1 django在中间件中预置了六个方法,这六个方法的区别在于不同的阶段执行,对输入和输出进行干预,方法如下
- 初始化
def __init__():
pass
- 处理请求前:在每个请求上调用,返回None或HttpResponse对象
def process_request(request):
pass
- 处理视图前:在每个请求上调用,返回None或HttpResponse对象
def process_view(request,view_func,view_args,view_kwargs):
pass
- 处理模板响应前:在每个请求上调用,返回实现了render方法的响应对象
def process_template_view(request,response):
pass
- 处理响应后:所有响应返回浏览器之前被调用,在每个请求上调用,返回HttpResponse对象
def process_response(request,response):
pass
- 异常处理:当视图抛出异常时调用,在每个请求上调用,返回一个HttpResponse对象,当有错误时: 请求进来 > process_request() > process_view() > 视图函数响应错误 > process_exception() > process_response()
def process_exception(request,exception):
pass
2 在项目中我们往往会预留出一个模块用来设置中间件,可以用来权限设置等等功能(需要在setting中注册一下)
- 配合session来进行是否登录验证
# -*- coding: utf-8 -*-
# author: kelvin
# description:
import time
import re
from django.utils.deprecation import MiddlewareMixin
from django.conf import settings
from backMgmt import logger
from service.res import Api_res
from service.public_func import Public_func
class authMiddleware(MiddlewareMixin):
def process_request(self, request):
# 无需登录即可使用的路由
excepts = ['/api/auth/login', '/api/auth/logout']
currentRoute = request.path_info
redirect_url = settings.WEB_CONFIG['protocol'] + "://" + settings.WEB_CONFIG['hostname']
logger.info(currentRoute)
if currentRoute not in excepts:
if 'user_info' not in request.session:
return Api_res.fail(10000, '账号过期,请重新登录', redirect_url)
- 对用户是否有的权限进行页面的展示
# -*- coding: utf-8 -*-
# author: kelvin
# description:
import time
import re
from django.utils.deprecation import MiddlewareMixin
from django.conf import settings
from backMgmt import logger
from service.res import Api_res
from service.public_func import Public_func
class permMiddleware(MiddlewareMixin):
def process_request(self, request):
# 无需权限验证即可使用的路由
excepts = ['/api/auth/login', '/api/auth/logout', '/api/auth/profile']
currentRoute = request.path_info
redirect_url = settings.WEB_CONFIG['protocol'] + "://" + settings.WEB_CONFIG['hostname']
if currentRoute not in excepts:
# 是否是站长,站长拥有所有权限
if request.session['user_info']['admin_type'] != 2:
if currentRoute not in request.session['user_info']['permissions']:
return Api_res.fail(412, '没有权限')