDATE_LAST_LOGIN': True, # 成功获取token后是否更新用户的 last_login 字段 'ALGORITHM': 'HS256', 'SIGNING_KEY': SECRET_KEY, # 使用Django的 SECRET_KEY 来签名JWT 'VERIFYING_KEY': None, 'AUDIENCE': None, 'ISSUER': None, 'JWK_URL': None, 'LEEWAY': 0, 'AUTH_HEADER_TYPES': ('Bearer',), # 期望在Authorization头中看到的类型,例如 "Bearer " 'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION', 'USER_ID_FIELD': 'id', # 你的 CustomUser 模型中用作主键的字段名 'USER_ID_CLAIM': 'user_id', # JWT payload 中代表用户ID的claim名称 'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',), 'TOKEN_TYPE_CLAIM': 'token_type', 'TOKEN_USER_CLASS': 'rest_framework_simplejwt.models.TokenUser', 'JTI_CLAIM': 'jti', # 如果你想自定义token payload中包含的内容,可以使用下面这个(需要写自定义的Token序列化器) # 'TOKEN_OBTAIN_SERIALIZER': 'your_app.serializers.MyTokenObtainPairSerializer', }