1. 基本流程
url.py
1
2
3
4
5
6
|
from
django.conf.urls
import
url, include
from
web.views.s1_api
import
TestView
urlpatterns
=
[
url(r
'^test/'
, TestView.as_view()),
]
|
views.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
from
rest_framework.views
import
APIView
from
rest_framework.response
import
Response
class
TestView(APIView):
def
dispatch(
self
, request,
*
args,
*
*
kwargs):
"""
请求到来之后,都要执行dispatch方法,dispatch方法根据请求方式不同触发 get/post/put等方法
注意:APIView中的dispatch方法有好多好多的功能
"""
return
super
().dispatch(request,
*
args,
*
*
kwargs)
def
get(
self
, request,
*
args,
*
*
kwargs):
return
Response(
'GET请求,响应内容'
)
def
post(
self
, request,
*
args,
*
*
kwargs):
return
Response(
'POST请求,响应内容'
)
def
put(
self
, request,
*
args,
*
*
kwargs):
return
Response(
'PUT请求,响应内容'
)
|
上述是rest framework框架基本流程,重要的功能是在APIView的dispatch中触发。
-------------------------------------------------------------------------------------------------------------------------------------------------
2. 认证,授权,限流
urls.py
urlpatterns = [ # url(r'^admin/', admin.site.urls), url(r'(?P<version>\w+)/api/',views.UserView.as_view(),name='sss'), url(r'(?P<version>\w+)/test/',views.TestView.as_view(),name='test'), url(r'(?P<version>\w+)/login/',views.LoginView.as_view(),name='login') ]
settings.py
# ################ restful相关设置 ################## REST_FRAMEWORK = { "DEFAULT_VERSIONING_CLASS": "rest_framework.versioning.URLPathVersioning", "VERSION_PARAM": "version", "DEFAULT_VERSION": 'v1', "ALLOWED_VERSIONS": ['v1', 'v2'], "UNAUTHENTICATED_USER":None, "UNAUTHENTICATED_TOKEN":None, "DEFAULT_THROTTLE_RATES":{ 'anon':'5/m', 'user':'10/m', } }
veiws.py
from rest_framework import views from django.shortcuts import HttpResponse from django.http import JsonResponse from rest_framework.authentication import BaseAuthentication from rest_framework import exceptions from rest_framework.throttling import SimpleRateThrottle from API import models # ################ 认证相关 ################ 应放在单独文件中 class CustomAuthentication(BaseAuthentication): def authenticate(self, request): """ Authenticate the request and return a two-tuple of (user, token). """ tk = request.query_params.get('tk') token_obj = models.Token.objects.filter(token=tk).first() if token_obj: # (UserInfo对象,Token对象) return (token_obj.user,token_obj) def authenticate_header(self, request): """ Return a string to be used as the value of the `WWW-Authenticate` header in a `401 Unauthenticated` response, or `None` if the authentication scheme should return `403 Permission Denied` responses. """ # return 'Basic realm=api' pass def gen_token(username): import time import hashlib ctime = str(time.time()) hash = hashlib.md5(username.encode('utf-8')) hash.update(ctime.encode('utf-8')) return hash.hexdigest() # ################ 限流 ################ class CustomAnonRatethrottle(SimpleRateThrottle): scope = 'anon' def allow_request(self, request, view): if request.user: return True self.key = self.get_cache_key(request, view) self.history = self.cache.get(self.key, []) self.now = self.timer() while self.history and self.history[-1] <= self.now -self.duration: self.history.pop() if len(self.history) >= self.num_requests: return self.throttle_failure() return self.throttle_success() def get_cache_key(self, request, view): return 'throttle_%(scope)s_%(ident)s' %{ 'scope':self.scope, 'ident':self.get_ident(request) } class CustomUserRatethrottle(SimpleRateThrottle): scope = 'user' def allow_request(self, request, view): print(request.user,'$$$') if not request.user: return True self.key = request.user.user self.history = self.cache.get(self.key, []) self.now = self.timer() while self.history and self.history[-1] <= self.now - self.duration: self.history.pop() if len(self.history) >= self.num_requests: return self.throttle_failure() return self.throttle_success() # ################ 权限相关 ################ from rest_framework.permissions import AllowAny,BasePermission class CustomPermission(BasePermission): message = "无权限" def has_permission(self, request, view): """ Return `True` if permission is granted, `False` otherwise. """ # return True method = request._request.method if not request.user: return False return True class UserView(views.APIView): authentication_classes = [CustomAuthentication,] throttle_classes = [CustomAnonRatethrottle,CustomUserRatethrottle] permission_classes = [CustomPermission] def get(self,request,*args,**kwargs): print(request.user) print(request.version) # print(request.versioning_scheme.reverse(viewname='sss', request=request)) return HttpResponse('...') class TestView(views.APIView): authentication_classes = [CustomAuthentication, ] throttle_classes = [CustomAnonRatethrottle, CustomUserRatethrottle] def get(self,request,*args,**kwargs): print(request.user) print(request.version) # print(request.versioning_scheme.reverse(viewname='sss', request=request)) return HttpResponse('...') class LoginView(views.APIView): def post(self,request,*args,**kwargs): user = request._request.POST.get('user') pwd = request._request.POST.get('pwd') email = request._request.POST.get('email') user_type_id = request._request.POST.get('user_type_id') user_obj=models.UserInfo.objects.create(user=user,pwd=pwd,email=email,user_type_id=user_type_id) token=gen_token(user) models.Token.objects.create(user=user_obj,token=token) return JsonResponse({'tk':token})
-----------------------------------------------------------------------------------------------------------------------------------------------
3. 序列化,字段验证
import re from rest_framework.response import Response from rest_framework import serializers class ProcessField: def __call__(self, value): if re.match(r'^\d+$',value): raise serializers.ValidationError('Can not be pure numbers') class UserSerializers(serializers.Serializer): user=serializers.CharField(min_length=6) pwd=serializers.CharField(error_messages={'required':'密码不能为空'},validators=[ProcessField(),]) # ut_title = serializers.CharField(source='ut.title') class Test1View(views.APIView): def get(self,request,*args,**kwargs): # 序列化,将数据库查询字段序列化为字典 data_list = models.UserInfo.objects.all() ser = UserSerializers(instance=data_list, many=True) # 或 # obj = models.UserInfo.objects.all().first() # ser = UserSerializer(instance=obj, many=False) return Response(ser.data) def post(self,request,*args,**kwargs): ser = UserSerializers(data=request.data) if ser.is_valid(): return Response(ser.validated_data) else: return Response(ser.errors)
http://www.cnblogs.com/wupeiqi/articles/7805382.html