From e93f6b6e368bafd420c52b02916b3f958591dd4f Mon Sep 17 00:00:00 2001
From: caoqianming <caoqianming@foxmail.com>
Date: Tue, 15 Feb 2022 15:04:32 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A4=A7=E5=B1=8F=E7=94=A8=E6=88=B7=E7=99=BB?=
 =?UTF-8?q?=E5=BD=95header?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 hb_server/apps/system/authentication.py | 6 +-----
 hb_server/apps/system/permission.py     | 5 ++++-
 hb_server/server/settings.py            | 2 +-
 hb_server/utils/response.py             | 4 ++--
 4 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/hb_server/apps/system/authentication.py b/hb_server/apps/system/authentication.py
index 3c85943..af3fba2 100644
--- a/hb_server/apps/system/authentication.py
+++ b/hb_server/apps/system/authentication.py
@@ -9,15 +9,11 @@ class CustomBackend(ModelBackend):
     def authenticate(self, request, username=None, password=None, **kwargs):
         if username is None:
             username = kwargs.get(UserModel.USERNAME_FIELD)
-        if username is None or password is None:
-            return
         try:
             user = UserModel._default_manager.get(
                 Q(username=username) | Q(phone=username) | Q(email=username))
         except UserModel.DoesNotExist:
-            # Run the default password hasher once to reduce the timing
-            # difference between an existing and a nonexistent user (#20760).
-            UserModel().set_password(password)
+            return None
         else:
             if user.check_password(password) and self.user_can_authenticate(user):
                 return user
diff --git a/hb_server/apps/system/permission.py b/hb_server/apps/system/permission.py
index 37f85ec..bcb94ac 100644
--- a/hb_server/apps/system/permission.py
+++ b/hb_server/apps/system/permission.py
@@ -35,7 +35,10 @@ class RbacPermission(BasePermission):
         :return:
         """
         if not request.user:
-            perms = ['visitor'] # 如果没有经过认证,视为游客
+            if request.META.get('HTTP_AUTHORIZATION', None) == 'big_screen':
+                perms = ['visitor']
+            else:
+                return False
         else:
             perms = cache.get(request.user.username + '__perms')
         if not perms:
diff --git a/hb_server/server/settings.py b/hb_server/server/settings.py
index 2890f6b..1a4a5c6 100644
--- a/hb_server/server/settings.py
+++ b/hb_server/server/settings.py
@@ -158,7 +158,7 @@ REST_FRAMEWORK = {
         'rest_framework.authentication.SessionAuthentication',
     ],
     'DEFAULT_PERMISSION_CLASSES': [
-        'rest_framework.permissions.IsAuthenticated',
+        # 'rest_framework.permissions.IsAuthenticated',
         'apps.system.permission.RbacPermission'
     ],
     'DEFAULT_RENDERER_CLASSES': [
diff --git a/hb_server/utils/response.py b/hb_server/utils/response.py
index 864862c..3814076 100644
--- a/hb_server/utils/response.py
+++ b/hb_server/utils/response.py
@@ -48,9 +48,9 @@ class FitJSONRenderer(JSONRenderer):
         response_body = BaseResponse()
         response = renderer_context.get("response")
         status_code = response.status_code # Http状态异常码
-        print(status_code)
         if status_code >= 400:  # 如果http响应异常
-            if isinstance(data, dict) and 'code' in data: # 如果自定义了异常码
+            if isinstance(data, dict) \
+                and 'code' in data and 'msg' in data: # 如果自定义了异常码
                 response_body = data
             else:
                 response_body.data = data  # data里是详细异常信息