今日内容
- CBV添加装饰器
- 中间件
- csrf跨站请求
- auth模块
CBV添加装饰器
from django.utils.decorators import method_decorator
class MyLogin(View):
@method_decorator(login_auth)
def dispatch(self, request, *args, **kwargs):
super().__init__()
def get(self, request):
return HttpResponse('get')
def post(self, request):
return HttpResponse('post')
中间件
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
from django.middleware.csrf import CsrfViewMiddleware
from django.contrib.sessions.middleware import SessionMiddleware
from django.contrib.auth.middleware import AuthenticationMiddleware
def process_request()
def process_response()
def process_view()
def process_template()
def process_except()
自定义中间件
"""
1. 在项目名或者是应用名下建一个文件夹
2. 在文件中中建一个py文件
3. 写一个类,继承MiddlewareMixin
4. 注册中间件
"""
process_request => 从上往下
process_response => 从下往上
后面的中间件不再走了,但是,同级别的process_response还是走的
csrf跨站请求
1.
<form action="" method="post">
{% csrf_token %}
<p>username: <input type="text" name=""></p>
<p>password: <input type="password" name=""></p>
<input type="submit">
</form>
2. $('.btn').click(function () {
$.ajax({
url:'',
type:'post',
// 第一种方式
//data:{'username':'egon', 'csrfmiddlewaretoken':$('[name="csrfmiddlewaretoken"]').val()},
// 第二种方式
data:{'username':'egon', 'csrfmiddlewaretoken':'{{ csrf_token }}'},
success:function () {
}
})
})
csrf跨站请求的装饰器
from django.views.decorators.csrf import csrf_exempt, csrf_protect
"""
需要验证的都加这个装饰器
csrf_protect:
不需要验证的加这个装饰器
csrf_exempt
"""
@csrf_protect
def home(request):
if request.method == 'POST':
time.sleep(3)
return JsonResponse({'username': 'egon'})
return render(request, 'home.html')
三种方式都可以
class MyLogin(View):
@method_decorator(csrf_protect)
def dispatch(self, request, *args, **kwargs):
super().__init__()
def get(self, request):
return HttpResponse('get')
def post(self, request):
return HttpResponse('post')
class MyLogin(View):
@method_decorator(csrf_exempt)
def dispatch(self, request, *args, **kwargs):
super().__init__()
auth模块
res = auth.authenticate(request, username=username, password=password)
from django.contrib.auth.decorators import login_required
@login_required(login_url='/login/')
def func(request):
return HttpResponse('func')
is_right = request.user.check_password(old_pwd)
if is_right:
if new_pwd == re_pwd:
request.user.set_password(new_pwd)
request.user.save()
return redirect('/login/')
def logout(request):
auth.logout(request)
from django.contrib.auth.models import User
User.objects.create_user(username=username, password=password)